1.6.17

We are happy to announce the sixteenth bug fix release of the 1.6 series.

Hibernate ORM 7.1 integration

Hibernate ORM 7.1 was released and had some breaking changes in SPIs which required a new integration blaze-persistence-integration-hibernate-7.1 to be written.
Since Hibernate ORM 7.0 is now out of support and the artifact blaze-persistence-integration-hibernate-7.0 had trouble
with later versions, we dropped it in favor of the Hibernate ORM 7.1 integration.

Users are encouraged to update to Hibernate ORM 7.1 and the new integration of Blaze-Persistence 1.6.17 directly.
Quarkus 3.24 and 3.25 users need to upgrade to Quarkus 3.26, which makes use of Hibernate ORM 7.1 and hence works with
the new integration.

Spring Boot/Data 4.0

Spring Framework 7.0 and Spring Boot/Data 4.0 is around the corner and we created a new integration module blaze-persistence-integration-spring-data-4.0 to allow Blaze-Persistence users update early. Note that Spring Framework 7.0 upgrades to Hibernate ORM 7.1, so the new blaze-persistence-integration-hibernate-7.1 module is necessary.

Various bug fixes

Thanks to the sponsoring of Max Hovens from Tidal Control,
lots of bug fixes were implemented in this release. Thank you for your continued support!

Take a look into the changelog for a full list of changes and improvements.

Enjoy the release and stay tuned for the next one!

1.6.16

We are happy to announce the sixteenth bug fix release of the 1.6 series.

Hibernate ORM 7 integration

Hibernate ORM 7.0 was released and had some breaking changes in SPIs which required a new integration blaze-persistence-integration-hibernate-7.0 to be written.
Luckily, the necessary changes were minimal and the ORM 6 integration could mostly be reused/copied.

Spring Boot/Data 3.4 and 3.5

Some users have been running into trouble with the Spring Data 3.3 integration when running on 3.4 and later.
The problems were identified and a new integration module blaze-persistence-integration-spring-data-3.4 was created.

GraphQL enhancements

A new @GraphQLDefaultFetches annotation was added to specify multiple GraphQL fields that can trigger a default fetch.
The generated GraphQL schema was cleaned up such that it only generated GraphQL types that actually make sense.
A new type filter mechanism based on a Predicate was added to GraphQLEntityViewSupportFactory. Also, missing types
are now auto-discovered from these root types, making it easier to get rid of unused entity views in the GraphQL schema.

Various bug fixes

Thanks to the sponsoring of Max Hovens from Tidal Control and Eugen Mayer from KontextWork,
lots of bug fixes and improvements were implemented in this release. Thank you for your continued support!

Take a look into the changelog for a full list of changes and improvements.

Enjoy the release and stay tuned for the next one!

1.6.15

We are happy to announce the fifteenth bug fix release of the 1.6 series.

Hibernate ORM 6 integration fixes

As part of the preparation for Blaze-Persistence 2.0, which will require JPA 3.1+ and hence Hibernate ORM 6.2+,
a few integration issues were discovered because of more extensive testing i.e. on more databases.
The bug fixes for the Hibernate ORM 6.2+ integration were now backported.

Various bug fixes

Thanks to the sponsoring of Max Hovens from Tidal Control
and Eugen Mayer from KontextWork,
lots of bug fixes and improvements were implemented in this release. Thank you for your continued support!

Take a look into the changelog for a full list of changes and improvements.

Enjoy the release and stay tuned for the next one!

1.6.14

We are happy to announce the fourteenth bug fix release of the 1.6 series.

Hibernate ORM 6 integration fixes

Thanks to Rustam Sultansoy, another Hibernate ORM 6 integration issue
was fixed in this release which, prevented application with embeddables inside element collections to start up.

Various bug fixes

Take a look into the changelog for a full list of changes and improvements.

Enjoy the release and stay tuned for the next one!

1.6.13

We are happy to announce the thirteenth bug fix release of the 1.6 series.

Hibernate ORM 6.6 compatibility fixes

Users reported problems with Hibernate ORM 6.6 in Spring and Quarkus applications which were solved in this release.

JSON_GET enhancement

The JSON_GET() function was enhanced to support passing a JSON path literal and parameters.

Various bug fixes

Take a look into the changelog for a full list of changes and improvements.

Enjoy the release and stay tuned for the next one!

1.6.12

We are happy to announce the twelfth bug fix release of the 1.6 series.

Hibernate ORM 6.6 compatibility

So far, the Hibernate ORM 6 integration was tested against Hibernate ORM 6.4.
The CI was now updated to also test against ORM 6.5 and 6.6.

Spring Data 3.3 integration

Thanks to Eugen Mayer and Andrius Juozapaitis there is now
a new integration module for Spring Data 3.3.

Concurrency issue in Entity View Updater initialization

When Entity View Updaters are created concurrently where one depends on another, there is the possibility of a
NullPointerException which was now fixed.

Various bug fixes

Take a look into the changelog for a full list of changes and improvements.

Enjoy the release and stay tuned for the next one!

1.6.11

We are happy to announce the eleventh bug fix release of the 1.6 series.

Hibernate ORM 6.4 compatibility

So far, the Hibernate ORM 6 integration was tested against Hibernate ORM 6.4.0.CR1.
The integration was adapted due to a slight change in 6.4.0.Final,
which unfortunately prevented the use of Blaze-Persistence with that version.

Spring Framework 6.1 compatibility

Spring Framework 6.1 apparently removed methods that were previously marked as deprecated, which our Spring Data integration unfortunately was still using. This was causing NoSuchMethodError to be thrown, but is now fixed.

Security fix for Spring Data integration

This release contains a fix for a security issue in the Spring Data integration which was recently reported by Nelson Neto.
Since every version of Blaze-Persistence is affected, every user of the Spring Data integration is strongly advised to update immediately.
The issue could potentially lead to a data leak. There is no known reproducer or attack yet, but know that this is a high severity issue.

In short, the problem is that Sort.Order is assumed to be safe, but it is usually untrusted user input,
usually being parsed by the Spring Data WebMvc/WebFlux integration from a query parameter.

Any Spring Data repository method is affected that:

• accepts a Sort parameter directly, or indirectly through Pageable/PageRequest or KeysetPageable/KeysetPageRequest
• Returns an entity view type explicitly or through a dynamic projection

Calling such repository methods with untrusted Sort inputs allows for JPQL.next injection,
which ultimately is SQL injection.

Regular Spring Data JPA repositories only allow sorting by attribute paths relative to the query root,
which is ensured by construction i.e. Spring Data JPA tries to find attributes based on the entity metamodel.

Entity view based Spring Data repositories allow sorting by entity view attribute paths and
additionally also allow to sort by entity attribute paths. Until Blaze-Persistence 1.6.11
entity attribute paths were not validated to be relative to the query root.
In fact, any valid JPQL.next expression was accepted, which essentially leads to a SQL injection vulnerability.

If updating to the latest version of Blaze-Persistence is not possible for some reason,
the security issue can be mitigated by validating the Sort e.g.

Pattern validCharsPattern = Pattern.compile("[\\w.]+");
for (Sort.Order order : sort) {
    if (!validCharsPattern.matcher(order.getProperty()).matches()) {
        throw new IllegalArgumentException("Attempted SQL injection");
    }
}

Various bug fixes

Take a look into the changelog for a full list of changes and improvements.

Enjoy the release and stay tuned for the next one!

1.6.10

We are happy to announce the tenth bug fix release of the 1.6 series.

Hibernate ORM 6.3 and 6.4 support

The Hibernate 6.2 integration now also supports Hibernate ORM 6.3 and 6.4.
During testing we uncovered some bugs in Hibernate ORM which have been reported and will be fixed in the upcoming releases.

Java 21 support

Since Java 21 will be the next LTS release, we decided that ensuring that version works is vital and made sure it works by regularly testing with this version on CI.

Various bug fixes

As always, this release comes with quite a few bug fixes, so we recommend you update soon!

Take a look into the changelog for a full list of changes and improvements.

Enjoy the release and stay tuned for the next one!

1.6.9

We are happy to announce the ninth bug fix release of the 1.6 series.

Hibernate 6.2 support

Hibernate 6.2 was not really backwards compatible to 6.1 with respect to our integration, so we had the need for a new integration.
We uncovered quite a few bugs during testing of Hibernate 6 and only as of Hibernate 6.2.5.Final,
enough bugs were fixed so that we could comfortably call our integration production ready.
This and the fact that only Hibernate 6.2+ is maintained at this point drove us to the decision to drop the old hibernate-6 integration module
and instead create a new module blaze-persistence-integration-hibernate-6.2.
When updating to Blaze-Persistence 1.6.9 and replacing the integration dependency, don't forget to also update your Hibernate version to at least 6.2.5.Final.

Spring Framework 6 / Boot 3.1 support

A big thank you goes out to Eugen Mayer who worked hard on the new Spring integration.
Why no support for Spring Boot 3.0 you ask? Because that still depends on Hibernate 6.1 and we do not want to publish an integration for that version.
Everyone is encouraged to update to 3.1 directly which supports Hibernate 6.2, though at this point you also have to bump the Hibernate version to at least 6.2.5.Final.
At the time of writing, there is no Spring release yet that includes the new Hibernate version.

Note that there are new integration artifacts:

• blaze-persistence-integration-entity-view-spring-6.0 - Scanning support for Spring Framework 6+
• blaze-persistence-integration-spring-data-3.1 - Support for Spring Data 3.1+
• blaze-persistence-integration-spring-data-webmvc-jakarta - Support for Spring WebMvc 3.1+
• blaze-persistence-integration-spring-hateoas-webmvc-jakarta - Support for Spring HATEOAS 2+

Quarkus 3.1 support

This release introduces a new integration blaze-persistence-integration-quarkus-3 which supports Quarkus 3.1.1+.
Quarkus 3.1.2+ will ship with Hibernate 6.2.5+, but if you want to work with Quarkus 3.1.1 for now,
you will have to manually update the Hibernate version to 6.2.5.Final in you dependencies.

GraphQL enhancements

Two new Netflix DGS integrations have been added. One for DGS version 5.5 - 6.x (blaze-persistence-integration-graphql-dgs) and one for version 7.x+ (blaze-persistence-integration-graphql-dgs-7.0).
DGS 7.x+ is for Spring Boot 3.x+ only, so we had to create separate integrations, due to the Jakarta namespace rename that happened in Spring Boot 3.
It is important to note though that the DGS integration now comes with support for updatable entity views as mutations out of the box!

Various bug fixes

As always, this release comes with quite a few bug fixes, so we recommend you update soon!

Take a look into the changelog for a full list of changes and improvements.

Enjoy the release and stay tuned for the next one!

1.6.8

We are happy to announce the eighth bug fix release of the 1.6 series.

GraphQL enhancements

The GraphQL integration was significantly enhanced and now properly interprets various non-null, ignore and naming annotations.
It also supports exposing getters as GraphQL fields, which are unknown to Entity Views.

Spring Data enhancements

After a few reports about boot errors with the Spring Data integrations for 2.5 and 2.6,
saying that some methods weren't implemented, after updating to a newer Spring Data bugfix version,
we decided to create dedicated integration modules for every Spring Data version and try to keep up to date
with the latest bug fix versions from now on, to avoid these issues in the future.

Various bug fixes

As always, this release comes with quite a few bug fixes, so we recommend you update soon!

Take a look into the changelog for a full list of changes and improvements.

Enjoy the release and stay tuned for the next one!