Announcement

Collapse
No announcement yet.
X
  • Filter
  • Time
Clear All
new posts

  • Isomorphic
    replied
    It is expected that Velocity usage may require to be reviewed for compatibility with the new version. Most of the changes were introduced in version 2.0, but it is recommended to review changes for each version since 1.7, especially VTL and behavior/API sections: https://velocity.apache.org/engine/2.3/upgrading.html and https://velocity.apache.org/tools/3.1/upgrading.html.

    Leave a comment:


  • claudiobosticco
    replied
    Hello, did someone already noticed that there are breaking changes which may impact developer code?
    For now I've found:
    • the #foreach predefined references $velocityCount and $velocityHasNext have been removed. Use $foreach.count (1-based), $foreach.index (0-based) and foreach.hasNext().
    from:
    https://velocity.apache.org/engine/2.0/upgrading.html
    Last edited by claudiobosticco; 21 Jan 2022, 04:25.

    Leave a comment:


  • Isomorphic
    replied
    It’s not an alternative solution, it’s just the next version of Velocity, which was not backwards compatible so code changes were required.

    Leave a comment:


  • smartiro
    replied
    Thank you very much for quick response.

    If you have already decided on alternative solution to be delivered in 13.0 please share - always good to have extra upgrade justification line items :)

    Thank you!

    Leave a comment:


  • Isomorphic
    replied
    Hi smartiro,

    The Velocity issue applies to end-user-editable Velocity templates, which SmartGWT does not use (we have only developer-editable templates), so there is no vulnerability here.

    Nevertheless, we have one customer where their security team was unable to understand the distinction between end-user-editable and developer-editable templates and was willing to use Feature Sponsorship to have Velocity upgraded. That’s coming in 13.0, but since there is no actual security issue, it will not be backported.

    Leave a comment:


  • smartiro
    started a topic velocity templates in SmartGWT

    velocity templates in SmartGWT

    Hi,

    We're still on SmartGWT 6.1 - and blackduck flagged velocity 1.7 for security vulnerability.
    Looks like 1.7 version is the tip and is also used in SmartGWT 12.1 - so I suppose question is, is there a plan to mitigate this?

    Thank you!

Working...
X