Changelog for 2.138.2
Legend:
security fix
major bug fix
bug fix
major enhancement
enhancement
Community feedback:
no major issues
notable issues
required rollback
What's new in 2.138.2 (2018-10-10)
Important security fixes. (
security advisory
)
Security hardening: Escape variables in Jelly views by default. (
announcement blog post
,
LTS upgrade guide
,
list of affected plugins
)
Update Winstone-Jetty from 4.4 to 5.0 to fix HTTP/2 support and threading problems on hosts with 30+ cores. (
issue 53239
,
issue 52804
,
issue 51136
,
issue 52358
)
Security hardening related to Stapler routing. (
SECURITY-595 in the 2018-12-05 security advisory
)
Security hardening related to HTTP verb restrictions for web methods.
Extend anonymous usage statistics with information about applied security fix escape hatches. (
JEP-214
)
Fix a thread safety issue when creating multiple nodes in parallel. (
issue 53401
)
Nested
f:repeatable
/
f:repeatableProperty
form elements inherited
minimum
when they shouldn't. (
issue 37599
)