changelog.md

Change Log

4.5.9

Features

• view commit Entity dictionary auto-scan for security checks and lifecycle hooks. (#1108)
• view commit Added manual override in JpaDataStore to explicitly bind entities (#1114)

Fixes

• view commit Migrate legacy getting started to elide standalone readme (#1106)
• view commit Added license and link to central docs (#1107)
• view commit Update README.md
• view commit Update README.md
• view commit Bump slf4j-api from 1.7.28 to 1.7.30 (#1115)
• view commit Bump mockito-core from 3.1.0 to 3.2.4 (#1111)
• view commit Bump rxjava from 2.2.14 to 2.2.16 (#1110)
• view commit Bump spring.boot.version from 2.2.1.RELEASE to 2.2.2.RELEASE (#1099)
• view commit Bump metrics.version from 4.1.1 to 4.1.2 (#1104)
• view commit Bump hibernate-search-orm from 5.11.3.Final to 5.11.4.Final (#1102)
• view commit Bump postgresql from 42.2.8 to 42.2.9 (#1100)

4.5.8

Features

• view commit Elide can bind non JPA entities. Class scanning logic is consolidated. (#1088)

Fixes

• view commit Bump liquibase-core from 3.8.0 to 3.8.1 (#1082)
• view commit Bump version.jetty from 9.4.22.v20191022 to 9.4.24.v20191120 (#1086)
• view commit Bump jackson-module-jaxb-annotations from 2.10.0 to 2.10.1 (#1080)
• view commit Upgraded dependencies to pass OWASP security scan (#1096)
• view commit Bump resteasy.version from 3.9.0.Final to 3.9.3.Final (#1091)
• view commit Bump swagger-core from 1.5.24 to 1.6.0 (#1079)
• view commit Bump wagon-ssh-external from 3.3.3 to 3.3.4 (#1078)
• view commit Bump version.jackson from 2.10.0 to 2.10.1 (#1076)

4.5.7

Features

• view commit Added Elide Support For Spring Boot (#1070)
• view commit Expose audit logger in standalone (#1075) 4.1.1 (#1033)
• view commit Expose opaque user in audits (#1074)

Fixes

• view commit Bump mockito-core from 3.0.0 to 3.1.0 (#1036)
• view commit Added awesome badges for Java & GraphQL (#1045)
• view commit Bump jersey-container-jetty-servlet from 2.29 to 2.29.1 (#1030)
• view commit Bump jetty-continuation from 9.4.19.v20190610 to 9.4.22.v20191022 (#1050)
• view commit Bump log4j-over-slf4j from 1.7.26 to 1.7.28 (#1048)
• view commit Bump swagger-core from 1.5.23 to 1.5.24 (#1047)
• view commit Update README.md (#1062)
• view commit Updated Elide standalone docs to point to main elide.io getting started docs (#1063)
• view commit Update README.md (#1065)
• view commit Bump rxjava from 2.2.13 to 2.2.14 (#1061)
• view commit Bump maven-jar-plugin from 3.1.2 to 3.2.0 (#1060)
• view commit Bump maven-source-plugin from 3.1.0 to 3.2.0 (#1059)
• view commit Bump dependency-check-maven from 5.2.1 to 5.2.3 (#1069)
• view commit Bump log4j-over-slf4j from 1.7.28 to 1.7.29 (#1058)
• view commit Bump version.jetty from 9.4.21.v20190926 to 9.4.22.v20191022 (#1046)
• view commit Bump metrics.version from 4.1.0 to

4.5.6

Fixes

• view commit Fix elide4.5.5 (#1040)
  • There was a compilation change required in FilterExpressionCheck that break SEMVER.
  • elide-blog-example had pom issues that prevented artifacts syncing with maven central.

4.5.5

Fixes

• view commit Bump version.jackson from 2.9.9 to 2.9.10 (#981)
• view commit Update jackson-databind to use version property (#988)
• view commit update types (#946)
• view commit Bump lombok from 1.18.8 to 1.18.10 (#984)
• view commit Update Apache Commons Beanutils and ANTLR4 CharStreams (#942)
• view commit Bump version.jackson from 2.9.10 to 2.10.0 (#989)
• view commit Bump maven-shade-plugin from 3.1.0 to 3.2.1 (#985)
• view commit Bump resteasy.version from 3.1.4.Final to 3.9.0.Final (#979)
• view commit Bump javax.ws.rs-api from 2.0.1 to 2.1.1 (#980)
• view commit Bump javax.transaction-api from 1.2 to 1.3 (#982)
• view commit Bump jedis from 3.0.1 to 3.1.0 (#983)
• view commit ISSUE 864 Fix primitive id field RSQL filter (#866)
• view commit Bump liquibase-core from 3.5.3 to 3.8.0 (#1000)
• view commit Issue 952 remove testng (#1004)
• view commit Fixed release distribution for elide-example (#1003)
• view commit Bump gson from 2.8.5 to 2.8.6 (#1001)
• view commit Bump swagger-core from 1.5.22 to 1.5.23 (#999)
• view commit Bump jersey-container-servlet-core from 2.29 to 2.29.1 (#998)
• view commit Bump commons-collections4 from 4.1 to 4.4 (#1013)
• view commit Bump hibernate-search-orm from 5.11.2.Final to 5.11.3.Final (#1012)
• view commit Bump jacoco-maven-plugin from 0.8.4 to 0.8.5 (#1011)
• view commit Bump postgresql from 42.2.7 to 42.2.8 (#1009)
• view commit Fixes #1007 (#1014)
• view commit Bump javassist from 3.25.0-GA to 3.26.0-GA (#997)
• view commit Bump rest-assured from 4.1.1 to 4.1.2 (#996)
• view commit Bump version.jetty from 9.4.20.v20190813 to 9.4.21.v20190926 (#995)
• view commit Bump mysql-connector-java from 8.0.17 to 8.0.18 (#1032)
• view commit Avoid checking share permission for redundant add (#1037)
• view commit Bump rxjava from 2.2.12 to 2.2.13 (#1031)

4.5.4

Fixes

• view commit Nested update (#978)

4.5.3

Features

• view commit Add heroku archetype project (#966)

Fixes

• view commit Bump mockito-core from 2.2.26 to 3.0.0 (#973)
• view commit Suppress databind vulnerability warnings until December (#977)
• view commit Bump commons-lang3 from 3.5 to 3.9 (#971)
• view commit Bump rest-assured from 4.0.0 to 4.1.1 (#970)
• view commit Bump gson from 2.8.0 to 2.8.5 (#967)
• view commit Fixed Swagger generation bug where an entity has nothing to sort by (#975)
• view commit Fix GraphQL Nested UPDATE bug. (#974)
• view commit Bump maven-javadoc-plugin from 3.1.0 to 3.1.1 (#972)
• view commit Bump dependency-check-maven from 5.0.0 to 5.2.1 (#969)
• view commit Bump version.jersey from 2.29 to 2.29.1 (#968)

4.5.2

Fixes

• view commit Restore provided on jpa (#932)
• view commit Bump commons-beanutils from 1.9.3 to 1.9.4
• view commit Fix #934: descriptions and example attributes appearing in swagger with empty string value (#935)
• view commit Refactor IT Tests (ResourceIT and test infrastructure). (#897)
• view commit Enable test-helper tests (#947)
• view commit Bump version.jetty from 9.4.19.v20190610 to 9.4.20.v20190813 (#922)
• view commit Update Graphql integration test (#954)
• view commit Bump rxjava from 2.2.0 to 2.2.12 (#936)
• view commit Bump maven-surefire-plugin from 2.22.1 to 2.22.2 (#928)
• view commit Bump version.jersey from 2.28 to 2.29 (#924)
• view commit Bump jersey-container-jetty-servlet from RELEASE to 2.29 (#929)
• view commit Bump maven-jar-plugin from 3.0.2 to 3.1.2 (#927)
• view commit Bump guava from 20.0 to 23.0 (#957)
• view commit Bump jersey-container-servlet-core from RELEASE to 2.29 (#962)
• view commit Bump slf4j-api from 1.7.26 to 1.7.28 (#961)
• view commit Bump build-helper-maven-plugin from 1.12 to 3.0.0 (#960)
• view commit Bump ant from 1.8.2 to 1.10.7 (#959)
• view commit Bump junit.version from 5.5.1 to 5.5.2 (#956)
• view commit Bump mysql-connector-java from 8.0.16 to 8.0.17 (#955)

4.5.1

Features

• Issue #851. Added new method enableSwagger() in ElideStandaloneSettings class which allows an easier way for binding swagger docs to the given endpoint. Override this method returning the Map<String, Swagger> object to bind the swagger docs to string endpoint.
• Issue #900. Add @ApiModelProperty support to elide-swagger that makes it possible to customize description, example, readOnly and required attributes of object definitions in resulting generates Swagger document.

Fixes

• [Security] Bump jackson databind from 2.9.9 to 2.9.9.3
• Issue #913. Fix deserialization for optional top-level meta object (#913)
• Migrated elide-core tests to JUnit 5.

4.5.0

Features

• Issue #815. Added the ability to customize the JPQL generation for a filter operator globally or for a specific entity attribute.
• Alpha release of a new Elide data store (SearchDataStore) that supports full text search on top of an existing data store.
• Issue #871. Add ElideSettings property encodeErrorResponses, which when enabled will encode error messages to be safe for HTML. This works for both JSONAPI and GraphQL endpoints, with verbose errors or error object settings enabled/disabled.
• HttpStatusException class now supports the following additional functions: getErrorResponse(boolean encodeResponse) and getVerboseErrorResponse(boolean encodeResponse)
• Add GraphQLErrorSerializer and ExecutionResultSerializer which are added to the ObjectMapper provided by the ElideSettings. These are used to parse the GraphQL results, instead of using ExecutionResult#toSpecification.

Fixes

• Run vulnerability check during build. Updated dependencies to fix CVE-2018-1000632, CVE-2017-15708, CVE-2019-10247
• Upgrade to Hibernate 5.4.1

4.4.5

Fixes

• Issue 801
• Switched to Open JDK 8

4.4.4

Fixes

• When requesting an ID field whose name is not 'id', an error happens: No such association id for type xxx. When the requested field name equals 'id', Elide has been fixed to look for the field with the annotation @Id rather than looking by field name.
• Support RSQL INFIX, POSTFIX, and PREFIX filters on number types: remove '*' before coercing.

Features

• Issue#812 Add support for BigDecimal field in GraphQL.
• Elide standalone now includes a Hikari connection pool & Hibernate batch fetching by default

4.4.3

Features

• When fetching a collection, if there are no filters, sorting, or client specified pagination, the ORM backed data stores will return the proxy object rather than construct a HQL query. This allows the ORM the opportunity to generate SQL to avoid the N+1 problem.

Fixes

• Fixes bug where EntityManager creation for ElideStandalone was not thread safe.

4.4.2

Fixes

• Fix error in lookupEntityClass and add test
• Restore Flush mechanism for Hibernate but allow for customization.

4.4.1

Features

• Switch ElideStandAlone to use JPA DataStore by default
• Enable support for JPA @MapsId annotation on relationships so that client doesn't have to provide a dummy ID to make entity creation work.

Fixes

• Flush once for patch extension
• ConstraintViolationExceptions are propagated on flush (JPA Transaction)
• Enable support for JPA @MapsId annotation on relationships so that client doesn't have to provide a dummy ID to make entity creation work.
• Cache all calls to getEntityBinding

4.4.0

Features

• Issue#763 Support for filtering & sorting on computed attributes
• Added JPA Data Store

Fixes

• Throw proper exception on invalid PersistentResource where id=null
• Issue#744 Elide returns wrong date parsing format in 400 error for non-default DateFormats
• Enable RSQL filter dialect by default (in addition to the default filter dialect).

4.3.3

Fixes

• Issue#744 Better error handling for mismatched method in Lifecycle and additional test
• Upgraded puppycrawl.tools (checkstyle) dependency to address CVE-2019-9658
• Issue#766 Outdated MySQL driver in elide-standalone and examples

4.3.2

Fixes

• Issue#754

4.3.1

Fixes

• Issue#758

Features

• New method in EntityDictionary to bind a dependency injection injector function.

4.3.0

Fixes

• Issue#733

Features

• New elide-example-models package
• New elide-test-helpers package
• Use SecurityContext as default User object

4.2.14

Features

• Added Codahale InstrumentedFilter & corresponding metrics, threads, admin servlets as a setting option for Elide Standalone.

Fixes

• replaced jcabi-mysql-maven-plugin with H2 for testing
• Upgrade Failsafe to 2.22.1 in order to run Hibernate 5 tests. Fixed test failure.

4.2.13

Features

• Add FilterPredicate sub-classes for each operation type

Fixes

• Upgrade jackson databind to 2.9.8

4.2.12

Fixes

• Issue#730
• Issue#729

4.2.11

Features

• Add annotation FilterExpressPath to provide paths for FilterExpressionChecks

4.2.10

Fixes

• Upgrade Jetty Server library to address security alerts
• Issue#703
• Fix Import Order

4.2.9

Fixes

• Fixed IT tests that were not running.
• Fixed setting private attributes that are inherited.
• Upgrade Jackson databind library to address security alerts

4.2.8

Fixes

• Issue#696
• Issue#707

4.2.7

Features

• Add support for asterisk life cycle hooks (hooks that invoke for all fields in a model).

Fixes

• Add support for multiple classloaders when using CoerceUtils (Issue #689)
• Issue#691
• Issue#644

Features

• Both JPA Field (new) and Property (4.2.6 and earlier) Access are now supported.

4.2.6

Fixes

• Fix NPE serializing Dates

4.2.5

Features

• ISO8601 and epoch dates can be toggled in Elide Settings

Fixes

• Fix NPE in HibernateEntityManagerStore
• Performance enhancement for DataSerializer and MapConverter

4.2.4

Fixes

• Fixed issues when running and building on Windows OS

4.2.3

Features

• Add CustomErrorException and ErrorObjects to support custom error objects
• Allow user to configure to return error objects
• Update ElideStandalone to allow users to programmatically manipulate the ServletContextHandler.

Fixes

• Fixed bug in GraphQL when multiple root documents are present in the same payload. The flush between the documents did not correctly handle newly created/deleted objects.
• Fixed broken graphql link in README.md
• Fixed elide standalone instructions.
• Fixed hashcode and equals for some test models

4.2.2

Fixes

• Resolve hibernate proxy class for relationship

4.2.1

Fixes

• Fixed #640
• Log runtime exception as error

Features

• Added "fetch joins" for to-one relationships to improve HQL performance and limit N+1 queries.

4.2.0

Features

• Upgraded hibernate 5 datastore to latest version (5.2.15)

Fixes

• Fixed bug where create-time pre-security hooks were running before any values were set.

4.1.0

Fixes

• Performance enhancements including caching the Class.getSimpleName.
• Fixed bug where updatePreSecurity lifecycle hook was being called for object creation. This will no longer be true. This changes the behavior of life cycle hooks (reason for minor version bump).

Features

• Added the ability to register functions (outside entity classes) for lifecycle hook callbacks.

4.0.2

Fixes

• Add support for retrieving values from java Map types. These are still modeled as lists of key/value pairs.
• Log GraphQL query bodies. Private information or anything which is not intended to be logged should be passed as a variable as variables values are not logged.
• Handle the Transaction not closed error on aborted response.

4.0.1

Fixes

• Change PersistentResourceFetcher constructor visibility to public in order to allow this class instantiation outside of the elide-graphql.

4.0.0

See: 4.0-beta-5

4.0-beta-5

Fixes

• Ignore non-entity types if present in the hibernate class metadata in the hibernate stores. This can legitimately occur when tools like envers are used.

Features

• Support GraphQL batch requests.

4.0-beta-4

Fixes

• Ignore provided-- but null-- operation names and variables in GraphQL requests.
• Add additional logging around exception handling.
• Don't swallow generic Exception in Elide. Log it and bubble it up to caller.
• Fix a bug where null filter expressions were possible if no filter was passed in by the user, but permission filters existed.
• Fix support for handling GraphQL variables.
• Support java.util.Date types as new built-in primitive. Expects datetime as epoch millis.
• Fixed issue with supporting variables in mutations.
• Allow for arbitrary in-transaction identifiers for upserts (treated as unique identifier for current tx only).
• Ensure GraphQLEndpoint returns GraphQL spec-compliant response.

Features

• Handle ConstraintViolationException's by extracting the first constraint validation failure.
• Include GraphQL in Elide standalone by default with ability to remove it via dependency management.
• Upgrade to the latest graphql-java version: 6.0.

4.0-beta-3

Fixes

• Updated MIT attribution for portions of MutableGraphQLInputObjectType
• getRelation (single) call filters in-memory to avoid collision on multiple objects being created in the same transaction.

Features

• ChangeSpec is now passed to OnUpdate life cycle hooks (allowing the hooks to see the before & after change to a given field).

4.0-beta-2

Fixes

• Root collection loads now push down security filter predicates.
• Avoid throwing exceptions that must be handled by the containing application, instead throw exceptions that will be handled directly within Elide.
• Restore OnCreatePreSecurity lifecycle hook to occur after fields are populated.

Features

• Added UPDATE operation for GraphQL.

4.0-beta-1

Features

• Elide now supports GraphQL (as well as JSON-API). This feature is in beta. Read the docs for specifics. Until the artifact moves to stable, we may change the semantics of the GraphQL API through a minor Elide version release.
• The semantics of CreationPermission have changed and can now apply towards fields as well as entities. UpdatePermission is never checked for newly created objects.
• The semantics of SharePermission have changed. SharePermission can no longer have an expression defined. It either denies permission or exactly matches ReadPermission.
• RSQL queries that compare strings are now case-insensitive. There is not currently a way to make case sensitive RSQL queries, however the RSQL spec does not provide this either. Fixes #387

Fixes

• Updated PreSecurity lifecycle hooks to run prior to inline checks like they should.

Misc

• All deprecated functions from Elide 3.0 have been removed.
• FilterPredicates have been restructure to share a common Path with other Elide code.

3.2.0

Features

• Updated interface to beta standalone application. Plans to finalize this before Elide 4.0 release.

Fixes

• Rollback relationship handling change.
• Handle ForbiddenAccess only for denied Include, instead of filtering to empty set.

3.1.4

Fixes

• Instead of ForbiddenAccess for denied Include, filter to empty set.
• Generate error when parsing permission expression fails.

3.1.3

• Add support for @Any relationships through a @MappedInterface

3.1.2

Features

• Add Elide standalone application library

Fixes

• Fix for issue #508
• Fix for issue #521
• Fix blog example
• Properly handle proxy beans in HQL Builder

3.1.1

Fixes

• Fix id extraction from multiplex transaction.

3.1.0

Fixes

• Use Entity name when Include is empty. Cleanup Predicate.

3.0.17

Features Adds support for sorting by relationship (to-one) attributes. Misc Cleanup equals code style

3.0.16

Misc

• Replaced deprecated Hibernate Criteria with JPQL/HQL.

3.0.15

Fixes

• Use inverse relation type when updating.

3.0.14

Fixes

• Properly handle incorrect relationship field name in Patch request instead of Entity is null
• Properly handle invalid filtering input in HQL filtering
• Properly handle NOT in filterexpressionchecks
• Fix parameter order in commit permission check

3.0.13

Fixes

• Fixing regression in deferred permissions for updates

3.0.12

Misc

• Cleanup hibernate stores to not care about multi edit transactions
• Removed dead code from hibernate3 transaction
• Special read permissions handling of newly created objects in Patch Extension

3.0.11

Fixes

• Change UpdateOnCreate check to be an OperationCheck.

3.0.10

Fixes

• Use IdentityHashMap for ObjectEntityCache
• Miscellaneous cleanup.

3.0.9

Fixes

• Fix exception handler to pass verbose log even with unexpected exceptions.
• Fix life cycle hooks to trigger "general" hooks even when specific field acted upon.
• Build document list for swagger endpoint at the / path.

3.0.8

Features

• Add support for FieldSetToNull check.

3.0.7

Features

• Add support for sorting by id values
• Implement functionality for Hibernate5 to support EntityManager's.

Fixes

• Account for inheritance when performing new entity detection during a PATCH Extension request.
• Upgrade examples to behave properly with latest jersey release.
• Rethrow WebApplicationException exceptions from error response handler.

Misc

• Always setting HQL 'alias' in FilterPredicate Constructor

3.0.6

Misc

• Cleanup of active permission executor

3.0.5

Fixes

• Fixed caching of security checks (performance optimization)
• Security fix for inline checks being deferred when used in conjunction with commit checks.
• Security fix to not bypass collection filtering for patch extension requests.

Features

• Added UUID type coercion
• Move InMemoryDataStore to Elide core. The InMemoryDataStore from the elide-datastore-inmemorydb package has been deprecated and will be removed in Elide 4.0

3.0.4

Fixes

• Do not save deleted objects even if referenced as an inverse from a relationship.

3.0.3

Fixes

• Fix HQL for order by clauses preceded by filters.
• Remove extra DELETE endpoint from JsonApiEndpoint since it's not compliant across all JAX-RS implementations.
• Add support for matching inherited types while type checking.
• Fix tests to automatically set UTC timestamp.
• Fix README information and various examples.

3.0.2

Misc

• Clean up Elide request handler.

3.0.1

Fixes

• Updated HQL query aliases for page total calculation in hibernate3 and hibernate5 data stores.

3.0.0

Features

• Promoted DefaultOpaqueUserFunction to be a top-level class
• Promoted Elide.Builder to be a top-level class ElideSettingsBuilder
• Revised datastore interface
  • Removed hibernate-isms
  • Made key-value persistence easier to support
• Revised lifecycle hook model
• Revised audit logger interface
• Removed all deprecated features, e.g.
  • SecurityMode
  • any and all permission syntax
  • Required use of ElideSettingsBuilder
  • Removed PersistenceStore from Hibernate 5 datastore
• Made InMemoryDataStore the reference datastore implementation
• Allow filtering on nested to-one relationships

Fixes

• Close transactions properly
• Updated all dependencies
• Fixed page totals to honor filter & security permissions evaluated in the DB.