Skyve - The Low Code Open Source Enterprise Platform

View Original

Skyve 8.0.1 Released

This release provides some minor reporting fixes, but primarily removes log4j version 1 to address any concerns about the Log4Shell vulnerability. This is a recommended release for anyone concerned with log4j and all Skyve applications running 8.0.0.

Log4J

The Skyve platform did not contain log4j any version of log4j 2 affected by CVE-2021-44228, but did contain version 1 which is affected by CVE-2021-4104. For peace of mind, this has been removed in this release, but all Skyve logging of interactions with the web server and user input is performed via Java util logging. No malicious or malformed input sent to Skyve has ever been logged via log4j.

Admin

  • Fix up broken icons in Jobs

  • Fix AccountLockoutDuration description i18n

  • Fix CopyReport action

  • Update ReportDataset edit view html escaping for help text

  • Update ReportTemplate create view html escaping for help text

  • Updated User Validation

Framework

  • Protect against NPE error raised by compiler.

  • Remove log4j v1 from skyve-ejb

  • Disable Communication and Subscription generated unit tests

  • Update Abstract test classes so that generated tests now use the JUnit 5 base test running instead of JUnit 4

  • Ensure single tennant installs search for users by just userName and not bizCustomer to enable easy indexing in the data store

  • Block PrimeFaces double click

Notes for Upgrading

To upgrade your Skyve project to this version, change the Skyve version in your pom.xml to 8.0.1 and perform an assemble.

If you are upgrading from a version older than 8.0.0, please see the previous release notes and also apply those changes.

See the complete upgrade instructions on GitHub.