Announcement
Collapse
No announcement yet.
X
-
It is expected that Velocity usage may require to be reviewed for compatibility with the new version. Most of the changes were introduced in version 2.0, but it is recommended to review changes for each version since 1.7, especially VTL and behavior/API sections: https://velocity.apache.org/engine/2.3/upgrading.html and https://velocity.apache.org/tools/3.1/upgrading.html.
-
Hello, did someone already noticed that there are breaking changes which may impact developer code?
For now I've found:- the #foreach predefined references $velocityCount and $velocityHasNext have been removed. Use $foreach.count (1-based), $foreach.index (0-based) and foreach.hasNext().
https://velocity.apache.org/engine/2.0/upgrading.htmlLast edited by claudiobosticco; 21 Jan 2022, 04:25.
Leave a comment:
-
It’s not an alternative solution, it’s just the next version of Velocity, which was not backwards compatible so code changes were required.
Leave a comment:
-
Thank you very much for quick response.
If you have already decided on alternative solution to be delivered in 13.0 please share - always good to have extra upgrade justification line items :)
Thank you!
Leave a comment:
-
Hi smartiro,
The Velocity issue applies to end-user-editable Velocity templates, which SmartGWT does not use (we have only developer-editable templates), so there is no vulnerability here.
Nevertheless, we have one customer where their security team was unable to understand the distinction between end-user-editable and developer-editable templates and was willing to use Feature Sponsorship to have Velocity upgraded. That’s coming in 13.0, but since there is no actual security issue, it will not be backported.
Leave a comment:
-
velocity templates in SmartGWT
Hi,
We're still on SmartGWT 6.1 - and blackduck flagged velocity 1.7 for security vulnerability.
Looks like 1.7 version is the tip and is also used in SmartGWT 12.1 - so I suppose question is, is there a plan to mitigate this?
Thank you!
Tags: None
Leave a comment: