Compatibility with previous release
Version 3.6.3 is source and binary compatible with 3.6.0.
Compatibility with older releases (< 3.3, 2.x)
Since 3.3 release, the default setting for permissions that determine which packages, classes and methods are accessible to scripts has been reduced to a very narrow set. When migrating from previous version of JEXL, this may result in breaking your application behavior ; this breaking change requires remediation in your code.
Despite the obvious inconvenience - our sincere apologies on the matter -, how much functional and semantic power is accessible through scripts has a real impact on your application security and stability ; that potential risk requires an informed review and conscious choice on your end.
To mitigate the change, you can revert to the previous behavior with one line of code (see JexlPermissions, JexlBuilder and JexlScriptEngine ) or use this opportunity to reduce exposure. Whether Files, URLs, networking, processes, class-loaders or reflection classes or whether loops or side effects are accessible are part of your choice to make.
What is new in 3.6.3:
JEXL 3.6.3 is a minor release that fixes some bugs. It does not introduce any breaking change.
Bugs fixed in 3.6.3:
|
JEXL-461: |
Updates/improvements to the site documentation for JEXL Syntax. |
|
JEXL-459: |
Empty/size functions swallow all exceptions with no trace. |
|
JEXL-458: |
Improve permissions expressivity. |
|
JEXL-457: |
Reduce default exposure for RESTRICTED JexlPermissions. |
|
JEXL-456: |
Change in template parser behavior. |
Changes in 3.6.3:
|
Fix the @return tags in the Javadoc for JexlArithmetic.toBigInteger() overloads. |
|
Bump org.apache.commons:commons-parent from 96 to 102. |
|
Bump commons-logging:commons-logging from 1.3.5 to 1.4.0. |
|
Bump com.google.code.gson:gson from 2.13.2 to 2.14.0. |
What was new in 3.6.2:
JEXL 3.6.2 was a minor release that fixed some bugs. It did not introduce any breaking change.
Bugs fixed in 3.6.2:
|
JEXL-455: |
Tokenization error with multiline expressions. |
|
JEXL-454: |
Switch NaN case not found. |
|
JEXL-453: |
Finally clause is not evaluated. |
Changes in 3.6.2:
|
Bump org.apache.commons:commons-parent from 93 to 96. |
What was new in 3.6.1:
JEXL 3.6.1 was a minor release that fixed some bugs. It did not introduce any breaking change.
Bugs fixed in 3.6.1:
|
JEXL-452: |
Debug setting in Engine shows class/method/line even when set to false. |
|
JEXL-451: |
Restore JexlSandbox permission capabilities on Object.class. |
|
JEXL-450: |
Disable instantiation of internal classes in RESTRICTED mode. |
|
JEXL-449: |
Inconsistency on nature of curly-bracket syntactic elements regarding annotations. |
Changes in 3.6.1:
|
Bump org.apache.commons:commons-parent from 91 to 93. |
|
Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.20.0. |
What was new in 3.6.0:
JEXL 3.6.0 introduced a switch statement and expressions (JEXL-440). It was a minor release that did not introduce any breaking change.
New Features in 3.6.0:
|
JEXL-440: |
Switch statement & expressions. |
Bugs fixed in 3.6.0:
|
JEXL-448: |
Engines caching misses local variables handling and global eviction capability. |
|
JEXL-447: |
Regression in script-defined functions. |
|
JEXL-446: |
ClassTool module inspection is too strict. |
|
JEXL-442: |
Local variables are not resolved in interpolation string expression. |
|
JEXL-441: |
Tokenization error if "\n" in template expression. |
|
JEXL-439: |
When using reference capture, incorrect scoping when local variable redefines a captured symbol. |
|
JEXL-437: |
Semicolons not actually optional between function calls on separate lines. |
|
AbstractExecutor.initMarker throws IllegalArgumentException instead of Exception. |
|
Reuse BigInteger constants instead of creating new instances in JexlArithmetic.toBigInteger(Object). |
Changes in 3.6.0:
|
Bump org.apache.commons:commons-parent from 81 to 91. |
|
Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.19.0. |
|
Bump com.google.code.gson:gson from 2.13.1 to 2.13.2. |
|
