mirrors
/
archiva
mirror of https://github.com/apache/archiva.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 70 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8783 Commits
73 Branches
Tree: 115383d41e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '115383d41e'
${ noResults }
archiva/archiva-docs/src/site/apt/release-notes.apt.vm

release-notes.apt.vm 8.3KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273 
  1.  -----

  2.  Release Notes for Archiva ${project.version}

  3.  -----

  4. 

  5. ~~ Licensed to the Apache Software Foundation (ASF) under one                      

  6. ~~ or more contributor license agreements.  See the NOTICE file                    

  7. ~~ distributed with this work for additional information                           

  8. ~~ regarding copyright ownership.  The ASF licenses this file                      

  9. ~~ to you under the Apache License, Version 2.0 (the                               

  10. ~~ "License"); you may not use this file except in compliance                      

  11. ~~ with the License.  You may obtain a copy of the License at                      

  12. ~~                                                                                 

  13. ~~   http://www.apache.org/licenses/LICENSE-2.0                                    

  14. ~~                                                                                 

  15. ~~ Unless required by applicable law or agreed to in writing,                      

  16. ~~ software distributed under the License is distributed on an                     

  17. ~~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY                          

  18. ~~ KIND, either express or implied.  See the License for the                       

  19. ~~ specific language governing permissions and limitations                         

  20. ~~ under the License.                                                              

  21. 

  22. Release Notes for Archiva ${project.version}

  23. 

  24.   The Apache Archiva team is pleased to announce the release of Archiva

  25.   ${project.version}.  Archiva is {{{http://archiva.apache.org/download.html}

  26.   available for download from the web site}}.

  27. 

  28.   Archiva is an application for managing one or more remote repositories,

  29.   including administration, artifact handling, browsing and searching.

  30. 

  31.   If you have any questions, please consult:

  32. 

  33.     * the web site: {{http://archiva.apache.org/}}

  34. 

  35.     * the archiva-user mailing list: {{http://archiva.apache.org/mailing-lists.html}}

  36. 

  37. * New in Archiva ${project.version}

  38. 

  39.  Apache Archiva ${project.version} is a security fix release:

  40. 

  41. ** Compatibility Changes

  42. 

  43.   * There are no compatibility changes

  44. 

  45. ** New Feature

  46. 

  47.   * There are no new features in this release.

  48. 

  49. ** Improvements

  50. 

  51.   * There are no improvements

  52. 

  53. ** Bug/Security Fix

  54. 

  55.   * [MRM-2051}: upgrade dom4j (v2 branch)

  56.   * upgrade spring 4.2.9

  57.   * [MRM-2050]: upgrade commons-fileupload and commons-io due to cves

  58.   * [MRM-2049]: upgrade httpclient due to cves

  59.   * [MRM-2048]- upgrade xerces due to CVE

  60. 

  61. 

  62. Previous Release Notes

  63. 

  64. * Release Notes for Archiva 2.2.8

  65. 

  66.  Apache Archiva 2.2.8 is a security fix release:

  67. 

  68.  Released: 2022-05-25

  69. 

  70. 88 Bug/Security Fix

  71. 

  72.   * CVE-2022-29405 Apache Archiva Arbitrary user password reset vulnerability

  73. 

  74. * Release Notes for Archiva 2.2.7

  75. 

  76.  Apache Archiva 2.2.7 is a security fix release:

  77. 

  78.  Released: 2022-12-22

  79. 

  80. ** Compatibility Changes

  81. 

  82.   * [MRM-2021] There is a new flag 'literalVersion=true/false' for service archivaServices/searchService/artifact

  83.     which allows to change the behaviour for v=LATEST search.

  84. 

  85. ** New Feature

  86. 

  87.   * There are no new features in this release.

  88. 

  89. ** Improvements

  90. 

  91.   * There are no improvements

  92. 

  93. ** Bug/Security Fix

  94. 

  95.   * [MRM-2027] Update of the log4j2 version to 2.17.0

  96. 

  97.   * [MRM-2020] Fixed the behaviour of the startup script, if ARCHIVA_BASE is set (separating installation and data directory)

  98. 

  99.   * [MRM-2022] Fixed the handling of X-XSRF-TOKEN header in Javascript calls

  100. 

  101. 

  102. * Release Notes for Archiva 2.2.6

  103. 

  104.  Apache Archiva 2.2.6 is a security fix release:

  105. 

  106.  Released: 2021-12-15

  107. 

  108. ** Compatibility Changes

  109. 

  110.   * No API changes or known side effects.

  111. 

  112. ** New Feature

  113. 

  114.   * There are no new features in this release.

  115. 

  116. ** Improvements

  117. 

  118.   * There are no improvements

  119. 

  120. ** Bug/Security Fix

  121. 

  122.   * Update of the log4j2 version to mitigate the log4j2 vulnerability (CVE-2021-44228)

  123. 

  124.   * Deactivated directory listings by the file servlet

  125. 

  126. 

  127. * Release Notes for Archiva 2.2.5

  128. 

  129.  Apache Archiva 2.2.5 is a bug fix release:

  130. 

  131.  Released: 2020-06-19

  132. 

  133. ** Compatibility Changes

  134. 

  135.   * No API changes or known side effects.

  136. 

  137. ** New Feature

  138. 

  139.   * There are no new features in this release.

  140. 

  141. ** Improvements

  142. 

  143.   * There are no improvements

  144. 

  145. ** Bug Fix

  146.  

  147.   * [MRM-2008] Fix for group names with slashes

  148. 

  149.   * Better handling of LDAP filter 

  150. 

  151. 

  152. * Release Notes for Archiva 2.2.4

  153. 

  154.  Apache Archiva 2.2.4 is a bug fix release:

  155. 

  156.   * Fixes for handling of artifacts

  157. 

  158.   * Improved validation of REST calls

  159. 

  160. ** Compatibility Changes

  161. 

  162.  No API changes or known side effects.

  163. 

  164.  Released: 2019-04-30

  165. 

  166. ** New Feature

  167. 

  168.   *  There are no new features in this release.

  169. 

  170. ** Improvements

  171. 

  172.   * Adding additional validation to REST service calls for artifact upload

  173. 

  174. ** Bug Fix

  175. 

  176.   * [MRM-1972] Stored XSS in Web UI Organization Name

  177. 

  178.   * [MRM-1966] Repository-purge not working

  179. 

  180.   * [MRM-1958] Purge by retention count deletes files but leaves history on website.

  181. 

  182.   * [MRM-1929] Repository purge is not reflected in index

  183. 

  184. 

  185. * Release Notes for Archiva 2.2.3

  186. 

  187. ** New in Archiva 2.2.3

  188. 

  189.   Apache Archiva 2.2.3 is a bug fix release:

  190. >>>>>>> Stashed changes

  191. 

  192.   * Some fixes for the REST API were added to detect requests from unknown origin

  193. 

  194.   * Some bugfixes were added

  195. 

  196. * Compatibility Changes

  197. 

  198.   * The REST services are now checking for the origin of the requests by analysing Origin

  199.     and Referer header of the HTTP requests and adding an validation token to the Header.

  200.     This prevents requests from malicious sites if they are open in the same browser. If you use

  201.     the REST services from other clients you may change the behaviour with the new

  202.     configuration properties for the redback security (<<<rest.csrffilter.*>>>, <<<rest.baseUrl>>>).

  203.     For more information see {{{./adminguide/customising-security.html}Archiva Security Configuration}} and

  204.     the {{{/redback/integration/rest.html}Redback REST documentation }}.

  205. 

  206.     <<Note:>> If your archiva installation is behind a reverse proxy or load balancer, it may be possible

  207.      that the Archiva Web UI does not load after the upgrade. If this is the case you may access the WebUI

  208.      via localhost or edit archiva.xml manually. In the "Redback Runtime Configuration" properties you have to

  209.      enter the base URLs of your archiva installation to the <<<rest.baseUrl>>> field.

  210. 

  211.   * Archiva uses redback for authentication and authorization in version 2.6

  212. 

  213. * Release Notes

  214. 

  215.   The Archiva ${project.version} features set can be seen in the {{{./tour/index.html} feature tour}}.

  216. 

  217. * Changes in Archiva ${project.version}

  218. 

  219.   Released: <<${releaseDate}>>

  220. 

  221. 

  222. ** New Feature

  223. 

  224. 

  225. ** Improvement

  226. 

  227.      * [MRM-1925] - Make User-Agent header configurable for HTTP requests

  228. 

  229.      * [MRM-1861], [MRM-1924] - Increasing timeouts for repository check

  230. 

  231.      * [MRM-1937] - Prevent creating initial admin user with wrong name.

  232. 

  233.      * Adding origin header validation checks for REST requests

  234. 

  235. ** Bugs fixed

  236. 

  237.      * [MRM-1859] - Error upon viewing 'Artifacts' tab when browsing an artifact

  238. 

  239.      * [MRM-1874] - Login Dialog triggers multiple events (+messages)

  240. 

  241.      * [MRM-1908] - Logged on users can write any repository

  242. 

  243.      * [MRM-1909] - Remote repository check fails for https://repo.maven.apache.org/maven2

  244. 

  245.      * [MRM-1923] - Fixing bind issue with certain ldap servers, when user not found

  246. 

  247.      * [MRM-1926] - Invalid checksum files in Archiva repository after download from remote repository

  248. 

  249.      * [MRM-1928] - Bad redirect URL when using Archiva through HTTP reverse proxy

  250.  

  251.      * [MRM-1933] - No message body writer has been found for class org.apache.archiva.rest.services.ArchivaRestError

  252.  

  253.      * [MRM-1940] - Slashes appended to remote repo url

  254. 

  255. 

  256. ** Task

  257. 

  258. 

  259. 

  260. * History

  261. 

  262.   Archiva was started in November 2005, building a simple framework on top of some existing repository conversion

  263.   tools within the Maven project. Initial development focused on repository conversion, error reporting, and indexing.

  264.   From January 2006 a web application was started to visualise the information and to start incorporating

  265.   functionality from the unmaintained maven-proxy project.

  266. 

  267.   Development continued through many stops and starts. Initial versions of Archiva were built from source by contributors,

  268.   and the first alpha version was not released until April 2007. Some significant changes were made to improve

  269.   performance and functionality in June 2007 and over the next 6 months and a series of alpha and beta releases, a concerted effort

  270.   was made to release the 1.0 version.

  271. 

  272.   Archiva became an Apache "top level project" in March 2008.