eXist-db 6.0.1

by adam at 2022/02/09 at 06:29:06 z
release article

eXist-db 6.0.1 Release Notes

Version 6.0.1 is a small hotfix release for version 6.0.0.

We recommend that all users of eXist-db 6.0.0 that use either WebDAV or Monex should immediately upgrade to eXist-db 6.0.1.

It incorporates just two important fixes:

A regression was introduced in eXist-db 5.4.0 whereby XML documents were not correctly stored or copyable via WebDAV. This is now fixed in 6.0.1 by #4230
A regression was introduced in eXist-db 5.4.0 whereby WebSocket support for Monex's Console was disabled. This is now fixed in 6.0.1 by #4215

eXist-db 5.4.1

by adam at 2022/02/09 at 06:19:06 z
release article

eXist-db 5.4.1 Release Notes

Version 5.4.1 is a small hotfix release for version 5.4.0. We recommend that all users of eXist-db 5.4.0 that use either WebDAV or Monex should immediately upgrade to eXist-db 5.4.1.

It incorporates just two important fixes.

A regression was introduced in eXist-db 5.4.0 whereby XML documents were not correctly stored or copyable via WebDAV. This is now fixed in 5.4.1 by #4231
A regression was introduced in eXist-db 5.4.0 whereby WebSocket support for Monex's console was disabled. This is now fixed in 5.4.1 by #4221

eXist-db 6.0.0

by adam at 2022/01/27 at 16:29:06 z
release article

eXist-db 6.0.0 Release Notes

Apart from two changes, version 6.0.0 is identical to version 5.4.0. The two changes are:

It includes an update from Log4j2 version 2.15.0 to version 2.17.1. This Log4j2 update incorporates fixes for security issues CVE-2021-45105, CVE-2021-45046, and CVE-2021-44228. To fix the security issues, Log4j2 removed some log format customisation functionality. eXist-db does not rely on this customisation support in its default configuration, however, if you are using such functionality, you will need to stick with eXist-db 5.4.0 or update your Log4j2 configuration; for more details see: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-44832.
It includes an update to the Apache XML-RPC libraries used by eXist-db #3934. This fixes a known security issues with Apache XML-RPC (CVE-2019-17570 and CVE-2016-5002). Unfortunately, this update mandates changing how eXist-db sends the permissions of Documents and Collections over XML-RPC, as such the XML-RPC API in eXist-db 6.0.0 is not considered backwards compatible. If you make use of the XML-RPC API, you may need to use eXist-db 5.4.0 until you can update your applications. Oyxgen XML Editor is known to use the XML-RPC API as is the gulp-exist tool.

Where possible, we recommend that all users choose to deploy eXist-db 6.0.0 over eXist-db 5.4.0.

eXist-db 5.4.0

by adam at 2022/01/27 at 16:28:06 z
release article

eXist-db 5.4.0 Release Notes

Version 5.4.0 includes critical fixes for defects found in version 5.3.1. It is recommended that all users of eXist-db 5.x.x upgrade to version 5.4.0 or newer.

NOTE We would like to remind users that eXist-db version 5.4.0 includes a version of Log4j2 that is known to have security issues (CVE-2021-45105, CVE-2021-45046, and CVE-2021-44228), and we would recommend that all users should upgrade to eXist-db 6.0.0 or newer.

Features and Improvements

The macOS DMG file release is now notarized with Apple #4169 #4200
Implemented eXist-db specifix seialization options for use with the XQuery function fn:serialize; includes: exist:add-exist-id, exist:expand-xincludes, exist:highlight-matches, exist:jsonp, exist:json-ignore-whitespace-text-nodes, and exist:process-xsl-pi #3990
Implemented XQuery 3.1 function map:merge#2 for use-first, use-last, and use-any
Added additional options to the XQuery function file:sync; includes: after, exclude, and prune #4081
Added two additional parameter types for use when specifying a custom analyzer: `java.lang.String] and char[]` [#4082
Introduced a new and simpler Store Document API #4157
Simplified storage of predicates for XPath steps #3975
Optimised retrieving the first child of an in-memory document #4013
Improved RenderX compatibility with the xslfo:render function #4171
Updated the eXist-db Docker Image to use the latest OpenJDK 8 version #4178
Switched from Java to Jakarta JAXB
XQuery Mail Module now uses latest Jakarta Mail #3994
Improved instructions for recovering the database in RECOVERY.md #4060
Improved Backup/Restore CLI options descriptions #4070
Added support for JUnit 5 #3322
Improved how XSuite starts and stops the database #3985
Updated the HomeBrew release instructions #4141

Bug Fixes

Fix NPE in Function Calls that were defferred due to being forward references #4204
Ensured that XQuery variables are analyzed before evaluated when called from a module #4120
Fixed an issue whereby it was previously possible to run out of Journal files #4193
Fix issues with XQuery Map Immutability #4000
Fixed construction of in-memory DOM attributes #4013
Fixed an issue so that all nodes of an in-memory DOM document can be retrieved (instead of just the document element) #4013
Fixed a Writer handle leak in the REST Server #4034
Fixed a File Handle leak in the Lucene Index #4065
Fixed a File Handle leak in the EXPath Package Auto Deployment Startup Trigger #4071
Fixed an issue with following/preceding axes after predicate on an abbreviated step #4108
Fixed a number of SMTP bugs in the XQuery Mail module #4159
Fixed several issues around XML Reader pooling and reuse #4021 [#4052]https://github.com/eXist-db/exist/pull/4052)
Fixed issues with XSuite test descriptions #3985
Serveral fixes to Unary Lookups #3966
Allow Empty Enclosed Expressions in XQuery #4089
Corrected the XQuery function util:expand so that it correctly handles Documents and Attributes #4172
Corrected the XQuery function fn:generate-id to provide unique IDs for unique Nodes #4167
DejaVu Fonts were updated in the Docker Image #4028
Fixed an impossible type conversion in NativeValueIndex that generated noisy log messages #4175

Updated Dependencies

Apache Ant updated from 1.10.10 to 1.10.12
Apache Commons Compress updated from 1.20 to 1.21
Apache Commons IO updated from 2.10.0 to 2.11.0
Apache HTTP Components updated from 4.4.14 to 4.4.15
Apache Tika updated from 1.26 to 2.2.1
Apache XML Graphics updated from 2.6 to 2.7
Bouncy Castle updated from 1.69 to 1.70
Caffeine updated from 2.9.1 to 2.9.3
Eclipse AspectJ updated from 1.9.4 to 1.9.8-M1
Eclipse Jetty updated from 9.4.42.v20210604 to 9.4.44.v20210927
FasterXML Jackson updated from 2.12.3 to 2.13.1
FastUtil updated from 8.5.4 to 8.5.6
Jakarta Activation updated from 2.0.0 to 2.0.1
Jakarta Mail updated from Java Mail 1.6.5 to Jakarta Mail 2.0.1
Jansi updated from 2.3.3 to 2.4.0
Java JAXB Runtime updated from 3.0.1 to 3.0.2
jline updated from 3.20.0 to 3.21.0
JUnit 5 5.8.2 added
RSyntaxTextArea updated from 3.1.3 to 3.1.6
Saxon-HE updated from 9.9.1-7 to 9.9.1-8
SLF4j updated from 1.7.30 to 1.7.33
XMLUnit updated from 2.8.2 to 2.8.4

eXist-db 4.10.0

by adam at 2022/01/27 at 16:27:06 z
release article

eXist-db 4.10.0 Release Notes

Verison 4.10.0 is identical to version 4.9.0, apart from it includes an update from Log4j2 version 2.15.0 to version 2.17.1. This Log4j2 update incorporates fixes for security issues CVE-2021-45105, CVE-2021-45046, and CVE-2021-44228. To fix the security issues, Log4j2 removed some log format customisation functionality. eXist-db does not rely on this customisation support in its default configuration, however, if you are using such functionality, you will need to stick with eXist-db 4.9.0 or update your Log4j2 configuration; for more details see: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-44832.

Where possible, we recommend that all users choose to deploy eXist-db 4.10.0 over eXist-db 4.9.0.

Sitemap