Full Changelog: https://github.com/Activiti/Activiti/compare/7.21.0-rc.361...7.21.0-rc.362

Full Changelog: https://github.com/Activiti/Activiti/compare/7.21.0-rc.360...7.21.0-rc.361

We are pleased to announce the release of Hibernate Validator 8.0: 8.0.4.Final.

You can find the full list of 8.0.4.Final changes here.

This release introduces a few minor improvements as well as bug fixes.

For additional details, see:

• the release page
• the Migration Guide
• the Getting started
• the Reference Guide
• the API docs

Visit the website for details on getting in touch with us.

We are pleased to announce the release of Hibernate Validator 9.1: 9.1.1.Final.

You can find the full list of 9.1.1.Final changes here.

• See the website for requirements and compatibilities.
• See the What's New guide for details about new features and capabilities.

For additional details, see:

• the release page
• the Migration Guide
• the Getting started
• the Reference Guide
• the API docs

Visit the website for details on getting in touch with us.

Full Changelog: https://github.com/Activiti/Activiti/compare/7.21.0-rc.359...7.21.0-rc.360

Full Changelog: https://github.com/Activiti/Activiti/compare/7.21.0-rc.358...7.21.0-rc.359

• JDK 17
• Jakarta EE 9/10/11+ (no javax.* namespace)
• Spring 6/7+ and SpringBoot 3/4+
• Guice 7/8+

Breaking Changes:

• Made default implementation of PrincipalCollection immutable (ImmutablePrincipalCollection)

Security improvements:

• Case-insensitive path matching is now enabled by default (hardened by default)
• Added NoAccessFilter and add it to the default filter chain (breaking change, hardened-by-default)
• [#2799] enh: warn if realm authentication fails by @lprimak in https://github.com/apache/shiro/pull/2798
• Web RememberMe and Guice Enhancements by @lprimak in https://github.com/apache/shiro/pull/2800
• Enable CORS preflight requests by default

Other Changes:

• Modernized Java code to JDK 17 baseline
• Added fluent API in MergableAuthenticationInfo class
• Improved thread-safety of Shiro-native sessions (SimpleSession, SimpleSessionFactory, CachingSessionDAO)
• Multi-Release JAR in order to support different JDK version levels, and JDK 25 Scoped values
• Using Java Scoped for Subject and SecurityManager instead of ThreadLocals on JDK 25+
• Separated out ShiroFilterFactoryBeanPostProcessor to fix post processing warnings in Spring
• Using AssertJ for testing

Removals of deprecated artifacts

• Removed Shiro BOM - no longer necessary
• Removed EhCache module in favor of JCache
• Removed Hazelcast module in favor of JCache
• Removed deprecated SimplePrincipalCollection class
• Removed deprecated RandomSessionIdGenerator class
• Removed deprecated HttpSessionContext class
• Removed deprecated JavaEnvironment class
• Removed deprecated XmlSerializer.java class
• Removed JakartaTransformer class and it's jakartify() method
• Removed Spring/Boot ShiroUrlPathHelper class
• Removed Spring/Boot's remoting support
• Removed Spring/Boot deprecated ShiroRequestMappingConfig class
• Removed samples and tests associated with deprecated modules

• JDK 21 (JDK 25 required to release)
• Jakarta EE 11 (build-time default)
• Spring 7/SpringBoot 4 (build-time default)
• Guice 8 (build-time default)

• [#1584] Merge 3.x branch into main by @lprimak in https://github.com/apache/shiro/pull/2772

Full Changelog: https://github.com/apache/shiro/compare/shiro-root-2.2.1...shiro-root-3.0.0

• d4832d7: [build] Automated Browser Version Update (#17694) (Selenium CI Bot) #17694