• chore(deps): bump org.htmlunit:htmlunit from 4.17.0 to 4.18.0 by @dependabot[bot] in https://github.com/apache/shiro/pull/2355
• chore: hide deprecation warning in AD test by @lprimak in https://github.com/apache/shiro/pull/2352
• chore(deps): bump github/codeql-action from 4.31.0 to 4.31.2 in the github-dependencies group by @dependabot[bot] in https://github.com/apache/shiro/pull/2353
• chore(deps): bump bytebuddy.version from 1.17.8 to 1.18.1 by @dependabot[bot] in https://github.com/apache/shiro/pull/2369
• chore(deps): bump org.owasp:dependency-check-maven from 12.1.8 to 12.1.9 by @dependabot[bot] in https://github.com/apache/shiro/pull/2367
• chore(deps): bump org.omnifaces:omnifaces from 3.14.11 to 3.14.12 by @dependabot[bot] in https://github.com/apache/shiro/pull/2364
• [#953] - Allow CORS preflight requests to bypass authentication by @celikfatih in https://github.com/apache/shiro/pull/2372
• chore: put back changes that were overwritten by maven release plugin by @lprimak in https://github.com/apache/shiro/pull/2375
• chore(deps): bump bytebuddy.version from 1.18.1 to 1.18.2 by @dependabot[bot] in https://github.com/apache/shiro/pull/2389
• chore(deps): bump org.quartz-scheduler:quartz from 2.5.1 to 2.5.2 by @dependabot[bot] in https://github.com/apache/shiro/pull/2387
• chore(deps): bump org.codehaus.mojo:taglist-maven-plugin from 3.2.1 to 3.2.2 by @dependabot[bot] in https://github.com/apache/shiro/pull/2380
• chore(deps): bump org.codehaus.mojo:versions-maven-plugin from 2.19.1 to 2.20.1 by @dependabot[bot] in https://github.com/apache/shiro/pull/2379
• chore(deps): bump org.htmlunit:htmlunit from 4.18.0 to 4.19.0 by @dependabot[bot] in https://github.com/apache/shiro/pull/2377
• chore(deps): bump org.owasp.encoder:encoder from 1.3.1 to 1.4.0 by @dependabot[bot] in https://github.com/apache/shiro/pull/2374
• chore(deps): bump the github-dependencies group with 2 updates by @dependabot[bot] in https://github.com/apache/shiro/pull/2373
• Configure EditorConfig for .rdf by @jbampton in https://github.com/apache/shiro/pull/2386
• Remove type attributes from HTML script tags by @jbampton in https://github.com/apache/shiro/pull/2382
• pre-commit: add 3 more hooks; fix end of files by @jbampton in https://github.com/apache/shiro/pull/2360
• Pin all actions workflows by @jbampton in https://github.com/apache/shiro/pull/2385
• Add pre-commit hook to trim trailing whitespace by @jbampton in https://github.com/apache/shiro/pull/2406
• gha: use pre-commit run --color=always by @jbampton in https://github.com/apache/shiro/pull/2407
• chore: pin python and it's depenendencies for pre-commit check on GitHub by @lprimak in https://github.com/apache/shiro/pull/2408
• chore: pin python pre-commit workflow dependency with hash by @lprimak in https://github.com/apache/shiro/pull/2410
• Add descriptions to all pre-commit hooks by @jbampton in https://github.com/apache/shiro/pull/2409
• chore: fix vulnerabilities in tests reported by OpenSSF tool by @lprimak in https://github.com/apache/shiro/pull/2411
• chore(deps): bump org.htmlunit:htmlunit from 4.19.0 to 4.20.0 by @dependabot[bot] in https://github.com/apache/shiro/pull/2415
• chore(deps): bump the github-dependencies group with 5 updates by @dependabot[bot] in https://github.com/apache/shiro/pull/2414
• chore(deps): bump mockito.version from 5.20.0 to 5.21.0 by @dependabot[bot] in https://github.com/apache/shiro/pull/2420
• chore(deps): bump ch.qos.logback:logback-core from 1.5.21 to 1.5.22 by @dependabot[bot] in https://github.com/apache/shiro/pull/2419
• chore(deps): bump ch.qos.logback:logback-classic from 1.5.21 to 1.5.22 by @dependabot[bot] in https://github.com/apache/shiro/pull/2417
• chore(deps): bump the github-dependencies group with 3 updates by @dependabot[bot] in https://github.com/apache/shiro/pull/2418
• chore(security): update log4-core by @lprimak in https://github.com/apache/shiro/pull/2430
• chore(deps): bump org.codehaus.mojo:exec-maven-plugin from 3.6.2 to 3.6.3 by @dependabot[bot] in https://github.com/apache/shiro/pull/2429
• chore(deps): bump ch.qos.logback:logback-core from 1.5.22 to 1.5.23 by @dependabot[bot] in https://github.com/apache/shiro/pull/2427
• chore(deps): bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.24.2 to 0.25.1 by @dependabot[bot] in https://github.com/apache/shiro/pull/2428
• chore(deps): bump github/codeql-action from 4.31.8 to 4.31.9 in the github-dependencies group by @dependabot[bot] in https://github.com/apache/shiro/pull/2424
• chore(deps): bump ch.qos.logback:logback-classic from 1.5.22 to 1.5.23 by @dependabot[bot] in https://github.com/apache/shiro/pull/2426
• chore(deps): bump bytebuddy.version from 1.18.2 to 1.18.3 by @dependabot[bot] in https://github.com/apache/shiro/pull/2425
• chore(deps): bump org.htmlunit:htmlunit from 4.20.0 to 4.21.0 by @dependabot[bot] in https://github.com/apache/shiro/pull/2431
• chore(deps): bump ch.qos.logback:logback-classic from 1.5.23 to 1.5.24 by @dependabot[bot] in https://github.com/apache/shiro/pull/2455
• chore(deps): bump org.owasp:dependency-check-maven from 12.1.9 to 12.2.0 by @dependabot[bot] in https://github.com/apache/shiro/pull/2454
• chore(deps): bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.25.1 to 0.25.4 by @dependabot[bot] in https://github.com/apache/shiro/pull/2453
• chore(deps): bump ch.qos.logback:logback-core from 1.5.23 to 1.5.24 by @dependabot[bot] in https://github.com/apache/shiro/pull/2452
• chore(deps): bump javax.enterprise:cdi-api from 2.0 to 2.0.SP1 by @dependabot[bot] in https://github.com/apache/shiro/pull/2451
• chore(deps): bump org.jsoup:jsoup from 1.21.2 to 1.22.1 by @dependabot[bot] in https://github.com/apache/shiro/pull/2442
• chore(deps): bump github/codeql-action from 4.31.9 to 4.31.10 in the github-dependencies group by @dependabot[bot] in https://github.com/apache/shiro/pull/2449
• [#2460] bugfix: avoid duplicate proxying of StoppingAwareProxiedSession by @lprimak in https://github.com/apache/shiro/pull/2459
• [#2458] Deploy next snapshot version as computed dynamically from latest release by @lprimak in https://github.com/apache/shiro/pull/2456
• [#2460] test for recursively wrapped sessions by @bmarwell in https://github.com/apache/shiro/pull/2470
• [#2471] remove experimental, unused class SimplePrincipalMap by @bmarwell in https://github.com/apache/shiro/pull/2472
• Jakarta ee update by @lprimak in https://github.com/apache/shiro/pull/2474
• chore(deps): bump ch.qos.logback:logback-core from 1.5.24 to 1.5.26 by @dependabot[bot] in https://github.com/apache/shiro/pull/2480
• chore(deps): bump ch.qos.logback:logback-classic from 1.5.24 to 1.5.26 by @dependabot[bot] in https://github.com/apache/shiro/pull/2479
• chore(deps-dev): bump org.assertj:assertj-core from 3.27.6 to 3.27.7 by @dependabot[bot] in https://github.com/apache/shiro/pull/2478
• chore(deps): bump org.codehaus.gmavenplus:gmavenplus-plugin from 4.2.1 to 4.3.0 by @dependabot[bot] in https://github.com/apache/shiro/pull/2476
• chore(deps): bump the github-dependencies group across 1 directory with 5 updates by @dependabot[bot] in https://github.com/apache/shiro/pull/2477
• chore(deps-dev): bump org.codehaus.mojo:buildnumber-maven-plugin from 3.2.1 to 3.3.0 by @dependabot[bot] in https://github.com/apache/shiro/pull/2467
• chore(deps-dev): bump org.codehaus.mojo:xml-maven-plugin from 1.2.0 to 1.2.1 by @dependabot[bot] in https://github.com/apache/shiro/pull/2466
• chore(deps-dev): bump org.codehaus.mojo:versions-maven-plugin from 2.20.1 to 2.21.0 by @dependabot[bot] in https://github.com/apache/shiro/pull/2465
• chore(deps-dev): bump org.codehaus.mojo:jdepend-maven-plugin from 2.1 to 2.2.0 by @dependabot[bot] in https://github.com/apache/shiro/pull/2464
• chore(deps): bump bytebuddy.version from 1.18.3 to 1.18.4 by @dependabot[bot] in https://github.com/apache/shiro/pull/2468
• [#1025] - Shiro's InvalidRequestFilter blocks valid paths with encoded slashes by @haster in https://github.com/apache/shiro/pull/1026
• [#2421] bugfix: restored ability to match passwords from Shiro 1.x that have … by @lprimak in https://github.com/apache/shiro/pull/2475
• Run pre-commit autoupdate to update the hooks by @jbampton in https://github.com/apache/shiro/pull/2486
• chore: Eclipse IDE ignores for license checks by @lprimak in https://github.com/apache/shiro/pull/2484
• Update pre-commit workflow set --show-diff-on-failure by @jbampton in https://github.com/apache/shiro/pull/2487

• @celikfatih made their first contribution in https://github.com/apache/shiro/pull/2372
• @haster made their first contribution in https://github.com/apache/shiro/pull/1026

Full Changelog: https://github.com/apache/shiro/compare/shiro-root-2.0.6...shiro-root-2.1.0

• 9160cb2: [dotnet] [bidi] SetTouchOverride command in Emulation module (#17045) (Nikolay Borisenko) #17045
• adf9028: [dotnet] [bidi] SetNetworkConditions command in Emulation module (#17047) (Nikolay Borisenko) #17047
• fbfdb01: [dotnet] [bidi] Adjusted name for Capabilities in new session result (#17048) (Nikolay Borisenko) #17048
• b21b572: [dotnet] [bidi] Expand SetViewport options with optional UserContexts (#17049) (Nikolay Borisenko) #17049
• 907a3b7: [dotnet] [bidi] Change MovePointer X/Y types to double (#17050) (Nikolay Borisenko) #17050
• 1e8be85: [dotnet] [bidi] Support UserContexts in AddPreloadScript command options (#17051) (Nikolay Borisenko) #17051
• 896e83c: [dotnet] [bidi] Rename input actions according spec (#17052) (Nikolay Borisenko) #17052
• 46e1c96: [java] Fix "secure vs non-secure" error in tests (#17046) (Andrei Solntsev) #17046

• build(deps): bump the github-actions group across 1 directory with 5 updates by @dependabot[bot] in https://github.com/Activiti/Activiti/pull/5279
• build(deps): bump the github-actions group across 1 directory with 4 updates by @dependabot[bot] in https://github.com/Activiti/Activiti/pull/5283
• build(deps-dev): bump org.apache.maven.plugins:maven-compiler-plugin from 3.14.1 to 3.15.0 in the maven-plugins group by @dependabot[bot] in https://github.com/Activiti/Activiti/pull/5282

• Fixed issue with db upgrade by @arpanhyland in https://github.com/Activiti/Activiti/pull/5275

Full Changelog: https://github.com/Activiti/Activiti/compare/7.20.0-rc.990...7.20.0-rc.991

Full Changelog: https://github.com/Activiti/Activiti/compare/7.20.0-rc.989...7.20.0-rc.990

• #52019 - Remove Jackson from quarkus-analytics-common module
• #52153 - JaCoCo: add support for QuarkusUnitTest
• #52198 - CLI build report: include produced items (if available)
• #52222 - Bump the hibernate group with 9 updates
• #52235 - Use namespaced name in default guides link in extension template
• #52236 - Pin strimzi kafka container version in Dev Service
• #52237 - Add missing space when quarkus cli throws ExclusiveProviderConflictException
• #52242 - Build failure after upgrading to Quarkus 3.31.0 or 3.31.1 with Maven plugins using Jackson
• #52250 - Panache Next maven Question
• #52253 - Workaround JDK-8376576
• #52257 - Dev UI: Fix the Add and remove extension issues
• #52259 - Looks like we did not rename hibernate-panache after all
• #52260 - Quarkus Panache Next should not require reactive classes
• #52263 - Ensure that media type is passed through writer interceptor chain
• #52264 - Quarkus Jacoco 0% coverage when changing data-file name
• #52265 - Panache Next: do not call HR class if the HR extension is not present
• #52275 - Bump Gradle to 9.3.1
• #52276 - Make ValueRegistryParameterResolver a bit more relaxed
• #52285 - Change recommended-java-version to 25
• #52287 - Fix NPE in HibernateSearchElasticsearcRecorder
• #52290 - JaCoCo: resolve data-file and report-location against the project root
• #52292 - java.net.URISyntaxException: Illegal character in path when accessing JAR resource with [] in name
• #52303 - Disabling swagger-ui does not remove link in dev-ui card
• #52305 - Dev UI: Do not display Swagger UI link when disabled
• #52307 - Documentation: Use alphabetic quarkus.security.ldap.identity-mapping.attribute-mappings."attribute-mappings".* configuration property
• #52310 - RestAssured.baseURI is not set when using quarkus.http.test-host after update to Quarkus 3.31
• #52312 - Quarkus start-stop's FULL-MICROPROFILE app fails with Quarkus 3.31
• #52313 - Extend ReflectiveHierarchyStep
• #52317 - JaCoCo - QuarkusUnitTest support: fixes
• #52318 - TestHostLauncher to return the default ListeningAddress
• #52321 - Use 5 argument URI constructor to work around JDK bug
• #52323 - AccessDeniedException at / during runtime re-augmentation in Quarkus 3.30.1 (Parallel Archive Creator ignores tmp settings)
• #52325 - build(deps): bump the hibernate group with 10 updates
• #52332 - Use standard tmp directory to create temp files for parallel jar
• #52340 - Test interface implementers registration for reflection
• #52342 - IsolatedTestModeMain and IsolatedDevModeMain were app entry points which didn't suppress JVM's Unsafe warnings yet
• #52343 - StartupActionImpl needs to open modules to both runtime and base classloaders
• #52344 - Docs: fix admonition block syntax in writing-extensions.adoc
• #52345 - In dev-mode, we need to apply JVM module configuration to both base and runtime classloaders

• a163fe7: explicitly tell Claude code to look in .local directory for user-specific instructions (Titus Fortner)
• 3334f0f: [py]: enable edge browser tests for bidi (#17032) (Navin Chandra) #17032
• 36b25ca: [build] File-level test target indexing for precise affected test detection (#17033) (Titus Fortner) #17033
• 01eb8f0: [build] add smart targeting and --lint flag to format.sh (#17035) (Titus Fortner) #17035

Full Changelog: https://github.com/Activiti/Activiti/compare/7.20.0-rc.988...7.20.0-rc.989

Full Changelog: https://github.com/Activiti/Activiti/compare/7.20.0-rc.987...7.20.0-rc.988

Full Changelog: https://github.com/Activiti/Activiti/compare/7.20.0-rc.986...7.20.0-rc.987