You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tapestry.apache.org by bu...@apache.org on 2021/04/14 22:21:23 UTC
svn commit: r1073781 [3/3] - in /websites/production/tapestry/content: ./
2021/04/ 2021/04/14/ cache/
Added: websites/production/tapestry/content/release-notes-572.html
==============================================================================
--- websites/production/tapestry/content/release-notes-572.html (added)
+++ websites/production/tapestry/content/release-notes-572.html Wed Apr 14 22:21:23 2021
@@ -0,0 +1,428 @@
+<!DOCTYPE html>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<html>
+<head>
+ <meta http-equiv="content-type" content="text/html; charset=utf-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1">
+ <meta name="keywords" content="tapestry, apache, apache tapestry, framework, java, web, component, open source, application, dynamic, scalable, robust, servlet">
+ <meta name="description" content="Apache Tapestry is a open-source component-oriented framework for creating dynamic, robust, highly scalable web applications in Java. Tapestry complements and builds upon the standard Java Servlet API, and so it works in any servlet container or application server.">
+
+ <title>
+ Release Notes 5.7.2 - Apache Tapestry
+ </title>
+
+ <link rel="apple-touch-icon-precomposed" sizes="144x144" href="/images/apache-tapestry-icon-144.png">
+ <link rel="apple-touch-icon-precomposed" sizes="114x114" href="/images/apache-tapestry-icon-114.png">
+ <link rel="apple-touch-icon-precomposed" sizes="72x72" href="/images/apache-tapestry-icon-72.png">
+ <link rel="apple-touch-icon-precomposed" href="/images/apache-tapestry-icon-57.png">
+ <link rel="shortcut icon" href="/images/apache-tapestry-icon-32.png">
+
+ <link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Sarabun:ital,wght@0,400;0,700;1,400;1,700&display=swap">
+ <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css" integrity="sha384-Vkoo8x4CGsO3+Hhxv8T/Q5PaXtkKtu6ug5TOeNV6gBiFeWPGFN9MuhOf23Q9Ifjh" crossorigin="anonymous">
+ <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/css/all.min.css">
+ <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/prism/1.20.0/themes/prism.min.css">
+ <link rel="stylesheet" href="/styles/main.css">
+
+ <script type="text/javascript">
+ if (window.location.protocol === 'http:' && window.location.hostname !== 'localhost') {
+ window.location = window.location.href.replace('http://', 'https://');
+ }
+ </script>
+
+ <script src="https://code.jquery.com/jquery-3.4.1.slim.min.js" integrity="sha384-J6qa4849blE2+poT4WnyKhv5vZF5SrPo0iEjwBvKU7imGFAV0wwj1yYfoRSJoZ+n" crossorigin="anonymous" defer></script>
+ <script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js" integrity="sha384-Q6E9RHvbIyZFJoft+2mJbHaEWldlvI9IOYy5n3zV9zzTtmI3UksdQRVvoxMfooAo" crossorigin="anonymous" defer></script>
+ <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js" integrity="sha384-wfSDF2E50Y2D1uUdj0O3uMBJnjuUD4Ih7YwaYd1iqfktj0Uod8GCExl3Og8ifwB6" crossorigin="anonymous" defer></script>
+ <script src="https://cdnjs.cloudflare.com/ajax/libs/prism/1.20.0/prism.min.js" defer></script>
+ <script src="https://cdnjs.cloudflare.com/ajax/libs/prism/1.20.0/plugins/autoloader/prism-autoloader.min.js" defer></script>
+
+ <script type="text/javascript">
+ window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date;
+ ga('create', 'UA-400821-1', 'auto');
+ ga('send', 'pageview');
+ </script>
+ <script async src="https://www.google-analytics.com/analytics.js"></script>
+</head>
+<body>
+ <!-- /// Navigation Start -->
+ <div id="navigation"><p><header>
+ <div class="container-fluid">
+ <div class="row">
+ <div class="col-12">
+ <nav class="navbar navbar-expand-xl navbar-light justify-content-between">
+ <a class="navbar-brand" href="/index.html">
+ <img src="/images/apache-tapestry-icon-dark.svg" width="60" alt="Apache Tapestry" title="Apache Tapestry">
+ <span>apache tapestry</span>
+ </a>
+ <button type="button" class="navbar-toggler" data-toggle="collapse" data-target="#navbarCollapse" aria-controls="navbarCollapse" aria-expanded="false" aria-label="Toggle navigation">
+ <span class="navbar-toggler-icon"></span>
+ </button>
+ <div class="collapse navbar-collapse" id="navbarCollapse">
+ <ul class="navbar-nav mx-auto"><li class="nav-item">
+ <a class="nav-link active" href="/getting-started.html">Getting Started</a>
+ </li><li class="nav-item">
+ <a class="nav-link active" href="/documentation.html">Documentation</a>
+ </li><li class="nav-item">
+ <a class="nav-link active" href="/download.html">Download</a>
+ </li><li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle active" id="communityNavbarDropdown" href="#" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
+ Community
+ </a>
+ <div class="dropdown-menu" aria-labelledby="communityNavbarDropdown">
+ <a class="dropdown-item" href="/community.html">Mailing Lists</a>
+ <a class="dropdown-item" href="https://stackoverflow.com/questions/tagged/tapestry">StackOverflow</a>
+ <a class="dropdown-item" href="/support.html">Support</a>
+ <a class="dropdown-item" href="/community.html">Getting Involved</a>
+ <a class="dropdown-item" href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=177050734" title="Edit this page (requires approval, just ask on the mailing list)">Edit this page</a>
+ <div class="dropdown-divider"></div>
+ <a class="dropdown-item" href="https://twitter.com/ApacheTapestry">@ApacheTapestry</a>
+ <a class="dropdown-item" href="https://twitter.com/hashtag/tapestry5">#tapestry5</a>
+ </div>
+ </li><li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle active" id="developmentNavbarDropdown" href="#" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
+ Development
+ </a>
+ <div class="dropdown-menu" aria-labelledby="developmentNavbarDropdown">
+ <a class="dropdown-item" href="https://gitbox.apache.org/repos/asf?p=tapestry-5.git">Source Code</a>
+ <a class="dropdown-item" href="https://issues.apache.org/jira/browse/TAP5">Issues</a>
+ </div>
+ </li><li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle active" id="apacheNavbarDropdown" href="#" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
+ Apache
+ </a>
+ <div class="dropdown-menu" aria-labelledby="apacheNavbarDropdown">
+ <a class="dropdown-item" href="https://www.apache.org/">About Apache</a>
+ <a class="dropdown-item" href="https://apachecon.com/?ref=royale.apache.org">Events</a>
+ <a class="dropdown-item" href="https://www.apache.org/foundation/sponsorship.html">Sponsorship</a>
+ <a class="dropdown-item" href="https://www.apache.org/licenses/LICENSE-2.0">License</a>
+ <a class="dropdown-item" href="https://www.apache.org/security/">Security</a>
+ <a class="dropdown-item" href="https://www.apache.org/foundation/thanks.html">Thanks!</a>
+ </div>
+ </li></ul>
+ <form enctype="application/x-www-form-urlencoded" method="get" class="form-inline" action="search.html">
+ <input type="search" class="form-control search-input" name="q" placeholder="Search docs, issues, wikis and blogs" aria-label="Search">
+ <button type="submit" class="d-none">Search</button>
+ </form>
+ </div>
+ </nav>
+ </div>
+ </div>
+ </div>
+</header></p></div>
+ <!-- /// Navigation End -->
+
+ <article>
+ <div class="container-fluid">
+ <div class="container pt-5">
+ <div class="row">
+ <div class="col-12">
+ <!-- /// Breadcrumb Start -->
+ <div id="breadcrumb" class="mb-2 text-small">
+ <a href="index.html">Apache Tapestry</a> > <a href="documentation.html">Documentation</a> > <a href="release-notes.html">Release Notes</a> > <a href="release-notes-572.html">Release Notes 5.7.2</a>
+ </div>
+ <!-- /// Breadcrumb End -->
+
+ <!-- /// Smallbanner Start -->
+ <div id="smallbanner"><h1 class="title" id="title">Release Notes 5.7.2</h1></div>
+ <!-- /// Smallbanner Start -->
+
+ <!-- /// Content Start -->
+ <div id="content">
+ <div id="ConfluenceContent"><p>Tapestry 5.7.2 is a drop-in replacement and recommended upgrade for previous 5.7.x versions.</p><h2 id="ReleaseNotes5.7.2-Improvementsmade">Improvements made</h2><p>
+
+
+
+
+
+<style type="text/css">
+ #refresh-module-931610052 .icon {
+ background-position: left center;
+ background-repeat: no-repeat;
+ display: inline-block;
+ font-size: 0;
+ max-height: 16px;
+ text-align: left;
+ text-indent: -9999em;
+ vertical-align: text-bottom;
+ }
+</style>
+</p><div class="refresh-module-id jira-table" id="refresh-module-931610052">
+<p>
+
+
+
+
+ </p><div class="jira-issues" id="jira-issues-931610052" style="width: 100%; overflow: auto;">
+ <table class="table table-bordered table-responsive"><tbody><tr><td></td></tr><tr><th colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport jira-tablesorter-header" style="text-align: left; text-transform: capitalize; padding:5px !important;"><span class="jim-table-header-content">Key</span></th><th colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport jira-tablesorter-header" style="text-align: left; text-transform: capitalize; padding:5px !important;"><span class="jim-table-header-content">Summary</span></th><th colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport jira-tablesorter-header" style="text-align: left; text-transform: capitalize; padding:5px !important;"><span class="jim-table-header-content">T</span></th><th colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport jira-tablesorter-header" style="text-align: left; text-transform: capitalize; padding:5px !important;"><span class="jim-table-header-content">Crea
ted</span></th><th colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport jira-tablesorter-header" style="text-align: left; text-transform: capitalize; padding:5px !important;"><span class="jim-table-header-content">Updated</span></th><th colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport jira-tablesorter-header" style="text-align: left; text-transform: capitalize; padding:5px !important;"><span class="jim-table-header-content">Due</span></th><th colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport jira-tablesorter-header" style="text-align: left; text-transform: capitalize; padding:5px !important;"><span class="jim-table-header-content">Assignee</span></th><th colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport jira-tablesorter-header" style="text-align: left; text-transform: capitalize; padding:5px !important;"><span class="jim-table-header-content">Reporter</span></th><th colspan="1" rowspan="1" class="jira-macro-table-
underline-pdfexport jira-tablesorter-header" style="text-align: left; text-transform: capitalize; padding:5px !important;"><span class="jim-table-header-content">P</span></th><th colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport jira-tablesorter-header" style="text-align: left; text-transform: capitalize; padding:5px !important;"><span class="jim-table-header-content">Status</span></th><th colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport jira-tablesorter-header" style="text-align: left; text-transform: capitalize; padding:5px !important;"><span class="jim-table-header-content">Resolution</span></th></tr><tr class="rowNormal"><td colspan="1" nowrap>
+ <a href="https://issues.apache.org/jira/browse/TAP5-2672?src=confmacro">TAP5-2672</a>
+ </td><td colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport" style="padding:5px !important;vertical-align: top;">
+ <a href="https://issues.apache.org/jira/browse/TAP5-2672?src=confmacro">
+ Improve reporting for errors in JS modules
+ </a>
+ </td><td colspan="1" nowrap>
+ <a href="https://issues.apache.org/jira/browse/TAP5-2672?src=confmacro"><img class="icon" src="https://issues.apache.org/jira/secure/viewavatar?size=xsmall&avatarId=21140&avatarType=issuetype" alt="Improvement"></a>
+ </td><td colspan="1" nowrap>
+ Apr 08, 2021
+ </td><td colspan="1" nowrap>
+ Apr 08, 2021
+ </td><td colspan="1" nowrap>
+
+ </td><td colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport" style="padding:5px !important;vertical-align: top;">
+ Thiago Henrique De Paula Figueiredo
+ </td><td colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport" style="padding:5px !important;vertical-align: top;">
+ Thiago Henrique De Paula Figueiredo
+ </td><td colspan="1" nowrap>
+ <img class="icon" src="https://issues.apache.org/jira/images/icons/priorities/major.svg" alt="Major">
+ </td><td colspan="1" nowrap>
+
+ <span class="aui-lozenge aui-lozenge-subtle aui-lozenge-success">
+ Resolved
+ </span>
+ </td><td colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport" style="padding:5px !important;vertical-align: top;">
+ Fixed
+ </td></tr><tr><td colspan="11" rowspan="1">
+ <div class="jira-oauth-message-marker">
+ <div class="aui-message-container">
+ <div class="aui-message aui-message-info info">
+ <span><a class="static-oauth-init" href="https://cwiki.apache.org/confluence/plugins/servlet/applinks/oauth/login-dance/authorize?applicationLinkID=5aa69414-a9e9-3523-82ec-879b028fb15b">Authenticate</a> to retrieve your issues</span>
+ <span class="aui-icon icon-info"></span>
+ </div>
+ </div>
+ </div>
+ </td></tr></tbody></table>
+ </div>
+ <div class="refresh-issues-bottom">
+ <span class="total-issues-count" id="total-issues-count">
+ <a title="View all matching issues in Jira." href="https://issues.apache.org/jira/secure/IssueNavigator.jspa?reset=true&jqlQuery=project+%3D%22Tapestry+5%22+and+fixVersion+%3D+5.7.2+and+type+%21%3D+bug++&src=confmacro">
+ 1 issue
+ </a>
+ </span>
+ </div>
+
+
+
+</div>
+<h2 id="ReleaseNotes5.7.2-Bugsfixed">Bugs fixed</h2><p>
+
+
+
+
+
+<style type="text/css">
+ #refresh-module--47077371 .icon {
+ background-position: left center;
+ background-repeat: no-repeat;
+ display: inline-block;
+ font-size: 0;
+ max-height: 16px;
+ text-align: left;
+ text-indent: -9999em;
+ vertical-align: text-bottom;
+ }
+</style>
+</p><div class="refresh-module-id jira-table" id="refresh-module--47077371">
+<p>
+
+
+
+
+ </p><div class="jira-issues" id="jira-issues--47077371" style="width: 100%; overflow: auto;">
+ <table class="table table-bordered table-responsive"><tbody><tr><td></td></tr><tr><th colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport jira-tablesorter-header" style="text-align: left; text-transform: capitalize; padding:5px !important;"><span class="jim-table-header-content">Key</span></th><th colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport jira-tablesorter-header" style="text-align: left; text-transform: capitalize; padding:5px !important;"><span class="jim-table-header-content">Summary</span></th><th colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport jira-tablesorter-header" style="text-align: left; text-transform: capitalize; padding:5px !important;"><span class="jim-table-header-content">T</span></th><th colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport jira-tablesorter-header" style="text-align: left; text-transform: capitalize; padding:5px !important;"><span class="jim-table-header-content">Crea
ted</span></th><th colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport jira-tablesorter-header" style="text-align: left; text-transform: capitalize; padding:5px !important;"><span class="jim-table-header-content">Updated</span></th><th colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport jira-tablesorter-header" style="text-align: left; text-transform: capitalize; padding:5px !important;"><span class="jim-table-header-content">Due</span></th><th colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport jira-tablesorter-header" style="text-align: left; text-transform: capitalize; padding:5px !important;"><span class="jim-table-header-content">Assignee</span></th><th colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport jira-tablesorter-header" style="text-align: left; text-transform: capitalize; padding:5px !important;"><span class="jim-table-header-content">Reporter</span></th><th colspan="1" rowspan="1" class="jira-macro-table-
underline-pdfexport jira-tablesorter-header" style="text-align: left; text-transform: capitalize; padding:5px !important;"><span class="jim-table-header-content">P</span></th><th colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport jira-tablesorter-header" style="text-align: left; text-transform: capitalize; padding:5px !important;"><span class="jim-table-header-content">Status</span></th><th colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport jira-tablesorter-header" style="text-align: left; text-transform: capitalize; padding:5px !important;"><span class="jim-table-header-content">Resolution</span></th></tr><tr class="rowNormal"><td colspan="1" nowrap>
+ <a href="https://issues.apache.org/jira/browse/TAP5-2673?src=confmacro">TAP5-2673</a>
+ </td><td colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport" style="padding:5px !important;vertical-align: top;">
+ <a href="https://issues.apache.org/jira/browse/TAP5-2673?src=confmacro">
+ Guava generics resolver not used when added in the classpath
+ </a>
+ </td><td colspan="1" nowrap>
+ <a href="https://issues.apache.org/jira/browse/TAP5-2673?src=confmacro"><img class="icon" src="https://issues.apache.org/jira/secure/viewavatar?size=xsmall&avatarId=21133&avatarType=issuetype" alt="Bug"></a>
+ </td><td colspan="1" nowrap>
+ Apr 08, 2021
+ </td><td colspan="1" nowrap>
+ Apr 08, 2021
+ </td><td colspan="1" nowrap>
+
+ </td><td colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport" style="padding:5px !important;vertical-align: top;">
+ Thiago Henrique De Paula Figueiredo
+ </td><td colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport" style="padding:5px !important;vertical-align: top;">
+ Thiago Henrique De Paula Figueiredo
+ </td><td colspan="1" nowrap>
+ <img class="icon" src="https://issues.apache.org/jira/images/icons/priorities/major.svg" alt="Major">
+ </td><td colspan="1" nowrap>
+
+ <span class="aui-lozenge aui-lozenge-subtle aui-lozenge-success">
+ Closed
+ </span>
+ </td><td colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport" style="padding:5px !important;vertical-align: top;">
+ Fixed
+ </td></tr><tr class="rowAlternate"><td colspan="1" nowrap>
+ <a href="https://issues.apache.org/jira/browse/TAP5-2671?src=confmacro">TAP5-2671</a>
+ </td><td colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport" style="padding:5px !important;vertical-align: top;">
+ <a href="https://issues.apache.org/jira/browse/TAP5-2671?src=confmacro">
+ dom(...).trigger("submit") doesn't work on Chrome
+ </a>
+ </td><td colspan="1" nowrap>
+ <a href="https://issues.apache.org/jira/browse/TAP5-2671?src=confmacro"><img class="icon" src="https://issues.apache.org/jira/secure/viewavatar?size=xsmall&avatarId=21133&avatarType=issuetype" alt="Bug"></a>
+ </td><td colspan="1" nowrap>
+ Apr 08, 2021
+ </td><td colspan="1" nowrap>
+ Apr 08, 2021
+ </td><td colspan="1" nowrap>
+
+ </td><td colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport" style="padding:5px !important;vertical-align: top;">
+ Thiago Henrique De Paula Figueiredo
+ </td><td colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport" style="padding:5px !important;vertical-align: top;">
+ Thiago Henrique De Paula Figueiredo
+ </td><td colspan="1" nowrap>
+ <img class="icon" src="https://issues.apache.org/jira/images/icons/priorities/major.svg" alt="Major">
+ </td><td colspan="1" nowrap>
+
+ <span class="aui-lozenge aui-lozenge-subtle aui-lozenge-success">
+ Closed
+ </span>
+ </td><td colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport" style="padding:5px !important;vertical-align: top;">
+ Fixed
+ </td></tr><tr class="rowNormal"><td colspan="1" nowrap>
+ <a href="https://issues.apache.org/jira/browse/TAP5-2670?src=confmacro">TAP5-2670</a>
+ </td><td colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport" style="padding:5px !important;vertical-align: top;">
+ <a href="https://issues.apache.org/jira/browse/TAP5-2670?src=confmacro">
+ Better handling of slashes in context asset URLs
+ </a>
+ </td><td colspan="1" nowrap>
+ <a href="https://issues.apache.org/jira/browse/TAP5-2670?src=confmacro"><img class="icon" src="https://issues.apache.org/jira/secure/viewavatar?size=xsmall&avatarId=21133&avatarType=issuetype" alt="Bug"></a>
+ </td><td colspan="1" nowrap>
+ Apr 04, 2021
+ </td><td colspan="1" nowrap>
+ Apr 04, 2021
+ </td><td colspan="1" nowrap>
+
+ </td><td colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport" style="padding:5px !important;vertical-align: top;">
+ Thiago Henrique De Paula Figueiredo
+ </td><td colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport" style="padding:5px !important;vertical-align: top;">
+ Thiago Henrique De Paula Figueiredo
+ </td><td colspan="1" nowrap>
+ <img class="icon" src="https://issues.apache.org/jira/images/icons/priorities/major.svg" alt="Major">
+ </td><td colspan="1" nowrap>
+
+ <span class="aui-lozenge aui-lozenge-subtle aui-lozenge-success">
+ Closed
+ </span>
+ </td><td colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport" style="padding:5px !important;vertical-align: top;">
+ Fixed
+ </td></tr><tr class="rowAlternate"><td colspan="1" nowrap>
+ <a href="https://issues.apache.org/jira/browse/TAP5-2669?src=confmacro">TAP5-2669</a>
+ </td><td colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport" style="padding:5px !important;vertical-align: top;">
+ <a href="https://issues.apache.org/jira/browse/TAP5-2669?src=confmacro">
+ Tapestry Form.js running on non Tapestry forms
+ </a>
+ </td><td colspan="1" nowrap>
+ <a href="https://issues.apache.org/jira/browse/TAP5-2669?src=confmacro"><img class="icon" src="https://issues.apache.org/jira/secure/viewavatar?size=xsmall&avatarId=21133&avatarType=issuetype" alt="Bug"></a>
+ </td><td colspan="1" nowrap>
+ Mar 31, 2021
+ </td><td colspan="1" nowrap>
+ Apr 06, 2021
+ </td><td colspan="1" nowrap>
+
+ </td><td colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport" style="padding:5px !important;vertical-align: top;">
+ Thiago Henrique De Paula Figueiredo
+ </td><td colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport" style="padding:5px !important;vertical-align: top;">
+ Alex Craddock
+ </td><td colspan="1" nowrap>
+ <img class="icon" src="https://issues.apache.org/jira/images/icons/priorities/major.svg" alt="Major">
+ </td><td colspan="1" nowrap>
+
+ <span class="aui-lozenge aui-lozenge-subtle aui-lozenge-success">
+ Resolved
+ </span>
+ </td><td colspan="1" rowspan="1" class="jira-macro-table-underline-pdfexport" style="padding:5px !important;vertical-align: top;">
+ Fixed
+ </td></tr><tr><td colspan="11" rowspan="1">
+ <div class="jira-oauth-message-marker">
+ <div class="aui-message-container">
+ <div class="aui-message aui-message-info info">
+ <span><a class="static-oauth-init" href="https://cwiki.apache.org/confluence/plugins/servlet/applinks/oauth/login-dance/authorize?applicationLinkID=5aa69414-a9e9-3523-82ec-879b028fb15b">Authenticate</a> to retrieve your issues</span>
+ <span class="aui-icon icon-info"></span>
+ </div>
+ </div>
+ </div>
+ </td></tr></tbody></table>
+ </div>
+ <div class="refresh-issues-bottom">
+ <span class="total-issues-count" id="total-issues-count">
+ <a title="View all matching issues in Jira." href="https://issues.apache.org/jira/secure/IssueNavigator.jspa?reset=true&jqlQuery=project+%3D%22Tapestry+5%22+and+fixVersion+%3D5.7.2+and+type+%3Dbug++&src=confmacro">
+ 4 issues
+ </a>
+ </span>
+ </div>
+
+
+
+</div>
+</div>
+ </div>
+ <!-- /// Content End -->
+ </div>
+ </div>
+ </div>
+ </div>
+ </article>
+
+ <!-- /// Footer Start -->
+ <div id="footer"><p>Apache Tapestry, Tapestry, Apache, the Apache feather logo, and the Apache Tapestry project logo are trademarks of The Apache Software Foundation.</p><p><br clear="none"><footer class="py-3">
+ <div class="container-fluid">
+ <div class="container">
+ <div class="row">
+ <div class="col-4 col-lg-2">
+ <span class="font-weight-bold">Apache Tapestry</span>
+ <ul><li><a href="index.html">Home</a></li><li><a href="download.html">Download</a></li><li><a href="about.html">Team</a></li><li><a href="https://www.apache.org/licenses/LICENSE-2.0">License</a></li></ul>
+ <span class="font-weight-bold">Documentation</span>
+ <ul><li><a href="introduction.html">Introduction</a></li><li><a href="principles.html">Principles</a></li><li><i class="fas fa-play"></i> <a href="getting-started.html">Getting Started</a></li><li><i class="fas fa-play"></i> <a href="user-guide.html">User Guide</a></li><li><i class="fas fa-book"></i> <a href="documentation.html">Docs</a></li><li><i class="fas fa-book"></i> <a href="component-reference.html">Component Reference</a></li><li><i class="fas fa-book"></i> <a href="current/apidocs">Apidocs</a></li><li><a href="frequently-asked-questions.html">FAQ</a></li></ul>
+ </div>
+ <div class="col-4 col-lg-2">
+ <span class="font-weight-bold">Community</span>
+ <ul><li><i class="fas fa-envelope-open-text"></i> <a href="community.html">Mailing Lists</a></li><li><i class="fab fa-stack-overflow"> </i> <a href="https://stackoverflow.com/questions/tagged/tapestry">StackOverflow</a></li><li><a href="support.html">Support</a></li><li><a href="community.html">Getting Involved</a></li><li><a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=177050734" title="Edit this page (requires approval, just ask on the mailing list)">Edit this page</a></li></ul>
+ <span class="font-weight-bold">Social</span>
+ <ul><li><i class="fab fa-twitter"></i> <a href="https://twitter.com/ApacheTapestry">@ApacheTapestry</a></li><li><i class="fas fa-hashtag"></i> <a href="https://twitter.com/hashtag/tapestry5">#tapestry5</a></li></ul>
+ <span class="font-weight-bold">Development</span>
+ <ul><li><i class="fab fa-git"></i> <a href="https://gitbox.apache.org/repos/asf?p=tapestry-5.git">Source Code</a></li><li><i class="fab fa-jira"></i> <a href="https://issues.apache.org/jira/browse/TAP5">Issues</a></li></ul>
+ </div>
+ <div class="col-4 col-lg-2">
+ <span class="font-weight-bold">Apache</span>
+ <ul><li><a href="https://www.apache.org/">About Apache</a></li><li><a href="https://apachecon.com/?ref=royale.apache.org">Events</a></li><li><a href="https://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li><li><a href="https://www.apache.org/licenses/LICENSE-2.0">License</a></li><li><a href="https://www.apache.org/security/">Security</a></li><li><a href="https://www.apache.org/foundation/thanks.html">Thanks!</a></li></ul>
+ </div>
+ <div class="col-md-12 col-lg-6 clearfix">
+ <span class="font-weight-bold d-block">About us</span>
+ <p class="float-right ml-3 mb-0"><img src="images/apache-tapestry-icon-light.svg" width="100" alt="Apache Tapestry" title="Apache Tapestry"></p>
+ <p><a href="https://tapestry.apache.org/">Apache Tapestry™</a> is an open-source component-oriented framework for creating dynamic, robust, highly scalable web applications in Java.</p>
+ <p>Tapestry complements and builds upon the standard Java Servlet API, and so it works in any servlet container or application server.</p>
+ <p class="float-right ml-3 mb-0"><img src="images/apache-powered-by.svg" width="100" alt="Apache PoweredBy" title="Apache PoweredBy"></p>
+ <p>
+ <a href="https://tapestry.apache.org/">Apache Tapestry™</a>, <a href="https://www.apache.org/">Apache™</a> and the <a href="https://www.apache.org/foundation/press/kit/">Apache feather logo™</a>
+ are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.
+ </p>
+ </div>
+ </div>
+ <div class="row">
+ <div class="col-12">
+ Copyright © 2020 The Apache Software Foundation, Licensed under the <a href="https://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.
+ </div>
+ </div>
+ </div>
+ </div>
+</footer><br clear="none"></p><p><br clear="none"></p></div>
+ <!-- /// Footer End -->
+</body>
+</html>
Modified: websites/production/tapestry/content/release-notes.html
==============================================================================
--- websites/production/tapestry/content/release-notes.html (original)
+++ websites/production/tapestry/content/release-notes.html Wed Apr 14 22:21:23 2021
@@ -142,7 +142,7 @@
<!-- /// Content Start -->
<div id="content">
- <div id="ConfluenceContent"><p>These release notes describe the changes in each Tapestry version. Be sure to read <a href="how-to-upgrade.html">How to Upgrade</a> too.</p><div class="table-wrap"><table class="table table-bordered table-responsive"><colgroup span="1"><col span="1"><col span="1"><col span="1"><col span="1"></colgroup><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Release</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Release Notes</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Status</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Released</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">Tapestry 5.7.0</td><td colspan="1" rowspan="1" class="confluenceTd"><a href="release-notes-570.html">Release Notes for 5.7.0</a></td><td colspan="1" rowspan="1" class="confluenceTd"><strong>Current Stable Release</strong></td><td colspan="1" rowspan="1" class="confluenceTd">19 Feb 2020</
td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">Tapestry 5.6.2</td><td colspan="1" rowspan="1" class="confluenceTd"><a href="release-notes-562.html">Release Notes for 5.6.2</a></td><td colspan="1" rowspan="1" class="confluenceTd"></td><td colspan="1" rowspan="1" class="confluenceTd">19 Feb 2020</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">Tapestry 5.6.1</td><td colspan="1" rowspan="1" class="confluenceTd"><a href="release-notes-561.html">Release Notes for 5.6.1</a></td><td colspan="1" rowspan="1" class="confluenceTd"></td><td colspan="1" rowspan="1" class="confluenceTd">13 Sep 2020</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">Tapestry 5.6.0</td><td colspan="1" rowspan="1" class="confluenceTd"><a href="release-notes-560.html">Release Notes for 5.6.0</a></td><td colspan="1" rowspan="1" class="confluenceTd"></td><td colspan="1" rowspan="1" class="confluenceTd">28 Aug 2020</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">Tapest
ry 5.5.0</td><td colspan="1" rowspan="1" class="confluenceTd"><a href="release-notes-550.html">Release Notes for 5.5.0</a></td><td colspan="1" rowspan="1" class="confluenceTd"></td><td colspan="1" rowspan="1" class="confluenceTd">20 Mar 2020</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">Tapestry 5.4.5</td><td colspan="1" rowspan="1" class="confluenceTd"><a href="release-notes-545.html">Release Notes for 5.4.5</a></td><td colspan="1" rowspan="1" class="confluenceTd"></td><td colspan="1" rowspan="1" class="confluenceTd">7 Sep 2019</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">Tapestry 5.4.4</td><td colspan="1" rowspan="1" class="confluenceTd"><a href="release-notes-544.html">Release Notes for 5.4.4</a></td><td colspan="1" rowspan="1" class="confluenceTd"></td><td colspan="1" rowspan="1" class="confluenceTd">18 Dec 2018</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">Tapestry 5.4.3</td><td colspan="1" rowspan="1" class="confluenceTd"><a hre
f="release-notes-543.html">Release Notes for 5.4.3</a></td><td colspan="1" rowspan="1" class="confluenceTd"><p></p></td><td colspan="1" rowspan="1" class="confluenceTd">24 Apr 2017</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">Tapestry 5.4.2</td><td colspan="1" rowspan="1" class="confluenceTd"><a href="release-notes-542.html">Release Notes for 5.4.2</a></td><td colspan="1" rowspan="1" class="confluenceTd"><p></p></td><td colspan="1" rowspan="1" class="confluenceTd">13 Apr 2017</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">Tapestry 5.4.1</td><td colspan="1" rowspan="1" class="confluenceTd"><a href="release-notes-541.html">Release Notes for 5.4.1</a></td><td colspan="1" rowspan="1" class="confluenceTd"><p></p></td><td colspan="1" rowspan="1" class="confluenceTd">20 Mar 2016</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Tapestry 5.4</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a href="release-notes-54.html">Release Note
s for 5.4</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>19 Dec 2015</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">Tapestry 5.3.8</td><td colspan="1" rowspan="1" class="confluenceTd"><a href="release-notes-538.html">Release Notes for 5.3.8</a></td><td colspan="1" rowspan="1" class="confluenceTd"></td><td colspan="1" rowspan="1" class="confluenceTd">24 Nov 2014</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Tapestry 5.3.7</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a href="release-notes-537.html">Release Notes for 5.3.7</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong></strong></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>24 Apr 2013</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Tapestry 5.3.6</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a href="release-notes-536.html">Release
Notes for 5.3.6</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>12 Oct 2012</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Tapestry 5.3.5</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a href="release-notes-535.html">Release Notes for 5.3.5</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>29 Aug 2012</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Tapestry 5.3.4</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a href="release-notes-534.html">Release Notes for 5.3.4</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>16 Jul 2012</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Tapestry 5.3.3</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a href="release-notes-5
33.html">Release Notes for 5.3.3</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>24 Apr 2012</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Tapestry 5.3.2</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a href="release-notes-532.html">Release Notes for 5.3.2</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>07 Feb 2012</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Tapestry 5.3.1</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a href="release-notes-531.html">Release Notes for 5.3.1</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>21 Dec 2011</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Tapestry 5.3</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a href="
release-notes-53.html">Release Notes for 5.3</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>21 Nov 2011</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Tapestry 5.2.6</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a href="release-notes-52.html">Release Notes for 5.2.x</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>22 Jun 2011</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Tapestry 5.1</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a href="release-notes-51.html">Release Notes for 5.1.x</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>12 Apr 2009</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Tapestry 5.0</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><
a href="release-notes-50.html">Release Notes for 5.0.x</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Dec 2008</p></td></tr></tbody></table></div></div>
+ <div id="ConfluenceContent"><p>These release notes describe the changes in each Tapestry version. Be sure to read <a href="how-to-upgrade.html">How to Upgrade</a> too.</p><div class="table-wrap"><table class="table table-bordered table-responsive"><colgroup span="1"><col span="1" style="width: 20.2465%;"><col span="1" style="width: 29.9296%;"><col span="1" style="width: 30.8099%;"><col span="1" style="width: 19.0141%;"></colgroup><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Release</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Release Notes</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Status</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Released</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">Tapestry 5.7.2</td><td colspan="1" rowspan="1" class="confluenceTd"><a href="release-notes-572.html">Release Notes for 5.7.2</a></td><td colspan="1" rowspan="1" class="confluenceTd"><stron
g>Current Stable Release</strong></td><td colspan="1" rowspan="1" class="confluenceTd">12 Apr 2021</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">Tapestry 5.7.1</td><td colspan="1" rowspan="1" class="confluenceTd"><a href="release-notes-571.html">Release Notes for 5.7.1</a></td><td colspan="1" rowspan="1" class="confluenceTd"></td><td colspan="1" rowspan="1" class="confluenceTd">13 Mar 2021</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">Tapestry 5.7.0</td><td colspan="1" rowspan="1" class="confluenceTd"><a href="release-notes-570.html">Release Notes for 5.7.0</a></td><td colspan="1" rowspan="1" class="confluenceTd"></td><td colspan="1" rowspan="1" class="confluenceTd">19 Feb 2021</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">Tapestry 5.6.4</td><td colspan="1" rowspan="1" class="confluenceTd"><a href="release-notes-564.html">Release Notes for 5.6.4</a></td><td colspan="1" rowspan="1" class="confluenceTd"></td><td colspan="1" rowspan="1" c
lass="confluenceTd">12 Apr 2021</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">Tapestry 5.6.3</td><td colspan="1" rowspan="1" class="confluenceTd"><a href="release-notes-563.html">Release Notes for 5.6.3</a></td><td colspan="1" rowspan="1" class="confluenceTd"></td><td colspan="1" rowspan="1" class="confluenceTd">13 Mar 2021</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">Tapestry 5.6.2</td><td colspan="1" rowspan="1" class="confluenceTd"><a href="release-notes-562.html">Release Notes for 5.6.2</a></td><td colspan="1" rowspan="1" class="confluenceTd"></td><td colspan="1" rowspan="1" class="confluenceTd">19 Feb 2021</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">Tapestry 5.6.1</td><td colspan="1" rowspan="1" class="confluenceTd"><a href="release-notes-561.html">Release Notes for 5.6.1</a></td><td colspan="1" rowspan="1" class="confluenceTd"></td><td colspan="1" rowspan="1" class="confluenceTd">13 Sep 2020</td></tr><tr><td colspan="1" rowspa
n="1" class="confluenceTd">Tapestry 5.6.0</td><td colspan="1" rowspan="1" class="confluenceTd"><a href="release-notes-560.html">Release Notes for 5.6.0</a></td><td colspan="1" rowspan="1" class="confluenceTd"></td><td colspan="1" rowspan="1" class="confluenceTd">28 Aug 2020</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">Tapestry 5.5.0</td><td colspan="1" rowspan="1" class="confluenceTd"><a href="release-notes-550.html">Release Notes for 5.5.0</a></td><td colspan="1" rowspan="1" class="confluenceTd"></td><td colspan="1" rowspan="1" class="confluenceTd">20 Mar 2020</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">Tapestry 5.4.5</td><td colspan="1" rowspan="1" class="confluenceTd"><a href="release-notes-545.html">Release Notes for 5.4.5</a></td><td colspan="1" rowspan="1" class="confluenceTd"></td><td colspan="1" rowspan="1" class="confluenceTd">7 Sep 2019</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">Tapestry 5.4.4</td><td colspan="1" rowspa
n="1" class="confluenceTd"><a href="release-notes-544.html">Release Notes for 5.4.4</a></td><td colspan="1" rowspan="1" class="confluenceTd"></td><td colspan="1" rowspan="1" class="confluenceTd">18 Dec 2018</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">Tapestry 5.4.3</td><td colspan="1" rowspan="1" class="confluenceTd"><a href="release-notes-543.html">Release Notes for 5.4.3</a></td><td colspan="1" rowspan="1" class="confluenceTd"><p></p></td><td colspan="1" rowspan="1" class="confluenceTd">24 Apr 2017</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">Tapestry 5.4.2</td><td colspan="1" rowspan="1" class="confluenceTd"><a href="release-notes-542.html">Release Notes for 5.4.2</a></td><td colspan="1" rowspan="1" class="confluenceTd"><p></p></td><td colspan="1" rowspan="1" class="confluenceTd">13 Apr 2017</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">Tapestry 5.4.1</td><td colspan="1" rowspan="1" class="confluenceTd"><a href="release-notes-541
.html">Release Notes for 5.4.1</a></td><td colspan="1" rowspan="1" class="confluenceTd"><p></p></td><td colspan="1" rowspan="1" class="confluenceTd">20 Mar 2016</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Tapestry 5.4</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a href="release-notes-54.html">Release Notes for 5.4</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>19 Dec 2015</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">Tapestry 5.3.8</td><td colspan="1" rowspan="1" class="confluenceTd"><a href="release-notes-538.html">Release Notes for 5.3.8</a></td><td colspan="1" rowspan="1" class="confluenceTd"></td><td colspan="1" rowspan="1" class="confluenceTd">24 Nov 2014</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Tapestry 5.3.7</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a href="release-notes-537.html">Release Notes for 5.
3.7</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong></strong></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>24 Apr 2013</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Tapestry 5.3.6</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a href="release-notes-536.html">Release Notes for 5.3.6</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>12 Oct 2012</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Tapestry 5.3.5</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a href="release-notes-535.html">Release Notes for 5.3.5</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>29 Aug 2012</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Tapestry 5.3.4</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a href="release-no
tes-534.html">Release Notes for 5.3.4</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>16 Jul 2012</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Tapestry 5.3.3</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a href="release-notes-533.html">Release Notes for 5.3.3</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>24 Apr 2012</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Tapestry 5.3.2</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a href="release-notes-532.html">Release Notes for 5.3.2</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>07 Feb 2012</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Tapestry 5.3.1</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a
href="release-notes-531.html">Release Notes for 5.3.1</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>21 Dec 2011</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Tapestry 5.3</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a href="release-notes-53.html">Release Notes for 5.3</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>21 Nov 2011</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Tapestry 5.2.6</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a href="release-notes-52.html">Release Notes for 5.2.x</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>22 Jun 2011</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Tapestry 5.1</p></td><td colspan="1" rowspan="1" class="confluence
Td"><p><a href="release-notes-51.html">Release Notes for 5.1.x</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>12 Apr 2009</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Tapestry 5.0</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a href="release-notes-50.html">Release Notes for 5.0.x</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Dec 2008</p></td></tr></tbody></table></div></div>
</div>
<!-- /// Content End -->
</div>
Modified: websites/production/tapestry/content/security.html
==============================================================================
--- websites/production/tapestry/content/security.html (original)
+++ websites/production/tapestry/content/security.html Wed Apr 14 22:21:23 2021
@@ -178,7 +178,7 @@
<span class="icon aui-icon content-type-page" title="Page">Page:</span> </div>
<div class="details">
- <a href="https.html">HTTPS</a>
+ <a href="security-faq.html">Security FAQ</a>
</div>
@@ -187,7 +187,7 @@
<span class="icon aui-icon content-type-page" title="Page">Page:</span> </div>
<div class="details">
- <a href="security-faq.html">Security FAQ</a>
+ <a href="https.html">HTTPS</a>
</div>
@@ -197,7 +197,7 @@
<p></p><h2 id="Security-HTTPS-onlyPages">HTTPS-only Pages</h2><p>Main Article: <a href="https.html">HTTPS</a></p><p>Tapestry provides several annotations and configuration settings that you can use to <span>ensure that all access to certain pages (or all pages) occurs only via the encrypted HTTPS protocol</span><span>. See <a href="https.html">HTTPS</a> for details.</span></p><h2 id="Security-ControllingPageAccess"><span>Controlling Page Access</span></h2><p></p><div class="navmenu" style="float:right; background:#eee; margin:3px; padding:0 1em">
<p> <strong>JumpStart Demo:</strong>
- <span class="nobr"><a class="external-link" href="http://jumpstart.doublenegative.com.au/jumpstart/examples/infrastructure/protectingpages" rel="nofollow">Protecting Pages<sup><img align="middle" class="rendericon" src="/images/confluence/icons/linkext7.gif" height="7" width="7" alt="" border="0"></sup></a></span></p></div><p><span>For simple access control needs, you can contribute a <span><a class="external-link" href="http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/services/ComponentRequestFilter.html">ComponentRequestFilter</a> with your custom logic that decides which pages should be accessed by which users. The <a class="external-link" href="https://tapestry-app.apache.org/hotels/">Tapestry Hotel Booking </a>app demonstrates this approach with an <code>@AnonymousAccess</code> annotation along with a ComponentRequestFilter named <code>AuthenticationFilter.java</code>. The filter enforces security by intercepting all requests to pages that don't hav
e that annotation, and it redirects those requests to the login page. <a class="external-link" href="http://jumpstart.doublenegative.com.au/jumpstart/examples/infrastructure/protectingpages" rel="nofollow">JumpStart</a> has a similar demo.</span></span></p><p></p><p><span>For more advanced needs see the Security Framework Integration section below.</span></p><h2 id="Security-White-listedPages">White-listed Pages</h2><p>Pages whose component classes are annotated with @<a class="external-link" href="http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/annotations/WhitelistAccessOnly.html">WhitelistAccessOnly</a> will only be displayed to users (clients) that are on the <em>whitelist</em>. By default the whitelist consists only of clients whose fully-qualified domain name is "localhost" (or the IP address equivalent, 127.0.0.1 or 0:0:0:0:0:0:0:1), but you can customize this by contributing to the ClientWhitelist service in your application's module
class (usually AppModule.java):</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>AppModule.java (partial) – simple inline example</b></div><div class="codeContent panelContent pdl">
+ <span class="nobr"><a class="external-link" href="http://jumpstart.doublenegative.com.au/jumpstart/examples/infrastructure/protectingpages" rel="nofollow">Protecting Pages<sup><img align="middle" class="rendericon" src="/images/confluence/icons/linkext7.gif" height="7" width="7" alt="" border="0"></sup></a></span></p></div><span>For simple access control needs, you can contribute a <span><a class="external-link" href="http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/services/ComponentRequestFilter.html">ComponentRequestFilter</a> with your custom logic that decides which pages should be accessed by which users. The <a class="external-link" href="https://tapestry-app.apache.org/hotels/">Tapestry Hotel Booking </a>app demonstrates this approach with an <code>@AnonymousAccess</code> annotation along with a ComponentRequestFilter named <code>AuthenticationFilter.java</code>. The filter enforces security by intercepting all requests to pages that don't have t
hat annotation, and it redirects those requests to the login page. <a class="external-link" href="http://jumpstart.doublenegative.com.au/jumpstart/examples/infrastructure/protectingpages" rel="nofollow">JumpStart</a> has a similar demo.</span></span><p></p><p><span>For more advanced needs see the Security Framework Integration section below.</span></p><h2 id="Security-White-listedPages">White-listed Pages</h2><p>Pages whose component classes are annotated with @<a class="external-link" href="http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/annotations/WhitelistAccessOnly.html">WhitelistAccessOnly</a> will only be displayed to users (clients) that are on the <em>whitelist</em>. By default the whitelist consists only of clients whose fully-qualified domain name is "localhost" (or the IP address equivalent, 127.0.0.1 or 0:0:0:0:0:0:0:1), but you can customize this by contributing to the ClientWhitelist service in your application's module class (
usually AppModule.java):</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>AppModule.java (partial) – simple inline example</b></div><div class="codeContent panelContent pdl">
<pre><code class="language-java"> @Contribute(ClientWhitelist.class)
public static void provideWhitelistAnalyzer(OrderedConfiguration<WhitelistAnalyzer> configuration)
{
@@ -210,9 +210,9 @@
}
}, "before:*");
}</code></pre>
-</div></div><p></p><p>Sometimes, in production, a firewall or proxy may make it look like the client web browser originates from localhost, with the consequence that whitelisted pages may be visible to all users. See the <a href="security-faq.html">Security FAQ</a> for how to deal with this.</p><h2 id="Security-AssetSecurity">Asset Security</h2><p>Main Article: <a href="https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=85462227">Security</a></p><p class="confluence-link">Tapestry serves assets (static content such as CSS files, images, and JavaScript, many of which are on the classpath alongside your compiled class files) to the client. Because of this, great care has gone into ensuring that certain file types cannot be served to the client. By default, file ending with ".class', ".tml" and ".properties" can be served to the client only if the request includes the file's MD5 checksum. As you would expect, that blacklist can be extended. See <a href="ass
ets.html">Assets</a> for more information.</p><h2 id="Security-ProtectingSerializedObjectDataontheClient">Protecting Serialized Object Data on the Client</h2><p><span style="color: rgb(0,0,0);">As of version 5.3.6, Tapestry integrates a </span><a class="external-link" href="http://en.wikipedia.org/wiki/HMAC" style="text-decoration: underline;text-align: justify;" rel="nofollow">hash-based message authentication code</a><span style="color: rgb(0,0,0);"> (HMAC) into serialized Java object data that it sends to the client (generally, this means the </span><code style="text-align: justify;">t:formdata</code><span style="color: rgb(0,0,0);"> hidden field used by the Form component). This ensures that the hidden binary object data is guaranteed to be unaltered when it returns to the server upon form (or AJAX) submission. The HMAC pass phrase is set using the <a href="configuration.html">tapestry.hmac-passphrase</a> configuration symbol. If you don't set that value
, you'll see a warning message in the browser, like this: </span></p><div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent">
+</div></div><p></p><p>Sometimes, in production, a firewall or proxy may make it look like the client web browser originates from localhost, with the consequence that whitelisted pages may be visible to all users. See the <a href="security-faq.html">Security FAQ</a> for how to deal with this.</p><h2 id="Security-AssetSecurity">Asset Security</h2><p>Main Article: <a href="https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=85462227">Security</a></p><p class="confluence-link">Tapestry serves assets (static content such as CSS files, images, and JavaScript, many of which are on the classpath alongside your compiled class files) to the client. Because of this, great care has gone into ensuring that certain file types cannot be served to the client. By default, file ending with ".class', ".tml" and ".properties" can be served to the client only if the request includes the file's MD5 checksum. As you would expect, that blacklist can be extended. See <a href="ass
ets.html">Assets</a> for more information.</p><h2 id="Security-ProtectingSerializedObjectDataontheClient">Protecting Serialized Object Data on the Client</h2><p><span style="color: rgb(0,0,0);">As of version 5.3.6, Tapestry integrates a </span><a class="external-link" style="text-decoration: underline;text-align: justify;" href="http://en.wikipedia.org/wiki/HMAC" rel="nofollow">hash-based message authentication code</a><span style="color: rgb(0,0,0);"> (HMAC) into serialized Java object data that it sends to the client (generally, this means the </span><code style="text-align: justify;">t:formdata</code><span style="color: rgb(0,0,0);"> hidden field used by the Form component). This ensures that the hidden binary object data is guaranteed to be unaltered when it returns to the server upon form (or AJAX) submission. The HMAC pass phrase is set using the <a href="configuration.html">tapestry.hmac-passphrase</a> configuration symbol. If you don't set that value
, you'll see a warning message in the browser, like this: </span></p><div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent">
<pre>The symbol 'tapestry.hmac-passphrase' has not been configured. This is used to configure hash-based message authentication of Tapestry data stored in forms, or in the URL. You application is less secure, and more vulnerable to denial-of-service attacks, when this symbol is not configured.</pre>
-</div></div><p><span style="color: rgb(0,0,0);">The solution is to set the tapestry.hmac-passphrase to some value (any fixed, private string, such as 30 to 40 random-looking characters, will do) in your application's module class (usually AppModule.java).</span></p><h2 id="Security-CrossSiteRequestForgery(CSRF)"><span style="color: rgb(83,145,38);">Cross Site Request Forgery (CSRF)</span></h2><p>Cross Site Request Forgery is a type of security vulnerability in which legitimate, authorized users may be made to unwittingly submit malicious requests to your web application.</p><p><a class="external-link" href="https://github.com/porscheinformatik/tapestry-csrf-protection" rel="nofollow">Tapestry-csrf-protection</a> is a 3rd party module that has several features for preventing CSRF attacks. It protects all <span>component event handlers (event links, forms, etc.) by adding a </span><span>CSRF token to event links and adds a CSRF token as a hidden field to all forms. 
;</span><span>Tokens are generated on a per-session basis.</span></p><h2 id="Security-SecurityFrameworkIntegration"><span>Security Framework Integration</span></h2><p>Tapestry does not lock you into a specific authentication/authorization implementation. There are integration modules available for the more popular open source Java security frameworks. A popular choice among Tapestry users is <a class="external-link" href="http://www.tynamo.org/tapestry-security+guide/" rel="nofollow">tapestry-security (based on Apache Shiro) from Tynamo.org</a>. It is always kept up-to-date with the latest Tapestry versions and offers several supporting security modules (e.g. <a class="external-link" href="http://www.tynamo.org/tapestry-security-jpa+guide/" rel="nofollow">tapestry-security-jpa</a>, <a class="external-link" href="http://www.tynamo.org/tynamo-federatedaccounts+guide/" rel="nofollow">tynamo-federatedaccounts</a>). There's also an <a class="external-link" href="http://www.localhost.nu/j
ava/tapestry-spring-security" rel="nofollow">integration module available for Spring Security</a> but lately, it hasn't kept up with the latest versions of Tapestry 5.</p><p>Additional information:</p><ul><li><a class="external-link" href="http://www.tynamo.org/tynamo-federatedaccounts+guide/" rel="nofollow">Tynamo-federatedaccounts</a> <span style="color: rgb(0,0,0);">is an add-on to the </span><a class="external-link" href="http://www.tynamo.org/tapestry-security+guide/" rel="nofollow">tapestry-security</a><span style="color: rgb(0,0,0);"> module, providing federated (third-party) authentication with Facebook, Twitter or Google.</span></li></ul><ul><li><span>To include OpenID with Spring Security in your application, see the following Wiki entry: </span><a class="external-link" href="http://wiki.apache.org/tapestry/Tapestry5HowToSpringSecurityAndOpenId">http://wiki.apache.org/tapestry/Tapestry5HowToSpringSecurityAndOpenId</a></li></ul><h2 id="Security-Vulnerabi
lityDisclosures">Vulnerability Disclosures</h2><h3 id="Security-CVE-2019-0195:FilereadingLeadstoJavaDeserializationVulnerability.">CVE-2019-0195: File reading Leads to Java Deserialization Vulnerability.</h3><p>Disclosure date: <a class="external-link" href="https://lists.apache.org/thread.html/5173c4eed06e2fca6fd5576ed723ff6bb1711738ec515cb51a04ab24@%3Cusers.tapestry.apache.org%3E">September 13th, 2019</a></p><p>Versions affected: all Apache Tapestry versions from 5.4.0 (including its betas) through 5.4.3</p><p>Description: Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp's AppModule class, the value of this symbol could be used to craft a Java deserialization attack, thus running malicious injected Java code. The vector would be the t:formdata
parameter from the Form component.</p><p>Mitigation: Upgrade to Tapestry 5.4.5, which is a drop-in replacement for any 5.4.x version.</p><p>Credit: Ricter Zheng</p><h3 id="Security-CVE-2019-0207:ApacheTapestry5.4.2PathTraversalvulnerability">CVE-2019-0207: Apache Tapestry 5.4.2 Path Traversal vulnerability</h3><p>Disclosure date: <a class="external-link" href="https://lists.apache.org/thread.html/765be3606d865de513f6df9288842c3cf58b09a987c617a535f2b99d@%3Cusers.tapestry.apache.org%3E">September 13th, 2019</a></p><p>Versions affected: all Apache Tapestry versions from 5.4.0 (including its betas) through 5.4.4.</p><p>Description: Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`, so attacker can perform a path traversal attack to read any files on Windows platform.</p><p>Mitigation: Upgrade to Tapestry 5.4.5, which is a drop-in replacement for any 5.4.x version.<
/p><p>Credit: Ricter Zheng</p><h3 id="Security-CVE-2019-10071:NewIssueinFixforCVE-2014-1972">CVE-2019-10071: New Issue in Fix for CVE-2014-1972</h3><p>Disclosure date: <a rel="nofollow">September 13th, 2019</a></p><p>Versions affected: all Apache Tapestry versions from 5.4.0 (including its betas) through 5.4.3</p><p>Description: The code which checks HMAC in form submissions usedString.equals() for comparisons, which results in a timing side channel vulnerability inthe comparison of the HMAC signatures. This could lead to remote codeexecution if an attacker is able to determine the correct signature fortheir payload. The comparison should have been done with a constant time algorithm instead.</p><p>Mitigation: Upgrade to Tapestry 5.4.5, which is a drop-in replacement for any 5.4.xversion.</p><p>Credit: </p><pre>David Tomaschik of the Google Security Team</pre></div>
+</div></div><p><span style="color: rgb(0,0,0);">The solution is to set the tapestry.hmac-passphrase to some value (any fixed, private string, such as 30 to 40 random-looking characters, will do) in your application's module class (usually AppModule.java).</span></p><h2 id="Security-CrossSiteRequestForgery(CSRF)"><span style="color: rgb(83,145,38);">Cross Site Request Forgery (CSRF)</span></h2><p>Cross Site Request Forgery is a type of security vulnerability in which legitimate, authorized users may be made to unwittingly submit malicious requests to your web application.</p><p><a class="external-link" href="https://github.com/porscheinformatik/tapestry-csrf-protection" rel="nofollow">Tapestry-csrf-protection</a> is a 3rd party module that has several features for preventing CSRF attacks. It protects all <span>component event handlers (event links, forms, etc.) by adding a </span><span>CSRF token to event links and adds a CSRF token as a hidden field to all forms. 
;</span><span>Tokens are generated on a per-session basis.</span></p><h2 id="Security-SecurityFrameworkIntegration"><span>Security Framework Integration</span></h2><p>Tapestry does not lock you into a specific authentication/authorization implementation. There are integration modules available for the more popular open source Java security frameworks. A popular choice among Tapestry users is <a class="external-link" href="http://www.tynamo.org/tapestry-security+guide/" rel="nofollow">tapestry-security (based on Apache Shiro) from Tynamo.org</a>. It is always kept up-to-date with the latest Tapestry versions and offers several supporting security modules (e.g. <a class="external-link" href="http://www.tynamo.org/tapestry-security-jpa+guide/" rel="nofollow">tapestry-security-jpa</a>, <a class="external-link" href="http://www.tynamo.org/tynamo-federatedaccounts+guide/" rel="nofollow">tynamo-federatedaccounts</a>). There's also an <a class="external-link" href="http://www.localhost.nu/j
ava/tapestry-spring-security" rel="nofollow">integration module available for Spring Security</a> but lately, it hasn't kept up with the latest versions of Tapestry 5.</p><p>Additional information:</p><ul><li><a class="external-link" href="http://www.tynamo.org/tynamo-federatedaccounts+guide/" rel="nofollow">Tynamo-federatedaccounts</a> <span style="color: rgb(0,0,0);">is an add-on to the </span><a class="external-link" href="http://www.tynamo.org/tapestry-security+guide/" rel="nofollow">tapestry-security</a><span style="color: rgb(0,0,0);"> module, providing federated (third-party) authentication with Facebook, Twitter or Google.</span></li></ul><ul><li><span>To include OpenID with Spring Security in your application, see the following Wiki entry: </span><a class="external-link" href="http://wiki.apache.org/tapestry/Tapestry5HowToSpringSecurityAndOpenId">http://wiki.apache.org/tapestry/Tapestry5HowToSpringSecurityAndOpenId</a></li></ul><h2 id="Security-Vulnerabi
lityDisclosures">Vulnerability Disclosures</h2><h3 id="Security-CVE-2019-0195:FilereadingLeadstoJavaDeserializationVulnerability.">CVE-2019-0195: File reading Leads to Java Deserialization Vulnerability.</h3><p>Disclosure date: <a class="external-link" href="https://lists.apache.org/thread.html/5173c4eed06e2fca6fd5576ed723ff6bb1711738ec515cb51a04ab24@%3Cusers.tapestry.apache.org%3E">September 13th, 2019</a></p><p>Versions affected: all Apache Tapestry versions from 5.4.0 (including its betas) through 5.4.3</p><p>Description: Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp's AppModule class, the value of this symbol could be used to craft a Java deserialization attack, thus running malicious injected Java code. The vector would be the t:formdata
parameter from the Form component.</p><p>Mitigation: Upgrade to Tapestry 5.4.5, which is a drop-in replacement for any 5.4.x version.</p><p>Credit: Ricter Zheng</p><h3 id="Security-CVE-2019-0207:ApacheTapestry5.4.2PathTraversalvulnerability">CVE-2019-0207: Apache Tapestry 5.4.2 Path Traversal vulnerability</h3><p>Disclosure date: <a class="external-link" href="https://lists.apache.org/thread.html/765be3606d865de513f6df9288842c3cf58b09a987c617a535f2b99d@%3Cusers.tapestry.apache.org%3E">September 13th, 2019</a></p><p>Versions affected: all Apache Tapestry versions from 5.4.0 (including its betas) through 5.4.4.</p><p>Description: Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`, so attacker can perform a path traversal attack to read any files on Windows platform.</p><p>Mitigation: Upgrade to Tapestry 5.4.5, which is a drop-in replacement for any 5.4.x version.<
/p><p>Credit: Ricter Zheng</p><h3 id="Security-CVE-2019-10071:NewIssueinFixforCVE-2014-1972">CVE-2019-10071: New Issue in Fix for CVE-2014-1972</h3><p>Disclosure date: <a rel="nofollow">September 13th, 2019</a></p><p>Versions affected: all Apache Tapestry versions from 5.4.0 (including its betas) through 5.4.3</p><p>Description: The code which checks HMAC in form submissions usedString.equals() for comparisons, which results in a timing side channel vulnerability inthe comparison of the HMAC signatures. This could lead to remote codeexecution if an attacker is able to determine the correct signature fortheir payload. The comparison should have been done with a constant time algorithm instead.</p><p>Mitigation: Upgrade to Tapestry 5.4.5, which is a drop-in replacement for any 5.4.xversion.</p><p>Credit: </p><pre>David Tomaschik of the Google Security Team</pre><h3 id="Security-CVE-2019-10071:BypassofthefixforCVE-2019-0195">CVE-2019-10071: Bypass of the fix for CVE-2019
-0195</h3><p>Disclosure date: <a rel="nofollow">March 14th, 2021</a></p><p>Versions affected: all Apache Tapestry versions from 5.4.0 (including its betas) through 5.6.1, plus 5.7.0.</p><p>Description: A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0.</p><p>The vulnerability I have found is a bypass of the fix for CVE-2019-0195. </p><p>Recap:</p><p>Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker was able to download the file `AppModule.class` by requesting the URL `<span class="nolink">http://localhost:8080/assets/something/services/AppModule.class</span>` which contains a HMAC secret key. The fix for that bug was a blacklist filter that checks if the URL ends with `.class`, `.properties` or `.xml`.</p><p>Bypass:</
p><p>Unfortunately, the blacklist solution can simply be bypassed by appending a `/` at the end of the URL: `http://localhost:8080/assets/something/services/AppModule.class/`</p><p>The slash is stripped after the blacklist check and the file `AppModule.class` is loaded into the response. This class usually contains the HMAC secret key which is used to sign</p><p>serialized Java objects. With the knowledge of that key an attacker can sign a Java gadget chain that leads to RCE (e.g. CommonsBeanUtils1 from ysoserial). </p><p>Solution for this vulnerability:</p><p>* For Apache Tapestry 5.4.0 to 5.6.1, upgrade to 5.6.2 or later.</p><p>* For Apache Tapestry 5.7.0, upgrade to 5.7.1 or later.</p><p>This issue is being tracked as TAP5-2663</p><p>Credit:</p><p>Apache Tapestry would like to thank Johannes Moritz for finding and notifying this vulnerability</p><p></p><pre></pre></div>
</div>
<!-- /// Content End -->
</div>