chore(deps): update dependency com.typesafe.play:sbt-plugin to v2.8.19 #2779
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
2.4.3
->2.8.19
⚠ Dependency Lookup Warnings ⚠
Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.
Release Notes
playframework/playframework
v2.8.19
: Play 2.8.19Compare Source
The Play Team is happy to announce the release of Play 2.8.19 🥳
📗 What is new?
ping/pong support for WebSockets 🏓
Finally! Check out the documentation:
Using Netty, WebSockets time out now ⏳
Another fix for WebSockets ships with this release as well:
If you are using the Netty backend the
play.server.http[s].idleTimeout
setting will now be honored for WebSocket connections. Until now, when using Netty, a WebSocket connection never timed out. That might even was desirable for some use cases, but now that we have ping/pong support you have to make use of that to keep WebSocket connections open. That is the correct way of doing things and not closing connections after an idle timeout was actually a bug. The akka-http backend was always working correctly and didn't need to be fixed.Removed the shutdown hook from the default logback config 🪝
If you have
in your logback config, you should remove that line. Play handles the shutdown of the logger context, the line shown is not necassary anymore since at least Play 2.7 and is a leftover that should have been removed a while ago. More details can be found in the according pull request.
Correctly encode
Content-Disposition: form-data; name="..."; filename="..."
🔠When Play renders a request body containing multipart/form data it will now encode the name and the filename fields according the "WHATWG HTML living standard" section 4.10.21.8.
curl
, Firefox, Chrome and other libraries like Python's urllib3 follow the same approach. Until now, Play didn't encode those fields which could result in security implications. Just to be clear, this is not about receiving and parsing multipart/form data from a client, but when sending multipart/form data e.g. via ws or when using theRequestBuilder
to build a request for testing purposes. Details can be found in pull request #11571.A few words on Play's compatibility with sbt 1.8 🔧
Now that sbt 1.8 got released there have been reports that it isn't working out of the box with Play, caused by a version conflict regarding scala-xml, see #11522. Unfortunately, right now, we don't have a fix for that yet. Even if we bump scala-xml to version 2.x in Play and all its dependencies, we can't currently make sbt 1.8 work with Play because of another problem described in #11527.
The good news is, that isn't a showstopper if you still want to upgrade to sbt 1.8. You can do that right now by putting
in
project/plugins.sbt
. That is possible because scala-xml 1.x and 2.x are compatible anyway. However, like described in #11527 you will not be able to usePlayNonBlockingInteractionMode
with sbt 1.8 then (which probably not many people do anyway)Further roadmap 🗺️
...news coming soon...
Merged pull requests
Following pull requests got merged for this release:
set-output
by @ihostageFor more details see the full list of changes and the 2.8.19 milestone.
❤️ Thanks to our premium sponsors!
If you find this OSS project useful for work, please consider asking your company to support it by becoming a sponsor.
You can also individually sponsor the project by becoming a backer.
🙇 Thanks to our contributors
Finally, thanks to the community for their help with detailed bug reports, discussions about new features and pull request reviews. This project is only possible due to the help we had from amazing contributors.
Special thanks to all code contributors who helped with this particular release (they are listed below)!
v2.8.18
: Play 2.8.18Compare Source
The Play Team is happy to announce the release of Play 2.8.18.
📗 What is new?
This release includes a fix for #10590 to avoid StackOverflowErrors when sending
multipart/form-data
requests with many fields as payload. We recommend upgrading as soon as possible.Following pull requests got merged for this release:
BodyPartParser
ofMultipart
in order to avoid StackOverflowError easily by @yousukettoFor more details see the full list of changes and the 2.8.18 milestone.
❤️ Thanks to our premium sponsors!
If you find this OSS project useful for work, please consider asking your company to support it by becoming a sponsor.
You can also individually sponsor the project by becoming a backer.
🙇 Thanks to our contributors
Finally, thanks to the community for their help with detailed bug reports, discussions about new features and pull request reviews. This project is only possible due to the help we had from amazing contributors.
Special thanks to all code contributors who helped with this particular release (they are listed below)!
v2.8.17
: Play 2.8.17Compare Source
The Play Team is happy to announce the release of Play 2.8.17.
📗 What is new?
Following pull requests got merged for this release:
For more details see the full list of changes and the 2.8.17 milestone.
❤️ Thanks to our premium sponsors!
If you find this OSS project useful for work, please consider asking your company to support it by becoming a sponsor.
You can also individually sponsor the project by becoming a backer.
🙇 Thanks to our contributors
Finally, thanks to the community for their help with detailed bug reports, discussions about new features and pull request reviews. This project is only possible due to the help we had from amazing contributors.
Special thanks to all code contributors who helped with this particular release (they are listed below)!
v2.8.16
: Play 2.8.16Compare Source
The Play Team is happy to announce the release of Play 2.8.16.
📗 What is new?
The following are the relevant changes of this bugfix release:
'bundleresource'
protocol, when checking URLs. #11108The following pull requests got merged for this release:
v2
by @ihostageFor more details see the full list of changes and the 2.8.16 milestone.
❤️ Thanks to our premium sponsors!
If you find this OSS project useful for work, please consider asking your company to support it by becoming a sponsor.
You can also individually sponsor the project by becoming a backer.
🙇 Thanks to our contributors
Finally, thanks to the community for their help with detailed bug reports, discussions about new features and pull request reviews. This project is only possible due to the help we had from amazing contributors.
Special thanks to all code contributors who helped with this particular release (they are listed below)!
Something you want to talk about for this release? Join the discussion
v2.8.15
: Play 2.8.15Compare Source
The Play Team is happy to announce the release of Play 2.8.15.
📗 What is new?
The following are the relevant changes of this bugfix release.
🐞 Fixed Spring4Shell (
CVE-2022-22965
)This RCE vulnerability might affect Play Java users that deploy their applications as a war file (e.g. in Tomcat).
More details can be found here: A note on Spring4Shell for Play Java users
🐞 About CVE-2020-36518 in Jackson and Play 2.8.x
Please see https://github.com/playframework/playframework/discussions/11222
☕ Experimental support for Java 17
You should now be able to run your Play applications with Java 17, but to do so, you have to make some adjustments.
typetools
(see #10055 and #10814):jnotify
for theFileWatchService
(like in this removed test)OneServerPerTestWithComponents
orGuiceOneServerPerTest
(see #11209):If you run into any other issues please let us know by opening a bug report, thanks!
📖 Following pull requests got merged for this release
-XX:MaxPermSize
, breaks on Java 17 by @mkurzPOST
by @mkurzFor more details see the full list of changes and the 2.8.15 milestone.
❤️ Thanks to our premium sponsors!
If you find this OSS project useful for work, please consider asking your company to support it by becoming a sponsor.
You can also individually sponsor the project by becoming a backer.
🙇 Thanks to our contributors
Finally, thanks to the community for their help with detailed bug reports, discussions about new features and pull request reviews. This project is only possible due to the help we had from amazing contributors.
Special thanks to all code contributors who helped with this particular release (they are listed below)!
v2.8.14
Compare Source
v2.8.13
: Play 2.8.13Compare Source
The Play Team is happy to announce the release of Play 2.8.13.
📗 What is new?
Following pull requests got merged for this release:
For more details see the full list of changes and the 2.8.13 milestone.
❤️ Thanks to our premium sponsors!
If you find Play useful for work, please consider asking your company to support this Open Source project by becoming a sponsor.
You can also individually sponsor the project by becoming a backer.
🙇 Thanks to our contributors
Finally, thanks to the community for their help with detailed bug reports, discussion about new features, and pull requests review. Play is only possible due to the help we had from amazing contributors.
Special thanks to all code contributors who helped with this particular release (they are listed below)!
v2.8.12
Compare Source
v2.8.11
: Play 2.8.11Compare Source
The Play Team is happy to announce the releases of Play 2.8.11.
This release brings in a new version of Akka Http including security updates.
📗 What is new?
Following pull requests got merged for this release:
###replace:
tag that led to incorrect docs #10789 by @arid-mangossFor more details see the full list of changes and the 2.8.11 milestone.
🙇 Credits
Finally, thanks to the community for their help with detailed bug reports, discussion about new features, and pull requests review. Play is only possible due to the help we had from amazing contributors.
If you find Play useful for work, please consider to support this Open Source project by becoming a backer or premium sponsor. You can donate to our Open Collective here.
Special thanks to the following contributors who helped with this release:
@FuriousTurtle, @PromanSEW, @TrevorNathan, @arid-mangoss, @ennru, @gmethvin, @ignasi35, @johnduffell, @kaseken, @mergify, @mergify[bot], @mkurz, @octonato, @rstento and @scala-steward
Full Changelog: playframework/playframework@2.8.8...2.8.11
v2.8.10
Compare Source
v2.8.9
Compare Source
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.