4.4.0

What's Changed

• Request through a proxyPass problem by @stefano-1973 in #254
• TLD file location by @rameshkt in #277
• Updated documentation by @swetak20 and @forgedhallpass in #272
• JSP with CSRF Guard form tag having an action with query parameters fails validation by @Frank-St #287

Version changes

• Bump maven-war-plugin from 3.3.2 to 3.4.0 by @dependabot in #210
• Bump org.apache.commons:commons-lang3 from 3.13.0 to 3.14.0 by @dependabot in #227
• Bump org.apache.maven.plugins:maven-source-plugin from 3.3.0 to 3.3.1 by @dependabot in #260
• Bump commons-io:commons-io from 2.15.1 to 2.16.1 by @dependabot in #261
• Bump org.apache.maven.plugins:maven-compiler-plugin from 3.12.1 to 3.13.0 by @dependabot in #252
• build(deps): bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.3 to 3.2.4 by @dependabot in #267
• build(deps): bump org.apache.maven.plugins:maven-deploy-plugin from 3.1.1 to 3.1.2 by @dependabot in #269
• build(deps): bump org.slf4j:slf4j-api from 2.0.12 to 2.0.13 by @dependabot in #264
• build(deps): bump org.apache.maven.plugins:maven-scm-plugin from 2.0.1 to 2.1.0 by @dependabot in #266
• build(deps): bump org.sonatype.plugins:nexus-staging-maven-plugin from 1.6.13 to 1.7.0 by @dependabot in #273
• build(deps): bump com.google.code.gson:gson from 2.10.1 to 2.11.0 by @dependabot in #271
• build(deps): bump org.apache.maven.plugins:maven-surefire-plugin from 3.2.5 to 3.3.0 by @dependabot in #275
• build(deps): bump org.apache.maven.plugins:maven-jar-plugin from 3.4.1 to 3.4.2 by @dependabot in #279
• build(deps-dev): bump junit.version from 5.10.2 to 5.10.3 by @dependabot in #280
• build(deps): bump org.apache.maven.plugins:maven-release-plugin from 3.0.1 to 3.1.1 by @dependabot in #284
• build(deps): bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.3 to 3.8.0 by @dependabot in #286
• build(deps): bump org.owasp:dependency-check-maven from 8.4.3 to 10.0.3 by @dependabot in #285

New Contributors

• @rameshkt made their first contribution in #277
• @swetak20 made their first contribution in #272

Full Changelog: 4.3.0-jakarta...4.4.0-jakarta

4.4.0-jakarta

This is the same as the 4.4.0 release, but for Jakarta.

4.3.0-jakarta

What's Changed

• Add Jakarta support by @stefano-1973 & @forgedhallpass in #176

Full Changelog: 4.3.0...4.3.0-jakarta

4.3.0

What's Changed

• Add support for validating multiple domain origins by @gflores-jahia in #200
• Fixed Printing the CsrfGuard's config leads to java.lang.reflect.InaccessibleObjectException in Java 17 by @forgedhallpass in #179

Version updates

• Bump junit.version from 5.9.2 to 5.9.3 by @dependabot in #197
• Bump dependency-check-maven from 8.1.2 to 8.2.1 by @dependabot in #190
• Bump maven-deploy-plugin from 3.1.0 to 3.1.1 by @dependabot in #191
• Bump maven-surefire-plugin from 3.0.0 to 3.1.0 by @dependabot in #198
• Bump maven-gpg-plugin from 3.0.1 to 3.1.0 by @dependabot in #199
• Bump commons-io from 2.11.0 to 2.12.0 by @dependabot in #201
• Bump maven-scm-plugin from 2.0.0 to 2.0.1 by @dependabot in #202
• Bump maven-source-plugin from 3.2.1 to 3.3.0 by @dependabot in #203

New Contributors

• @gflores-jahia made their first contribution in #200

Full Changelog: 4.2.1...4.3.0

4.2.1

What's Changed

• Bump mockito.version from 4.5.1 to 4.6.0 by @dependabot in #103
• Bump maven-scm-plugin from 1.12.2 to 1.13.0 by @dependabot in #104
• Bump mockito.version from 4.6.0 to 4.6.1 by @dependabot in #105
• Bump maven-surefire-plugin from 3.0.0-M6 to 3.0.0-M7 by @dependabot in #106
• Bump maven-release-plugin from 3.0.0-M5 to 3.0.0-M6 by @dependabot in #107
• Bump dependency-check-maven from 7.1.0 to 7.1.1 by @dependabot in #108
• Bump maven-deploy-plugin from 3.0.0-M2 to 3.0.0 by @dependabot in #111
• Bump junit.version from 5.8.2 to 5.9.0 by @dependabot in #114
• Bump gson from 2.9.0 to 2.9.1 by @dependabot in #117
• Bump maven-javadoc-plugin from 3.4.0 to 3.4.1 by @dependabot in #119
• Bump mockito.version from 4.6.1 to 4.7.0 by @dependabot in #118
• Bump slf4j-api from 1.7.36 to 2.0.0 by @dependabot in #123
• Bump dependency-check-maven from 7.1.1 to 7.1.2 by @dependabot in #124
• Bump mockito.version from 4.7.0 to 4.8.0 by @dependabot in #126
• Bump logback-classic from 1.2.11 to 1.4.1 by @dependabot in #127
• Bump slf4j-api from 2.0.0 to 2.0.1 by @dependabot in #129
• Bump dependency-check-maven from 7.1.2 to 7.2.0 by @dependabot in #128
• Bump maven-jar-plugin from 3.2.2 to 3.3.0 by @dependabot in #132
• Bump slf4j-api from 2.0.1 to 2.0.2 by @dependabot in #135
• Bump junit.version from 5.9.0 to 5.9.1 by @dependabot in #134
• Bump dependency-check-maven from 7.2.0 to 7.2.1 by @dependabot in #133
• Bump slf4j-api from 2.0.2 to 2.0.3 by @dependabot in #136
• Bump logback-classic from 1.4.1 to 1.4.3 by @dependabot in #137
• Bump mockito.version from 4.8.0 to 4.8.1 by @dependabot in #141
• Bump logback-classic from 1.4.3 to 1.4.4 by @dependabot in #140
• Bump dependency-check-maven from 7.2.1 to 7.3.0 by @dependabot in #142
• Bump gson from 2.9.1 to 2.10 by @dependabot in #144
• Bump maven-release-plugin from 3.0.0-M6 to 3.0.0-M7 by @dependabot in #147
• Bump slf4j-api from 2.0.3 to 2.0.5 by @dependabot in #153
• Bump dependency-check-maven from 7.3.0 to 7.3.2 by @dependabot in #152
• Bump mockito.version from 4.8.1 to 4.9.0 by @dependabot in #148
• Bump dependency-check-maven from 7.3.2 to 7.4.1 by @dependabot in #155
• Bump logback-classic from 1.4.4 to 1.4.5 by @dependabot in #151
• Bump slf4j-api from 2.0.5 to 2.0.6 by @dependabot in #156
• Bump mockito.version from 4.9.0 to 4.10.0 by @dependabot in #158
• Bump mockito.version from 4.10.0 to 4.11.0 by @dependabot in #160
• Bump dependency-check-maven from 7.4.1 to 7.4.2 by @dependabot in #159
• Bump dependency-check-maven from 7.4.2 to 7.4.3 by @dependabot in #161
• Bump dependency-check-maven from 7.4.3 to 7.4.4 by @dependabot in #163
• Bump junit.version from 5.9.1 to 5.9.2 by @dependabot in #164
• Bump maven-surefire-plugin from 3.0.0-M7 to 3.0.0-M8 by @dependabot in #165
• Bump dependency-check-maven from 7.4.4 to 8.0.0 by @dependabot in #166
• Bump gson from 2.10 to 2.10.1 by @dependabot in #162
• Bump dependency-check-maven from 8.0.0 to 8.0.1 by @dependabot in #168
• Bump dependency-check-maven from 8.0.1 to 8.0.2 by @dependabot in #171
• Bump maven-deploy-plugin from 3.0.0 to 3.1.0 by @dependabot in #174
• Bump maven-surefire-plugin from 3.0.0-M8 to 3.0.0-M9 by @dependabot in #180
• Bump dependency-check-maven from 8.0.2 to 8.1.0 by @dependabot in #177
• Bump maven-javadoc-plugin from 3.4.1 to 3.5.0 by @dependabot in #181
• Bump dependency-check-maven from 8.1.0 to 8.1.1 by @dependabot in #182
• Bump maven-compiler-plugin from 3.10.1 to 3.11.0 by @dependabot in #183
• Bump dependency-check-maven from 8.1.1 to 8.1.2 by @dependabot in #184
• Bump maven-surefire-plugin from 3.0.0-M9 to 3.0.0 by @dependabot in #185
• Bump maven-scm-plugin from 1.13.0 to 2.0.0 by @dependabot in #186

Full Changelog: 4.2.0...4.2.1

4.2.0

What's Changed

• Disable serving Internet Explorer by default by @forgedhallpass
• Making the regexpPatternCache thread safe by @forgedhallpass

Version updates

• Bump mockito.version from 4.5.1 to 4.6.0 by @dependabot in #103
• Bump maven-scm-plugin from 1.12.2 to 1.13.0 by @dependabot in #104
• Bump mockito.version from 4.6.0 to 4.6.1 by @dependabot in #105
• Bump maven-surefire-plugin from 3.0.0-M6 to 3.0.0-M7 by @dependabot in #106
• Bump maven-release-plugin from 3.0.0-M5 to 3.0.0-M6 by @dependabot in #107
• Bump dependency-check-maven from 7.1.0 to 7.1.1 by @dependabot in #108
• Bump maven-deploy-plugin from 3.0.0-M2 to 3.0.0 by @dependabot in #111
• Bump junit.version from 5.8.2 to 5.9.0 by @dependabot in #114
• Bump gson from 2.9.0 to 2.9.1 by @dependabot in #117
• Bump maven-javadoc-plugin from 3.4.0 to 3.4.1 by @dependabot in #119
• Bump mockito.version from 4.6.1 to 4.7.0 by @dependabot in #118

Full Changelog: 4.1.4...4.2.0

4.1.4

What's Changed

• Performance improvement in placeholder replacements of javascript #82 by @bpapez and @forgedhallpass in #83
• Adding support for un-exploded deployments by @lav023 and @forgedhallpass in #99

Version updates:

• Bump dependency-check-maven from 7.0.0 to 7.0.1 by @dependabot in #84
• Bump dependency-check-maven from 7.0.1 to 7.0.2 by @dependabot in #85
• Bump dependency-check-maven from 7.0.2 to 7.0.3 by @dependabot in #86
• Bump dependency-check-maven from 7.0.3 to 7.0.4 by @dependabot in #87
• Bump maven-surefire-plugin from 3.0.0-M5 to 3.0.0-M6 by @dependabot in #89
• Bump mockito.version from 4.4.0 to 4.5.0 by @dependabot in #92
• Bump maven-javadoc-plugin from 3.3.2 to 3.4.0 by @dependabot in #93
• Bump mockito.version from 4.5.0 to 4.5.1 by @dependabot in #94
• Bump nexus-staging-maven-plugin from 1.6.12 to 1.6.13 by @dependabot in #95
• Bump dependency-check-maven from 7.0.4 to 7.1.0 by @dependabot in #97

New Contributors

• @lav023 made their first contribution in #99

Full Changelog: 4.1.3...4.1.4

4.1.3

What's Changed

• Bump nexus-staging-maven-plugin from 1.6.11 to 1.6.12 by @dependabot in #73
• Bump maven-war-plugin from 3.3.1 to 3.3.2 by @dependabot in #74
• Bump dependency-check-maven from 6.5.3 to 7.0.0 by @dependabot in #75
• Bump logback-classic from 1.2.10 to 1.2.11 by @dependabot in #76
• Bump mockito.version from 4.3.1 to 4.4.0 by @dependabot in #77
• Added flag to initialise the javascript settings for new ConfigurationProvider instances by @renewolfert in #78
• Bump maven-compiler-plugin from 3.10.0 to 3.10.1 by @dependabot in #80

New Contributors

• @renewolfert made their first contribution in #78

Full Changelog: 4.1.2...4.1.3

4.1.2

What's Changed

• csrfguard.js: made compatible with IE11 + console.debug(...) commented by @stefano-1973 in #37
• Fix time comparison when checking pageToken time tolerance (fix #49) by @bpapez in #50
• Set up CI for running tests and generating a deployable version of the test application by @forgedhallpass in #53
• Fixed NewTokenLandingPage functionality by @forgedhallpass in 74008a2
• JavaDoc updates by @forgedhallpass in a1cf527
• Added OWASP Dependency Check GitHub action via Maven execution by @forgedhallpass in ce1622c
• JSTL dependency change by @forgedhallpass in 4bb4343
• Update GSON version due to reported CVE by @forgedhallpass in 7c8c178
• Added Snyk vulnerability scanning GitHub action by @forgedhallpass in 8379857
• Explicit dependabot configuration by @forgedhallpass in 1665f25

Version bumps

• Bump mockito.version from 3.6.0 to 4.3.1 by @dependabot in #63
• Bump maven-release-plugin from 3.0.0-M1 to 3.0.0-M5 by @dependabot in #62
• Bump maven-compiler-plugin from 3.8.1 to 3.10.0 by @dependabot in #61
• Bump nexus-staging-maven-plugin from 1.6.8 to 1.6.11 by @dependabot in #60
• Bump logback-classic from 1.2.4 to 1.2.10 by @dependabot in #59
• Bump slf4j-api from 1.7.31 to 1.7.36 by @dependabot in #67
• Bump maven-deploy-plugin from 3.0.0-M1 to 3.0.0-M2 by @dependabot in #66
• Bump maven-javadoc-plugin from 3.2.0 to 3.3.2 by @dependabot in #68
• Bump tomcat7-maven-plugin from 2.1 to 2.2 by @dependabot in #65
• Bump jsp-api from 2.1 to 2.2 by @dependabot in #64
• Bump junit.version from 5.7.0 to 5.8.2 by @dependabot in #70
• Bump commons-io from 2.8.0 to 2.11.0 by @dependabot in #71
• Bump maven-jar-plugin from 3.2.0 to 3.2.2 by @dependabot in #72
• Bump maven-scm-plugin from 1.11.2 to 1.12.2 by @dependabot in #69

New Contributors

• @stefano-1973 made their first contribution in #37
• @bpapez made their first contribution in #50

Full Changelog: 4.1.1...4.1.2

4.1.1

What's Changed

• Replace the logging logic with SLF4J #30 by @Matthajus in #33
• BugFix (security): do not serve the JS logic, if the Referer header does not match the configured value by @forgedhallpass in 894892c
• Documentation updates by @forgedhallpass
• GPG error fix required for releasing by @forgedhallpass in e706907

New Contributors

• @Matthajus made their first contribution in #33

Full Changelog: 4.0.1...4.1.1