Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: update dependency nhibernate to v5.4.9 [security] #44

Merged
merged 1 commit into from
Jul 8, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jul 8, 2024

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
NHibernate (source) 5.1.0 -> 5.4.9 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-39677

Impact

A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. Callers of these methods are exposed to the vulnerability, which includes:

  • Mappings using inheritance with discriminator values:
    • The discriminator value could be written in the mapping in a way exploiting the vulnerability of the associated discriminator type, if that type is among the vulnerable ones.
    • The current culture settings for formatting the discriminator value type could be altered in a way resulting into SQL injections with the discriminator values.
  • HQL queries referencing a static field of the application.
  • Users of the SqlInsertBuilder and SqlUpdateBuilder utilities, calling their AddColumn overload taking a literal value. These overloads are unused by NHibernate but could be used by users referencing directly these utilities.
  • Any direct use of the ObjectToSQLString methods for building SQL queries on the user side.

Patches

Releases 5.4.9 and 5.5.2.

Workarounds

  • Ensure the application does not use the features listed above.
  • For discriminator usages, ensure the discriminator values in the mappings do not contain quotes for string discriminators. Furthermore, for types which ToString conversion can be altered to include SQL injections through adequate hacking of the current culture settings, either change for another type, or ensure the used values cannot allow culture exploits, or ensure the application performs sanity checks of the current culture settings. Types sensitive to culture include integers for negative values, dates, times and datetimes, floats and decimals.

References

  • #​3516
  • #​3517
  • #​3547

Release Notes

nhibernate/nhibernate-core (NHibernate)

v5.4.9

Compare Source

=============================

Release notes - NHibernate - Version 5.4.9

6 issues were resolved in this release, including CVE-2024-39677.

** Bug

  • #​3547 Handle SQL injection vulnerabilities within ObjectToSQLString

** Task

  • #​3576 Release 5.4.9
  • #​3558 Migrate AppVeyor & TC builds to PostgreSQL 13
  • #​3545 Upgrade Npgsql to a non vulnerable version
  • #​3544 Upgrade vulnerable test dependencies
  • #​3517 Obsolete vulnerable literal AddColumn

v5.4.8

Compare Source

=============================

Release notes - NHibernate - Version 5.4.8

2 issues were resolved in this release.

** Bug

  • #​3489 Inserting multiple associations of the same entity fails

** Task

v5.4.7

Compare Source

=============================

Release notes - NHibernate - Version 5.4.7

3 issues were resolved in this release.

** Task

v5.4.6

Compare Source

=============================

Release notes - NHibernate - Version 5.4.6

2 issues were resolved in this release.

** Bug

  • #​3414 Reenable use of SelectClauseVisitor for subqueries

** Task

v5.4.5

Compare Source

=============================

Release notes - NHibernate - Version 5.4.5

2 issues were resolved in this release.

** Task

v5.4.4

Compare Source

=============================

Release notes - NHibernate - Version 5.4.4

6 issues were resolved in this release.

** Bug

  • #​3359 2nd level cache GetMany ineffective for collections
  • #​3354 Invalid program generated by FieldInterceptorProxyBuilder for indexer property getter
  • #​3352 Fetch throws "could not resolve property" error for a property that is not mapped

** Improvement

  • #​3368 Allow internal entity classes/interfaces in .NET Standard 2.0 for field interceptor

** Task

  • #​3386 Release 5.4.4
  • #​3367 Update readme with actual dev build information for 5.4

v5.4.3

Compare Source

=============================

Release notes - NHibernate - Version 5.4.3

11 issues were resolved in this release.

** Bug

  • #​3317 Issue with components list lazy loading with not lazy association
  • #​3307 IsDirty performance hit since 5.4.0
  • #​3295 C# 8/11 Static interface members support
  • #​3291 Npgsql 6+ issues with null DateTime parameter types
  • #​3290 Incorrect fetch of Many-to-Many relation
  • #​3289 Fetching lazy loaded component causes n + 1 query when querying a subclass abstraction
  • #​3288 NullReferenceException is thrown when using Fetch

** Task

  • #​3349 Release 5.4.3
  • #​3348 Merge 5.3.18 in 5.4.x
  • #​3318 Merge 5.3.17 in 5.4.x
  • #​3302 Upgrade NUnit3TestAdapter to fix "Unknown framework version 7.0"

v5.4.2

Compare Source

=============================

Release notes - NHibernate - Version 5.4.2

6 issues were resolved in this release.

** Bug

  • #​3274 Improve LINQ Contains subquery parameter detection
  • #​3271 LINQ subqueries wrongly altered by SelectClauseVisitor
  • #​3263 Wrong alias in Where clause if using Fetch and scalar Select
  • #​3239 Incorrect SQL generated fetching many-to-many with subclasses

** New Feature

  • #​3251 MappingByCode: Support backfield property access

** Task

v5.4.1

Compare Source

=============================

Release notes - NHibernate - Version 5.4.1

5 issues were resolved in this release.

** Bug

  • #​3216 Enable one-to-one optimistic lock handling in mapping
  • #​3215 Count(Distinct ...) does not work
  • #​3203 Fix a wrong example in configuration documentation

** Task

As part of releasing 5.4.1, a missing 5.4.0 possible breaking change has been added, about
one-to-one associations and optimistic locking. See 5.4.0 possible breaking changes.

v5.4.0

Compare Source

=============================

Release notes - NHibernate - Version 5.4.0

** Highlights
* NHibernate has gained three new target frameworks: .Net 6, .Net Framework 4.8 and .Net Standard 2.1. NHibernate NuGet package
provides them, along with the older targets, .Net Core 2.0, .Net Framework 4.6.1 and .Net Standard 2.0. These new targets allow
some NHibernate optimizations for applications using them. The same limitations apply for .Net 6 and .Net Standard 2.1 as for
.Net Core 2.0 and .Net Standard 2.0, see NHibernate 5.1.0 release notes.
* A new batching strategy is available, minimizing the batching memory footprint. See #​2959. Using it may increase CPU usage.
* 201 issues were resolved in this release.

##### Possible Breaking Changes #####
    * One-to-one changes does now trigger a version increment, consistently with the default behavior of other kinds of
      associations. See #​3204.
    * Linq and criteria queries on unmapped entities will throw instead of returning an empty result list. See #​1106, #​1095.
    * The second level cache UpdateTimestampsCache does not use locks anymore. This may slightly increase the number of cases
      where stale data is returned by the query cache. See #​2742.
    * Equality and hashcode access on uninitialized persistent collections will no more trigger their loading. See #​2461.
    * DB2CoreDriver now uses named parameters instead of positional ones. See #​2546.

** Bug

  • #​3198 EntityUpdateAction increments version despite veto on update
  • #​3189 Support proxies of classes with init properties
  • #​3188 No way of detecting if AutoFlush performed in added AutoFlushEventListener
  • #​3176 Cached entity always fetches lazy properties with read-write concurrency strategy
  • #​3156 Evaluation failure when using Nullable without a value in LINQ
  • #​3150 LINQ query dynamic component by interface hangs the application
  • #​3109 Fix table group join issue with subclasses
  • #​3104 Inner Join fails with left Outer Join when referenced in Where clause
  • #​3076 Nested group by results in "A recognition error occured"
  • #​2968 Fix QueryStatistics.ExecutionAvgTime calculation
  • #​2827 Fix BadImageFormatException in dynamic proxies for abstract classes and interfaces
  • #​2822 "A recognition error ocurred" querying by a nullable component with more than N properties
  • #​2758 Fix AmbiguousMatchException in ClearPool with FirebirdClient 6.6.0 and above
  • #​2750 Using System.Transaction with IStatelessSession doesn't always flush batches to database
  • #​2738 Unused Left Join in LINQ throws exception
  • #​2717 MappingByCode discriminator column with string type throws exception
  • #​2675 Fix collection lazy loading with composite keys on subclass columns
  • #​2672 Linq query failure with left joins
  • #​2619 InvalidOperationException in ProxyGenerator for class with generic non-virtual method
  • #​2614 Obvious bug in two HQLQueryPlan classes with distinction Set
  • #​2594 Wrong SQL produced by DML LINQ when using a select clause for a property referencing the outer select
  • #​2555 Add spaces around concat operator
  • #​2552 One-to-one second level cache issue
  • #​2548 Mark DB2Dialect as not supporting null columns in unique constraint
  • #​2547 Fix paging in DB2Dialect
  • #​2540 Unable to use external predicate in subquery
  • #​2534 Fix asymmetrical SqlType.Equals
  • #​2454 ConditionalProjection containing the correlation to outer query fails to determine projection type
  • #​2330 join on multiple conditions
  • #​2201 Fetch Join generates incorrect SQL joins for the same entity type
  • #​2092 Projection and join fetch in hql leads to duplicated column aliases
  • #​1365 NH-3288 - Stale data checking does not work for one-to-one associations
  • #​1349 NH-3893 - HQL parse error of a query with 'left' or 'right' function
  • #​1326 NH-3622 - Fetching in query causes incorrect/missing joins in subquery
  • #​1316 NH-3530 - memory when using default_batch_fetch_size
  • #​1235 NH-2785 - StaleStateExceptions discarded on optional table
  • #​1215 NH-2208 - Error with filters on joined-subclass as many-to-one
  • #​1209 NH-2049 - Error with filters on joined-subclass as one-to-one
  • #​1180 NH-3847 - ConditionalProjection throws "Both true and false projections must return the same types" when the types are the same
  • #​1106 NH-2978 - LINQ: Queries for unmapped entity types return empty result set
  • #​1075 NH-2239 - Wrong OrderBy in generated SQL when using ICriteria, Eager fetching and order by clauses in collection mappings
  • #​1072 NH-2174 - Invalid SQL is generated for OneToMany collections
  • #​1062 NH-1893 - Trigger-Identity with Dynamic Insert throws ORA-01036 (10g)

** New Feature

  • #​2959 Support Dynamic BatchFetchStyle
  • #​2744 Set which entities classes should never be cached, even indirectly
  • #​2737 Add more left join support
  • #​2645 Allow specifying the size of the query plan cache
  • #​2641 Avoid InvalidCastException with Oracle number high precision values
  • #​2551 Add support for joining a subquery in hql
  • #​2545 Table group joins for subclasses in Criteria
  • #​2486 Add Projections.Select in Criteria
  • #​2361 Table group joins support in hql

** Improvement

  • #​3184 Support caching queries with autodiscovered types
  • #​3177 Disable default caching in tests
  • #​3160 Allow internal entity classess/interfaces in .NET Standard 2.0
  • #​3133 Automatically generate async code on pull request
  • #​3127 Register IType CLR types as aliases
  • #​3116 Simplify SqlGenerator.FromFragmentSeparator
  • #​3114 Exclude generated async files from Deepsource analysis
  • #​3106 Skip table group join processing for implicit join
  • #​3091 Use GitReleaseManager dotnet tool
  • #​3083 Update SHFB in order to build documentation without MSBuild
  • #​3050 Add .NET Standard 2.1 target
  • #​3027 Avoid allocations on lock in SyncCacheLock
  • #​3000 Add .NET 6 and .NET Framework 4.8 targets
  • #​2990 Use inner join instead of implicit join for implied entity joins
  • #​2957 Avoid lambda compilation as much as possible
  • #​2948 Avoid lambda compilation for member access expressions in LINQ
  • #​2947 LINQ queries triggers JIT a bit too much
  • #​2920 Add parameter type to ADO exception
  • #​2804 Projections.Conditional for CASE expressions with multiple conditions
  • #​2752 Change cascade style for DefaultDirtyCheckEventListener to persist to avoid flushing the session
  • #​2742 Remove locks from UpdateTimestampsCache
  • #​2723 Avoid double param type guessing and better NULL parameter handling in LINQ
  • #​2706 Set the rolledBack flag when disposing active transactions
  • #​2700 Potential improvement to AliasToBeanResultTransformer
  • #​2621 Regression bug with enums used as parameter for string column
  • #​2571 Default value for CancellationToken in IQueryBatch.GetResultAsync
  • #​2568 Support internal entity classes by proxy factory
  • #​2556 Register right function for Firebird and PostgreSQL
  • #​2546 Enable named parameters on DB2CoreDriver
  • #​2539 Skip no longer needed moving ON condition to Where clause in LINQ
  • #​2538 Remove no longer needed alias substitution for filtered many-to-many collection in hql
  • #​2518 Support Aggregate subqueries with paging on MS SQL Server
  • #​2510 Remove OrderByClause from query models with Contains, All and Any result operators
  • #​2492 Replace casting with NodeType checks in Criteria ExpressionProcessor
  • #​2479 When using a paged sub-query in Linq, generates incorrect SQL
  • #​2461 Remove persistent collections Equals/GetHashCode overrides
  • #​2460 Simplify single alias retrieval for SimpleProjections
  • #​2448 Avoid lambda compilation for constant and member access expressions in Criteria
  • #​1285 NH-3249 - Cannot perform HQL with "COUNT(DISTINCT Date(s.Date))"
  • #​1244 NH-2868 - Generate method of ForeignGenerator fails with stateless sessions
  • #​1095 NH-2829 - QueryOver/Criteria should throw exception when querying against unmapped class
  • #​871 NH-3115 - Should de-duplicate joins when using fetching with where in LINQ query
  • #​869 NH-2952 - Setting the SqlCheck is not supported in the ByCode mapping
  • #​809 NH-2799 - Provide the CancelQuery() method in IStatelessSession
  • #​766 NH-3813 - Eager fetch on key-many-to-one relation adds inner joins to the query
  • #​715 NH-1040 - property-ref on joined-subclasses should work or error

** Task

  • #​3197 Update dependency System.Data.SqlClient to v4.8.5
  • #​3195 Release NHibernate 5.4
  • #​3161 Tell NuGet about the readme file
  • #​3147 Add datetimex keyword to SapSQLAnywhere17Dialect
  • #​3146 Run tests against Oracle XE 21c
  • #​3123 Update dependency Npgsql to v6
  • #​3121 Update dependency Microsoft.NETFramework.ReferenceAssemblies to v1.0.3
  • #​3119 Update actions/setup-dotnet action to v2
  • #​3118 Update actions/checkout action to v3
  • #​3117 Update dependency NSubstitute to v4.4.0
  • #​3111 Update dependency log4net to v2.0.15
  • #​3080 Replace Dependabot with Renovate
  • #​3063 Bump Oracle.ManagedDataAccess from 19.12.0 to 21.6.1
  • #​3061 Bump Oracle.ManagedDataAccess.Core from 2.19.120 to 3.21.61
  • #​3059 Bump log4net from 2.0.12 to 2.0.14
  • #​3057 Run tests using .NET 4.8
  • #​3017 Add deepsource.io code analysis
  • #​3002 Bump NUnit3TestAdapter from 4.1.0 to 4.2.1
  • #​2987 Disable auto rebasing for depandabot PRs
  • #​2951 Run tests on .NET 6
  • #​2946 Bump Microsoft.SourceLink.GitHub from 1.0.0 to 1.1.1
  • #​2936 Bump System.Data.SQLite.Core from 1.0.114.3 to 1.0.115.5
  • #​2911 Bump System.Data.SqlClient from 4.8.2 to 4.8.3
  • #​2898 Bump FirebirdSql.Data.FirebirdClient from 6.6.0 to 8.5.2
  • #​2887 Bump Oracle.ManagedDataAccess from 19.11.0 to 19.12.0
  • #​2886 Bump Oracle.ManagedDataAccess.Core from 2.19.110 to 2.19.120
  • #​2878 Bump System.Linq.Dynamic.Core from 1.2.10 to 1.2.12
  • #​2870 Bump MySql.Data from 8.0.25 to 8.0.26
  • #​2851 Cache Dialect in tests
  • #​2818 Bump Microsoft.Data.SqlClient from 2.1.3 to 3.0.0
  • #​2800 Bump System.Data.SQLite.Core from 1.0.113.7 to 1.0.114.2
  • #​2799 Bump Npgsql from 4.0.3 to 4.1.9
  • #​2796 Bump System.Linq.Dynamic.Core from 1.2.9 to 1.2.10
  • #​2790 Bump Microsoft.NET.Test.Sdk from 16.9.4 to 16.10.0
  • #​2786 Bump Microsoft.Data.SqlClient from 2.1.2 to 2.1.3
  • #​2771 Bump MySql.Data from 8.0.22 to 8.0.25
  • #​2770 Bump System.Data.SQLite.Core from 1.0.109.2 to 1.0.113.7
  • #​2765 Bump Microsoft.NETFramework.ReferenceAssemblies from 1.0.0 to 1.0.2
  • #​2759 Enable dependabot
  • #​2756 Update dependencies
  • #​2607 Merge 5.3.5
  • #​2605 Upgrade AsyncGenerator to 0.19.1
  • #​2593 Merge 5.3.4
  • #​2582 Remove no longer used code in QueryModelVisitor
  • #​2570 Update Relinq and LinFu links
  • #​2516 Suppress Codefactor single class per file rule for test project
  • #​2501 Upgrade MySql client and remove allowed failures on CI builds

** Tests

  • #​3024 Enable test accessing Component's Parent property in LINQ
  • #​2921 Fix test for SAP SQL Anywhere
  • #​2848 Add Oracle to GitHub Actions
  • #​2541 LINQ SELECT tests with WHERE subquery
  • #​2489 Improve CriteriaAssertFixture
  • #​2456 Test case for #​1180 and improve NullableType.ToString
  • #​2242 Test case for NH-3972 - SQL error when selecting a column of a subclass when sibling classes have a column of the same name

v5.3.20

Compare Source

=============================

Release notes - NHibernate - Version 5.3.20

2 issues were resolved in this release.

** Bug

  • #​3438 DB2/400: ArgumentException Column 'SQL_TYPE_NAME' does not belong to table DataTypes

** Task

v5.3.19

Compare Source

=============================

Release notes - NHibernate - Version 5.3.19

2 issues were resolved in this release.

** Bug

  • #​3397 GenerateSchemaCreationScript creates many identical dialect instances

** Task

v5.3.18

Compare Source

=============================

Release notes - NHibernate - Version 5.3.18

3 issues were resolved in this release.

** Bug

  • #​3333 Lazy property with nosetter accessor remains uninitialized
  • #​3330 Linq with FetchLazyProperties() resets lazy property changes

** Task

v5.3.17

Compare Source

=============================

Release notes - NHibernate - Version 5.3.17

5 issues were resolved in this release.

** Bug

  • #​3306 Invalid SQL when referencing nullable entity in correlated subquery
  • #​3304 Fix SetSnapShot CopyTo variance failure
  • #​3294 Undefined join type failure with cross joins and Informix

** Task

  • #​3315 Release 5.3.17
  • #​3300 Backport handling of null DateTime parameters in Npgsql 6+

v5.3.16

Compare Source

=============================

Release notes - NHibernate - Version 5.3.16

3 issues were resolved in this release.

** Bug

  • #​3269 "Or" clause in a "where" condition returns a wrong result with not-found-ignore
  • #​3210 Wrong name value for L2 read-only cache warning on mutable

** Task

v5.3.15

Compare Source

=============================

Release notes - NHibernate - Version 5.3.15

4 issues were resolved in this release.

** Bug

  • #​3218 Failure of contains subquery with parameter
  • #​3187 Fix mixing implied implicit and left joins in HQL for v5.3

** Task

  • #​3225 Release 5.3.15
  • #​3222 Automatically generate async code on pull requests for 5.3

v5.3.14

Compare Source

=============================

Release notes - NHibernate - Version 5.3.14

3 issues were resolved in this release.

** Bug

  • #​3169 InvalidOperationException: This transformer is not initialized by Cached Query
  • #​3164 Fetching a lazy loaded component regression

** Task

v5.3.13

Compare Source

=============================

Release notes - NHibernate - Version 5.3.13

6 issues were resolved in this release.

** Bug

  • #​3134 ManyToMany - Tries to select not existing column in Mapping Table
  • #​3113 Join fails on Oracle9Dialect
  • #​3030 Memory leak named parameter holds entity references

** Improvement

  • #​3120 Guards against use of a disposed session factory
  • #​2994 Npgsql 6 is not compatible

** Task

v5.3.12

Compare Source

=============================

Release notes - NHibernate - Version 5.3.12

5 issues were resolved in this release.

** Bug

  • #​3046 Regression for filters on entity joins with many-to-one disabled
  • #​3029 InvalidOperationException on proxies with explicit implementation of a generic method

** Improvement

  • #​3043 Improve exception for query on delayed id

** Test

** Task

v5.3.11

Compare Source

=============================

Release notes - NHibernate - Version 5.3.11

12 issues were resolved in this release.

** Bug

  • #​3005 LINQ: Casting from object to TimeSpan throws
  • #​2988 Query issues when using not-found='ignore' in entity mapping
  • #​2965 Fix possible issue with logging for Linq Readonly tests
  • #​2963 Time is incompatible with bigint for TimeAsTimeSpanType
  • #​2937 NRE in linq processing of custom components
  • #​2928 Session.Refresh when entity is IFieldInterceptorAccessor throws a MappingException
  • #​2904 SQL query result not retrieved from second level cache
  • #​2876 Schema validation not working with NpgSql v5
  • #​2862 NHibernate AsyncReaderWriterLock stalls under load
  • #​2727 The session.Load(obj, id) overload can't handle proxies

** Task

  • #​3019 Release 5.3.11
  • #​2984 Bump AsyncGenerator to 0.18.3 for 5.3 branch with fix for .net 6

v5.3.10

Compare Source

=============================

Release notes - NHibernate - Version 5.3.10

11 issues were resolved in this release.

** Bug

  • #​2891 Fix nullable entity comparison with null and implicit/cross joins
  • #​2885 Do not serialize unnecessary members in SessionFactory
  • #​2882 Fix ArgumentNullException when provider is unable to open a connection
  • #​2871 If DbTransaction.Dispose throws an exception, the AdoTransaction is left in an inconsistent state
  • #​2860 Null reference when calling Trim() on interpolated string containing null property
  • #​2858 Casting to object and back to interface in Subquery causes incorrect SQL
  • #​2856 Distinct on Composite User Type property fails
  • #​2855 Error log from ReflectHelper.TypeFromAssembly() on Linq query
  • #​2611 One-to-zero-or-one relation not returning data when checking for null
  • #​1962 Failing Linq query on element index

** Task

v5.3.9

Compare Source

=============================

Release notes - NHibernate - Version 5.3.9

11 issues were resolved in this release.

** Bug

  • #​2835 Fix ExecuteWorkInIsolation ignores MultiTenancy configuration
  • #​2811 Remove session finalizer
  • #​2805 Model not mapped Exception
  • #​2802 ArgumentException on session Flush
  • #​2792 Arithmetic operations adding casts to SQLite that cause incorrect results
  • #​2791 Custom Equality Fails
  • #​2772 LINQ query returns NULL instead of expected result

** Test

  • #​2841 Fix possible test failure for SqlServer 2019
  • #​2814 Fix intermittent Firebird test errors
  • #​2812 Replace Travis CI with GitHub Actions

** Task

v5.3.8

Compare Source

=============================

Release notes - NHibernate - Version 5.3.8

6 issues were resolved in this release.

** Bug

  • #​2710 Filtered Entity Dml Update Throws Collection was modified
  • #​2708 MappedAs throws when called on a Convert UnaryExpression
  • #​2707 Don't currently support idents of type X
  • #​2673 Exception when using BinaryFormatter to deserialize entities with initialized proxies in associations
  • #​1264 NH-3005 - NHibernate.Hql.Ast.HqlIdent..ctor throws Don't currently support idents of type Date

** Task

v5.3.7

Compare Source

=============================

Release notes - NHibernate - Version 5.3.7

5 issues were resolved in this release.

** Bug

  • #​2704 IEnhancedUserType from string to bool fails in some circumstances
  • #​2702 LINQ projection of nullable enum with list fails
  • #​2693 Invalid parameter conversion with group by
  • #​2688 NoViableAltException in a delete on a many-to-one id

** Task

v5.3.6

Compare Source

=============================

Release notes - NHibernate - Version 5.3.6

12 issues were resolved in this release.

** Bug

  • #​2659 IQueryable filter by subquery gives "Item with Same Key has already been added"
  • #​2649 Invalid parameter conversion for enums mapped in sub-classes
  • #​2646 Invalid generated sql with linq any in select and composite keys
  • #​2642 Linq expression parser removes required Convert nodes
  • #​2631 IndexOutOfRange exception with One-to-One mapping
  • #​2627 Null reference on Merge for detached unsaved entity
  • #​2626 WHERE IN SELECT uses wrong column
  • #​2608 Delay entity insert may fail with Merge
  • #​2544 Recognition error occurs using System.Linq.Queryable.Contains

** Improvement

  • #​2677 Missing ConfigureAwait in FutureEnumerable.GetEnumerableAsync
  • #​2656 Make sure dbcommand is disposed

** Task

As part of releasing 5.3.6, one missing 5.3.0 possible breaking change has been added, about
Merge no more triggering immediate generation of identifier. See 5.3.0 possible breaking changes.

v5.3.5

Compare Source

=============================

Release notes - NHibernate - Version 5.3.5

2 issues were resolved in this release.

** Bug

  • #​2599 WrongClassException in Linq query

** Task

v5.3.4

Compare Source

=============================

Release notes - NHibernate - Version 5.3.4

6 issues were resolved in this release.

** Bug

  • #​2580 InvalidWithClauseException when join polymorphic entity
  • #​2559 Regression in caching linq query with ThenFetchMany statement.
  • #​2549 ApplyFilter does not work on join statements in LINQ
  • #​2537 Unable to cast "System.Linq.Expressions.UnaryExpression" to "System.Linq.Expressions.LambdaExpression".

** Task

As part of releasing 5.3.4, one missing 5.3.0 possible breaking change has been added, about
custom method generators for Linq. See 5.3.0 possible breaking changes.

v5.3.3

Compare Source

=============================

Release notes - NHibernate - Version 5.3.3

16 issues were resolved in this release.

** Bug

  • #​2519 Fix parameter caching for Linq provider
  • #​2515 InvalidCastException for Linq query with subquery
  • #​2514 Entity with field interceptor are not correctly passed as Linq parameters
  • #​2512 Linq queries with a condition after a projection on a collection fail
  • #​2511 Linq Fetch over component after fetching a many-to-one throws exception
  • #​2508 OnPreUpdateCollection - Passed entity instance X is not of expected type Y
  • #​2499 Cast operation fails when an enum is mapped as an AnsiString
  • #​2490 Unnecessary cast in sql with Linq are causing performance issues
  • #​2488 Fix parameter detection for Equals and CompareTo methods for Linq provider
  • #​2485 Throw entity not mapped exception for entity join in hql if possible
  • #​2484 Entity Joins are not polymorphic in hql
  • #​2476 Hashset add returns true instead of false
  • #​2474 Fetch all lazy properties when entity is already loaded fails
  • #​2471 AsQueryable() on collection throws if applied after Where statement

** Task

As part of releasing 5.3.3, two missing 5.3.0 possible breaking changes have been added, about
uninitialized extra lazy collections and SQLite schema validation. See 5.3.0 possible breaking changes.

v5.3.2

Compare Source

=============================

Release notes - NHibernate - Version 5.3.20

2 issues were resolved in this release.

** Bug

  • #​3438 DB2/400: ArgumentException Column 'SQL_TYPE_NAME' does not belong to table DataTypes

** Task

v5.3.1

Compare Source

=============================

Release notes - NHibernate - Version 5.3.19

2 issues were resolved in this release.

** Bug

  • #​3397 GenerateSchemaCreationScript creates many identical dialect instances

** Task

v5.3.0

Compare Source

=============================

Release notes - NHibernate - Version 5.3.0

220 issues were resolved in this release.

##### Possible Breaking Changes #####
    * A distributed cache may hold conflicting timestamps after upgrade for as much as twelve hours.
      Consider flushing a distributed cache after upgrade to avoid any issue. Do not share a distributed
      cache with applications using an earlier version of NHibernate.
    * The counter id generator may generate conflicting ids for as much as twelve hours after upgrade.
    * `update` and `delete` statements will now take into account any enabled filter on the entities
      they update or delete, while previously they were ignoring them. (`insert` statements will also take
      them into account, but previously they were failing instead of ignoring enabled filters.)
    * ISession.Persist and ISession.Merge will no more trigger immediate generation of identifier.
    * Bags will no more be loaded with "null" entities, they will be filtered out.
    * Setting the value of an uninitialized lazy property will no more trigger loading of all the lazy
      properties of the entity.
    * If an uninitialized lazy property has got its value set, without any other subsequent lazy property
      load on the entity, a dynamic update will occur on flush, even if the entity has dynamic updates
      disabled. This update will occur even if the set value is identical to the currently persisted
      property value.
    * Assigning an uninitialized proxy to a `no-proxy` property will no more trigger the proxy
      initialization. Moreover, reading the property afterwards will no more unwrap the assigned proxy,
      but will yield it.
    * A class having an explicitly implemented interface declaring a member with the same name than the
      class id will have its proxies trigger a lazy load if the interface "id" is accessed.
    * SQLite: in order to avoid a floating point division bug losing the fractional part, decimal are now
      stored as `REAL` instead of `NUMERIC`. Both are binary floating point types, excepted that `NUMERIC`
      stores integral values as `INTEGER`. This change may cause big integral decimal values to lose more

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot force-pushed the renovate/nuget-NHibernate-vulnerability branch from bc10353 to 02e3fcc Compare July 8, 2024 21:37
@hazzik hazzik changed the title chore(deps): update dependency nhibernate to v5.4.9 [security] feat: update dependency nhibernate to v5.4.9 [security] Jul 8, 2024
@hazzik hazzik merged commit 158df31 into main Jul 8, 2024
2 checks passed
@hazzik hazzik deleted the renovate/nuget-NHibernate-vulnerability branch July 8, 2024 23:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant