What's Changed
- CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary by @dependabot[bot] in #890
- CVE-2025-7783: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution by @maximthomas in #894
- Bump org.openidentityplatform.opendj 4.10.1 by @vharseko in #895
- [#896] CVE-2022-34169 Apache Xalan Java XSLT library integer truncation issue when processing malicious XSLT stylesheets by @vharseko in #897
- CVE-2025-54798 tmp allows arbitrary temporary file / directory write via symbolic link
dirparameter by @dependabot[bot] in #898 - Remove import javax.xml.rpc StringHolder (make inner) by @vharseko in #901
- Run frontend Karma tests during the Maven test phase by @maximthomas in #902
- [#903] Fix ambiguous class loading from the Jato library by @maximthomas in #904
Full Changelog: 15.2.0...15.2.1
Contributors
vharseko, maximthomas, and dependabot