mirrors
/
archiva
mirror of https://github.com/apache/archiva.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 70 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8785 Commits
73 Branches
Tree: 2beaf86490
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2beaf86490'
${ noResults }
archiva/archiva-docs/src/site/apt/release-notes.apt.vm

release-notes.apt.vm 8.5KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282 
  1.  -----

  2.  Release Notes for Archiva ${project.version}

  3.  -----

  4. 

  5. ~~ Licensed to the Apache Software Foundation (ASF) under one                      

  6. ~~ or more contributor license agreements.  See the NOTICE file                    

  7. ~~ distributed with this work for additional information                           

  8. ~~ regarding copyright ownership.  The ASF licenses this file                      

  9. ~~ to you under the Apache License, Version 2.0 (the                               

  10. ~~ "License"); you may not use this file except in compliance                      

  11. ~~ with the License.  You may obtain a copy of the License at                      

  12. ~~                                                                                 

  13. ~~   http://www.apache.org/licenses/LICENSE-2.0                                    

  14. ~~                                                                                 

  15. ~~ Unless required by applicable law or agreed to in writing,                      

  16. ~~ software distributed under the License is distributed on an                     

  17. ~~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY                          

  18. ~~ KIND, either express or implied.  See the License for the                       

  19. ~~ specific language governing permissions and limitations                         

  20. ~~ under the License.                                                              

  21. 

  22. Release Notes for Archiva ${project.version}

  23. 

  24.   The Apache Archiva team is pleased to announce the release of Archiva

  25.   ${project.version}.  Archiva is {{{http://archiva.apache.org/download.html}

  26.   available for download from the web site}}.

  27. 

  28.   Archiva is an application for managing one or more remote repositories,

  29.   including administration, artifact handling, browsing and searching.

  30. 

  31.   If you have any questions, please consult:

  32. 

  33.     * the web site: {{http://archiva.apache.org/}}

  34. 

  35.     * the archiva-user mailing list: {{http://archiva.apache.org/mailing-lists.html}}

  36. 

  37. * New in Archiva ${project.version}

  38. 

  39.  Apache Archiva ${project.version} is a bug fix release:

  40. 

  41. ** Compatibility Changes

  42. 

  43.   * There are no compatibility changes

  44. 

  45. ** New Feature

  46. 

  47.   * There are no new features in this release.

  48. 

  49. ** Improvements

  50. 

  51.   * There are no improvements

  52. 

  53. ** Bug/Security Fix

  54. 

  55.   * Potential NPE when using the upload file service

  56. 

  57. 

  58. Previous Release Notes

  59. 

  60. * Release Notes for Archiva 2.2.9

  61. 

  62.  Apache Archiva 2.2.9 is a security fix release:

  63. 

  64.  Released: 2022-10-09

  65. 

  66. ** Bug/Security Fix

  67. 

  68.   * [MRM-2051}: upgrade dom4j (v2 branch)

  69.   * upgrade spring 4.2.9

  70.   * [MRM-2050]: upgrade commons-fileupload and commons-io due to cves

  71.   * [MRM-2049]: upgrade httpclient due to cves

  72.   * [MRM-2048]- upgrade xerces due to CVE

  73. 

  74. * Release Notes for Archiva 2.2.8

  75. 

  76.  Apache Archiva 2.2.8 is a security fix release:

  77. 

  78.  Released: 2022-05-25

  79. 

  80. 88 Bug/Security Fix

  81. 

  82.   * CVE-2022-29405 Apache Archiva Arbitrary user password reset vulnerability

  83. 

  84. * Release Notes for Archiva 2.2.7

  85. 

  86.  Apache Archiva 2.2.7 is a security fix release:

  87. 

  88.  Released: 2022-12-22

  89. 

  90. ** Compatibility Changes

  91. 

  92.   * [MRM-2021] There is a new flag 'literalVersion=true/false' for service archivaServices/searchService/artifact

  93.     which allows to change the behaviour for v=LATEST search.

  94. 

  95. ** New Feature

  96. 

  97.   * There are no new features in this release.

  98. 

  99. ** Improvements

  100. 

  101.   * There are no improvements

  102. 

  103. ** Bug/Security Fix

  104. 

  105.   * [MRM-2027] Update of the log4j2 version to 2.17.0

  106. 

  107.   * [MRM-2020] Fixed the behaviour of the startup script, if ARCHIVA_BASE is set (separating installation and data directory)

  108. 

  109.   * [MRM-2022] Fixed the handling of X-XSRF-TOKEN header in Javascript calls

  110. 

  111. 

  112. * Release Notes for Archiva 2.2.6

  113. 

  114.  Apache Archiva 2.2.6 is a security fix release:

  115. 

  116.  Released: 2021-12-15

  117. 

  118. ** Compatibility Changes

  119. 

  120.   * No API changes or known side effects.

  121. 

  122. ** New Feature

  123. 

  124.   * There are no new features in this release.

  125. 

  126. ** Improvements

  127. 

  128.   * There are no improvements

  129. 

  130. ** Bug/Security Fix

  131. 

  132.   * Update of the log4j2 version to mitigate the log4j2 vulnerability (CVE-2021-44228)

  133. 

  134.   * Deactivated directory listings by the file servlet

  135. 

  136. 

  137. * Release Notes for Archiva 2.2.5

  138. 

  139.  Apache Archiva 2.2.5 is a bug fix release:

  140. 

  141.  Released: 2020-06-19

  142. 

  143. ** Compatibility Changes

  144. 

  145.   * No API changes or known side effects.

  146. 

  147. ** New Feature

  148. 

  149.   * There are no new features in this release.

  150. 

  151. ** Improvements

  152. 

  153.   * There are no improvements

  154. 

  155. ** Bug Fix

  156. 

  157.   * [MRM-2008] Fix for group names with slashes

  158. 

  159.   * Better handling of LDAP filter

  160. 

  161. 

  162. * Release Notes for Archiva 2.2.4

  163. 

  164.  Apache Archiva 2.2.4 is a bug fix release:

  165. 

  166.   * Fixes for handling of artifacts

  167. 

  168.   * Improved validation of REST calls

  169. 

  170. ** Compatibility Changes

  171. 

  172.  No API changes or known side effects.

  173. 

  174.  Released: 2019-04-30

  175. 

  176. ** New Feature

  177. 

  178.   *  There are no new features in this release.

  179. 

  180. ** Improvements

  181. 

  182.   * Adding additional validation to REST service calls for artifact upload

  183. 

  184. ** Bug Fix

  185. 

  186.   * [MRM-1972] Stored XSS in Web UI Organization Name

  187. 

  188.   * [MRM-1966] Repository-purge not working

  189. 

  190.   * [MRM-1958] Purge by retention count deletes files but leaves history on website.

  191. 

  192.   * [MRM-1929] Repository purge is not reflected in index

  193. 

  194. 

  195. * Release Notes for Archiva 2.2.3

  196. 

  197. ** New in Archiva 2.2.3

  198. 

  199.   Apache Archiva 2.2.3 is a bug fix release:

  200. >>>>>>> Stashed changes

  201. 

  202.   * Some fixes for the REST API were added to detect requests from unknown origin

  203. 

  204.   * Some bugfixes were added

  205. 

  206. * Compatibility Changes

  207. 

  208.   * The REST services are now checking for the origin of the requests by analysing Origin

  209.     and Referer header of the HTTP requests and adding an validation token to the Header.

  210.     This prevents requests from malicious sites if they are open in the same browser. If you use

  211.     the REST services from other clients you may change the behaviour with the new

  212.     configuration properties for the redback security (<<<rest.csrffilter.*>>>, <<<rest.baseUrl>>>).

  213.     For more information see {{{./adminguide/customising-security.html}Archiva Security Configuration}} and

  214.     the {{{/redback/integration/rest.html}Redback REST documentation }}.

  215. 

  216.     <<Note:>> If your archiva installation is behind a reverse proxy or load balancer, it may be possible

  217.      that the Archiva Web UI does not load after the upgrade. If this is the case you may access the WebUI

  218.      via localhost or edit archiva.xml manually. In the "Redback Runtime Configuration" properties you have to

  219.      enter the base URLs of your archiva installation to the <<<rest.baseUrl>>> field.

  220. 

  221.   * Archiva uses redback for authentication and authorization in version 2.6

  222. 

  223. * Release Notes

  224. 

  225.   The Archiva ${project.version} features set can be seen in the {{{./tour/index.html} feature tour}}.

  226. 

  227. * Changes in Archiva ${project.version}

  228. 

  229.   Released: <<${releaseDate}>>

  230. 

  231. 

  232. ** New Feature

  233. 

  234. 

  235. ** Improvement

  236. 

  237.      * [MRM-1925] - Make User-Agent header configurable for HTTP requests

  238. 

  239.      * [MRM-1861], [MRM-1924] - Increasing timeouts for repository check

  240. 

  241.      * [MRM-1937] - Prevent creating initial admin user with wrong name.

  242. 

  243.      * Adding origin header validation checks for REST requests

  244. 

  245. ** Bugs fixed

  246. 

  247.      * [MRM-1859] - Error upon viewing 'Artifacts' tab when browsing an artifact

  248. 

  249.      * [MRM-1874] - Login Dialog triggers multiple events (+messages)

  250. 

  251.      * [MRM-1908] - Logged on users can write any repository

  252. 

  253.      * [MRM-1909] - Remote repository check fails for https://repo.maven.apache.org/maven2

  254. 

  255.      * [MRM-1923] - Fixing bind issue with certain ldap servers, when user not found

  256. 

  257.      * [MRM-1926] - Invalid checksum files in Archiva repository after download from remote repository

  258. 

  259.      * [MRM-1928] - Bad redirect URL when using Archiva through HTTP reverse proxy

  260. 

  261.      * [MRM-1933] - No message body writer has been found for class org.apache.archiva.rest.services.ArchivaRestError

  262. 

  263.      * [MRM-1940] - Slashes appended to remote repo url

  264. 

  265. 

  266. ** Task

  267. 

  268. 

  269. 

  270. * History

  271. 

  272.   Archiva was started in November 2005, building a simple framework on top of some existing repository conversion

  273.   tools within the Maven project. Initial development focused on repository conversion, error reporting, and indexing.

  274.   From January 2006 a web application was started to visualise the information and to start incorporating

  275.   functionality from the unmaintained maven-proxy project.

  276. 

  277.   Development continued through many stops and starts. Initial versions of Archiva were built from source by contributors,

  278.   and the first alpha version was not released until April 2007. Some significant changes were made to improve

  279.   performance and functionality in June 2007 and over the next 6 months and a series of alpha and beta releases, a concerted effort

  280.   was made to release the 1.0 version.

  281. 

  282.   Archiva became an Apache "top level project" in March 2008.