-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(deps): update dependency org.hibernate:hibernate-core to v5 [security] #358
Open
renovate
wants to merge
1
commit into
master
Choose a base branch
from
renovate/maven-org.hibernate-hibernate-core-vulnerability
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
fix(deps): update dependency org.hibernate:hibernate-core to v5 [security] #358
renovate
wants to merge
1
commit into
master
from
renovate/maven-org.hibernate-hibernate-core-vulnerability
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
renovate
bot
changed the title
fix(deps): update dependency org.hibernate:hibernate-core to v5 [security]
fix(deps): update dependency org.hibernate:hibernate-core to v5 [security] - autoclosed
Dec 27, 2022
renovate
bot
deleted the
renovate/maven-org.hibernate-hibernate-core-vulnerability
branch
December 27, 2022 05:26
renovate
bot
changed the title
fix(deps): update dependency org.hibernate:hibernate-core to v5 [security] - autoclosed
fix(deps): update dependency org.hibernate:hibernate-core to v5 [security]
Dec 27, 2022
renovate
bot
restored the
renovate/maven-org.hibernate-hibernate-core-vulnerability
branch
December 27, 2022 08:50
renovate
bot
changed the title
fix(deps): update dependency org.hibernate:hibernate-core to v5 [security]
fix(deps): update dependency org.hibernate:hibernate-core to v5 [security] - autoclosed
Dec 27, 2022
renovate
bot
deleted the
renovate/maven-org.hibernate-hibernate-core-vulnerability
branch
December 27, 2022 20:04
renovate
bot
changed the title
fix(deps): update dependency org.hibernate:hibernate-core to v5 [security] - autoclosed
fix(deps): update dependency org.hibernate:hibernate-core to v5 [security]
Dec 27, 2022
renovate
bot
restored the
renovate/maven-org.hibernate-hibernate-core-vulnerability
branch
December 27, 2022 22:43
renovate
bot
changed the title
fix(deps): update dependency org.hibernate:hibernate-core to v5 [security]
fix(deps): update dependency org.hibernate:hibernate-core to v5 [security] - autoclosed
Dec 31, 2022
renovate
bot
deleted the
renovate/maven-org.hibernate-hibernate-core-vulnerability
branch
December 31, 2022 08:11
renovate
bot
changed the title
fix(deps): update dependency org.hibernate:hibernate-core to v5 [security] - autoclosed
fix(deps): update dependency org.hibernate:hibernate-core to v5 [security]
Dec 31, 2022
renovate
bot
restored the
renovate/maven-org.hibernate-hibernate-core-vulnerability
branch
December 31, 2022 10:22
renovate
bot
changed the title
fix(deps): update dependency org.hibernate:hibernate-core to v5 [security]
fix(deps): update dependency org.hibernate:hibernate-core to v5 [security] - autoclosed
Dec 31, 2022
renovate
bot
deleted the
renovate/maven-org.hibernate-hibernate-core-vulnerability
branch
December 31, 2022 16:00
renovate
bot
changed the title
fix(deps): update dependency org.hibernate:hibernate-core to v5 [security] - autoclosed
fix(deps): update dependency org.hibernate:hibernate-core to v5 [security]
Dec 31, 2022
renovate
bot
restored the
renovate/maven-org.hibernate-hibernate-core-vulnerability
branch
December 31, 2022 18:19
renovate
bot
force-pushed
the
renovate/maven-org.hibernate-hibernate-core-vulnerability
branch
6 times, most recently
from
January 5, 2023 22:35
2cee741
to
6f3fa48
Compare
renovate
bot
force-pushed
the
renovate/maven-org.hibernate-hibernate-core-vulnerability
branch
7 times, most recently
from
January 10, 2023 04:01
e95450d
to
5dabce6
Compare
renovate
bot
changed the title
fix(deps): update dependency org.hibernate:hibernate-core to v5 [security]
fix(deps): update dependency org.hibernate:hibernate-core to v5 [security] - autoclosed
Jan 14, 2023
renovate
bot
deleted the
renovate/maven-org.hibernate-hibernate-core-vulnerability
branch
January 14, 2023 23:09
renovate
bot
changed the title
fix(deps): update dependency org.hibernate:hibernate-core to v5 [security] - autoclosed
fix(deps): update dependency org.hibernate:hibernate-core to v5 [security]
Jan 15, 2023
renovate
bot
restored the
renovate/maven-org.hibernate-hibernate-core-vulnerability
branch
January 15, 2023 01:54
renovate
bot
force-pushed
the
renovate/maven-org.hibernate-hibernate-core-vulnerability
branch
from
January 19, 2023 03:43
5dabce6
to
7f2585d
Compare
renovate
bot
force-pushed
the
renovate/maven-org.hibernate-hibernate-core-vulnerability
branch
from
March 13, 2023 22:16
7f2585d
to
fa3d337
Compare
renovate
bot
force-pushed
the
renovate/maven-org.hibernate-hibernate-core-vulnerability
branch
from
June 20, 2023 16:29
fa3d337
to
bf63af3
Compare
renovate
bot
force-pushed
the
renovate/maven-org.hibernate-hibernate-core-vulnerability
branch
2 times, most recently
from
October 28, 2023 13:01
45a2a11
to
6b5849f
Compare
renovate
bot
force-pushed
the
renovate/maven-org.hibernate-hibernate-core-vulnerability
branch
from
November 11, 2023 13:00
6b5849f
to
9fa5d22
Compare
renovate
bot
force-pushed
the
renovate/maven-org.hibernate-hibernate-core-vulnerability
branch
from
August 29, 2024 21:03
9fa5d22
to
5366b31
Compare
renovate
bot
force-pushed
the
renovate/maven-org.hibernate-hibernate-core-vulnerability
branch
from
August 29, 2024 21:09
5366b31
to
833646f
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
None yet
0 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
3.6.10.Final
->5.3.20.Final
Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
GitHub Vulnerability Alerts
CVE-2020-25638
A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
CVE-2019-14900
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
Release Notes
hibernate/hibernate-orm (org.hibernate:hibernate-core)
v5.3.20.Final
Compare Source
v5.3.19.Final
Compare Source
v5.3.18.Final
Compare Source
v5.3.17.Final
Compare Source
v5.3.16.Final
Compare Source
v5.3.15.Final
Compare Source
v5.3.14.Final
Compare Source
v5.3.13.Final
Compare Source
v5.3.12.Final
Compare Source
v5.3.11.Final
Compare Source
v5.3.10.Final
Compare Source
v5.3.9.Final
Compare Source
v5.3.8.Final
Compare Source
v5.3.7.Final
Compare Source
v5.3.6.Final
Compare Source
v5.3.5.Final
Compare Source
v5.3.4.Final
Compare Source
v5.3.3.Final
Compare Source
v5.3.2.Final
Compare Source
v5.3.1.Final
Compare Source
v5.3.0.Final
Compare Source
v5.2.18.Final
Compare Source
v5.2.17.Final
Compare Source
v5.2.16.Final
Compare Source
v5.2.15.Final
Compare Source
v5.2.14.Final
Compare Source
v5.2.13.Final
Compare Source
v5.2.12.Final
Compare Source
v5.2.11.Final
Compare Source
v5.2.10.Final
Compare Source
v5.2.9.Final
Compare Source
v5.2.8.Final
Compare Source
v5.2.7.Final
Compare Source
v5.2.6.Final
Compare Source
v5.2.5.Final
Compare Source
v5.2.4.Final
Compare Source
v5.2.3.Final
Compare Source
v5.2.2.Final
Compare Source
v5.2.1.Final
Compare Source
v5.2.0.Final
Compare Source
v5.1.17.Final
Compare Source
v5.1.16.Final
Compare Source
v5.1.15.Final
Compare Source
v5.1.14.Final
Compare Source
v5.1.13.Final
Compare Source
v5.1.12.Final
Compare Source
v5.1.11.Final
Compare Source
v5.1.10.Final
Compare Source
v5.1.9.Final
Compare Source
v5.1.8.Final
Compare Source
v5.1.7.Final
Compare Source
v5.1.6.Final
Compare Source
v5.1.5.Final
Compare Source
v5.1.4.Final
Compare Source
v5.1.3.Final
Compare Source
v5.1.2.Final
Compare Source
v5.1.1.Final
Compare Source
v5.1.0.Final
Compare Source
v5.0.12.Final
Compare Source
v5.0.11.Final
Compare Source
v5.0.10.Final
Compare Source
v5.0.9.Final
Compare Source
v5.0.8.Final
Compare Source
v5.0.7.Final
Compare Source
v5.0.6.Final
Compare Source
v5.0.5.Final
Compare Source
v5.0.4.Final
Compare Source
v5.0.3.Final
Compare Source
v5.0.2.Final
: Second bug-fix release for 5.0Compare Source
The complete list of changes can be found here.
For information on consuming the release into your build via your favorite dependency-management-capable build tool, see http://hibernate.org/orm/downloads/.
For those of you allergic to dependency-management-capable build tools, the release bundles can be obtained from SourceForge or BinTray.
v5.0.1.Final
: First bug-fix release for 5.0Compare Source
The complete list of changes can be found here.
For information on consuming the release into your build via your favorite dependency-management-capable build tool, see http://hibernate.org/orm/downloads/.
For those of you allergic to dependency-management-capable build tools, the release bundles can be obtained from SourceForge or BinTray.
v5.0.0.Final
: 5.0.0 has gone Final!Compare Source
Today I have released Hibernate ORM 5.0 (5.0.0.Final). This has been a long time coming and is the result
of the efforts of many folks. Thanks to everyone who helped us get here with fixes, bug reports, suggestions,
input and encouragement!
A lot of development has gone into 5.0. Here are the big points:
New bootstrap API
The venerable way to bootstrap Hibernate (build a SessionFactory) has been to use its Configuration class.
Configuration, historically, allowed users to iteratively add settings and mappings in any order and to query the
state of settings and mapping information in the middle of that process. Which meant that building the mapping
information could not effectively rely on any settings being available. This lead to many limitations and problems.
5.0 introduces a new bootstrapping API aimed at alleviating those limitations and problems, while allowing
better determinism and better integration. See the Bootstrap chapter in the User Guide for details on using
the new API.
Configuration is still available for use, although in a limited sense. Some of its methods have been removed. Under
the covers Configuration makes use of the new bootstrap API.
Spatial/GIS support
Hibernate Spatial is a project that has been around for a number of years. Karel Maesen has done an amazing job
with it.
Starting in 5.0 Hibernate Spatial is now part of the Hibernate project proper to allow it to better keep up with
upstream development. It is available as
org.hibernate:hibernate-spatial
. If your application has need forGIS data, we highly recommend giving hibernate-spatial a try.
Java 8 support
Well, ok.. not all of Java 8. Specifically we have added support for Java 8 Date and Time API in regards to easily mapping
attributes in your domain model using the Java 8 Date and Time API types to the database. This support is available
under the dedicated hibernate-java8 artifact (to isolate Java 8 dependencies). For additional information, see
the Basic Types chapter in the Domain Model Mapping Guide.
Expanded AUTO id generation support
JPA defines support for GenerationType#AUTO limited to just Number types. Starting in 5.0 Hibernate offers expandable support for a broader
set of types, including built-in support for both Number types (Integer, Long, etc) and UUID. Users are also free to plug
in custom strategies for interpreting GenerationType#AUTO via the new
org.hibernate.boot.model.IdGeneratorStrategyInterpreter
extension.Naming strategy split
NamingStrategy has been removed in favor of a better designed API. 2 distinct ones actually:
org.hibernate.boot.model.naming.ImplicitNamingStrategy
- used whenever a table or column is not explicitly named to determine the name to useorg.hibernate.boot.model.naming.PhysicalNamingStrategy
- used to convert a "logical name" (either implicit or explicit) name of a table or columninto a physical name (e.g. following corporate naming guidelines)
Attribute Converter support
5.0 offers significantly improved support for JPA 2.1 AttributeConverters:
Better "bulk id table" support
Support for "bulk id tables" has been completely redesigned to better fit what different databases support.
Transaction management
The transaction SPI underwent a major redesign as part of 5.0 as well. From a user perspective this generally
only comes into view in terms of configuration. Previously applications would work with the different backend
transaction stratagies directly via the
org.hibernate.Transaction
API. In 5.0 a level of indirection has beenadded here. The API implementation of
org.hibernate.Transaction
is always the same now. On the backend, theorg.hibernate.Transaction
impl talks to aorg.hibernate.resource.transaction.TransactionCoordinator
which representsthe "transactional context" for a given Session according to the backend transaction strategy. Users generally do not
need to care about the distinction.
The change is noted here because it might affect your bootstrap configuration. Whereas previously applications would
specify
hibernate.transaction.factory_class
and refer to aorg.hibernate.engine.transaction.spi.TransactionFactory
FQN,with 5.0 the new contract is
org.hibernate.resource.transaction.TransactionCoordinatorBuilder
and is specified using thehibernate.transaction.coordinator_class
setting. Seeorg.hibernate.cfg.AvailableSettings.TRANSACTION_COORDINATOR_STRATEGY
JavaDocs for additional details.
The following short-names are recognized:
jdbc
::(the default) says to use JDBC-based transactions (org.hibernate.resource.transaction.backend.jdbc.internal.JdbcResourceLocalTransactionCoordinatorImpl
)jta
::says to use JTA-based transactions (org.hibernate.resource.transaction.backend.jta.internal.JtaTransactionCoordinatorImpl
)See the User Guide for additional details.
Schema Tooling
5.0 offers much improvement in the area of schema tooling (export, validation and migration).
Typed Session API
Hibernate's native APIs (Session, etc) have been updated to be typed. No more casting!
Improved OSGi support
Really this started with a frustration over the fragility of hibernate-osgi tests. The first piece was a better testing setup using
Pax Exam and Karaf. This lead to us generating (and now publishing!) a Hibernate Karaf features file.
OSGi support has undergone some general improvement as well thanks to feedback from some Karaf and Pax developers and users.
See the Getting Started Guide for additional details on using the new Karaf features file.
Improved bytrecode enhancement capabilities
Work on documentation
A lot of work has gone into the documentation for 5.0. Its still not complete (is documentation ever "complete"?), but it is much improved.
See the revamped http://hibernate.org/orm/documentation/5.0\[documentation page] for details.
BinTray
For now the plan is to publish the release bundles (zip and tgz) to BinTray. We will continue to publish to SourceForge as well. For the time being
we will publish the bundles to both.
Ultimately we will start to publish the "maven" artifacts there as well.
This is all a work in progress.
How to get it
See http://hibernate.atlassian.net/projects/HHH/versions/20851 for the complete list of changes.
See http://hibernate.org/orm/downloads/ for information on obtaining the releases.
v4.3.11.Final
Compare Source
v4.3.10.Final
Compare Source
v4.3.9.Final
Compare Source
v4.3.8.Final
Compare Source
v4.3.7.Final
Compare Source
v4.3.6.Final
Compare Source
v4.3.5.Final
Compare Source
v4.3.4.Final
Compare Source
v4.3.3.Final
Compare Source
v4.3.2.Final
Compare Source
v4.3.1.Final
: ReleaseCompare Source
See the details at http://in.relation.to/Bloggers/HibernateORM431FinalRelease. See http://hibernate.org/orm/downloads/ for information on getting the artifacts.
v4.3.0.Final
Compare Source
v4.2.21.Final
Compare Source
v4.2.20.Final
Compare Source
v4.2.19.Final
Compare Source
v4.2.18.Final
Compare Source
v4.2.17.Final
Compare Source
v4.2.16.Final
Compare Source
v4.2.15.Final
Compare Source
v4.2.14.Final
Compare Source
v4.2.13.Final
Compare Source
v4.2.12.Final
Compare Source
v4.2.11.Final
Compare Source
v4.2.10.Final
Compare Source
v4.2.9.Final
Compare Source
v4.2.8.Final
Compare Source
v4.2.7.SP1
Compare Source
v4.2.7.Final
Compare Source
v4.2.6.Final
Compare Source
v4.2.5.Final
Compare Source
v4.2.4.Final
: Hibernate ORM 4.2.4.FinalCompare Source
Hibernate ORM 4.2.4.Final was just released, containing multiple bug fixes. Please see the full changelog for more information: https://hibernate.atlassian.net/secure/ReleaseNote.jspa?projectId=10031\&version=13750
JBoss Nexus: https://repository.jboss.org/nexus/content/groups/public/org/hibernate
Maven Central: http://repo1.maven.org/maven2/org/hibernate/hibernate-core (should update in a couple of days)
SourceForge: https://sourceforge.net/projects/hibernate/files/hibernate4
Downloads: binaries attached
v4.2.3.Final
: Hibernate ORM 4.2.3.FinalCompare Source
Hibernate ORM 4.2.3.Final was just released. The full changelog can be viewed here
HHH-8112 fully documented the OSGi capabilities and included multiple quickstart projects. Please see the Dev Guide and Quickstart.
This release also completed the umbrella OSGi task: HHH-7527! Finally -- whew!
Multiple minor bug fixes were included -- please see the changelog for more info.
JBoss Nexus: https://repository.jboss.org/nexus/content/groups/public/org/hibernate
Maven Central: http://repo1.maven.org/maven2/org/hibernate/hibernate-core
SourceForge: https://sourceforge.net/projects/hibernate/files/hibernate4
Downloads: (binaries attached)
v4.2.2.Final
Compare Source
v4.2.1.Final
Compare Source
v4.2.0.SP1
Compare Source
v4.2.0.Final
Compare Source
v4.1.12.Final
Compare Source
v4.1.11.Final
Compare Source
v4.1.10.Final
Compare Source
v4.1.9.Final
Compare Source
v4.1.8.Final
Compare Source
v4.1.7.Final
Compare Source
v4.1.6.Final
Compare Source
v4.1.5.SP1
Compare Source
v4.1.5.Final
Compare Source
v4.1.4.Final
Compare Source
v4.1.3.Final
Compare Source
v4.1.2.Final
Compare Source
v4.1.1.Final
Compare Source
v4.1.0.Final
Compare Source
v4.0.1.Final
Compare Source
v4.0.0.Final
Compare Source
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.