Skip to content

Merge latest georgie version #1880

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jonathanaustin merged 38 commits into from
Jan 23, 2026
Merged

Merge latest georgie version #1880

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
38 commits
Select commit Hold shift + click to select a range
d079b91
Add new utility method createTargetUrl in WebUtilities to centralise …
jonathanaustin Nov 12, 2025
d5ec908
Modified Targetable components to use the new createTargetUrl method …
jonathanaustin Nov 12, 2025
b966744
Moved the adding of the hidden parameters onto the AJAX url from the …
jonathanaustin Nov 12, 2025
4daa772
Modified the session token interceptors to only accept a session toke…
jonathanaustin Nov 12, 2025
4ab3fc1
Update WebUtilites to check for null URL in getPath method
jonathanaustin Nov 12, 2025
0ab4a04
Kick the can down the road to 2040 for date parser unit test
jonathanaustin Nov 12, 2025
02f5d7b
Update sonar plugin in Github Actions
jonathanaustin Nov 24, 2025
34886ec
Merge pull request #1873 from BorderTech/feature/session-token-url
jonathanaustin Nov 27, 2025
4894168
Updated beanutils as it had a transient dependency on commons-collect…
jonathanaustin Nov 27, 2025
70d2310
Updated antisamy to latest version 1.7.8 as it has reinstated the xHT…
jonathanaustin Nov 28, 2025
cd5aa22
Updated FileUtil to include MetaData hints when calling tika to help …
jonathanaustin Nov 28, 2025
198b68b
Merge pull request #1874 from BorderTech/feature/update-beanutils
jonathanaustin Dec 1, 2025
0087257
[maven-release-plugin] prepare release wcomponents-parent-1.5.38
jonathanaustin Dec 1, 2025
a0660dc
[maven-release-plugin] prepare for next development iteration
jonathanaustin Dec 1, 2025
a710eca
Roll CHANGELOG
jonathanaustin Dec 1, 2025
c51c592
Merge pull request #1875 from BorderTech/release-1.5.38
jonathanaustin Dec 1, 2025
a6ff85d
Make backing FileItem available in FileItemWrap
jonathanaustin Dec 12, 2025
f0ec781
Make stream handling more consistent
jonathanaustin Jan 9, 2026
bcb7569
Consistent use of try-with-resources when handling streams
jonathanaustin Jan 12, 2026
c772d9c
Update examples to have consistent use of try-with-resources when han…
jonathanaustin Jan 12, 2026
e176826
Update LDE to have consistent use of try-with-resources when handling…
jonathanaustin Jan 12, 2026
5b4a327
Updated AbstractRequest to remove deprecated methods uploadFileItems …
jonathanaustin Jan 12, 2026
40ec02f
Replaced org.apache.tika:tika library with org.overviewproject:mime-t…
jonathanaustin Jan 14, 2026
eb71dbd
Updated FileUtil to make file extension and mime type validation case…
jonathanaustin Jan 14, 2026
056be3c
Update project dependencies to latest versions
jonathanaustin Jan 16, 2026
930648d
Update missed example with try-with-resources
jonathanaustin Jan 16, 2026
deb1ed4
Add code-coverage module
jonathanaustin Jan 16, 2026
07e7262
Add version to deploy plugin in code-coverage module
jonathanaustin Jan 16, 2026
71b2464
Add wait for quality gate on sonar scan to fail build
jonathanaustin Jan 16, 2026
d6b53ca
EOL for new code-coverage pom.xml
jonathanaustin Jan 19, 2026
d9e717e
Merge pull request #1878 from BorderTech/feature/replace-tika-lib
jonathanaustin Jan 19, 2026
294d21d
[maven-release-plugin] prepare release wcomponents-parent-1.5.39
jonathanaustin Jan 20, 2026
4b4aee4
[maven-release-plugin] prepare for next development iteration
jonathanaustin Jan 20, 2026
f1cb325
Roll CHANGELOG
jonathanaustin Jan 20, 2026
bb92dd0
Merge pull request #1879 from BorderTech/release-1.5.39
jonathanaustin Jan 22, 2026
3dfa1a7
Kick date parser unit test down the road
jonathanaustin Jan 22, 2026
5ee7370
Merge commit 'bb92dd00ffdfc81cb37dd593d63905458146e015' into feature/…
jonathanaustin Jan 22, 2026
b28bb2f
Fix theme merge conflicts
jonathanaustin Jan 22, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/github-actions-build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ jobs:
echo "Sonar secure variables NOT available"
else
echo "Sonar secure variables ARE available"
mvn -B sonar:sonar -Dsonar.projectKey="bordertech-wcomponents" -Dsonar.organization="bordertech-github" -Dsonar.host.url="https://sonarcloud.io"
mvn -B org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey="bordertech-wcomponents" -Dsonar.organization="bordertech-github" -Dsonar.host.url="https://sonarcloud.io" -Dsonar.qualitygate.wait=true
fi
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand Down
45 changes: 45 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,51 @@ Client Side API:
### Bug Fixes
* SelectToggle label attribute fix, `wc-data-for` > `data-wc-for`.

## 1.5.39

### API Changes
* Updated AbstractRequest to remove deprecated methods uploadFileItems and readBytes (were protected static). Use StreamUtils instead.
### Enhancements
* Consistent use of try-with-resources when handling streams
* Replaced org.apache.tika:tika library with org.overviewproject:mime-types in FileUtil to validate uploaded file mime types.
* Updated the following dependencies:
* wcomponents-core:
* com.google.code.gson:gson from 2.13.1 to 2.13.2
* org.apache.commons:commons-lang3 from 3.18.0 to 3.20.0
* commons-io:commons-io from 2.19.0 to 2.21.0
* com.google.errorprone:error_prone_annotations from 2.39.0 to 2.46.0
* org.apache.httpcomponents.client5:httpclient5 from 5.5 to 5.6
* org.apache.httpcomponents.core5:httpcore5 from 5.3.4 to 5.4
* wcomponents-test-lib:
* io.github.bonigarcia:webdrivermanager from 6.1.0 to 6.3.3
* org.apache.commons:commons-compress from 1.27.1 to 1.28.0
* commons-codec:commons-codec from 1.18.0 to 1.20.0
* com.google.guava:guava from 33.4.8-jre to 33.5.0-jre
* net.java.dev.jna:jna from 5.17.0 to 5.18.1
* wcomponents-bundle:
* org.ehcache:ehcahce from 3.10.8 to 3.11.1
* org.glassfish.jaxb:jaxb-runtime from 4.0.5 to 4.0.6
### Bug Fixes
* Updated FileUtil to make file extension and mime type validation case insensitive.

## 1.5.38

### Enhancements
* To improve the robustness of the session token parameter (wc_t), which is used to prevent CSRF attacks, the following changes have been made:
* The session token is no longer included on any GET URLs and only posted in the body for POSTS.
* Modified the session token interceptors to only accept a session token on a POST and throw an exception if provided on a GET.
* Modified Targetable components to use the new createTargetUrl method in WebUtilites that centralises the logic for
creating the URLs for Targetable components and excludes the session token.
* Moved the adding of the hidden parameters onto the AJAX url from the XSL into the WApplicationRenderer so the session
token can be excluded.
* Updated beanutils version and package names as beanutils had a transient dependency on commons-collections that has security vulnerabilies.
* commons-beanutils:commons-beanutils:1.11.0 to org.apache.commons:commons-beanutils2:2.0.0-M2
* Updated antisamy to latest version 1.7.8 as it has reinstated the xHTML behaviour for tags. Versions 1.7.0 to 1.7.6 did not support xHTML and would break the XML.
* org.owasp.antisamy:antismay from 1.6.8 to 1.7.8
* Updated FileUtil to include MetaData hints when calling tika to help tika identify a files content type.

NOTE - The session token changes are not backwards compatable with older themes.

## 1.5.37

### Enhancements
Expand Down
70 changes: 70 additions & 0 deletions code-coverage/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>

<parent>
<groupId>com.github.bordertech.wcomponents</groupId>
<artifactId>wcomponents-parent</artifactId>
<version>1.5.40-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

<name>code-coverage</name>
<artifactId>code-coverage</artifactId>

<packaging>jar</packaging>

<dependencies>
<dependency>
<groupId>com.github.bordertech.wcomponents</groupId>
<artifactId>wcomponents-core</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>com.github.bordertech.wcomponents</groupId>
<artifactId>wcomponents-examples</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>com.github.bordertech.wcomponents</groupId>
<artifactId>wcomponents-test-lib</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>com.github.bordertech.wcomponents</groupId>
<artifactId>wcomponents-lde</artifactId>
<version>${project.version}</version>
</dependency>
</dependencies>

<build>

<plugins>
<!-- Generate aggreated coverage report -->
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<executions>
<execution>
<id>report-aggregate</id>
<phase>test</phase>
<goals>
<goal>report-aggregate</goal>
</goals>
</execution>
</executions>
</plugin>
<!-- This coverage module should never de deployed -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<version>3.1.4</version>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>

</build>

</project>
7 changes: 4 additions & 3 deletions pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@

<groupId>com.github.bordertech.wcomponents</groupId>
<artifactId>wcomponents-parent</artifactId>
<version>1.5.38-SNAPSHOT</version>
<version>1.5.40-SNAPSHOT</version>

<packaging>pom</packaging>

Expand Down Expand Up @@ -85,7 +85,7 @@
<dependency>
<groupId>org.ehcache</groupId>
<artifactId>ehcache</artifactId>
<version>3.10.8</version>
<version>3.11.1</version>
<exclusions>
<!-- Exclude jaxb runtime as ehcache has a wildcard dependency that breaks the build -->
<exclusion>
Expand All @@ -107,7 +107,7 @@
<dependency>
<groupId>org.glassfish.jaxb</groupId>
<artifactId>jaxb-runtime</artifactId>
<version>4.0.5</version>
<version>4.0.6</version>
</dependency>

<!-- Servlet Interface -->
Expand Down Expand Up @@ -217,6 +217,7 @@
<module>wcomponents-theme</module>
<module>wcomponents-xslt</module>
<module>wcomponents-bundle</module>
<module>code-coverage</module>
</modules>

</project>
2 changes: 1 addition & 1 deletion wcomponents-bundle/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
<parent>
<groupId>com.github.bordertech.wcomponents</groupId>
<artifactId>wcomponents-parent</artifactId>
<version>1.5.38-SNAPSHOT</version>
<version>1.5.40-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

Expand Down
72 changes: 25 additions & 47 deletions wcomponents-core/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
<parent>
<groupId>com.github.bordertech.wcomponents</groupId>
<artifactId>wcomponents-parent</artifactId>
<version>1.5.38-SNAPSHOT</version>
<version>1.5.40-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

Expand Down Expand Up @@ -101,15 +101,19 @@
</dependency>

<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
<version>1.11.0</version>
<groupId>org.apache.commons</groupId>
<artifactId>commons-beanutils2</artifactId>
<version>2.0.0-M2</version>
<!-- Fix convergence -->
<exclusions>
<exclusion>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
</exclusion>
</exclusions>
</dependency>

Expand Down Expand Up @@ -186,7 +190,7 @@
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
<version>2.13.1</version>
<version>2.13.2</version>
<exclusions>
<exclusion>
<groupId>com.google.errorprone</groupId>
Expand All @@ -196,51 +200,36 @@
</dependency>

<!-- Required for HTML input sanitization of WTextArea -->
<!-- Antisamy as of 1.7.X does not support xhtml and will remove the closing tag on "void" elements which will break the XML-->
<!-- Once WComponents stops using xslt then the latest Antisamy can be used -->
<!-- Note - Antisamy versions 1.7.0 to 1.7.6 does not support xhtml and will remove the closing tag on "void" elements which will break the XML-->
<!-- https://html.spec.whatwg.org/multipage/syntax.html#void-elements -->
<dependency>
<groupId>org.owasp.antisamy</groupId>
<artifactId>antisamy</artifactId>
<version>1.6.8</version>
<version>1.7.8</version>
<!-- Fix convergence -->
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.xmlgraphics</groupId>
<artifactId>batik-css</artifactId>
</exclusion>
<exclusion>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.httpcomponents.client5</groupId>
<artifactId>httpclient5</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.httpcomponents.core5</groupId>
<artifactId>httpcore5</artifactId>
<groupId>xerces</groupId>
<artifactId>xercesImpl</artifactId>
</exclusion>
<exclusion>
<groupId>net.sourceforge.htmlunit</groupId>
<artifactId>neko-htmlunit</artifactId>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
</exclusion>
<exclusion>
<groupId>xerces</groupId>
<artifactId>xercesImpl</artifactId>
<groupId>org.apache.httpcomponents.core5</groupId>
<artifactId>httpcore5</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- Neko-htmlunit had a package rename as of 3.X.X and cannot be picked up until latest Antisamy can be used -->
<dependency>
<groupId>net.sourceforge.htmlunit</groupId>
<artifactId>neko-htmlunit</artifactId>
<version>2.70.0</version>
</dependency>
<dependency>
<groupId>org.apache.xmlgraphics</groupId>
<artifactId>batik-css</artifactId>
Expand Down Expand Up @@ -280,20 +269,9 @@
</dependency>

<dependency>
<groupId>org.apache.tika</groupId>
<artifactId>tika-core</artifactId>
<version>2.9.4</version>
<!-- Fix convergence -->
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
<exclusion>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
</exclusion>
</exclusions>
<groupId>org.overviewproject</groupId>
<artifactId>mime-types</artifactId>
<version>2.0.0</version>
</dependency>

<!-- Force versions to fix convergence -->
Expand All @@ -310,22 +288,22 @@
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.18.0</version>
<version>3.20.0</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.19.0</version>
<version>2.21.0</version>
</dependency>
<dependency>
<groupId>com.google.errorprone</groupId>
<artifactId>error_prone_annotations</artifactId>
<version>2.39.0</version>
<version>2.46.0</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents.client5</groupId>
<artifactId>httpclient5</artifactId>
<version>5.5</version>
<version>5.6</version>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
Expand All @@ -336,7 +314,7 @@
<dependency>
<groupId>org.apache.httpcomponents.core5</groupId>
<artifactId>httpcore5</artifactId>
<version>5.3.4</version>
<version>5.4</version>
</dependency>

<!-- Test dependencies -->
Expand Down
2 changes: 1 addition & 1 deletion ...nts-core/src/main/java/com/github/bordertech/wcomponents/AbstractBeanBoundTableModel.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package com.github.bordertech.wcomponents;

import com.github.bordertech.wcomponents.WTable.BeanBoundTableModel;
import org.apache.commons.beanutils.PropertyUtils;
import org.apache.commons.beanutils2.PropertyUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

Expand Down
2 changes: 1 addition & 1 deletion ...ents-core/src/main/java/com/github/bordertech/wcomponents/AbstractBeanTableDataModel.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
package com.github.bordertech.wcomponents;

import org.apache.commons.beanutils.PropertyUtils;
import org.apache.commons.beanutils2.PropertyUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

Expand Down
Loading