8.5.239.04

What's New

This release contains the following new features and enhancements:

• The Displayed Calendar dropdown will not be displayed if there are no imported office hours. (GMS-8941)

Resolved Issues

This release contains the following resolved issues:

The Context Services migration tool has been removed from Installation Package. The migration tool was used 10 years ago to migrate from 8.1 to 8.5. (GMS-9024)

Due to the security vulnerability (CVE-2023-24998), the commons-fileupload library is upgraded from 1.3.3 to 1.5. (GMS-9019)

Due to the security vulnerability (CVE-2022-42889), the commons-text library is upgraded from 1.9 to 1.10.0. (GMS-9017)

Due to the security vulnerability (CVE-2023-1370), the jsonpath library is upgraded from 2.6.0 to 2.8.0.(GMS-9002)

Due to the security vulnerability (BDSA-2012-0001), the commons-codec library is upgraded from 1.11 to 1.16.0. (GMS-9001)

Due to the security vulnerability (BDSA-2012-0001), the Apache Tika library is upgraded to 1.28.5.

• com.fasterxml.jackson.core:jackson-core:jar:2.15.2
• com.fasterxml.jackson.core:jackson-annotations:jar:2.15.2
• com.fasterxml.jackson.core:jackson-databind:jar:2.15.2
• commons-io:commons-io:jar:2.13.0
• net.sf.jasperreports:jasperreports:jar:6.20.5
• com.github.librepdf:openpdf:jar:1.3.30.jaspersoft.2
• net.sourceforge.dynamicreports:dynamicreports-core:jar:6.12.1
• org.apache.commons:commons-text:jar:1.9
• org.apache.commons:commons-lang3:jar:3.11
• org.apache.poi:poi:jar:5.2.2
• org.apache.poi:poi-scratchpad:jar:5.2.2
• org.apache.poi:poi-ooxml:jar:5.2.2
• org.apache.poi:poi-ooxml-lite:jar:5.2.2
• commons-lang:commons-lang:jar:2.6
• org.apache.tika:tika-parsers:jar:1.28.5
• org.apache.tika:tika-core:jar:1.28.5
• com.googlecode.plist:dd-plist:jar:1.24
• org.apache.pdfbox:pdfbox:jar:2.0.26
• org.apache.pdfbox:fontbox:jar:2.0.26
• org.apache.pdfbox:pdfbox-tools:jar:2.0.26
• org.apache.pdfbox:preflight:jar:2.0.26
• org.apache.pdfbox:xmpbox:jar:2.0.26
• org.apache.xmlbeans:xmlbeans:jar:5.0.3
• com.github.virtuald:curvesapi:jar:1.07
• com.healthmarketscience.jackcess:jackcess:jar:4.0.2
• org.ow2.asm:asm:jar:9.3
• org.codelibs:jhighlight:jar:1.1.0
• com.github.junrar:junrar:jar:7.5.3
• com.google.code.gson:gson:jar:2.9.1
• com.google.guava:guava:jar:31.1-jre
• com.google.errorprone:error_prone_annotations:jar:2.11.0
• com.google.protobuf:protobuf-java:jar:3.21.5
• org.apache.sis.core:sis-utility:jar:1.2
• org.apache.sis.storage:sis-netcdf:jar:1.2
• org.apache.sis.storage:sis-storage:jar:1.2
• org.apache.sis.core:sis-feature:jar:1.2
• org.apache.sis.core:sis-referencing:jar:1.2
• org.apache.sis.core:sis-metadata:jar:1.2
• org.apache.pdfbox:jbig2-imageio:jar:3.0.4
• jakarta.annotation:jakarta.annotation-api:jar:2.1.1

(GMS-8993)

Due to the security vulnerability (CVE-2022-46364 and CVE-2022-46363), the cxf-rt-rs-client is upgraded from 3.5.0 to 4.0.2. (GMS-8984)

Due to the security vulnerability (CVE-2022-40152), the woodstox-core library is upgraded from 5.3.0 to 6.5.1. (GMS-8983)

Due to the security vulnerability (CVE-2022-45688), the JSON-Java library is upgraded from 20210307 to 20230227. (GMS-8982)

The Angular library for GMS Admin UI Web page is upgraded from version 1.5.7 to 1.8.2. (GMS-8978)

The MomentJS library has been updated to include timezone data file for the next 10 year range. (GMS-8916)

The reporting key *_CB_T_CALLBACK_ACCEPTED* is attached to the call at 'creation' time. This key is already sent to the reporting endpoint. (GMS-8907)

Due to the security vulnerabilities (CVE-2023-34453, CVE-2023-34454, CVE-2023-34455), the snappy-java library is upgraded from 1.1.7.2 to 1.1.10.2. (GMS-8990)

Due to the security vulnerability (CVE-2021-40660), the delight-nashorn-sandbox library is upgraded from 0.1.16 to 0.3.1.(GMS-8987)

The Spring framework has been updated to 5.2.24. (GMS-8954)

Callback Status now correctly reflects the outcome of a callback when the ORS Callback strategy and URS WaitForTarget strategy use the same _urs_queued_ttl option value. (GMS-8947)

The callback code samples are no longer included in the GMS package. (GMS-8932)

Upgrade Notes

No special procedure is required to upgrade to release 8.5.239.04.