Eclipse Lyo 5.0.0

5.0.0

Description

Added

  • LyoStore: Providing a system property OSLC4JUtils.hasLyoStorePagingPreciseLimit() to allow the application to check whether query paging should return an exact number of elements in a paged query, or not (OSLC4JConstants.LYO_STORE_PAGING_PRECISE_LIMIT).
  • SRI hashes for JS libraries.

Changed

  • Addresses a security vulnerability (CVE-2021-41042), which could lead to external resource loading using a maliciously crafted RDF/XML input.
  • Lyo is now built using JDK 11
  • Jena is upgraded to 4.5.0 (addresses CVE-2022-28890)
  • Jena renamed RDFReader/RDFWriter to RDFReaderI/RDFWriterI
  • TRS now uses BigInteger instead of 32-bit ints for trs:order properties, in line with the spec.
  • LyoStore: Ordering resources by their subject IDs when doing a query to store. This ordering can be disabled with a call to OSLC4JUtils.setLyoStorePagingUnsafe(true)
  • LyoStore: OSLC4JUtils.hasLyoStorePagingPreciseLimit() will return true by default. Call OSLC4JUtils.setLyoStorePagingPreciseLimit(false) to restore the old behavior.
  • oslc4j-json4j-provider uses wink-json4j version 1.4 instead of 1.2.1-incubating.
  • -oauth - allow for the possibility to set the official servlet URL for all oauth requests being made. This is important to set correctly to compute the digital signature.
  • OslcQueryResult will now rethrow any encountered exceptions wrapped in a LyoModelException instead of throwing a blanked IllegalStateException.

Deprecated

  • IQueryGenerator is deprecated and will be removed in Lyo 6

Removed

  • Support for JDK 8 was removed
  • oslc-java-client was removed
  • lyo-validation temporarily removed from the build
  • oslc4j-wink was removed
  • oslc4j-registry was removed
  • Store support for direct TDB1 backend was removed. You can still create a SPARQL query executor over an in-mem TDB1 dataset: new DatasetQueryExecutorImpl(TDBFactory.createDataset()).
  • TrsUtil.historyDataToChangeEvent (deprecated since 4.0) was removed and replaced with changeEventToHistoryData. Despite the name, the historyDataToChangeEvent was doing round-tripping between HistoryData and ChangeEvent in both directions.

Fixed

  • Stack traces are no longer printed from OAuth services.

 

See the rest of the notes under https://github.com/eclipse/lyo/blob/master/CHANGELOG.md

Conforms To UI/UX Guidelines
Not verified