Releases: folio-org/okapi
Releases · folio-org/okapi
v4.13.3
Fixes:
- OKAPI-1152 Hazelcast 4.2.6 fixing improver authentication CVE-2022-36437
v4.14.9
Fixes:
- OKAPI-1143, OKAPI-1150: Vert.x 4.3.7, Netty 4.1.86 fixing CVE-2022-41881, CVE-2022-41915
- OKAPI-1144, OKAPI-1146, OKAPI-1147: log_wait_ms option to report missing HTTP client close
v4.14.8
Fixes:
- OKAPI-1137 Upgrade to Hazelcast 4.2.6
- OKAPI-1136 Upgrade to Vert.x 4.3.5, nuprocess 2.0.6
v4.14.7
Fixes:
- OKAPI-1130 Permission okapi.all must include timer management permissions
- OKAPI-1129 NPE in timer patch
v4.14.6
- OKAPI-1127 Fix Using -Dloglevel=$OKAPI_LOGLEVEL does not take effect
v4.14.5
- OKAPI-1122: nuprocess 2.0.5 fixing Arbitrary Command Injection CVE-2022-39243
- OKAPI-1125: Vert.x 4.3.4, micrometer 1.9.4, log4j 2.19.0 - CVE-2022-42003, CVE-2022-42004
v4.14.4
Fixes:
-
OKAPI-1117 Empty values in logging. Okapi 4.13 thrue 4.14.3 in default logging configuration logged empty values for context variables (those in []'s)
-
OKAPI-1118 cron-utils 9.2.0, clean up javax.el/jakarta.el
v4.14.3
Fixes:
- OKAPI-1111 mod-authtoken tenant init not called
- OKAPI-1114 Upgrade to Vert.x 4.3.3, micrometer 1.9.3
v4.14.2
Fixes:
- OKAPI-1109: Log to /var/log/folio/okapi/okapi.log, not STDOUT, in Debian
- OKAPI-1101: Publish javadoc and sources to maven repository
v4.14.1
Fixes:
- Upgrade mongo to 5.0.8 for testing
- Fix javadoc for HttpClientFactory methods
- OKAPI-1098: Fix Jakarta Expression Language validation (CVE-2021-28170)
- OKAPI-1100: Vert.x 4.3.1, micrometer 1.8.4, nuprocess 2.0.3, test deps