-
Notifications
You must be signed in to change notification settings - Fork 40
/
RELEASE_NOTES
144 lines (116 loc) · 4.96 KB
/
RELEASE_NOTES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
Apache Flex BlazeDS 4.8.0
=======================
Apache Flex BlazeDS 4.8.0 is an update to 4.7.3 to upgrade dependencies and make
general improvements.
- Version 4.8.0 is the first release of BlazeDS from Apache that includes a
binary distribution
- BlazeDS now requires Java 8 or newer
- Disabled the flex-messaging-proxy module because it required a third-party
dependency that is no longer maintained
- If flex.messaging.services.HTTPProxyService is referenced in
services-config.xml or proxy-config.xml, BlazeDS now logs an error
that this type of service is no longer supported
- Removed the blazeds-spring-boot-starter and blazeds-spring-boot-archetype
modules because they required a third-party dependency that is no longer
maintained
- Upgraded dependencies to make BlazeDS more secure
Known Issues
_____________
FLEX-34648 Memory Leak occurred in AsyncMessage when sending a lot of messages
Apache Flex BlazeDS 4.7.3
=======================
Apache Flex BlazeDS 4.7.3 is an update to 4.7.2 which adds a new
blazeds-spring-boot-starter module for easily setting up a BlazeDS server with
Spring Boot. It also provides Maven archetypes for easily creating new spring-boot
project that make use of BlazeDS. We also did quite a lot of fine-tuning of the
security default settings to make BlazeDS more secure.
Starting with 4.7.3 BlazeDS Deserialization of XML is disabled completely per default
but can easily be enabled in your services-config.xml:
<channels>
<channel-definition id="amf" class="mx.messaging.channels.AMFChannel">
<endpoint url="http://{server.name}:{server.port}/{context.root}/messagebroker/amf"
class="flex.messaging.endpoints.AMFEndpoint"/>
<properties>
<serialization>
<allow-xml>true</allow-xml>
</serialization>
</properties>
</channel-definition>
</channels>
Also we now enable the ClassDeserializationValidator per default to only allow
deserialization of whitelisted classes. BlazeDS internally comes with the following
whitelist:
flex.messaging.io.amf.ASObject
flex.messaging.io.amf.SerializedObject
flex.messaging.io.ArrayCollection
flex.messaging.io.ArrayList
flex.messaging.messages.AcknowledgeMessage
flex.messaging.messages.AcknowledgeMessageExt
flex.messaging.messages.AsyncMessage
flex.messaging.messages.AsyncMessageExt
flex.messaging.messages.CommandMessage
flex.messaging.messages.CommandMessageExt
flex.messaging.messages.ErrorMessage
flex.messaging.messages.HTTPMessage
flex.messaging.messages.RemotingMessage
flex.messaging.messages.SOAPMessage
java.lang.Boolean
java.lang.Byte
java.lang.Character
java.lang.Double
java.lang.Float
java.lang.Integer
java.lang.Long
java.lang.Object
java.lang.Short
java.lang.String
java.util.ArrayList
java.util.Date
java.util.HashMap
org.w3c.dom.Document
If you need to deserialize any other classes, be sure to register them in your
services-config.xml:
<validators>
<validator class="flex.messaging.validators.ClassDeserializationValidator">
<properties>
<allow-classes>
<class name="org.mycoolproject.*"/>
<class name="flex.messaging.messages.*"/>
<class name="flex.messaging.io.amf.ASObject"/>
</allow-classes>
</properties>
</validator>
</validators>
(Beware, by manually providing a whitelist the default whitelist is disabled)
Known Issues
_____________
FLEX-34648 Memory Leak occurred in AsyncMessage when sending a lot of messages
Apache Flex BlazeDS 4.7.2
=======================
Apache Flex BlazeDS 4.7.2 is an update to 4.7.1 to allow configuration control
over allowing document type declarations inside an AMF XML payload.
Known Issues
_____________
FLEX-34648 Memory Leak occurred in AsyncMessage when sending a lot of messages
Apache Flex BlazeDS 4.7.1
=======================
Apache Flex BlazeDS 4.7.1 is an update to 4.7.0 to allow configuration control
over XML Entity processing.
Known Issues
_____________
FLEX-34648 Memory Leak occurred in AsyncMessage when sending a lot of messages
Apache Flex BlazeDS 4.7
=======================
Apache Flex BlazeDS 4.7 is the first release of BlazeDS from Apache. Earlier
releases were provided by Adobe Systems Inc.
Known Issues
_____________
Differences from Adobe BlazeDS 4.6 include:
- No functional differences the only changes that were made were adding code to make the
test-suite run against a server instance brought up by the test-suite itself making it
self sufficient. The Adobe version relied on the availability of a running BlazeDS server
instance.
Please report new issues to our bug tracker at:
https://issues.apache.org/jira/browse/FLEX
The Apache Flex Project
<http://flex.apache.org/>