Changelog for
xmlgraphics-batik-css-1.17-1.2.noarch.rpm :
* Fri Mar 01 2024 Fridrich Strba
- Upgrade to version 1.17
* BATIK-1346: Allow configuration of rhino whitelist
* BATIK-1347: Switch to empty whitelist for rhino (CVE-2022-44730)
* BATIK-1349: Block loading external resource by default (CVE-2022-44729)- Upgrade to version 1.16
* Java 8 or later is minimum runtime required
* BATIK-1338: Block loading jar inside svg (CVE-2022-41704, bsc#1204704)
* BATIK-1345: Restrict what java classes can be run thru rhino (CVE-2022-42890, bsc#1204709)- Removed patch:
* xmlgraphics-batik-nosourcetarget.patch + not needed since Java 8 compatibility is now the default
* Thu Feb 29 2024 Fridrich Strba - Allow building with this spec-file on systems that don\'t have the mvn_install_pom macros defined and release version requirement of javapackages-local- Require the xmlgraphics-commons, xml-commons-apis a rhino by their names, since they are on the classpath by their location in the scripts. Require them in the subpackages that contain the scripts.- Require javapackages-tools in subpackages that contain scripts created by jpackage_script macro. The scripts need functions from javapackages-tools
* Wed Feb 21 2024 Gus Kenion - Use %patch -P N instead of deprecated %patchN.
* Wed Oct 25 2023 Fridrich Strba - Build with source and target levels 8- Added patch:
* xmlgraphics-batik-nosourcetarget.patch + do not hardcode source/target 1.7
* Wed Jun 28 2023 Fridrich Strba - Remove the optional dependency on jython
* fixes new build cycles
* Fri Sep 23 2022 Fridrich Strba - Upgrade to version 1.15
* BATIK-1260: Java 11 module error
* BATIK-1321: Remove Xerces
* BATIK-1299: Batik-all jar has all classes so should not pull other jars also
* BATIK-1329: Remove xalan
* BATIK-1331, bsc#1203674, CVE-2022-38398: Jar url should be blocked by DefaultExternalResourceSecurity
* BATIK-1333, bsc#1203673, CVE-2022-38648: Block external resource before calling fop
* BATIK-1335, bsc#1203672, CVE-2022-40146: Jar url should be blocked by DefaultScriptSecurity
* Sun Mar 20 2022 Fridrich Strba - Build with source/target levels 8
* Tue Feb 02 2021 Jan Engelhardt - Set buildshell to bash for \"<<<\".
* Sun Jan 24 2021 Fridrich Strba - Upgrade to version 1.14
* Fixes bsc#1182748, CVE-2020-11987
* BATIK-1284: Dont load DTDs in NodePickerPanel
* BATIK-1292: Remove console message \"About to transcoder source of type: ...\"
* Tue Jun 16 2020 Fridrich Strba - Upgrade to version 1.13
* Fixes bsc#1172961, CVE-2019-17566
* BATIK-1276: Allow blocking of external resources
* BATIK-1275: Refactor shared resources.