v3.15.1

• [new] Allow to disable Jackson exception mappers as they may disclose technical info to REST clients.
  Set rest.exceptionMapping.jackson and rest.exceptionMapping.detailedUserMessage to false. The exception will
  go through the default exception mapper, which logs them. To avoid this provide your own exception mapper.

v3.15.0

• [new] Java 21 support.
• [new] Support for jakarta.inject.* while retaining javax.inject.* compatibility.
• [nfo] Other jakarta.* packages are not supported yet.
• [chg] Update javassist to 3.30.2-GA
• [chg] Update guice to 6.0.0
• [chg] Update guava to 33.1.0
• [chg] Update typetools to 0.6.3
• [chg] Update shiro to 1.13.0
• [chg] Update Undertow to 2.2.31.Final
• [chg] Update Jersey to 2.42
• [chg] Update Hibernate Validator to 6.1.7.Final

v3.14.0

• [new] @PostConstruct support was extended to non-singletons. @PreDestroy is still limited to singletons per design
  (only singletons instances are known and tracked by the lifecycle manager).

v3.13.0

• [new] Support JSON and YAML expansion in configuration. Use a myKey|json or myKey|yaml as key syntax. The suffix
  will be removed and the value will be replaced by the parsed subtree. Useful for parsing JSON structures passed by
  cloud platforms.
• [new] The SEEDSTACK_PROFILES environment variable can now be used to specify comma-separated configuration profiles
  to enable. These profiles will be added to the profiles already defined in the seedstack.profiles system property if
  any.
• [new] If config option rest.diagnosticResource is set to true, the diagnostic report will be available as a JSON
  representation at /seedstack/diagnostic. Do not enable permanently in production. Default is false.

v3.12.1

• [fix] Class UsernamePasswordToken was incorrectly removed from seed-security-specs.

v3.12.0

• [new] Java 15 support
• [new] The check tool analyzes and show discrepancies between configuration files (actual config) and configuration objects (expected config).
• [chg] Move main entrypoint logic from SeedMain.main() to Seed.launch(), allowing custom main methods in addition to the built-in SeedMain.
• [chg] Upgrade Shiro to 1.7.1 (fixes CVE-2020-11989, CVE-2020-17510, CVE-2020-1957, CVE-2020-13933 and CVE-2019-12422).
• [chg] Upgrade Guice to 5.0.1
• [chg] Upgrade Jersey to 2.34
• [chg] Upgrade Javassist to 3.27.0-GA
• [chg] Upgrade Guava to 30.1.1-jre
• [chg] Upgrade Coffig to 3.1.7
• [fix] Detection of color output under recent versions of IntelliJ.
• [fix] Fix configuration evaluation (macros, functions, ...) in classes section (see #283).

v3.11.0

• [brk] Config functions that find available ports now take a port name as argument so they can return the same port for each evaluation (example: $availableTcpPort() becomes $availableTcpPort('web')).
• [new] Support for configuration of Undertow handlers using undertow-handlers.conf file (at the root of the classpath by default).
• [new] Security realms can now return direct user permissions, not attached to any role.
• [chg] Enable a detailed user message by default for internal and security exceptions during REST requests.
• [fix] Fixed test annotations that were not fully detected when repeated: @ConfigurationProperty, @KernelParameter and @SystemProperty.

v3.10.0

• [brk] Generic session options moved from web.server.sessions to web.sessions.
• [brk] Static resources options moved from web.staticResources to web.static.
• [brk] Default session timeout with embedded servers is now defined by the web.server.defaultSessionTimeout option.
• [new] Add web.sessions.cookie configuration options to set Web session cookie details.
• [new] Support JSR-250 @PostConstruct and @PreDestroy annotations on singletons (in addition to AutoCloseable close() method).
• [new] Add SeedInterceptor API to declare method interceptors without coupling to Guice implementation.
• [fix] Ensure that JVM-wide base configuration is refreshed between tests.
• [fix] Allow JAX-RS components to be instantiated without Guice as a fallback (Jersey 2).
• [fix] Default session timeout for Undertow was incorrect. It is now 20 minutes.
• [chg] Better error messages for security realm exceptions.

v3.9.1

• [new] Support for programmatic login through SecuritySupport interface (no need for Shiro-specific code anymore).
• [chg] Obtaining principals by type now honors inheritance (instead of returning principals of the exact specified type).
• [chg] Principals are no longer required to be serializable.
• [chg] AbstractTransactionManager is now scoped as package.
• [fix] Security authentication and authorization caches are now disabled by default (avoiding to keep credentials indefinitely in memory).

v3.9.0

• [new] Introduce the diag tool to manually write a diagnostic report to standard output or in a file.
• [new] Enable configuration of Undertow error pages for specific HTTP codes or exceptions as well as a default error page (web.server.errorPages config).
• [new] SSL truststore can be configured separately from the master keystore (if no configuration it will default to the Java default truststore).
• [new] A custom X509KeyManager can now be configured to allow control of the chosen key material during SSL handshake.
• [brk] Plain file X509 certificates (outside a keystore) can no longer be configured as it is less secure and not so useful.
• [fix] Remove NullPointerException a Undertow shutdown if the it had not started properly before.