Skip to content

Major Security Updates#37

Merged
kal merged 13 commits intomainfrom
tech/major-security-updates
Dec 5, 2025
Merged

Major Security Updates#37
kal merged 13 commits intomainfrom
tech/major-security-updates

Conversation

@kal
Copy link
Contributor

@kal kal commented Dec 5, 2025

Java 21
Tomcat 9 -> 11
Jena 3.9 -> 5.6
Lib 3.1 -> 4.0
Jersey 2.25 -> 3.1

Simon Oakes and others added 12 commits November 3, 2025 10:05
Update dependencies with major impact
5a95b3b
v4 change notes
5232a16
Upgrade JUnit 4 to Jupiter
e1fd512
@der
Fix RemoteSparqlSource
8596614 
Jena uses -1 on timeouts to mean "no timeout" and the defaut settings
in RemoveSparqlSource follow that convention. This was resulting in illegal Duration
parameters.

Fix that, and added an EmbeddedFuseki option so can no leave the test enabled.
@der
Merge pull request #35 from epimorphics/fix-illegal-timeouts
9cdd89b 
Fix RemoteSparqlSource
@kal
Bump Jena and Tomcat versions
430ce48 
Jena 5.5 -> 5.6
Tomcat 11.0.10 -> 11.0.12
Both updates are to address reported vulnerabilities in the older versions
@kal
Merge pull request #36 from epimorphics/update-jena-tomcat
9633e6b 
Bump Jena and Tomcat versions
@kal
Merge branch 'main' into tech/major-security-updates
11594fa
@kal
Update lib to 4.0.0
0ff8747
@kal
Remove commented out sections and reformat for consistency
f9ae8ac
@kal
Update plugins
575095a
@kal
Merge 4.0 notes into changelog
55d78e5
@kal kal requested a review from der December 5, 2025 11:15
der
der approved these changes Dec 5, 2025
View reviewed changes
Copy link
Member

@der der left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great thanks. Was worried about containsModel but can't find a use so not worth addressing.

README.md Outdated
* Maven artifacts for Appbase version 4.0.0 and onwards are published to the Epimorphics public S3 Maven repository.
* The `DatasetAccessor` interface from Jena 3 is replaced by `com.epimorphics.appbase.data.DatasetAccessor`:
* It is directly implemented by `RDFConnectionDatasetAccessor` and indirectly by various wrapper classes which are unchanged from the previous version.
* It has removed the `containsModel` method since no Jena 5 equivalent exists. Instead, use `getModel` to obtain the model, then `isEmpty` on the model.
Copy link
Member

@der der Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't think that's a viable workaround for a large model but can find any uses of it downstream so not a show stopper. Suggest removing the second sentence.

Copy link
Contributor Author

@kal kal Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

@kal kal merged commit d224e14 into main Dec 5, 2025
1 check passed
@kal kal deleted the tech/major-security-updates branch December 5, 2025 12:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@der der der approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kal @der