.. only:: html

 .. contents:: Table of contents
    :depth: 2
    :local:

Main changes in version 1.0.3 are following.

• Updated the Spring Framework to 3.2.14

Note

About security vulnerability of JSTL

The JSTL 1.2 has the security vulnerability in some tags for XML operation. For security vulnerability of JSTL, refer to CVE-2015-0254. If problem tags is used, modify to use the org.apache.taglibs:taglibs-standard-jstlel:1.2.3+ instead of the javax.servlet:jstl:1.2 .

For update procedures, refer to Update JSTL.

From version 1.0.3, Spring Framework has been updated to 3.2.14.RELEASE to fix important bugs.

• [CVE-2015-3192] DoS Attack with XML Input (SPR-13136)

Migration procedures are as follows.

Note

Legend

Required : This procedure is mandatory.

Required by case : This procedure is mandatory, if conditions match.

Optional : This procedure is recommended. Perform it if you feel the need.

- : This procedure is not required.

[General]

.. tabularcolumns:: |p{0.10\linewidth}|p{0.30\linewidth}|p{0.20\linewidth}|p{0.20\linewidth}|p{0.20\linewidth}|

Update TERASOLUNA Global Framework Common Library and dependency libraries.

.. tabularcolumns:: |p{0.35\linewidth}|p{0.25\linewidth}|p{0.25\linewidth}|p{0.15\linewidth}|

[Procedure's required cases]

This procedure is required.

This update procedure is for the projects which are generated by using mvn archetype.

Update pom file in your parent project. ($YOUR_MULTIPLE_PROJECT_ROOT/pom.xml)

<parent>
    <groupId>org.terasoluna.gfw</groupId>
    <artifactId>terasoluna-gfw-parent</artifactId>
    <version>1.0.3.RELEASE</version> <!-- ### Need to edit ### -->
</parent>

This update procedure is for projects that are generated by using mvn archetype or downloaded from the release site.

Update pom file in your project. ($YOUR_SINGLE_PROJECT/pom.xml)

<parent>
    <groupId>org.terasoluna.gfw</groupId>
    <artifactId>terasoluna-gfw-parent</artifactId>
    <version>1.0.3.RELEASE</version> <!-- ### Need to edit ### -->
</parent>

This update procedure is for Eclipse WTP project which is downloaded from the release site.

For update procedures, refer to Update libraries for using Eclipse WTP Project .

This update procedure is for Eclipse WTP project which is downloaded from the release site.

Note

Legend

[Table Header]

Non : Blank project for none O/R Mapper

JPA : Blank project for JPA

MB2 : Blank project for MyBatis 2

[Marks]

* : target for operations

Download the Eclipse WTP Project of 1.0.3.RELEASE.

If Eclipse is running, stop the Eclipse.

Update(delete and add) jar files in $YOUR_ECLIPSE_WTP_PROJECT/src/main/webapp/WEB-INF/lib.

.. tabularcolumns:: |p{0.25\linewidth}|p{0.30\linewidth}|p{0.30\linewidth}|p{0.05\linewidth}|p{0.05\linewidth}|p{0.05\linewidth}|

Update(delete and add) source jar files in $YOUR_ECLIPSE_WTP_PROJECT/src/main/webapp/WEB-INF/libsrc.

.. tabularcolumns:: |p{0.25\linewidth}|p{0.30\linewidth}|p{0.30\linewidth}|p{0.05\linewidth}|p{0.05\linewidth}|p{0.05\linewidth}|

Update the referenced libraries in all of the following files, using replace string.

• $YOUR_ECLIPSE_WTP_PROJECT/.classpath
• $YOUR_ECLIPSE_WTP_PROJECT/build.xml

.. tabularcolumns:: |p{0.25\linewidth}|p{0.30\linewidth}|p{0.30\linewidth}|p{0.05\linewidth}|p{0.05\linewidth}|p{0.05\linewidth}|

If problem tags is used, modify to use the org.apache.taglibs:taglibs-standard-jstlel:1.2.3+ instead of the javax.servlet:jstl:1.2. For target tags, refer to CVE-2015-0254.

Note

Latest version of org.apache.taglibs:taglibs-standard-jstlel is 1.2.5 at the time of 1.0.3 release.

Exclude the javax.servlet:jstl and add the org.apache.taglibs:taglibs-standard-jstlel:1.2.3+ in the <dependencyManagement>. ($YOUR_MULTIPLE_PROJECT_ROOT/pom.xml)

<dependencyManagement>
    </dependencies>

        <!-- omit -->

        <dependency> <!-- ### Need to add ### -->
            <groupId>org.terasoluna.gfw</groupId>
            <artifactId>terasoluna-gfw-web</artifactId>
            <version>${terasoluna.gfw.version}</version>
            <exclusions>
                <exclusion>
                    <groupId>javax.servlet</groupId>
                    <artifactId>jstl</artifactId>
                </exclusion>
            </exclusions>
        </dependency>

        <dependency> <!-- ### Need to add ### -->
            <groupId>org.apache.taglibs</groupId>
            <artifactId>taglibs-standard-jstlel</artifactId>
            <version>${taglibs-standard-jstlel.version}</version>
        </dependency>

        <!-- omit -->

    </dependencies>
</dependencyManagement>

<properties>
    <!-- omit -->
    <taglibs-standard-jstlel.version>1.2.5</taglibs-standard-jstlel.version> <!-- ### Need to add ### -->
    <!-- omit -->
</properties>

Note

Method of manage the version

We will recommended to manage the version using property(e.g. ${taglibs-standard-jstlel.version}).

Add the org.apache.taglibs:taglibs-standard-jstlel in the web project. ($YOUR_MULTIPLE_PROJECT_ROOT/xxx-web/pom.xml)

<dependency> <!-- ### Need to add ### -->
    <groupId>org.apache.taglibs</groupId>
    <artifactId>taglibs-standard-jstlel</artifactId>
</dependency>

Exclude the javax.servlet:jstl. ($YOUR_SINGLE_PROJECT/pom.xml)

<dependency>
    <groupId>org.terasoluna.gfw</groupId>
    <artifactId>terasoluna-gfw-web</artifactId>
    <exclusions> <!-- ### Need to add ### -->
        <exclusion>
            <groupId>javax.servlet</groupId>
            <artifactId>jstl</artifactId>
        </exclusion>
    </exclusions>
</dependency>

Add the org.apache.taglibs:taglibs-standard-jstlel. ($YOUR_SINGLE_PROJECT/pom.xml)

<dependency> <!-- ### Need to add ### -->
    <groupId>org.apache.taglibs</groupId>
    <artifactId>taglibs-standard-jstlel</artifactId>
    <version>1.2.5</version>
</dependency>