prepare 5.10.8 release #302

LaunchDarklyReleaseBot · 2023-03-21T17:34:23Z

[5.10.8] - 2023-03-21

Fixed:

Updated snakeyaml to v2.0.0 to address CVE-2022-1471. This vulnerability would only have affected applications that used the FileData feature with a YAML file, assuming an attacker had write access to the filesystem.

update okhttp to 4.8.1 (fixes incompatibility with OpenJDK 8.0.252)

Bump SnakeYAML from 1.19 to 1.26 to address CVE-2017-18640

# Conflicts: # CHANGELOG.md # gradle.properties

ch78326 - implement new test data source

only log initialization message once in polling mode

Also adds debug logs for full exception information in a couple locations.

…port. (#265)

Fix compatibility with Java 7.

bump snakeyaml version for CVE-2022-38752

…a-11 disable Windows Java 11 build

fix packaging of com.launchdarkly.logging classes

…ce-5.x use synchronous EventSource (5.x backport)

backport YAML CVE fix from 6.x

…rt errors on shutdown

…ream-close don't allow uncaught RuntimeException on stream thread and don't report errors on shutdown

…ent (#391)

chore: bump snakeyaml

eli-darkly and others added 30 commits September 1, 2020 12:20

update okhttp to 4.8.1 (fixes incompatibility with OpenJDK 8.0.252)

f3f01ec

Merge pull request #261 from launchdarkly/eb/ch88298/okhttp-update-5.x

7025ae7

update okhttp to 4.8.1 (fixes incompatibility with OpenJDK 8.0.252)

merge from public after release

d1e311e

gitignore

f5a8555

Merge branch 'master' of github.com:launchdarkly/java-server-sdk

52c36be

merge from public after release

9fe8f5b

Bump SnakeYAML from 1.19 to 1.26 to address CVE-2017-18640

ac9bdb1

Merge pull request #262 from launchdarkly/eb/ch88108/snakeyaml-update

d1e0637

Bump SnakeYAML from 1.19 to 1.26 to address CVE-2017-18640

prepare 4.14.3 release (#209)

4f8f980

Releasing version 4.14.3

a6777a8

merge from public after release

89954b5

Merge branch '4.x'

a83942e

# Conflicts: # CHANGELOG.md # gradle.properties

Merge branch 'master' into eb/ch78216/test-data

326e8e1

comments

b800f23

Merge pull request #251 from launchdarkly/eb/ch78216/test-data

7cb20cd

ch78326 - implement new test data source

only log initialization message once in polling mode

06fdd3e

Merge pull request #263 from launchdarkly/eb/ch88859/polling-logging

03e2ad8

only log initialization message once in polling mode

merge from public after release

a448abc

[ch89935] Correct some logging call format strings (#264)

078fe16

Also adds debug logs for full exception information in a couple locations.

[ch90109] Remove outdated trackMetric comment from before service sup…

136eb1b

…port. (#265)

Fix compatibility with Java 7.

889a1c6

Remove import that is no longer used.

67dea95

Merge pull request #266 from launchdarkly/gw/ch90182/fix-java-7-compat

402b8fe

Fix compatibility with Java 7.

add Java 7 build (#267)

ee5e212

prepare 4.14.4 release (#214)

cd60e6d

Releasing version 4.14.4

424c7d5

merge from public after release

72ac981

add and use getSocketFactory

0113451

alignment

346f655

add socketFactory to builder

305f555

eli-darkly and others added 26 commits September 12, 2022 14:45

bump snakeyaml version for CVE-2022-38752

decdb31

Merge pull request #374 from launchdarkly/eb/sc-168802/snakeyaml-patch

a612d96

bump snakeyaml version for CVE-2022-38752

merge from public after release

d937330

disable Windows Java 11 build

cd4a9bd

Merge pull request #375 from launchdarkly/eb/sc-171428/no-windows-jav…

6eac0c0

…a-11 disable Windows Java 11 build

fix packaging of com.launchdarkly.logging classes

85b9720

rm debugging

52ba6b3

reconsidered - let's include the logging classes in the jars

f4cc631

fix packaging test logic

78d1540

correct documentation

b787f60

Merge pull request #377 from launchdarkly/eb/sc-173058/packaging

8eaf967

fix packaging of com.launchdarkly.logging classes

merge from public after release

d5ffd47

Merge branch 'main' of github.com:launchdarkly/java-server-sdk

75887a7

use synchronous EventSource (5.x backport)

acf7e58

Merge pull request #386 from launchdarkly/eb/sc-180984/sync-eventsour…

4640f10

…ce-5.x use synchronous EventSource (5.x backport)

merge from public after release

5769012

backport YAML CVE fix from 6.x

288159d

Merge pull request #389 from launchdarkly/eb/sc-182242/yaml-cve-5.x

8e124ed

backport YAML CVE fix from 6.x

merge from public after release

734ba2e

don't allow uncaught RuntimeException on stream thread and don't repo…

ca7fc44

…rt errors on shutdown

Merge pull request #390 from launchdarkly/eb/sc-182728/no-error-on-st…

6f77b97

…ream-close don't allow uncaught RuntimeException on stream thread and don't report errors on shutdown

merge from public after release

d2c8e7b

don't log a JSON error if the stream closes while we're parsing an ev…

fc3f660

…ent (#391)

merge from public after release

70d0a01

chore: bump snakeyaml

2093a0e

Merge pull request #396 from launchdarkly/lc/fix-snakeyaml-5.x

f347c98

chore: bump snakeyaml

louis-launchdarkly requested a review from tanderson-ld March 21, 2023 17:34

tanderson-ld approved these changes Mar 21, 2023

View reviewed changes

LaunchDarklyReleaseBot merged commit b34f97a into 5.x Mar 21, 2023

LaunchDarklyReleaseBot deleted the release-5.10.8 branch March 21, 2023 20:37

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

prepare 5.10.8 release #302

prepare 5.10.8 release #302

Uh oh!

LaunchDarklyReleaseBot commented Mar 21, 2023

prepare 5.10.8 release #302

prepare 5.10.8 release #302

Uh oh!

Conversation

LaunchDarklyReleaseBot commented Mar 21, 2023

[5.10.8] - 2023-03-21

Fixed: