1.6.14

We are happy to announce the fourteenth bug fix release of the 1.6 series.

Hibernate ORM 6 integration fixes

Thanks to Rustam Sultansoy, another Hibernate ORM 6 integration issue
was fixed in this release which, prevented application with embeddables inside element collections to start up.

Various bug fixes

Take a look into the changelog for a full list of changes and improvements.

Enjoy the release and stay tuned for the next one!

1.6.13

We are happy to announce the thirteenth bug fix release of the 1.6 series.

Hibernate ORM 6.6 compatibility fixes

Users reported problems with Hibernate ORM 6.6 in Spring and Quarkus applications which were solved in this release.

JSON_GET enhancement

The JSON_GET() function was enhanced to support passing a JSON path literal and parameters.

Various bug fixes

Take a look into the changelog for a full list of changes and improvements.

Enjoy the release and stay tuned for the next one!

1.6.12

We are happy to announce the twelfth bug fix release of the 1.6 series.

Hibernate ORM 6.6 compatibility

So far, the Hibernate ORM 6 integration was tested against Hibernate ORM 6.4.
The CI was now updated to also test against ORM 6.5 and 6.6.

Spring Data 3.3 integration

Thanks to Eugen Mayer and Andrius Juozapaitis there is now
a new integration module for Spring Data 3.3.

Concurrency issue in Entity View Updater initialization

When Entity View Updaters are created concurrently where one depends on another, there is the possibility of a
NullPointerException which was now fixed.

Various bug fixes

Take a look into the changelog for a full list of changes and improvements.

Enjoy the release and stay tuned for the next one!

1.6.11

We are happy to announce the eleventh bug fix release of the 1.6 series.

Hibernate ORM 6.4 compatibility

So far, the Hibernate ORM 6 integration was tested against Hibernate ORM 6.4.0.CR1.
The integration was adapted due to a slight change in 6.4.0.Final,
which unfortunately prevented the use of Blaze-Persistence with that version.

Spring Framework 6.1 compatibility

Spring Framework 6.1 apparently removed methods that were previously marked as deprecated, which our Spring Data integration unfortunately was still using. This was causing NoSuchMethodError to be thrown, but is now fixed.

Security fix for Spring Data integration

This release contains a fix for a security issue in the Spring Data integration which was recently reported by Nelson Neto.
Since every version of Blaze-Persistence is affected, every user of the Spring Data integration is strongly advised to update immediately.
The issue could potentially lead to a data leak. There is no known reproducer or attack yet, but know that this is a high severity issue.

In short, the problem is that Sort.Order is assumed to be safe, but it is usually untrusted user input,
usually being parsed by the Spring Data WebMvc/WebFlux integration from a query parameter.

Any Spring Data repository method is affected that:

• accepts a Sort parameter directly, or indirectly through Pageable/PageRequest or KeysetPageable/KeysetPageRequest
• Returns an entity view type explicitly or through a dynamic projection

Calling such repository methods with untrusted Sort inputs allows for JPQL.next injection,
which ultimately is SQL injection.

Regular Spring Data JPA repositories only allow sorting by attribute paths relative to the query root,
which is ensured by construction i.e. Spring Data JPA tries to find attributes based on the entity metamodel.

Entity view based Spring Data repositories allow sorting by entity view attribute paths and
additionally also allow to sort by entity attribute paths. Until Blaze-Persistence 1.6.11
entity attribute paths were not validated to be relative to the query root.
In fact, any valid JPQL.next expression was accepted, which essentially leads to a SQL injection vulnerability.

If updating to the latest version of Blaze-Persistence is not possible for some reason,
the security issue can be mitigated by validating the Sort e.g.

Pattern validCharsPattern = Pattern.compile("[\\w.]+");
for (Sort.Order order : sort) {
    if (!validCharsPattern.matcher(order.getProperty()).matches()) {
        throw new IllegalArgumentException("Attempted SQL injection");
    }
}

Various bug fixes

Take a look into the changelog for a full list of changes and improvements.

Enjoy the release and stay tuned for the next one!

1.6.10

We are happy to announce the tenth bug fix release of the 1.6 series.

Hibernate ORM 6.3 and 6.4 support

The Hibernate 6.2 integration now also supports Hibernate ORM 6.3 and 6.4.
During testing we uncovered some bugs in Hibernate ORM which have been reported and will be fixed in the upcoming releases.

Java 21 support

Since Java 21 will be the next LTS release, we decided that ensuring that version works is vital and made sure it works by regularly testing with this version on CI.

Various bug fixes

As always, this release comes with quite a few bug fixes, so we recommend you update soon!

Take a look into the changelog for a full list of changes and improvements.

Enjoy the release and stay tuned for the next one!

1.6.9

We are happy to announce the ninth bug fix release of the 1.6 series.

Hibernate 6.2 support

Hibernate 6.2 was not really backwards compatible to 6.1 with respect to our integration, so we had the need for a new integration.
We uncovered quite a few bugs during testing of Hibernate 6 and only as of Hibernate 6.2.5.Final,
enough bugs were fixed so that we could comfortably call our integration production ready.
This and the fact that only Hibernate 6.2+ is maintained at this point drove us to the decision to drop the old hibernate-6 integration module
and instead create a new module blaze-persistence-integration-hibernate-6.2.
When updating to Blaze-Persistence 1.6.9 and replacing the integration dependency, don't forget to also update your Hibernate version to at least 6.2.5.Final.

Spring Framework 6 / Boot 3.1 support

A big thank you goes out to Eugen Mayer who worked hard on the new Spring integration.
Why no support for Spring Boot 3.0 you ask? Because that still depends on Hibernate 6.1 and we do not want to publish an integration for that version.
Everyone is encouraged to update to 3.1 directly which supports Hibernate 6.2, though at this point you also have to bump the Hibernate version to at least 6.2.5.Final.
At the time of writing, there is no Spring release yet that includes the new Hibernate version.

Note that there are new integration artifacts:

• blaze-persistence-integration-entity-view-spring-6.0 - Scanning support for Spring Framework 6+
• blaze-persistence-integration-spring-data-3.1 - Support for Spring Data 3.1+
• blaze-persistence-integration-spring-data-webmvc-jakarta - Support for Spring WebMvc 3.1+
• blaze-persistence-integration-spring-hateoas-webmvc-jakarta - Support for Spring HATEOAS 2+

Quarkus 3.1 support

This release introduces a new integration blaze-persistence-integration-quarkus-3 which supports Quarkus 3.1.1+.
Quarkus 3.1.2+ will ship with Hibernate 6.2.5+, but if you want to work with Quarkus 3.1.1 for now,
you will have to manually update the Hibernate version to 6.2.5.Final in you dependencies.

GraphQL enhancements

Two new Netflix DGS integrations have been added. One for DGS version 5.5 - 6.x (blaze-persistence-integration-graphql-dgs) and one for version 7.x+ (blaze-persistence-integration-graphql-dgs-7.0).
DGS 7.x+ is for Spring Boot 3.x+ only, so we had to create separate integrations, due to the Jakarta namespace rename that happened in Spring Boot 3.
It is important to note though that the DGS integration now comes with support for updatable entity views as mutations out of the box!

Various bug fixes

As always, this release comes with quite a few bug fixes, so we recommend you update soon!

Take a look into the changelog for a full list of changes and improvements.

Enjoy the release and stay tuned for the next one!

1.6.8

We are happy to announce the eighth bug fix release of the 1.6 series.

GraphQL enhancements

The GraphQL integration was significantly enhanced and now properly interprets various non-null, ignore and naming annotations.
It also supports exposing getters as GraphQL fields, which are unknown to Entity Views.

Spring Data enhancements

After a few reports about boot errors with the Spring Data integrations for 2.5 and 2.6,
saying that some methods weren't implemented, after updating to a newer Spring Data bugfix version,
we decided to create dedicated integration modules for every Spring Data version and try to keep up to date
with the latest bug fix versions from now on, to avoid these issues in the future.

Various bug fixes

As always, this release comes with quite a few bug fixes, so we recommend you update soon!

Take a look into the changelog for a full list of changes and improvements.

Enjoy the release and stay tuned for the next one!

1.6.7

We are happy to announce the seventh bug fix release of the 1.6 series.

Hibernate 6 support

The long awaited Hibernate 6 integration is finally finished. It took longer than anticipated for various reasons.
Hibernate 6 changed quite a lot under the hood, and since Blaze-Persistence integrates so deeply with it,
it ran into a lot of the early regressions which first had to be fixed in Hibernate 6.

With Hibernate 6.1.1.Final being released, we were finally able to also release the Hibernate 6 integration,
as that version has all the fixes and SPIs needed for Blaze-Persistence to work again.

New Spring Data integrations

After a few reports about boot errors with the Spring Data integrations for 2.5 and 2.6,
saying that some methods weren't implemented, after updating to a newer Spring Data bugfix version,
we decided to create dedicated integration modules for every Spring Data version and try to keep up to date
with the latest bug fix versions from now on, to avoid these issues in the future.

In addition to that, we also added an integration for Spring Data 2.7.

If you have been using the Spring Data 2.4 integration previously on Spring Data 2.5, 2.6 or 2.7,
please switch to the new integration modules for the respective versions.

New Java version support

The previous version already worked with Java 16 and 17, but now we also added proper continuous integration
matrix entries for Java 16, 17, 18 and 19-EA to make sure everything still works fine with the latest JDKs.

Various bug fixes

Apart from the new integrations, this release comes with quite a few bug fixes in the QueryDSL integration,
as well as one parsing issue where the multiplication operator has higher precedence than the division operator.
We highly advise updating to this latest version to avoid running into this nasty parser bug.

Take a look into the changelog for a full list of changes and improvements.

Enjoy the release and stay tuned for the next one!

1.6.6

We are happy to announce the sixth bug fix release of the 1.6 series.

Quarkus integration with Hibernate 5.6 native image fixes

In the last release we introduced a dedicated integration module for Hibernate 5.6 because version 5.6.2.Final changed some SPIs that we relied on in a way that required a new integration module.
Due to earlier test failures because of the Hibernate version update in Quarkus latest, we didn't immediately realize that there was an issue with the reflection registration in native mode with the new integration.

This release fixes the missing reflection registrations in the Quarkus integration.

Spring Boot/Data 2.6 and HATEOAS

Thanks to Gilles Robert for making us aware of the fact that Spring Boot 2.6 updated the Spring HATEOAS version, which came with some changes that needed adaptions in the integration.
While fixing the issue for the Spring HATEOAS integration, we also made sure to add a test profile for Spring Boot/Data 2.6 and can now say with confidence, that version 2.6 is supported.

Blaze-Persistence coming to Apiman

Marc Savy announced within a bug report that the next version of the Apiman project will switch from the JPA Criteria API to Blaze-Persistence for some queries.
From what I understand, the great support for keyset pagination and the fluent API which makes queries understandable for a wider audience are the major driving factors for this decision.

With this release, the blocker issue Marc ran into was fixed and so we welcome the Apiman team to the Blaze-Persistence community!

Take a look into the changelog for a full list of changes and improvements.

Enjoy the release and stay tuned for the next one!

1.6.5

We are happy to announce the fifth bug fix release of the 1.6 series.

Hibernate 5.6.2.Final+ support

Hibernate ORM 5.6.2.Final unfortunately changed SPIs in a backwards incompatible way which was only fixed with the recently released version 5.6.4.Final.
To leverage the new SPI methods we had to create a new integration module specific for Hibernate 5.6 though.

So with this version, Blaze-Persistence now also comes with explicit integration modules for 5.5 and 5.6:

<dependency>
    <groupId>com.blazebit</groupId>
    <artifactId>blaze-persistence-integration-hibernate-5.5-jakarta</artifactId>
    <version>1.6.5</version>
</dependency>
<dependency>
    <groupId>com.blazebit</groupId>
    <artifactId>blaze-persistence-integration-hibernate-5.6-jakarta</artifactId>
    <version>1.6.5</version>
</dependency>

or if you are still working with Java EE APIs:

<dependency>
    <groupId>com.blazebit</groupId>
    <artifactId>blaze-persistence-integration-hibernate-5.5</artifactId>
    <version>1.6.5</version>
</dependency>
<dependency>
    <groupId>com.blazebit</groupId>
    <artifactId>blaze-persistence-integration-hibernate-5.6</artifactId>
    <version>1.6.5</version>
</dependency>

If you were using the 5.3 or 5.4 integration so far for Hibernate 5.5 or 5.6 we would like to ask you to switch to the respective integration module to avoid running into issues.

Quarkus improvements/fixes

Thanks to Guillaume Smet for helping us fix issues with the Quarkus metadata in our integration which prevented using the Quarkus Dev UI with the Blaze-Persistence integration.

While working on that and verifying everything works smoothly, we also added support for firing a CriteriaBuilderConfiguration CDI event on application start and documented this new way of customizing Blaze-Persistence within the Quarkus documentation.

Take a look into the changelog for a full list of changes and improvements.

Enjoy the release and stay tuned for the next one!