mirrors
/
archiva
mirror of https://github.com/apache/archiva.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 70 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8762 Commits
73 Branches
Tree: a1762710cc
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a1762710cc'
${ noResults }
archiva/archiva-docs/src/site/apt/release-notes.apt.vm

release-notes.apt.vm 8.0KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259 
  1.  -----

  2.  Release Notes for Archiva ${project.version}

  3.  -----

  4. 

  5. ~~ Licensed to the Apache Software Foundation (ASF) under one                      

  6. ~~ or more contributor license agreements.  See the NOTICE file                    

  7. ~~ distributed with this work for additional information                           

  8. ~~ regarding copyright ownership.  The ASF licenses this file                      

  9. ~~ to you under the Apache License, Version 2.0 (the                               

  10. ~~ "License"); you may not use this file except in compliance                      

  11. ~~ with the License.  You may obtain a copy of the License at                      

  12. ~~                                                                                 

  13. ~~   http://www.apache.org/licenses/LICENSE-2.0                                    

  14. ~~                                                                                 

  15. ~~ Unless required by applicable law or agreed to in writing,                      

  16. ~~ software distributed under the License is distributed on an                     

  17. ~~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY                          

  18. ~~ KIND, either express or implied.  See the License for the                       

  19. ~~ specific language governing permissions and limitations                         

  20. ~~ under the License.                                                              

  21. 

  22. Release Notes for Archiva ${project.version}

  23. 

  24.   The Apache Archiva team is pleased to announce the release of Archiva

  25.   ${project.version}.  Archiva is {{{http://archiva.apache.org/download.html}

  26.   available for download from the web site}}.

  27. 

  28.   Archiva is an application for managing one or more remote repositories,

  29.   including administration, artifact handling, browsing and searching.

  30. 

  31.   If you have any questions, please consult:

  32. 

  33.     * the web site: {{http://archiva.apache.org/}}

  34. 

  35.     * the archiva-user mailing list: {{http://archiva.apache.org/mailing-lists.html}}

  36. 

  37. * New in Archiva ${project.version}

  38. 

  39.  Apache Archiva ${project.version} is a security fix release:

  40. 

  41. ** Compatibility Changes

  42. 

  43.   * There are no compatibility changes

  44. 

  45. ** New Feature

  46. 

  47.   * There are no new features in this release.

  48. 

  49. ** Improvements

  50. 

  51.   * There are no improvements

  52. 

  53. ** Bug/Security Fix

  54. 

  55.   * CVE-2022-29405 Apache Archiva Arbitrary user password reset vulnerability

  56. 

  57. 

  58. Previous Release Notes

  59. 

  60. * Release Notes for Archiva 2.2.7

  61. 

  62.  Apache Archiva 2.2.7 is a security fix release:

  63. 

  64.  Released: 2022-12-22

  65. 

  66. ** Compatibility Changes

  67. 

  68.   * [MRM-2021] There is a new flag 'literalVersion=true/false' for service archivaServices/searchService/artifact

  69.     which allows to change the behaviour for v=LATEST search.

  70. 

  71. ** New Feature

  72. 

  73.   * There are no new features in this release.

  74. 

  75. ** Improvements

  76. 

  77.   * There are no improvements

  78. 

  79. ** Bug/Security Fix

  80. 

  81.   * [MRM-2027] Update of the log4j2 version to 2.17.0

  82. 

  83.   * [MRM-2020] Fixed the behaviour of the startup script, if ARCHIVA_BASE is set (separating installation and data directory)

  84. 

  85.   * [MRM-2022] Fixed the handling of X-XSRF-TOKEN header in Javascript calls

  86. 

  87. 

  88. * Release Notes for Archiva 2.2.6

  89. 

  90.  Apache Archiva 2.2.6 is a security fix release:

  91. 

  92.  Released: 2021-12-15

  93. 

  94. ** Compatibility Changes

  95. 

  96.   * No API changes or known side effects.

  97. 

  98. ** New Feature

  99. 

  100.   * There are no new features in this release.

  101. 

  102. ** Improvements

  103. 

  104.   * There are no improvements

  105. 

  106. ** Bug/Security Fix

  107. 

  108.   * Update of the log4j2 version to mitigate the log4j2 vulnerability (CVE-2021-44228)

  109. 

  110.   * Deactivated directory listings by the file servlet

  111. 

  112. 

  113. * Release Notes for Archiva 2.2.5

  114. 

  115.  Apache Archiva 2.2.5 is a bug fix release:

  116. 

  117.  Released: 2020-06-19

  118. 

  119. ** Compatibility Changes

  120. 

  121.   * No API changes or known side effects.

  122. 

  123. ** New Feature

  124. 

  125.   * There are no new features in this release.

  126. 

  127. ** Improvements

  128. 

  129.   * There are no improvements

  130. 

  131. ** Bug Fix

  132.  

  133.   * [MRM-2008] Fix for group names with slashes

  134. 

  135.   * Better handling of LDAP filter 

  136. 

  137. 

  138. * Release Notes for Archiva 2.2.4

  139. 

  140.  Apache Archiva 2.2.4 is a bug fix release:

  141. 

  142.   * Fixes for handling of artifacts

  143. 

  144.   * Improved validation of REST calls

  145. 

  146. ** Compatibility Changes

  147. 

  148.  No API changes or known side effects.

  149. 

  150.  Released: 2019-04-30

  151. 

  152. ** New Feature

  153. 

  154.   *  There are no new features in this release.

  155. 

  156. ** Improvements

  157. 

  158.   * Adding additional validation to REST service calls for artifact upload

  159. 

  160. ** Bug Fix

  161. 

  162.   * [MRM-1972] Stored XSS in Web UI Organization Name

  163. 

  164.   * [MRM-1966] Repository-purge not working

  165. 

  166.   * [MRM-1958] Purge by retention count deletes files but leaves history on website.

  167. 

  168.   * [MRM-1929] Repository purge is not reflected in index

  169. 

  170. 

  171. * Release Notes for Archiva 2.2.3

  172. 

  173. ** New in Archiva 2.2.3

  174. 

  175.   Apache Archiva 2.2.3 is a bug fix release:

  176. >>>>>>> Stashed changes

  177. 

  178.   * Some fixes for the REST API were added to detect requests from unknown origin

  179. 

  180.   * Some bugfixes were added

  181. 

  182. * Compatibility Changes

  183. 

  184.   * The REST services are now checking for the origin of the requests by analysing Origin

  185.     and Referer header of the HTTP requests and adding an validation token to the Header.

  186.     This prevents requests from malicious sites if they are open in the same browser. If you use

  187.     the REST services from other clients you may change the behaviour with the new

  188.     configuration properties for the redback security (<<<rest.csrffilter.*>>>, <<<rest.baseUrl>>>).

  189.     For more information see {{{./adminguide/customising-security.html}Archiva Security Configuration}} and

  190.     the {{{/redback/integration/rest.html}Redback REST documentation }}.

  191. 

  192.     <<Note:>> If your archiva installation is behind a reverse proxy or load balancer, it may be possible

  193.      that the Archiva Web UI does not load after the upgrade. If this is the case you may access the WebUI

  194.      via localhost or edit archiva.xml manually. In the "Redback Runtime Configuration" properties you have to

  195.      enter the base URLs of your archiva installation to the <<<rest.baseUrl>>> field.

  196. 

  197.   * Archiva uses redback for authentication and authorization in version 2.6

  198. 

  199. * Release Notes

  200. 

  201.   The Archiva ${project.version} features set can be seen in the {{{./tour/index.html} feature tour}}.

  202. 

  203. * Changes in Archiva ${project.version}

  204. 

  205.   Released: <<${releaseDate}>>

  206. 

  207. 

  208. ** New Feature

  209. 

  210. 

  211. ** Improvement

  212. 

  213.      * [MRM-1925] - Make User-Agent header configurable for HTTP requests

  214. 

  215.      * [MRM-1861], [MRM-1924] - Increasing timeouts for repository check

  216. 

  217.      * [MRM-1937] - Prevent creating initial admin user with wrong name.

  218. 

  219.      * Adding origin header validation checks for REST requests

  220. 

  221. ** Bugs fixed

  222. 

  223.      * [MRM-1859] - Error upon viewing 'Artifacts' tab when browsing an artifact

  224. 

  225.      * [MRM-1874] - Login Dialog triggers multiple events (+messages)

  226. 

  227.      * [MRM-1908] - Logged on users can write any repository

  228. 

  229.      * [MRM-1909] - Remote repository check fails for https://repo.maven.apache.org/maven2

  230. 

  231.      * [MRM-1923] - Fixing bind issue with certain ldap servers, when user not found

  232. 

  233.      * [MRM-1926] - Invalid checksum files in Archiva repository after download from remote repository

  234. 

  235.      * [MRM-1928] - Bad redirect URL when using Archiva through HTTP reverse proxy

  236.  

  237.      * [MRM-1933] - No message body writer has been found for class org.apache.archiva.rest.services.ArchivaRestError

  238.  

  239.      * [MRM-1940] - Slashes appended to remote repo url

  240. 

  241. 

  242. ** Task

  243. 

  244. 

  245. 

  246. * History

  247. 

  248.   Archiva was started in November 2005, building a simple framework on top of some existing repository conversion

  249.   tools within the Maven project. Initial development focused on repository conversion, error reporting, and indexing.

  250.   From January 2006 a web application was started to visualise the information and to start incorporating

  251.   functionality from the unmaintained maven-proxy project.

  252. 

  253.   Development continued through many stops and starts. Initial versions of Archiva were built from source by contributors,

  254.   and the first alpha version was not released until April 2007. Some significant changes were made to improve

  255.   performance and functionality in June 2007 and over the next 6 months and a series of alpha and beta releases, a concerted effort

  256.   was made to release the 1.0 version.

  257. 

  258.   Archiva became an Apache "top level project" in March 2008.