From 4e3f9c21cd3064f42d6bd0efcfaf1a5da0726ecb Mon Sep 17 00:00:00 2001 From: Nathan Shaw Date: Wed, 31 Aug 2022 11:39:52 -0400 Subject: [PATCH 1/3] ENDOC-567 Add Breaking Changes section with note on javascript modules, reorganize release notes. --- vuepress/docs/next/docs/releases/README.md | 44 +++++++++++----------- 1 file changed, 23 insertions(+), 21 deletions(-) diff --git a/vuepress/docs/next/docs/releases/README.md b/vuepress/docs/next/docs/releases/README.md index 0086961801..9129c7ac41 100644 --- a/vuepress/docs/next/docs/releases/README.md +++ b/vuepress/docs/next/docs/releases/README.md @@ -2,9 +2,7 @@ Entando 7.1.0 is an important feature release that introduces major changes to the bundle subsystem. It supports a brand new create phase, bundle service discovery and App Builder extensibility via Entando Packaged Capabilities (EPCs). -## ABSTRACT - -- Security fixes +## Summary - Node-based CLI module to manage bundle projects - Decoupled MFE ⇒ MS communication via service discovery ([API claims](../getting-started/ent-api.md)) - New docker-based bundles (bundles entirely distributed via Docker/OCI images) @@ -12,30 +10,20 @@ Entando 7.1.0 is an important feature release that introduces major changes to t - App Builder main menu is converted to an overridable bundle containing an MFE and BFF service - Widgets, pages and bundle assets are now created within the scope of a specific bundle - Performance optimizations +- Security fixes ### Compatibility * [Entando 7.1 Compatibility](https://entando.com/entando-de-app/cmsresources/cms/documents/Entando_7.1_Compatibility.pdf) * [Guides for previous versions of Entando](https://entando.com/page/en/compatibility-guide) -## BUG FIXES AND NEW FEATURES - -### Security Updates - -#### Dependencies - -- Fixed CVE-2022-22969 (spring-security, DoS) -- Fixed CVE-2021-31805 (struts2, RCE) -- Fixed CVE-2022-22965 (spring-beans, RCE) -- Fixed CVE-2022-22950 (spring-expression, DoS) -- Fixed CVE-2022-22968 (spring-context) -- Fixed CVE-2022-26336 (apache poi-scratchpad, DoS) -- Fixed CVE-2022-30126 (apache tika, DoS) -- Fixed CVE-2022-30973 (apache tika, DoS) -- Fixed CVE-2022-22976 (spring-security) -- Fixed CVE-2022-22978 (spring-security-web, Authorization Bypass) -- Fixed CVE-2022-33879 (apache tika, DoS) -- Fixed CVE-2022-24823 (apache netty, Information Exposure) +## Breaking Changes +* Improvements to the MFE framework in Entando 7.1 rely on loading MFEs as [Javascript modules](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Modules#other_differences_between_modules_and_standard_scripts). Older MFEs may need to be upgraded to avoid the use of SPA-style runtime files which will prevent this from working. + * The latest [Create React App](https://create-react-app.dev/) defaults to this mode so upgrading (e.g. `npx install react-scripts@latest`) may be all that is required. + * Older React apps can be rewired via webpack config overrides using a tool such as [react-app-wired](https://github.com/timarney/react-app-rewired) + * This console error can indicate the lack of module support in an MFE: `Uncaught TypeError: Cannot read properties of undefined (reading 'webpackJsonpreactchart')` + +## New Features and Improvements ### App Builder @@ -130,6 +118,20 @@ Entando 7.1.0 is an important feature release that introduces major changes to t - Bundles, widgets, plugins and pages installed using docker-based bundle descriptors are now scoped, where scope is defined by the bundle publication URL (no schema) - Bundles can run after the initialization of the Entando Application, which is currently used to enable the EPC menu in the App Builder +### Security Updates +- Fixed CVE-2022-22969 (spring-security, DoS) +- Fixed CVE-2021-31805 (struts2, RCE) +- Fixed CVE-2022-22965 (spring-beans, RCE) +- Fixed CVE-2022-22950 (spring-expression, DoS) +- Fixed CVE-2022-22968 (spring-context) +- Fixed CVE-2022-26336 (apache poi-scratchpad, DoS) +- Fixed CVE-2022-30126 (apache tika, DoS) +- Fixed CVE-2022-30973 (apache tika, DoS) +- Fixed CVE-2022-22976 (spring-security) +- Fixed CVE-2022-22978 (spring-security-web, Authorization Bypass) +- Fixed CVE-2022-33879 (apache tika, DoS) +- Fixed CVE-2022-24823 (apache netty, Information Exposure) + ## Previous Releases Refer to the drop-down list of versions in the left navigation menu to access documentation and release notes for previous versions of Entando. \ No newline at end of file From b90d5286206c9bf1d387cd944d2c903dd971ef94 Mon Sep 17 00:00:00 2001 From: Nathan Shaw Date: Wed, 31 Aug 2022 14:16:19 -0400 Subject: [PATCH 2/3] ENDOC-567 Apply PR feedback --- vuepress/docs/next/docs/releases/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vuepress/docs/next/docs/releases/README.md b/vuepress/docs/next/docs/releases/README.md index 9129c7ac41..7cd098a11e 100644 --- a/vuepress/docs/next/docs/releases/README.md +++ b/vuepress/docs/next/docs/releases/README.md @@ -18,8 +18,8 @@ Entando 7.1.0 is an important feature release that introduces major changes to t * [Guides for previous versions of Entando](https://entando.com/page/en/compatibility-guide) ## Breaking Changes -* Improvements to the MFE framework in Entando 7.1 rely on loading MFEs as [Javascript modules](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Modules#other_differences_between_modules_and_standard_scripts). Older MFEs may need to be upgraded to avoid the use of SPA-style runtime files which will prevent this from working. - * The latest [Create React App](https://create-react-app.dev/) defaults to this mode so upgrading (e.g. `npx install react-scripts@latest`) may be all that is required. +* Improvements to the MFE framework in Entando 7.1 rely on loading MFEs as [JavaScript modules](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Modules#other_differences_between_modules_and_standard_scripts). Older MFEs may need to be upgraded to avoid the use of SPA-style runtime files which will prevent this from working. + * The latest [Create React App](https://create-react-app.dev/) defaults to this mode, so upgrading (e.g. `npx install react-scripts@latest`) may be all that is required. * Older React apps can be rewired via webpack config overrides using a tool such as [react-app-wired](https://github.com/timarney/react-app-rewired) * This console error can indicate the lack of module support in an MFE: `Uncaught TypeError: Cannot read properties of undefined (reading 'webpackJsonpreactchart')` From 42b20b79a3e280975b4316c83ab53cff26646693 Mon Sep 17 00:00:00 2001 From: Nathan Shaw Date: Thu, 1 Sep 2022 10:46:42 -0400 Subject: [PATCH 3/3] ENDOC-567 Apply PR Feedback --- vuepress/docs/next/docs/releases/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vuepress/docs/next/docs/releases/README.md b/vuepress/docs/next/docs/releases/README.md index 7cd098a11e..cd7282908b 100644 --- a/vuepress/docs/next/docs/releases/README.md +++ b/vuepress/docs/next/docs/releases/README.md @@ -18,7 +18,7 @@ Entando 7.1.0 is an important feature release that introduces major changes to t * [Guides for previous versions of Entando](https://entando.com/page/en/compatibility-guide) ## Breaking Changes -* Improvements to the MFE framework in Entando 7.1 rely on loading MFEs as [JavaScript modules](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Modules#other_differences_between_modules_and_standard_scripts). Older MFEs may need to be upgraded to avoid the use of SPA-style runtime files which will prevent this from working. +* Improvements to the AppBuilder MFE framework in Entando 7.1 rely on loading MFEs as [JavaScript modules](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Modules#other_differences_between_modules_and_standard_scripts). Older widget configuration MFEs may need to be upgraded to avoid the use of SPA-style runtime files which will prevent this from working. * The latest [Create React App](https://create-react-app.dev/) defaults to this mode, so upgrading (e.g. `npx install react-scripts@latest`) may be all that is required. * Older React apps can be rewired via webpack config overrides using a tool such as [react-app-wired](https://github.com/timarney/react-app-rewired) * This console error can indicate the lack of module support in an MFE: `Uncaught TypeError: Cannot read properties of undefined (reading 'webpackJsonpreactchart')`