#27434 HttpUnit uses vulnerable library JTidy

Enhancement

Major

#27105

Dynamic subscription to model events through UI elements

#27174

Components should subscribe to required model events

#27185

Deploy TopLogic as open source

#27189

Performance: Many requests to FLEX_DATA when deleting large numbers of subject objects

#27195

Model editor: sub-structuring of modules

#27247

Define CRUD views One-Click

#27263

Display license information for all users

#27313

Formatting of values in calculated table columns

#27321

HTML rendering templates

#27327

TL-Script: Named parameters

#27330

DropDown with tooltip

#27332

Templates for complete application views

#27339

Configure views with document folder in-app

#27351

TL-Script: Binary data support

#27378

Links with custom label

#27411

Smart Startup/Shutdown

#27431

Deploy App Archetype to MavenCentral

#27488

TL-Script: Translate functions

Detail

#23724

Close dialogs by clicking on background

#27114

TableModel: Optimized insertion of many objects

#27224

Render forms via HTML templates

#27232

Declaration of commands / buttons on dialog level

#27248

Predefine icons/cliques for buttons/dialogs with theme variables if possible

#27272

Default value via sequence for number-valued attributes

#27274

Customize object creation dialog header

#27276

Constant default value for icon attributes

#27284

Build: Influence the "build timestamp".

#27304

Collapse list entries in declarative forms

#27320

Layout XML: Use of template parameters for inner template calls

#27329

Render tooltips via HTML templates

#27333

LayoutEditor: Customize hint text for empty tile list

#27334

Make headers available for processing the response of an Open API call

#27336

TL-Script function to wait for a certain time

#27338

Missing error message when using `attribute` for references

#27347

Move declaration of ThemeVar to Icons classes

#27350

Render tables via HTML templates

#27354

Declare TabBar HTML Template

#27358

Declare ButtonComponent HTML Template

#27365

Select default selection based on the last (current) selection

#27380

Bulk deletion of subject objects

#27384

Objects form element Show as read-only

#27406

Remove modules outside tl-engine from dependency management of tl-parent-all

#27409

Declare Collapsible and DialogWindow Template

#27412

Bulk Dependency Update 2023/06

#27413

Update CKEditor to v4.21.0

#27442

Update Lucene to 8.11.2

#27452

Collapse button configurations by default

#27462

Prevent selection in the grid if the edited row has errors

#27468

Application scripting: resolve LayoutComponent's only if they are visible

#27474

Simple installation method with Docker

#27475

Update default tooltip design

#27476

InfoService new with timestamp and different CSS classes

#27494

Open form editor for viewing

#27498

Log uncaught exceptions for all explicitly started threads

#27518

Model-based expert search should use the full space

#27519

Render table footer via HTML templates

#27535

Show dual licensing in source files

#27538

Transfer documentation to the applications

Bugfix

Major

#27369

Check-Changed dialog (much) too small

#27388

No display of error text in composition tables

#27407

Selection of the grid disappears with F5

#27408

AbstractFlexDataManager logs warning when loading the same object multiple times

#27446

Incorrect license display for TopLogic modules in the license overview

#27471

In-app configuration of button columns

#27543

If no English I18N was stored for a layout, technical ID is exported

#27546

Documentation exports files with spaces at the end of the file, which Windows does not allow

Detail

#25608

The form preview differs from its production view

#25706

No export of HTML attributes to Excel possible

#26912

File upload with ScriptingRecorder from the file system not possible

#27230

Command release service: exception rule does not work

#27268

<pre>-formatted text collapses to one line in HTML fields

#27275

I18N string as name attribute returns error

#27306

Option providers still do not update calculated suggested values

#27310

Theme editor: no independent theme can be created

#27311

Theme editor: "New stylesheet" dialog looks broken

#27312

Application tests: No recording of inputs in I18N string attributes in grid possible

#27326

Memory hole: Personal configuration is not cleared properly

#27335

Document attribute error in composition table

#27340

Administration: Maintenance mode does not work properly

#27341

TL script: NPE when regular expressions evaluate to "null".

#27343

LayoutEditor: Component channel selection for dialog open buttons wrong

#27344

Unwanted inlining of properties when creating a new app

#27345

FolderComponent without model leads to errors

#27349

Disappearing design buttons in tiles

#27352

TL script: Incorrect hash code for JSON objects

#27364

Scheduler: Task execution fails with longer results

#27379

Open API Service: Query parameters of type Date do not work

#27381

Incorrect preassignment in the chart JS template

#27385

Incorrect calculation of the sort order in references

#27393

Tree - Tables: Selection of multiple row objects expands subtrees / selects wrong row

#27397

GridComponent: Row change possible in case of errors

#27400

ResKey: Missing quoting of non-primitive arguments

#27402

setting the value of an ordered association may lead to NullPointerException

#27403

Synthetic `UpdateChainLink` chain of `KBDataProducerTask` leads nowhere

#27414

ScriptingRecorder logs error while translating

#27424

"Container" for new grid line not mandatory, but hidden NPE when value is deleted

#27427

Potential NullPointerException when sorting the results of a quick search

#27429

Assertion error when setting incompatible value in ComplexField

#27430

NPE in the script recorder, when saving the script.

#27433

GanttChartExporter uses vulnerable library JTidy unnecessarily

#27434

HttpUnit uses vulnerable library JTidy

#27439

Quick search: Null pointer exception when clicking with GUI inspector on text field

#27440

Quick search: Search for phrases and terms with (Lucene) control characters does not work

#27450

Display of the "Templates" field in the form editor leads to errors

#27451

Label-For defective

#27461

Discarding not possible during DirtyHandling with multiple editors

#27463

Boolean mandatory fields no longer trivalent

#27464

User history does not update

#27478

Javascript error during window resize

#27484

Missing theme reset on "reload theme".

#27492

Unnecessary check for unsaved changes when reordering columns in the grid

#27499

Wrong position when fix. Column is dragged into flex area

#27500

Toolbar buttons do not appear multiline in table title

#27501

Tooltip of the column remains after reordering

#27502

Placeholder animation instead of table row in each table cell

#27504

Partial CSS class duplicates in table cells

#27506

Missing default icons after theme reload

#27508

Gallery attribute looks broken

#27510

Incremental TreeTable updates can destroy sort order

#27511

Configured row height of the table header is not used

#27515

Commands to start services are executable for all users with read permission to the service editor

#27516

Beacon fields display huge icon in "immutable" status in Dezent theme

#27520

Duplicate PropertyDescriptor when collecting with unordered properties

#27522

Missing key property when ConfigurationItem is overwritten

#27526

Missing consideration of the annotation ReferenceDisplay in compositions

#27529

RowClassProviders are ignored

#27533

Unnecessary execution of the "visibleButtonCount" control command

#27544

NPE when linking help pages in other help pages

Bugfix

Detail

#27434

HttpUnit uses vulnerable library JTidy

SecurityIssue

For application tests (an adapted version of) HttpUnit is used. This still uses the deprecated JTidy library for parsing HTML (see JTidyHTMLParser). The vulnerability CVE-2023-34623 is reported against JTidy. The library is deprecated and should be replaced by JSoup.

Test

No test.