dropwizard/dropwizard
### [`v1.3.27`](https://togithub.com/dropwizard/dropwizard/releases/tag/v1.3.27)
[Compare Source](https://togithub.com/dropwizard/dropwizard/compare/v1.3.26...v1.3.27)
##### Improvements
- Remove obsolete `NonblockingServletHolder` ([#3527](https://togithub.com/dropwizard/dropwizard/issues/3527))
- `NonblockingServletHolder` is now deprecated and will be removed in Dropwizard 2.1.x.
##### Security
- Bump jetty.version from 9.4.32.v20200930 to 9.4.33.v20201020 ([#3522](https://togithub.com/dropwizard/dropwizard/issues/3522))
- This is addressing https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6 (CVE-2020-27216)
##### Dependency updates
- Bump joda-time from 2.10.7 to 2.10.8 ([#3525](https://togithub.com/dropwizard/dropwizard/issues/3525))
- Bump jetty.version from 9.4.32.v20200930 to 9.4.33.v20201020 ([#3522](https://togithub.com/dropwizard/dropwizard/issues/3522))
- Bump assertj-core from 3.17.2 to 3.18.0 ([#3524](https://togithub.com/dropwizard/dropwizard/issues/3524))
### [`v1.3.26`](https://togithub.com/dropwizard/dropwizard/releases/tag/v1.3.26)
[Compare Source](https://togithub.com/dropwizard/dropwizard/compare/v1.3.25...v1.3.26)
#### Improvements
- Swallow `EofException` when response was incomplete ([#3382](https://togithub.com/dropwizard/dropwizard/issues/3382))
#### Bug fixes
- Reset Jersey client in tests ([#3453](https://togithub.com/dropwizard/dropwizard/issues/3453))
#### Dependency updates
- Bump Mustache Java compiler from 0.9.6 to 0.9.7 ([#3508](https://togithub.com/dropwizard/dropwizard/issues/3508))
- Bump guava from 24.1.1-jre to 30.0-jre ([#3509](https://togithub.com/dropwizard/dropwizard/issues/3509))
- Bump httpclient from 4.5.12 to 4.5.13 ([#3516](https://togithub.com/dropwizard/dropwizard/issues/3516))
- Bump jdbi3-bom from 3.14.3 to 3.17.0 ([#3510](https://togithub.com/dropwizard/dropwizard/issues/3510))
- Bump jetty.version from 9.4.31.v20200723 to 9.4.32.v20200930 ([#3478](https://togithub.com/dropwizard/dropwizard/issues/3478))
- Bump joda-time from 2.10.6 to 2.10.7 ([#3519](https://togithub.com/dropwizard/dropwizard/issues/3519))
- Bump metrics-bom from 4.1.12.1 to 4.1.14 ([#3520](https://togithub.com/dropwizard/dropwizard/issues/3520))
- Bump tomcat-jdbc from 9.0.37 to 9.0.39 ([#3495](https://togithub.com/dropwizard/dropwizard/issues/3495))
- Upgrade to Liquibase 3.10.3
- Bump assertj-core from 3.16.1 to 3.17.2 ([#3448](https://togithub.com/dropwizard/dropwizard/issues/3448))
- Bump junit from 4.12 to 4.13.1 ([joschi/dropwizard-1.3#24](https://togithub.com/joschi/dropwizard-1.3/issues/24), [joschi/dropwizard-1.3#25](https://togithub.com/joschi/dropwizard-1.3/issues/25))
- Bump mockito.version from 3.4.6 to 3.5.15 ([#3513](https://togithub.com/dropwizard/dropwizard/issues/3513))
- Bump maven-project-info-reports-plugin from 3.1.0 to 3.1.1 ([joschi/dropwizard-1.3#29](https://togithub.com/joschi/dropwizard-1.3/issues/29))
- Bump octokit from 4.18.0 to 4.19.0 in /docs ([#3518](https://togithub.com/dropwizard/dropwizard/issues/3518))
- Enforce checker-qual 3.7.0 for dependency convergence
### [`v1.3.25`](https://togithub.com/dropwizard/dropwizard/releases/tag/v1.3.25)
[Compare Source](https://togithub.com/dropwizard/dropwizard/compare/v1.3.24...v1.3.25)
##### Changes since Dropwizard 1.3.25-beta.2
##### Dependency updates
- Upgrade to Jackson 2.9.10.20200824 ([#3433](https://togithub.com/dropwizard/dropwizard/issues/3433))
##### Changes since Dropwizard 1.3.24
##### Improvements
- Remove alpn-boot dependency in dropwizard-http2 for Java 8u252 ([#3256](https://togithub.com/dropwizard/dropwizard/issues/3256))
- Extend from AbstractHandlerContainer instead of AbstractHandler ([#2460](https://togithub.com/dropwizard/dropwizard/issues/2460))
- Add JAXB API to dropwizard-jersey (Java 11)
- Use SslContextFactory.Server over deprecated SslContextFactory ([#3411](https://togithub.com/dropwizard/dropwizard/issues/3411))
##### Dependency updates
- Upgrade to Jetty 9.4.31.v20200723
- Upgrade to jetty-setuid-java 1.0.4
- Upgrade to Liquibase 3.10.2
- Upgrade to Joda-Time 2.10.6
- Upgrade to Jdbi 3.14.3
- Upgrade to SLF4J 1.7.30
- Upgrade to Apache Tomcat JDBC Pool 9.0.37
- Upgrade to Apache HttpClient 4.5.12
- Upgrade to commons-text 1.9
- Upgrade to commons-lang3 3.11
- Upgrade to Metrics 4.1.12.1
- Upgrade to Freemarker 2.3.30
- Upgrade to Objenesis 3.1
- Upgrade to Javassist 3.27.0-GA
- Upgrade to Classmate 1.5.1
##### Test dependencies
- Upgrade to HSQLDB 2.5.1
- Upgrade to JUnit 5.6.2
- Upgrade to Mockito 3.4.6
- Upgrade to AssertJ 3.16.1
- Upgrade to Error Prone 2.3.4
- Upgrade to NullAway 0.7.10
##### Build dependencies
- Update wrapper to Maven 3.6.3
- Bump octokit from 4.8.0 to 4.18.0 in /docs ([#23](https://togithub.com/dropwizard/dropwizard/issues/23))
- Upgrade to sphinx-maven-plugin 2.9.0
- Upgrade to maven-source-plugin 3.2.1
- Upgrade to maven-site-plugin 3.9.1
- Upgrade to maven-resources-plugin 3.2.0
- Upgrade to maven-project-info-reports-plugin 3.1.0
- Upgrade to maven-javadoc-plugin 3.2.0
- Upgrade to maven-jar-plugin 3.2.0
- Upgrade to maven-clean-plugin 3.1.0
- Upgrade to maven-checkstyle-plugin 3.1.1
- Upgrade to jacoco-maven-plugin 0.8.5
- Upgrade to build-helper-maven-plugin 3.2.0
- Update Maven plugins in java-simple archetype POM template
- Update Maven plugins in dropwizard-example
- Update Maven plugins in dropwizard-archetypes
##### Assorted
- Fix build of `dropwizard-example` with Java 11
### [`v1.3.24`](https://togithub.com/dropwizard/dropwizard/releases/tag/v1.3.24)
[Compare Source](https://togithub.com/dropwizard/dropwizard/compare/v1.3.23...v1.3.24)
##### Dependency updates
- Upgrade to Jackson 2.9.10.20200621 ([#3344](https://togithub.com/dropwizard/dropwizard/issues/3344))
### [`v1.3.23`](https://togithub.com/dropwizard/dropwizard/releases/tag/v1.3.23)
[Compare Source](https://togithub.com/dropwizard/dropwizard/compare/v1.3.22...v1.3.23)
##### Dependency updates
- Upgrade to Jackson 2.9.10.20200411 ([#3246](https://togithub.com/dropwizard/dropwizard/issues/3246))
### [`v1.3.22`](https://togithub.com/dropwizard/dropwizard/releases/tag/v1.3.22)
[Compare Source](https://togithub.com/dropwizard/dropwizard/compare/v1.3.21...v1.3.22)
#### Security
- Upgrade to SnakeYAML to address [CVE-2017-18640](https://nvd.nist.gov/vuln/detail/CVE-2017-18640) ([#3223](https://togithub.com/dropwizard/dropwizard/issues/3223), [#3227](https://togithub.com/dropwizard/dropwizard/issues/3227), [FasterXML/jackson-dataformats-text#187](https://togithub.com/FasterXML/jackson-dataformats-text/issues/187))
### [`v1.3.21`](https://togithub.com/dropwizard/dropwizard/releases/tag/v1.3.21)
[Compare Source](https://togithub.com/dropwizard/dropwizard/compare/v1.3.20...v1.3.21)
#### Security
- Disable message interpolation in `ConstraintViolations` by default ([#3209](https://togithub.com/dropwizard/dropwizard/issues/3209))
### [`v1.3.20`](https://togithub.com/dropwizard/dropwizard/releases/tag/v1.3.20)
[Compare Source](https://togithub.com/dropwizard/dropwizard/compare/v1.3.19...v1.3.20)
#### Security
- Upgrade to Jackson 2.9.10.20200223 to address CVE-2020-8840 ([#3168](https://togithub.com/dropwizard/dropwizard/issues/3168))
### [`v1.3.19`](https://togithub.com/dropwizard/dropwizard/releases/tag/v1.3.19)
[Compare Source](https://togithub.com/dropwizard/dropwizard/compare/v1.3.18...v1.3.19)
#### Security
- Escape EL expressions in `ViolationCollector` to address CVE-2020-5245 ([#3160](https://togithub.com/dropwizard/dropwizard/issues/3160))
- Security Advisory: [Remote Code Execution (RCE) vulnerability in dropwizard-validation <2.0.2](https://togithub.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)
- Thanks to Alvaro Muñoz ([@pwntester](https://togithub.com/pwntester)) and the [GitHub Security Lab](https://securitylab.github.com/) for the responsible disclosure!
### [`v1.3.18`](https://togithub.com/dropwizard/dropwizard/releases/tag/v1.3.18)
[Compare Source](https://togithub.com/dropwizard/dropwizard/compare/v1.3.17...v1.3.18)
- Update Jackson version to 2.9.10.20200103 to address CVE-2019-20330 ([#3100](https://togithub.com/dropwizard/dropwizard/issues/3100))
Thanks to [@msymons](https://togithub.com/msymons)!
### [`v1.3.17`](https://togithub.com/dropwizard/dropwizard/releases/tag/v1.3.17)
[Compare Source](https://togithub.com/dropwizard/dropwizard/compare/v1.3.16...v1.3.17)
- Add SLF4J marker to dropwizard-json-logging ([#3005](https://togithub.com/dropwizard/dropwizard/issues/3005))
- Enable Jackson Afterburner only on Java 8 (backport) ([#3028](https://togithub.com/dropwizard/dropwizard/issues/3028))
- Upgrade Apache HttpClient to 4.5.10 to fix URI rewriting ([#3029](https://togithub.com/dropwizard/dropwizard/issues/3029))
### [`v1.3.16`](https://togithub.com/dropwizard/dropwizard/releases/tag/v1.3.16)
[Compare Source](https://togithub.com/dropwizard/dropwizard/compare/v1.3.15...v1.3.16)
- Upgrade to Jackson 2.9.10.20191020 to address CVE-2019-16942, CVE-2019-16943, and CVE-2019-17531 ([#2988](https://togithub.com/dropwizard/dropwizard/issues/2988), thanks to [@msymons](https://togithub.com/msymons))
### [`v1.3.15`](https://togithub.com/dropwizard/dropwizard/releases/tag/v1.3.15)
[Compare Source](https://togithub.com/dropwizard/dropwizard/compare/v1.3.14...v1.3.15)
- Upgrade to Jackson 2.9.10 to address multiple security issues ([#2939](https://togithub.com/dropwizard/dropwizard/issues/2939))
### [`v1.3.14`](https://togithub.com/dropwizard/dropwizard/releases/tag/v1.3.14)
[Compare Source](https://togithub.com/dropwizard/dropwizard/compare/v1.3.13...v1.3.14)
- Upgrade to Jackson 2.9.9.20190807 to address multiple security issues ([#2871](https://togithub.com/dropwizard/dropwizard/issues/2871))
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
1.3.13
->1.3.27
By merging this PR, the below issues will be automatically resolved and closed:
By merging this PR, the below issues will be automatically resolved and closed:
By merging this PR, the below issues will be automatically resolved and closed:
Release Notes
dropwizard/dropwizard
### [`v1.3.27`](https://togithub.com/dropwizard/dropwizard/releases/tag/v1.3.27) [Compare Source](https://togithub.com/dropwizard/dropwizard/compare/v1.3.26...v1.3.27) ##### Improvements - Remove obsolete `NonblockingServletHolder` ([#3527](https://togithub.com/dropwizard/dropwizard/issues/3527)) - `NonblockingServletHolder` is now deprecated and will be removed in Dropwizard 2.1.x. ##### Security - Bump jetty.version from 9.4.32.v20200930 to 9.4.33.v20201020 ([#3522](https://togithub.com/dropwizard/dropwizard/issues/3522)) - This is addressing https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6 (CVE-2020-27216) ##### Dependency updates - Bump joda-time from 2.10.7 to 2.10.8 ([#3525](https://togithub.com/dropwizard/dropwizard/issues/3525)) - Bump jetty.version from 9.4.32.v20200930 to 9.4.33.v20201020 ([#3522](https://togithub.com/dropwizard/dropwizard/issues/3522)) - Bump assertj-core from 3.17.2 to 3.18.0 ([#3524](https://togithub.com/dropwizard/dropwizard/issues/3524)) ### [`v1.3.26`](https://togithub.com/dropwizard/dropwizard/releases/tag/v1.3.26) [Compare Source](https://togithub.com/dropwizard/dropwizard/compare/v1.3.25...v1.3.26) #### Improvements - Swallow `EofException` when response was incomplete ([#3382](https://togithub.com/dropwizard/dropwizard/issues/3382)) #### Bug fixes - Reset Jersey client in tests ([#3453](https://togithub.com/dropwizard/dropwizard/issues/3453)) #### Dependency updates - Bump Mustache Java compiler from 0.9.6 to 0.9.7 ([#3508](https://togithub.com/dropwizard/dropwizard/issues/3508)) - Bump guava from 24.1.1-jre to 30.0-jre ([#3509](https://togithub.com/dropwizard/dropwizard/issues/3509)) - Bump httpclient from 4.5.12 to 4.5.13 ([#3516](https://togithub.com/dropwizard/dropwizard/issues/3516)) - Bump jdbi3-bom from 3.14.3 to 3.17.0 ([#3510](https://togithub.com/dropwizard/dropwizard/issues/3510)) - Bump jetty.version from 9.4.31.v20200723 to 9.4.32.v20200930 ([#3478](https://togithub.com/dropwizard/dropwizard/issues/3478)) - Bump joda-time from 2.10.6 to 2.10.7 ([#3519](https://togithub.com/dropwizard/dropwizard/issues/3519)) - Bump metrics-bom from 4.1.12.1 to 4.1.14 ([#3520](https://togithub.com/dropwizard/dropwizard/issues/3520)) - Bump tomcat-jdbc from 9.0.37 to 9.0.39 ([#3495](https://togithub.com/dropwizard/dropwizard/issues/3495)) - Upgrade to Liquibase 3.10.3 - Bump assertj-core from 3.16.1 to 3.17.2 ([#3448](https://togithub.com/dropwizard/dropwizard/issues/3448)) - Bump junit from 4.12 to 4.13.1 ([joschi/dropwizard-1.3#24](https://togithub.com/joschi/dropwizard-1.3/issues/24), [joschi/dropwizard-1.3#25](https://togithub.com/joschi/dropwizard-1.3/issues/25)) - Bump mockito.version from 3.4.6 to 3.5.15 ([#3513](https://togithub.com/dropwizard/dropwizard/issues/3513)) - Bump maven-project-info-reports-plugin from 3.1.0 to 3.1.1 ([joschi/dropwizard-1.3#29](https://togithub.com/joschi/dropwizard-1.3/issues/29)) - Bump octokit from 4.18.0 to 4.19.0 in /docs ([#3518](https://togithub.com/dropwizard/dropwizard/issues/3518)) - Enforce checker-qual 3.7.0 for dependency convergence ### [`v1.3.25`](https://togithub.com/dropwizard/dropwizard/releases/tag/v1.3.25) [Compare Source](https://togithub.com/dropwizard/dropwizard/compare/v1.3.24...v1.3.25) ##### Changes since Dropwizard 1.3.25-beta.2 ##### Dependency updates - Upgrade to Jackson 2.9.10.20200824 ([#3433](https://togithub.com/dropwizard/dropwizard/issues/3433)) ##### Changes since Dropwizard 1.3.24 ##### Improvements - Remove alpn-boot dependency in dropwizard-http2 for Java 8u252 ([#3256](https://togithub.com/dropwizard/dropwizard/issues/3256)) - Extend from AbstractHandlerContainer instead of AbstractHandler ([#2460](https://togithub.com/dropwizard/dropwizard/issues/2460)) - Add JAXB API to dropwizard-jersey (Java 11) - Use SslContextFactory.Server over deprecated SslContextFactory ([#3411](https://togithub.com/dropwizard/dropwizard/issues/3411)) ##### Dependency updates - Upgrade to Jetty 9.4.31.v20200723 - Upgrade to jetty-setuid-java 1.0.4 - Upgrade to Liquibase 3.10.2 - Upgrade to Joda-Time 2.10.6 - Upgrade to Jdbi 3.14.3 - Upgrade to SLF4J 1.7.30 - Upgrade to Apache Tomcat JDBC Pool 9.0.37 - Upgrade to Apache HttpClient 4.5.12 - Upgrade to commons-text 1.9 - Upgrade to commons-lang3 3.11 - Upgrade to Metrics 4.1.12.1 - Upgrade to Freemarker 2.3.30 - Upgrade to Objenesis 3.1 - Upgrade to Javassist 3.27.0-GA - Upgrade to Classmate 1.5.1 ##### Test dependencies - Upgrade to HSQLDB 2.5.1 - Upgrade to JUnit 5.6.2 - Upgrade to Mockito 3.4.6 - Upgrade to AssertJ 3.16.1 - Upgrade to Error Prone 2.3.4 - Upgrade to NullAway 0.7.10 ##### Build dependencies - Update wrapper to Maven 3.6.3 - Bump octokit from 4.8.0 to 4.18.0 in /docs ([#23](https://togithub.com/dropwizard/dropwizard/issues/23)) - Upgrade to sphinx-maven-plugin 2.9.0 - Upgrade to maven-source-plugin 3.2.1 - Upgrade to maven-site-plugin 3.9.1 - Upgrade to maven-resources-plugin 3.2.0 - Upgrade to maven-project-info-reports-plugin 3.1.0 - Upgrade to maven-javadoc-plugin 3.2.0 - Upgrade to maven-jar-plugin 3.2.0 - Upgrade to maven-clean-plugin 3.1.0 - Upgrade to maven-checkstyle-plugin 3.1.1 - Upgrade to jacoco-maven-plugin 0.8.5 - Upgrade to build-helper-maven-plugin 3.2.0 - Update Maven plugins in java-simple archetype POM template - Update Maven plugins in dropwizard-example - Update Maven plugins in dropwizard-archetypes ##### Assorted - Fix build of `dropwizard-example` with Java 11 ### [`v1.3.24`](https://togithub.com/dropwizard/dropwizard/releases/tag/v1.3.24) [Compare Source](https://togithub.com/dropwizard/dropwizard/compare/v1.3.23...v1.3.24) ##### Dependency updates - Upgrade to Jackson 2.9.10.20200621 ([#3344](https://togithub.com/dropwizard/dropwizard/issues/3344)) ### [`v1.3.23`](https://togithub.com/dropwizard/dropwizard/releases/tag/v1.3.23) [Compare Source](https://togithub.com/dropwizard/dropwizard/compare/v1.3.22...v1.3.23) ##### Dependency updates - Upgrade to Jackson 2.9.10.20200411 ([#3246](https://togithub.com/dropwizard/dropwizard/issues/3246)) ### [`v1.3.22`](https://togithub.com/dropwizard/dropwizard/releases/tag/v1.3.22) [Compare Source](https://togithub.com/dropwizard/dropwizard/compare/v1.3.21...v1.3.22) #### Security - Upgrade to SnakeYAML to address [CVE-2017-18640](https://nvd.nist.gov/vuln/detail/CVE-2017-18640) ([#3223](https://togithub.com/dropwizard/dropwizard/issues/3223), [#3227](https://togithub.com/dropwizard/dropwizard/issues/3227), [FasterXML/jackson-dataformats-text#187](https://togithub.com/FasterXML/jackson-dataformats-text/issues/187)) ### [`v1.3.21`](https://togithub.com/dropwizard/dropwizard/releases/tag/v1.3.21) [Compare Source](https://togithub.com/dropwizard/dropwizard/compare/v1.3.20...v1.3.21) #### Security - Disable message interpolation in `ConstraintViolations` by default ([#3209](https://togithub.com/dropwizard/dropwizard/issues/3209)) ### [`v1.3.20`](https://togithub.com/dropwizard/dropwizard/releases/tag/v1.3.20) [Compare Source](https://togithub.com/dropwizard/dropwizard/compare/v1.3.19...v1.3.20) #### Security - Upgrade to Jackson 2.9.10.20200223 to address CVE-2020-8840 ([#3168](https://togithub.com/dropwizard/dropwizard/issues/3168)) ### [`v1.3.19`](https://togithub.com/dropwizard/dropwizard/releases/tag/v1.3.19) [Compare Source](https://togithub.com/dropwizard/dropwizard/compare/v1.3.18...v1.3.19) #### Security - Escape EL expressions in `ViolationCollector` to address CVE-2020-5245 ([#3160](https://togithub.com/dropwizard/dropwizard/issues/3160)) - Security Advisory: [Remote Code Execution (RCE) vulnerability in dropwizard-validation <2.0.2](https://togithub.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf) - Thanks to Alvaro Muñoz ([@pwntester](https://togithub.com/pwntester)) and the [GitHub Security Lab](https://securitylab.github.com/) for the responsible disclosure! ### [`v1.3.18`](https://togithub.com/dropwizard/dropwizard/releases/tag/v1.3.18) [Compare Source](https://togithub.com/dropwizard/dropwizard/compare/v1.3.17...v1.3.18) - Update Jackson version to 2.9.10.20200103 to address CVE-2019-20330 ([#3100](https://togithub.com/dropwizard/dropwizard/issues/3100)) Thanks to [@msymons](https://togithub.com/msymons)! ### [`v1.3.17`](https://togithub.com/dropwizard/dropwizard/releases/tag/v1.3.17) [Compare Source](https://togithub.com/dropwizard/dropwizard/compare/v1.3.16...v1.3.17) - Add SLF4J marker to dropwizard-json-logging ([#3005](https://togithub.com/dropwizard/dropwizard/issues/3005)) - Enable Jackson Afterburner only on Java 8 (backport) ([#3028](https://togithub.com/dropwizard/dropwizard/issues/3028)) - Upgrade Apache HttpClient to 4.5.10 to fix URI rewriting ([#3029](https://togithub.com/dropwizard/dropwizard/issues/3029)) ### [`v1.3.16`](https://togithub.com/dropwizard/dropwizard/releases/tag/v1.3.16) [Compare Source](https://togithub.com/dropwizard/dropwizard/compare/v1.3.15...v1.3.16) - Upgrade to Jackson 2.9.10.20191020 to address CVE-2019-16942, CVE-2019-16943, and CVE-2019-17531 ([#2988](https://togithub.com/dropwizard/dropwizard/issues/2988), thanks to [@msymons](https://togithub.com/msymons)) ### [`v1.3.15`](https://togithub.com/dropwizard/dropwizard/releases/tag/v1.3.15) [Compare Source](https://togithub.com/dropwizard/dropwizard/compare/v1.3.14...v1.3.15) - Upgrade to Jackson 2.9.10 to address multiple security issues ([#2939](https://togithub.com/dropwizard/dropwizard/issues/2939)) ### [`v1.3.14`](https://togithub.com/dropwizard/dropwizard/releases/tag/v1.3.14) [Compare Source](https://togithub.com/dropwizard/dropwizard/compare/v1.3.13...v1.3.14) - Upgrade to Jackson 2.9.9.20190807 to address multiple security issues ([#2871](https://togithub.com/dropwizard/dropwizard/issues/2871))