From 1808f64660526b47d657e1e60f495f66d392651f Mon Sep 17 00:00:00 2001 From: Olivier Lamy Date: Mon, 20 Mar 2023 16:00:21 +1000 Subject: [PATCH] 2.2.10 release note Signed-off-by: Olivier Lamy --- .../src/site/apt/release-notes.apt.vm | 223 ++++++------------ 1 file changed, 74 insertions(+), 149 deletions(-) diff --git a/archiva-docs/src/site/apt/release-notes.apt.vm b/archiva-docs/src/site/apt/release-notes.apt.vm index e88c4d284..2e7765687 100644 --- a/archiva-docs/src/site/apt/release-notes.apt.vm +++ b/archiva-docs/src/site/apt/release-notes.apt.vm @@ -21,32 +21,76 @@ Release Notes for Archiva ${project.version} - The Apache Archiva team is pleased to announce the release of Archiva - ${project.version}. Archiva is {{{https://archiva.apache.org/download.html} - available for download from the web site}}. + The Apache Archiva team is pleased to announce the release of Archiva + ${project.version}. Archiva is {{{http://archiva.apache.org/download.html} + available for download from the web site}}. - Archiva is an application for managing one or more remote repositories, - including administration, artifact handling, browsing and searching. + Archiva is an application for managing one or more remote repositories, + including administration, artifact handling, browsing and searching. - This is a security fix release. Users are advised to update their systems to the new - version as soon as possible. + If you have any questions, please consult: - For further information see: {{https://archiva.apache.org/security.html}} + * the web site: {{http://archiva.apache.org/}} - If you have any questions, please consult: + * the archiva-user mailing list: {{http://archiva.apache.org/mailing-lists.html}} - * the web site: {{https://archiva.apache.org/}} +* New in Archiva ${project.version} - * the archiva-user mailing list: {{https://archiva.apache.org/mailing-lists.html}} + Apache Archiva ${project.version} is a bug fix release: -* New in Archiva ${project.version} +** Compatibility Changes + + * There are no compatibility changes + +** New Feature + + * There are no new features in this release. + +** Improvements + + * There are no improvements + +** Bug/Security Fix + + * Potential NPE when using the upload file service + + +Previous Release Notes + +* Release Notes for Archiva 2.2.9 + + Apache Archiva 2.2.9 is a security fix release: + + Released: 2022-10-09 + +** Bug/Security Fix + + * [MRM-2051}: upgrade dom4j (v2 branch) + * upgrade spring 4.2.9 + * [MRM-2050]: upgrade commons-fileupload and commons-io due to cves + * [MRM-2049]: upgrade httpclient due to cves + * [MRM-2048]- upgrade xerces due to CVE + +* Release Notes for Archiva 2.2.8 - Apache Archiva ${project.version} is a security fix release: + Apache Archiva 2.2.8 is a security fix release: + + Released: 2022-05-25 + +88 Bug/Security Fix + + * CVE-2022-29405 Apache Archiva Arbitrary user password reset vulnerability + +* Release Notes for Archiva 2.2.7 + + Apache Archiva 2.2.7 is a security fix release: + + Released: 2022-12-22 ** Compatibility Changes * [MRM-2021] There is a new flag 'literalVersion=true/false' for service archivaServices/searchService/artifact - which allows to change the behaviour for v=LATEST search. + which allows to change the behaviour for v=LATEST search. ** New Feature @@ -65,10 +109,6 @@ Release Notes for Archiva ${project.version} * [MRM-2022] Fixed the handling of X-XSRF-TOKEN header in Javascript calls - -Previous Release Notes - - * Release Notes for Archiva 2.2.6 Apache Archiva 2.2.6 is a security fix release: @@ -113,10 +153,10 @@ Previous Release Notes * There are no improvements ** Bug Fix - + * [MRM-2008] Fix for group names with slashes - * Better handling of LDAP filter + * Better handling of LDAP filter * Release Notes for Archiva 2.2.4 @@ -157,12 +197,13 @@ Previous Release Notes ** New in Archiva 2.2.3 Apache Archiva 2.2.3 is a bug fix release: +>>>>>>> Stashed changes * Some fixes for the REST API were added to detect requests from unknown origin * Some bugfixes were added -** Compatibility Changes +* Compatibility Changes * The REST services are now checking for the origin of the requests by analysing Origin and Referer header of the HTTP requests and adding an validation token to the Header. @@ -179,16 +220,19 @@ Previous Release Notes * Archiva uses redback for authentication and authorization in version 2.6 +* Release Notes -** Change List + The Archiva ${project.version} features set can be seen in the {{{./tour/index.html} feature tour}}. - Released: <<2017-05-13>> +* Changes in Archiva ${project.version} + Released: <<${releaseDate}>> -*** New Feature +** New Feature -*** Improvement + +** Improvement * [MRM-1925] - Make User-Agent header configurable for HTTP requests @@ -198,7 +242,7 @@ Previous Release Notes * Adding origin header validation checks for REST requests -*** Bug Fix +** Bugs fixed * [MRM-1859] - Error upon viewing 'Artifacts' tab when browsing an artifact @@ -213,135 +257,17 @@ Previous Release Notes * [MRM-1926] - Invalid checksum files in Archiva repository after download from remote repository * [MRM-1928] - Bad redirect URL when using Archiva through HTTP reverse proxy - - * [MRM-1933] - No message body writer has been found for class org.apache.archiva.rest.services.ArchivaRestError - - * [MRM-1940] - Slashes appended to remote repo url - - -* Release Notes for Archiva 2.2.1 - -** New in Archiva 2.2.1 - - Apache Archiva 2.2.1 is a bugs fix release: - - NOTE: jdk 1.7 is now prerequisite with Apache Archiva 2.2.1 - -** Compatibility Changes - - If using the Cassandra backend, the metadatafacet column 'key' has been renamed to 'facetKey' in 2.2.0 so you should copy the data to the new column manually. - If upgrading from earlier versions of Archiva, the list of libraries in wrapper.conf has changed. If you have customized your copy of wrapper.conf, please update it for compatibility with the version distributed with the current release. - As the database storage has been removed, you can remove the JNDI entry for jdbc/archiva. - - Refer to the Upgrading Archiva guide for more information. -** List of Changes - -*** Improvement - - * [MRM-1201] - Artifact upload success message should mention the classifier - - * [MRM-1906] - Allowing filtering of LDAP groups - -*** Bug Fix - - * [MRM-1873] - archiva doesn't recognise ldap-group to ldap-users mapping - - * [MRM-1877] - Checksum files always recreated - - * [MRM-1879] - Bug in create-missing-checksum consumer - - * [MRM-1886] - View Artifact Content Action does not Work - - * [MRM-1887] - Syntax error in DOAP file release section; wrong bug- database URL - - * [MRM-1892] - Only One Page of Proxy Connector Rules Shown - - * [MRM-1893] - Please delete old releases from mirroring system - - * [MRM-1896] - Invalid link to license - - * [MRM-1914] - Maven cannot find dependency - - -* Release Notes for Archiva 2.2.0 - -** New in Archiva 2.2.0 - - Apache Archiva 2.2.0 is a bugs fix release: - - NOTE: jdk 1.7 is now prerequisite with Apache Archiva 2.2.0 - -** Compatibility Changes - - If using the Cassandra backend, the metadatafacet column 'key' has been renamed to 'facetKey' in 2.2.0 so you should - copy the data to the new column manually. - If upgrading from earlier versions of Archiva, the list of libraries in wrapper.conf has changed. If you have customized - your copy of wrapper.conf, please update it for compatibility with the version distributed with the current release. - As the database storage has been removed, you can remove the JNDI entry for jdbc/archiva. After upgrading from a previous - version, you will have to run a full scan to populate the new JCR Repository. This will be done on first start of Archiva. - - Refer to the Upgrading Archiva guide for more information. - -** List of Changes in Archiva 2.2.0 - -*** New Feature - - * [MRM-1867] - Adding a find jar by checksum functionality to the REST api - -*** Improvement - - * [MRM-1390] - Generic metadata should be searcheable in Archiva search - - * [MRM-1844] - Allow LDAP groupOfNames - -*** Bug Fix - - * [MRM-770] - Archiva web client does not recognize classifier - - * [MRM-813] - Audit log is reporting "Modify File (proxied)" when no proxy connectors exist and the file has not changed - - * [MRM-837] - Cannot download SNAPSHOT version - - * [MRM-935] - Archiva doesn't supports artifact with SNAPSHOT - - * [MRM-1145] - RSS tests do not correctly check responses - - * [MRM-1311] - Logging in ArtifactMissingChecksumsConsumer does not appear in the logs even if configured properly - - * [MRM-1486] - ldap.config.mapper.attribute.user.filter using ldap not working correctly with commas. - - * [MRM-1767] - When selecting a specific repository to browse, I get an error that I don't have sufficient privileges. - - * [MRM-1807] - Archiva wrapper fail to start - - * [MRM-1810] - LDAP - groups config not available in Users Runtime Configuration - Properties - - * [MRM-1811] - Users - Manage section: pagination needs to change - - * [MRM-1846] - Regression in 2.0.1 : uniqueVersion false not supported - - * [MRM-1848] - download links for files mult-dot extensions incorrect in Browse view - - * [MRM-1851] - generic metadata GUI broken - - * [MRM-1860] - ClassNotFound exception with JBoss - - * [MRM-1863] - RepositoryGroup URL is not build using the Application URL - - * [MRM-1864] - Default configuration for central should now use SSL + * [MRM-1933] - No message body writer has been found for class org.apache.archiva.rest.services.ArchivaRestError - * [MRM-1871] - ConcurrentModificationException in DefaultRepositoryProxyConnectors + * [MRM-1940] - Slashes appended to remote repo url - * [MRM-1873] - archiva doesn't recognise ldap-group to ldap-users mapping -*** Task +** Task - * [MRM-1359] - Remove Maven 1.x functionality - * [MRM-1865] - remove isPermanent from Consumer API -History +* History Archiva was started in November 2005, building a simple framework on top of some existing repository conversion tools within the Maven project. Initial development focused on repository conversion, error reporting, and indexing. @@ -354,4 +280,3 @@ History was made to release the 1.0 version. Archiva became an Apache "top level project" in March 2008. - -- 2.39.5