JavaMelody 1.74.0 released with security fix

92 views
Skip to first unread message

Vernat Emeric

unread,
Sep 4, 2018, 9:28:59 AM9/4/18
to javam...@googlegroups.com

JavaMelody 1.74.0 was released. The release is available for download here:
https://github.com/javamelody/javamelody/releases

The upgrade is recommended for security.

Release notes:

1.74.0

  • It is a recommended upgrade for security to fix a XML External Entity (XXE) processing vulnerability. CVE-ID is CVE-2018-15531. Thanks to mounsurf & huanying for reporting the vulnerability.
  • fix sql monitoring from jndi datasource when Tomcat's ServerInfo.properties is customized (38211a7)
  • fix: do not require Log4J when sending metrics to InfluxDB or Datadog.
  • In the Jenkins Monitoring plugin, fix #768: warning logs about serializing anonymous classes.
  • added: native calendar widget to choose dates for a custom period (84a1d63, with help from my colleague Fabien at KleeGroup)
  • added: workaround a JBoss and WildFly bug in MBeans tree (#757)
  • added: it is now possible to customize css and js of the monitoring reports by adding the /net/bull/javamelody/resource/themedMonitoring.css and /net/bull/javamelody/resource/themedMonitoring.js files as resources in your application, in order to override or add values. This is the case for example in the javamelody dark theme which is ready to use as a Maven dependency in your pom.xml:
<dependency>
	<groupId>net.bull.javamelody</groupId>
	<artifactId>javamelody-dark-theme</artifactId>
	<version>1.0</version>
</dependency>
The Jenkins plugin, the JIRA, Confluence and Bamboo plugin, the Liferay plugin, the Alfresco plugin, the Sonar plugin were also released. (Soon for the Grails plugin)

bye, Emeric


Reply all
Reply to author
Forward
0 new messages