PATCHED Windows Loader V2.1.7[Original]
Type Changes Bye Fix obscure caching problem in multiple resource loader situations where resources may exist in more than one loader and appear and disappear from loaders. . Fixes VELOCITY-702. nbubna Fix old regression from 1.4 in supporting methods declared as abstract in a public class but implemented in a non-public class. . Fixes VELOCITY-701. nbubna Fix problem with FileResourceLoader's resourceExists() when configured w/multiple paths. . Fixes VELOCITY-693. nbubna Fix ClassMap introspection bug introduced in 1.5, where public super-interface methods implemented in protected or private classes were unreachable. . Fixes VELOCITY-689. nbubna Fix regression in proxying of macro argument #set calls. Note that in 1.7, calling #set on a macro argument (for which a #set-able reference was passed) will not propagate the new value to the original reference, but merely set the value of the macro argument reference. . Fixes VELOCITY-681. nbubna Fix loss of inline macros when #evaluate is used. . Fixes VELOCITY-682. nbubna Fix name of sources jar for maven deployment. . Fixes VELOCITY-554. Thanks to Adrian Tarau. nbubna Pre 1.6 behavior of specifying #macro without parenthesis would throw a VelocityException has been restored. . Fixes VELOCITY-667. byron Better error reporting when toString() throw an exception when testing an #if conditional. For example #if($foo) . Fixes VELOCITY-656. byron Fix $velocityHasNext so that it works in nested foreach blocks. . Fixes VELOCITY-658. Thanks to Jarkko Viinamäki. byron Throw an exception in strict mode when >=, comparisons can't be made. . Fixes VELOCITY-645. byron Fix $velocityHasNext so it is not always true. . Fixes VELOCITY-657. cbrisson
PATCHED Windows Loader v2.1.7[Original]
A vulnerability in Apache Log4j, a widely used logging package for Java has been found. The vulnerability, which can allow an attacker to execute arbitrary code by sending crafted log messages, has been identified as CVE-2021-44228 and given the name Log4Shell. It was first reported privately to Apache on November 24 and was patched with version 2.15.0 of Log4j on December 9. It affects Apache Struts, Apache Solr, Apache Druid, Elasticsearch, Apache Dubbo, and VMware vCenter. Since then, it has been disclosed that in certain non-default conditions, the original patch was incomplete; this was designated as CVE-2021-45046 and a new version of Log4j, 2.16.0, has been released.