• Switch pre-commit to ASF approved prek-action by @jbampton in https://github.com/apache/shiro/pull/2705
• chore(deps): bump https://github.com/zizmorcore/zizmor-pre-commit from v1.24.1 to 1.25.2 in the pre-commit-hooks group by @dependabot[bot] in https://github.com/apache/shiro/pull/2709
• chore(deps): bump org.apache.commons:commons-configuration2 from 2.14.0 to 2.15.0 by @dependabot[bot] in https://github.com/apache/shiro/pull/2706
• [#2704] [#2710] Fixed Session fixation-related regressions by @lprimak in https://github.com/apache/shiro/pull/2711
• chore(deps): bump org.apache:apache from 37 to 38 by @dependabot[bot] in https://github.com/apache/shiro/pull/2700
• chore(deps): bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.25.6 to 0.25.7 by @dependabot[bot] in https://github.com/apache/shiro/pull/2699
• chore(deps): bump slf4j.version from 2.0.17 to 2.0.18 by @dependabot[bot] in https://github.com/apache/shiro/pull/2694
• Add AGENTS.md + SECURITY.md linking the project's security model by @potiuk in https://github.com/apache/shiro/pull/2702
• chore(deps): bump log4j.version from 2.25.4 to 2.26.0 by @dependabot[bot] in https://github.com/apache/shiro/pull/2697
• chore(deps): bump the github-actions-dependencies group with 3 updates by @dependabot[bot] in https://github.com/apache/shiro/pull/2696
• chore(deps): bump org.apache.johnzon:johnzon-jsonb from 1.2.22 to 1.3.0 by @dependabot[bot] in https://github.com/apache/shiro/pull/2698
• chore(deps): bump org.apache.cxf:cxf-rt-rs-client from 3.6.10 to 3.6.11 by @dependabot[bot] in https://github.com/apache/shiro/pull/2729
• chore(deps): bump org.apache.cxf:cxf-bom from 3.6.10 to 3.6.11 by @dependabot[bot] in https://github.com/apache/shiro/pull/2728
• chore(deps): bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.25.7 to 0.26.0 by @dependabot[bot] in https://github.com/apache/shiro/pull/2727
• chore(deps): bump org.omnifaces:omnifaces from 3.14.20 to 3.14.21 by @dependabot[bot] in https://github.com/apache/shiro/pull/2725
• chore(deps): bump org.apache.commons:commons-configuration2 from 2.15.0 to 2.15.1 by @dependabot[bot] in https://github.com/apache/shiro/pull/2724
• chore(deps): bump the github-actions-dependencies group with 3 updates by @dependabot[bot] in https://github.com/apache/shiro/pull/2723
• chore(deps-dev): bump arquillian.core.version from 1.10.1.Final to 1.10.2.Final by @dependabot[bot] in https://github.com/apache/shiro/pull/2722
• chore(deps-dev): bump org.apache.cxf:cxf-rt-frontend-jaxrs from 3.6.10 to 3.6.11 by @dependabot[bot] in https://github.com/apache/shiro/pull/2721
• [CI] Add pre-commit hook to validate the CITATION file; Add missing required field message by @jbampton in https://github.com/apache/shiro/pull/2717
• [CI] Add hook to validate dependabot.yml with pre-commit by @jbampton in https://github.com/apache/shiro/pull/2716
• chore: add branch protection rules by @lprimak in https://github.com/apache/shiro/pull/2701
• chore(deps): bump ch.qos.logback:logback-classic from 1.5.32 to 1.5.34 by @dependabot[bot] in https://github.com/apache/shiro/pull/2748
• chore(deps): bump ch.qos.logback:logback-core from 1.5.32 to 1.5.34 by @dependabot[bot] in https://github.com/apache/shiro/pull/2749
• chore(deps): bump org.jacoco:jacoco-maven-plugin from 0.8.14 to 0.8.15 by @dependabot[bot] in https://github.com/apache/shiro/pull/2765
• chore(deps): bump the github-actions-dependencies group across 1 directory with 2 updates by @dependabot[bot] in https://github.com/apache/shiro/pull/2756
• chore(deps): bump org.codehaus.gmavenplus:gmavenplus-plugin from 4.3.1 to 5.0.0 by @dependabot[bot] in https://github.com/apache/shiro/pull/2753
• chore(deps): bump org.jboss.shrinkwrap.resolver:shrinkwrap-resolver-bom from 3.3.6 to 3.3.7 by @dependabot[bot] in https://github.com/apache/shiro/pull/2750
• chore(deps): bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.26.0 to 0.26.1 by @dependabot[bot] in https://github.com/apache/shiro/pull/2751
• [CI] Pin to sha all pre-commit hooks and clean up by @jbampton in https://github.com/apache/shiro/pull/2730
• Configure EditorConfig for more file types by @jbampton in https://github.com/apache/shiro/pull/2747
• Update and expand the CITATION file by @jbampton in https://github.com/apache/shiro/pull/2766
• chore(deps): bump bytebuddy.version from 1.18.8 to 1.18.10 by @dependabot[bot] in https://github.com/apache/shiro/pull/2752
• [#2760] chore: update shiro.doap file with more recent versions and maintainers by @lprimak in https://github.com/apache/shiro/pull/2768
• chore(jacoco): added exclusion for weld client proxy by @lprimak in https://github.com/apache/shiro/pull/2769
• [#2758] Deprecate RandomSessionIdGenerator due to insufficient entropy by @lprimak in https://github.com/apache/shiro/pull/2770

• @potiuk made their first contribution in https://github.com/apache/shiro/pull/2702

Full Changelog: https://github.com/apache/shiro/compare/shiro-root-2.2.0...shiro-root-2.2.1

Full Changelog: https://github.com/Activiti/Activiti/compare/7.21.0-rc.332...7.21.0-rc.333

Full Changelog: https://github.com/Activiti/Activiti/compare/7.21.0-rc.331...7.21.0-rc.332

• AAE-46492 Add commandId to Activiti events by @jsokolowskii in https://github.com/Activiti/Activiti/pull/5422

• AAE-46507 Get next task by @fkindgen in https://github.com/Activiti/Activiti/pull/5420
• AAE-46388 Add Supply Chain Review agentic workflow by @dsibilio in https://github.com/Activiti/Activiti/pull/5419
• AAE-46386 Set DependaBot cooldown for all ecosystems as 3d by @dsibilio in https://github.com/Activiti/Activiti/pull/5421
• AAE-46890 Add Copilot instructions for secret handling best practices by @dsibilio in https://github.com/Activiti/Activiti/pull/5432
• AAE-46971 Update Supply Chain Review GH AW to latest by @dsibilio in https://github.com/Activiti/Activiti/pull/5433
• AAE-45373: Replace local ObjectMapper/JsonMapper instances with injected or shared ones by @astrologic7 in https://github.com/Activiti/Activiti/pull/5417

Full Changelog: https://github.com/Activiti/Activiti/compare/7.21.0-rc.330...7.21.0-rc.331

Release note 1.4.8:

1. 添加配置支持机器人和频道应用不校验host。
2. 解决server api获取频道列表缺少字段。
3. 优化文件上传认证的问题。
4. 同步专业版IM服务SDK添加获取未读数接口。

附件的版本有3种格式，分别是Java通用版本、Deb格式安装包和Rpm格式安装包包，可以根据平台或者自己的习惯下载其中一种软件包。另外在Github也可以下载。也可以下载我们网站上的最新版本，通用Java包，deb格式安装包和rpm格式安装包。 *** 0.42 版本增加了群成员数限制，默认为2000。如果您想修改默认值，可以在升级版本之后，修改t_setting表，把默认的大小改为您期望的。另外修改t_group表，把已经存在的群组max_member_count改成您期望的，然后重启。*** *** 0.46和0.47版本升级到0.48及以后版本时，可能会提示flyway migrate 38错误，请执行 修复脚本 进行修复。0.46和0.47版本之外的版本不会出现此问题。*** *** 0.50版本添加了是否允许客户端发送群操作通知的配置。如果您在客户端自定义群通知，需要在服务器端配置允许，没有使用自定义群操作通知的不受影响。*** *** 从0.54之前版本升级到0.54及以后版本时，会提示flyway migrate错误。因为0.54版本删除了sql脚本中默认敏感词的内容，flyway checksum失败。请执行update flyway_schema_history set checksum = 0 where script = 'V17__add_default_sensitive_word.sql';来修复。*** *** 从0.59之前的版本升级到之后的版本执行数据库升级时间比较长，请耐心等待提示运行成功，避免中途中断。 *** *** 0.62/0.63 版本有严重的问题，请使用0.64及以后版本，或者0.61版。 *** *** 从0.68 版本起添加了pc在线是否默认手机接收推送的开关，默认为开，与以前版本作用相反，请注意兼容（可以关掉与之前保持一致或者升级客户端） *** *** 从0.78 版本起把MySQL数据库中关键字都改为大小写敏感，另外生成id的方法也做了改变，只生成小写的id，避免出现id重复的问题，建议所有客户都升级 *** *** 从0.79 版本起把log4j升级到log4j2，因为log4j已经不再维护而且还有已知的漏洞，建议所有客户都升级，升级时注意更新log4j2的配置文件 *** *** 0.97版本更改了启动脚本wildfirechat.sh，如果是升级服务，请注意更新启动脚本。*** *** 1.3.8版本添加了server api发送消息的限制，限制消息体最大内容不能超过64KB，如果升级请注意业务系统发送消息大小。***

• bb741bd: [build] Automated Browser Version Update (#17658) (Selenium CI Bot) #17658
• b3164ef: [grid] add HtmlUnit browser logo to Grid UI (#17656) (David Burns) #17656
• 18bb1d9: [py] terminate driver service process when start() fails to connect (#17651) (Titus Fortner) #17651

Full Changelog: https://github.com/Activiti/Activiti/compare/7.21.0-rc.329...7.21.0-rc.330

• 887237c: [py] translate continue_request/continue_response kwargs to BiDi wire format (#17669) (David Burns) #17669