Skip to content

Releases: Armatiek/xslweb

XSLWeb release v4.2.0

11 Jan 11:30
Compare
Choose a tag to compare
  • Several bug fixes (see commit log):
    • Extension function send-mail() was not working anymore.
    • Error "The schema is invalid" when starting a Saxon-EE compiled XSLWeb.
    • Pipelines with pipeline steps after an xquery or transformer-stx step gives error "Could not determine destination".
    • NPE when session attribute contains a document node without document (root) element.
  • XSLWeb Docker image and build scripts available! See documentation.
  • Upgraded Saxon JS scripts to version 2.3.
  • Changed log level of automatic job log messages ("Executing job ...") from INFO to DEBUG.

Binaries:

XSLWeb release v4.1.0

24 Dec 13:59
Compare
Choose a tag to compare
  • Several bug fixes (see commit log).
  • The Jetty application server in the Ready-to-Run distribution now uses the Logback framework, just like XSLWeb itself. Jetty now logs to {xslweb.home}/logs/jetty.log. This Ready-to-Run distribution does not have any dependency to Log4J/Log4J2.
  • Upgrade from Saxon version 10.5 to Saxon version 10.6.
  • Added dependencies to Pac4J and Buji-Pac4J (Pac4J for Apache Shiro), see Security: authentication and authorization. In addition to the functionality provided by XSLWeb's Apache Shiro integration, Pac4J adds the possiblity to use additional authentication mechanismes like OAuth 1/2, SAML, CAS, OpenID Connect, JWT, Kerberos (SPNEGO), REST API or authorization mechanisms like Roles/permissions, Anonymous/remember-me/(fully) authenticated, CORS, CSRF, HTTP Security headers. At this moment, only the Pac4J OpenID Connect and OAuth2 libraries are bundled with XSLWeb, but others can be added by placing them in de classpath of XSLWeb.
  • Added BinarySerializer pipeline step.
  • Refactoring of the caching functionality; transition from Ehcache version 2.6 to 3.9. NB. this refactoring has some backward compatibility issues, see differences in caching example. Also the Response Caching functionality is not supported anymore because Ehcache dropped the support for SimpleCachingHeadersPageCachingFilter. Removed support for the response caching pipeline attributes.
  • Added configuration attribute "expire-time" to ResourceSerializer.
  • Added configuration "ssl-check-server-identity" to XPath extension function email:send-mail().
  • Added extension function webapp:remove-cache-value().
  • Authentication information (for the legacy authentication mechanism) can now also be stored as request attribute, useful for clients that do not support sessions. Whether information is stored as session attribute and/or request attribute can now be overridden by implementing the named templates "auth:store-profile-in-session" and "auth:store-profile-in-request". Default implementations return true().
  • Avoid creating of unnecessary HttpSession objects, for instance in the extension function session:get-attribute() when no session object exists yet.
  • Overrides and additions for mimetype mapping properties file (MimeUtil), especially for the extension .css.
  • Change to nested/internal pipeline requests: all attributes that are stored in the "parent" request using req:set-attribute($name, $value) will now be available in the nested/internal request using req:get-attribute($name). That means you now can pass any sequence (including nodes) to the nested/internal request without the need for serialization/deserialization.
  • Added several exclusions to pom.xml to avoid duplicate Java classes on classpath; added scanning for duplicate classes when opening the XSLWeb Context
  • Changed default value of XSLWeb property "xslweb.parserhardening" from false -> true (which avoids XXE attacks)
  • Dependency with javautil (org.clapper) and asm removed. Functionality regarding dynamic loading of "external/plugin" classes (XPath extension functions) ported to the ClassGraph library.
  • Several dependencies upgraded: Saxon 10.5 -> 10.6, Apache Shiro 1.6 -> 1.8, Quartz 2.2.3 -> 2.3.2, Logback 1.2.3 -> 1.2.8, Apache FOP 2.5 -> 2.6, Slf4J 1.7.5 -> 1.7.32.

Binaries:

XSLWeb release v4.0.1

04 May 11:33
Compare
Choose a tag to compare

Since v3.0.1:

  • Several bug fixes.
  • Upgrade to Saxon version 10.5, the version that is now recommended by Saxonica as the most stable and reliable release for production use.
  • The XSLWeb build profiles for Saxon PE and Saxon EE now download the Saxon jars from Saxonica's Maven repository; no more need to install them in your local Maven repository (see [Support for Saxon PE (Professional) and EE (Enterprise Edition)].(https://armatiek.github.io/xslweb/XSLWeb%20Developer%20Manual.html#support-for-saxon-pe-professional-and-ee-enterprise-edition))
  • Serving of static files (StaticResourceFilter, ResourceSerializer) is now handled by a new FileServlet (based on org.omnifaces.servlet.FileServlet) with more extensive support for ETag, If-None-Match and If-Modified-Since caching requests and Range and If-Range ranging requests ("byte serving").
  • Added documentation about events and cross site scripting prevention.
  • The request XML document is now also passed as stylesheet parameter $req:request-xml-doc to all pipeline transformation steps (see Stylesheet Parameters)
  • Added a new XPath extension function transform().
  • FIX: The EXPath extension function "file:resolve-path()" now returns absolute paths "as-is" (breaking change).
  • Added new logging XPath extension functions debug(), warn(), error(), info(), trace().
  • Initial release of the "XSLWeb Debugger" (experimental!).
  • Added XPath extension function: parse-html($html as xs:string) as document-node().
  • Added functionality to prevent XSS (Cross Site Scripting) attacks (still experimental).
  • Added new optional parameter $handle-quoting to extension function external:exec-external().
  • Nodes that are stored using the context, session and webapp's set-attribute() extension functions are now no longer copied to a new tiny tree but are stored "as is". Note that this is a breaking change because the node that is returned using the get-attribute() functions is not necessarily a document node, but now can be an element, attribute or other node type.
  • The EXPath extension function: file:move() incorrectly throwed execption when the target file already existed. Now works conform specs.
  • Ready-to-run distributions are now available for Linux, macOS and Windows 64-bits platforms, containing a Jetty Application Server, OpenJDK 13 and startup scripts. The .war distribution is still available; the tomcat-7-runner "uber-jar" distribution has been removed.
  • The former "XSLWeb Quick Start Guide" in PDF format has been converted and extended to the "XSLWeb Developer Manual" in HTML format (using Asciidoctor). The Developer Manual is available through Github Pages.
  • The EXPath HTTP Client implementation has been completely rewritten and is now a native XSLWeb implementation (based on the OkHttp library)  .
  • XSLWeb's Security is vastly improved and is now based on the Apache Shiro security framework. Apache Shiro is a powerful, easy-to-use and "battle-tested" Java security framework that performs authentication (Basic, Token based, LDAP, JDBC, ActiveDirectory, etc), authorization (subject/role/permission based), cryptography, and session management. The functionality of Apache Shiro is available within XSLWeb through a library of XPath extension functions.
  • Dynamic (scripted) extension functions. XSLWeb now offers a completely new way of writing XPath extension functions in Java within the XSLT stylesheet.
  • A Cache busting mechanism was added.
  • WebDAV support: all webapp's resources (XSLT stylesheets, CSS stylesheets, Javascripts, images) are now available through WebDAV.
  • Dependency library upgrades:
    • The Saxon XSLT and XQuery Processor library is upgraded to the version 10.5. This means (among other things) that higher order functions and the xsl:evaluate instruction are available in the Saxon-HE (Open Source) version.
    • The Saxon-JS integration now implements version 2.
    • The Apache Commons Upload, Text, IO, Lang, Collections, E-mail, Exec libraries are all upgraded to their latest versions.
    • The Quartz Scheduler framework is upgraded to version 2.3.2.
    • The Apache FOP (Formatting Objects Processor) is upgraded to version 2.5
    • The c3p0 connection pooling library is upgraded to version 0.9.5.5.

Binaries:

XSLWeb release v4.0.1-RC-3

XSLWeb release v4.0.0-RC-3

28 Feb 10:59
Compare
Choose a tag to compare
Pre-release

Since v4.0.0-RC2:

  • Several bugs fixes.
  • The XSLWeb build profiles for Saxon PE and Saxon EE now download the Saxon jars from Saxonica's Maven repository; no more need to install them in your local Maven repository (see [Support for Saxon PE (Professional) and EE (Enterprise Edition)].(https://armatiek.github.io/xslweb/XSLWeb%20Developer%20Manual.html#support-for-saxon-pe-professional-and-ee-enterprise-edition))
  • Serving of static files (StaticResourceFilter, ResourceSerializer) is now handled by a new FileServlet (based on org.omnifaces.servlet.FileServlet) with more extensive support for ETag, If-None-Match and If-Modified-Since caching requests and Range and If-Range ranging requests ("byte serving").
  • Added documentation about events and cross site scripting prevention.
  • The request XML document is now also passed as stylesheet parameter $req:request-xml-doc to all pipeline transformation steps (see Stylesheet Parameters)
  • Added a new XPath extension function transform().
  • FIX: The EXPath extension function "file:resolve-path()" now returns absolute paths "as-is" (breaking change).
  • Added new logging XPath extension functions debug(), warn(), error(), info(), trace().
  • Initial release of the "XSLWeb Debugger" (experimental!).

XSLWeb release v4.0.0-RC-2

27 Nov 13:22
Compare
Choose a tag to compare
Pre-release

Since v4.0.0-RC1:

  • Several bugs fixes.
  • Upgrade to Saxon version 10.3, the version that is now recommended by Saxonica as the most stable and reliable release for production use.
  • Added XPath extension function: parse-html($html as xs:string) as document-node().
  • Added functionality to prevent XSS (Cross Site Scripting) attacks (still experimental).
  • Added new optional parameter $handle-quoting to extension function external:exec-external().
  • Nodes that are stored using the context, session and webapp's set-attribute() extension functions are now no longer copied to a new tiny tree but are stored "as is". Note that this is a breaking change because the node that is returned using the get-attribute() functions is not necessarily a document node, but now can be an element, attribute or other node type.
  • The EXPath extension function: file:move() incorrectly throwed execption when the target file already existed. Now works conform specs.

XSLWeb release v4.0.0-RC-1

17 Sep 15:07
Compare
Choose a tag to compare
Pre-release

New in this release:

  • Ready-to-run distributions are now available for Linux, macOS and Windows 64-bits platforms, containing a Jetty Application Server, OpenJDK 13 and startup scripts. The .war distribution is still available; the tomcat-7-runner "uber-jar" distribution has been removed.
  • The former "XSLWeb Quick Start Guide" in PDF format has been converted and extended to the "XSLWeb Developer Manual" in HTML format (using Asciidoctor). The Developer Manual is available through Github Pages.
  • The EXPath HTTP Client implementation has been completely rewritten and is now a native XSLWeb implementation (based on the OkHttp library)  .
  • XSLWeb's Security is vastly improved and is now based on the Apache Shiro security framework. Apache Shiro is a powerful, easy-to-use and "battle-tested" Java security framework that performs authentication (Basic, Token based, LDAP, JDBC, ActiveDirectory, etc), authorization (subject/role/permission based), cryptography, and session management. The functionality of Apache Shiro is available within XSLWeb through a library of XPath extension functions.
  • Dynamic (scripted) extension functions. XSLWeb now offers a completely new way of writing XPath extension functions in Java within the XSLT stylesheet.
  • A Cache busting mechanism was added.
  • WebDAV support: all webapp's resources (XSLT stylesheets, CSS stylesheets, Javascripts, images) are now available through WebDAV.
  • Dependency library upgrades:
    • The Saxon XSLT and XQuery Processor library is upgraded to the version 10.2. This means (among other things) that higher order functions and the xsl:evaluate instruction are available in the Saxon-HE (Open Source) version.
    • The Saxon-JS integration now implements version 2.
    • The Apache Commons Upload, Text, IO, Lang, Collections, E-mail, Exec libraries are all upgraded to their latest versions.
    • The Quartz Scheduler framework is upgraded to version 2.3.2.
    • The Apache FOP (Formatting Objects Processor) is upgraded to version 2.5
    • The c3p0 connection pooling library is upgraded to version 0.9.5.5.

XSLWeb release v3.0.1

22 Jan 14:34
Compare
Choose a tag to compare
  • Minor bugfixes
  • Binary releases

XSLWeb release v3.0.0

08 Feb 22:36
Compare
Choose a tag to compare

New functionalities:

  • XQuery 3.1 pipeline step
  • STX (Streaming Transformations for XML) pipeline step. Can for example be used to selectively read and transform data from very large XML files.
  • Asynchronous HTTP requests
  • Multiple performance improvements (most important is that RequestSerializer now serializes directly to Saxon's TinyTree format).
  • Upgrade of multiple 3rd party library versions; i.a. Saxon 9.8 (latest and greatest) en Apache FOP 2.2
  • Several bug fixes

XSLWeb release v2.0.0

29 Sep 21:22
Compare
Choose a tag to compare

New functionalities:

  • Support for XSLT version 3.0
  • New pipeline steps:
    • XML Schema validation
    • Schematron validation
    • JSON serialization
    • Apache FOP serialization (i.a. to PDF or RTF)
    • ZIP serialization
  • New XPath extension functions, i.a.:
    • Start external processes
    • Scaling of images
    • JSON parsing and serialization
    • Extended logging and error messages
  • New global configuration options:
    • Resist XML External Entity (XXE) attacks
    • Trust SSL certificates of external HTTPS servers
  • Support for Saxon PE (Professional Edition) and EE (Enterprise Edition)
  • Proxy server support for XSLT document() function
  • Runs on Java 1.8 or higher
  • Upgrade of 3rd party library versions i.a. Saxon 9.7, Quartz 2.2.3, Apache Commons, ehcache 2.6.10.