Skip to content

Releases: DataONEorg/d1_common_java

d1_common_java 2.5.0

Choose a tag to compare

@mbjones mbjones released this 08 Jul 00:11

2.5.0 (2026-07-06)

  • Intent: Deliver a modernization and maintenance release focused on Java 17/21/25 compatibility, security hardening, and release pipeline updates.
  • Security fixes: Fixed XML External Entity (XXE) vulnerabilities caused by external DTD references and external ENTITY references during XML parsing; all users should upgrade to 2.5.0 or later.
  • New features: Java runtime/build modernization for current Java 25 LTS and current-feature JVMs (issue #4), refreshed build and deploy workflow defaults, migration to maven.dataone.org release/snapshot distribution, updated format bundle (formats 1.28), and adoption of released d1_test_resources 2.4.0.
  • Bug fixes: Fixed unescaped semicolon handling in URL query/fragment parsing (issue #8, PR #9) and resolved marshalling/styleSheet-era compatibility pain points from post-Java 8 behavior (issue #3).
  • Dependency and tooling updates: Upgraded core dependencies and plugins including log4j, commons-lang3, commons-io, servlet compatibility updates, and modern Maven compiler/jar plugin versions.

Full Changelog: 2.4.2...2.5.0