#28430 Vulnerability Spring-Core CVE-2022-22968

Enhancement

Major

#28426

Load any objects as initial data

#28461

Reuse of personal contacts

Detail

#28362

Changing the selection when changing models

#28421

Implementation of sequence ID functions in TLScript

#28423

Add Content Navigation Capabilities to WebFolder and Document Model

#28443

Migration processor for changing the model references of all objects in a table

#28453

Add multiline text support modifier for standard tables

#28459

Configure additional column headers InApp

#28464

Migrations: Actions after startup

#28465

Migration: Adjustment of column widths

#28469

Set the color of the set filter icon to red

#28472

Define your own option sequence InApp

Bugfix

Major

#28477

Core theme: No more scrollbars in multi-line text fields

Detail

#28348

CoreTheme: Hyperlinks in indirect filter matches look active

#28429

Vulnerability Apache Kafka CVE-2024-56128 and CVE-2024-31141

#28430

Vulnerability Spring-Core CVE-2022-22968

#28452

Scroll selection into the viewport

#28463

Problems when undocking a component from a dialog

#28480

Updating the breadcrumb when tabbar becomes invisible

#28484

JSON: Error when parsing exonential representation with '+'

#28495

Fix CVE-2024-4577 by upgrading Apache Lucene

#28498

Missing space in front of dropdowns in a toolbar

#28501

Initially closing the sidebar in the condensed theme

Bugfix

Detail

#28430

Vulnerability Spring-Core CVE-2022-22968

SecurityIssue Spring

An issue with the security fix for CVE-2022-22968 has been fixed in the Spring version used in pac4j. The use of String.toLowerCase() resulted in locale-dependent exceptions, which may not protect fields as expected.

The pac4j version has been upgraded to 6.1.0 to fix this issue. The included Spring Core version is 6.1.14, in which the Spring issue has been fixed.

Test

No test.