Skyve 8.0.1 Released
This release provides some minor reporting fixes, but primarily removes log4j version 1 to address any concerns about the Log4Shell vulnerability. This is a recommended release for anyone concerned with log4j and all Skyve applications running 8.0.0.
Log4J
The Skyve platform did not contain log4j any version of log4j 2 affected by CVE-2021-44228, but did contain version 1 which is affected by CVE-2021-4104. For peace of mind, this has been removed in this release, but all Skyve logging of interactions with the web server and user input is performed via Java util logging. No malicious or malformed input sent to Skyve has ever been logged via log4j.
Admin
Fix up broken icons in Jobs
Fix AccountLockoutDuration description i18n
Fix CopyReport action
Update ReportDataset edit view html escaping for help text
Update ReportTemplate create view html escaping for help text
Updated User Validation
Framework
Protect against NPE error raised by compiler.
Remove log4j v1 from skyve-ejb
Disable Communication and Subscription generated unit tests
Update Abstract test classes so that generated tests now use the JUnit 5 base test running instead of JUnit 4
Ensure single tennant installs search for users by just userName and not bizCustomer to enable easy indexing in the data store
Block PrimeFaces double click
Notes for Upgrading
To upgrade your Skyve project to this version, change the Skyve version in your pom.xml to 8.0.1 and perform an assemble.
If you are upgrading from a version older than 8.0.0, please see the previous release notes and also apply those changes.
See the complete upgrade instructions on GitHub.