From d02aebfc93e7bfdb8f27edc0fe5c6e1d0d40f89e Mon Sep 17 00:00:00 2001 From: Bertrand Lorentz Date: Wed, 16 Jul 2025 15:32:45 +0200 Subject: [PATCH 01/13] pom: Update dependency on jackson to 2.18.3 This aligns with the version used in the EFX Toolkit. --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 2e9c120..3a4f266 100644 --- a/pom.xml +++ b/pom.xml @@ -59,7 +59,7 @@ 3.2.2 2.11.0 3.12.0 - 2.15.1 + 2.18.3 4.0.4 0.9.15 5.7.2 From 69d20b0643dfa2b3c09dc6e47378125857a72f11 Mon Sep 17 00:00:00 2001 From: Bertrand Lorentz Date: Wed, 16 Jul 2025 15:34:15 +0200 Subject: [PATCH 02/13] pom: Update dependency on commons-lang3 to version 3.18.0 This brings the fix for a potential vulnerability (CVE-2025-48924). --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 3a4f266..dbeb780 100644 --- a/pom.xml +++ b/pom.xml @@ -58,7 +58,7 @@ 4.13.1 3.2.2 2.11.0 - 3.12.0 + 3.18.0 2.18.3 4.0.4 0.9.15 From 487040098736dc098e95e00f138d387ba8335db9 Mon Sep 17 00:00:00 2001 From: Bertrand Lorentz Date: Wed, 16 Jul 2025 15:40:39 +0200 Subject: [PATCH 03/13] pom: Update dependencies on logback to version 1.5.18 This brings the fix for a potential vulnerability (CVE-2024-12801). --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index dbeb780..dcf5fee 100644 --- a/pom.xml +++ b/pom.xml @@ -63,7 +63,7 @@ 4.0.4 0.9.15 5.7.2 - 1.5.3 + 1.5.18 3.8.6 11.1.3 7.1.1 From 919a199cd4022aad8877f6409b95f03a0acb1039 Mon Sep 17 00:00:00 2001 From: Bertrand Lorentz Date: Thu, 17 Jul 2025 10:45:25 +0200 Subject: [PATCH 04/13] pom: Publish to the new Maven Central Portal Use the new Maven plugin to upload and publish to Maven Central. --- pom.xml | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/pom.xml b/pom.xml index dcf5fee..df3ee46 100644 --- a/pom.xml +++ b/pom.xml @@ -83,7 +83,7 @@ 3.2.1 3.3.0 3.2.5 - 1.6.7 + 0.8.0 @@ -421,9 +421,9 @@ ${version.japicmp.plugin} - org.sonatype.plugins - nexus-staging-maven-plugin - ${version.nexus-staging.plugin} + org.sonatype.central + central-publishing-maven-plugin + ${version.central-publishing.plugin} @@ -561,13 +561,11 @@ - org.sonatype.plugins - nexus-staging-maven-plugin + org.sonatype.central + central-publishing-maven-plugin true - ossrh - https://${sonatype.server.url}/ - true + ossrh From 6ff778462205640eb60a433c687e23086d1eeb34 Mon Sep 17 00:00:00 2001 From: Bertrand Lorentz Date: Thu, 17 Jul 2025 12:25:49 +0200 Subject: [PATCH 05/13] pom: Remove distributionManagement section The URLs might be different with the new Maven Central Portal, so just rely on the default from the central-publishing-maven-plugin. --- pom.xml | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/pom.xml b/pom.xml index df3ee46..8c1b892 100644 --- a/pom.xml +++ b/pom.xml @@ -32,17 +32,6 @@ https://github.com/OP-TED/eforms-core-java.git - - - ossrh - https://${sonatype.server.url}/content/repositories/snapshots - - - ossrh - https://${sonatype.server.url}/service/local/staging/deploy/maven2/ - - - 2024-08-02T09:50:45Z UTF-8 From 1c0c0577ebddf01439f3951f91f444d5a86ab278 Mon Sep 17 00:00:00 2001 From: Bertrand Lorentz Date: Thu, 17 Jul 2025 12:38:58 +0200 Subject: [PATCH 06/13] pom: Publish automatically on Maven Central after upload Publication was also automatic before. --- pom.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/pom.xml b/pom.xml index 8c1b892..4e079e5 100644 --- a/pom.xml +++ b/pom.xml @@ -555,6 +555,7 @@ true ossrh + true From 8f148e4a930c97a56e7aca3d90cbf3d89335b3c1 Mon Sep 17 00:00:00 2001 From: Bertrand Lorentz Date: Thu, 17 Jul 2025 13:25:45 +0200 Subject: [PATCH 07/13] pom: Change server id for publication to Maven Central As OSSRH does not exist anymore, change the server id accordingly. This id is just used to relate the credentials set in publish.yml with the server defined in pom.xml. --- .github/workflows/publish.yml | 2 +- pom.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 40cd64d..04180c7 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -29,7 +29,7 @@ jobs: with: java-version: '11' distribution: 'adopt' - server-id: ossrh + server-id: central server-username: MAVEN_USERNAME server-password: MAVEN_PASSWORD - name: Publish to the Maven Central Repository diff --git a/pom.xml b/pom.xml index 4e079e5..434659a 100644 --- a/pom.xml +++ b/pom.xml @@ -554,7 +554,7 @@ central-publishing-maven-plugin true - ossrh + central true From 3df2c7747d81d80a825fca0f7c18d123d34abf54 Mon Sep 17 00:00:00 2001 From: Bertrand Lorentz Date: Thu, 17 Jul 2025 13:30:43 +0200 Subject: [PATCH 08/13] pom: Update dependency on commons-io to version 2.19.0 This brings the fix for a potential vulnerability (CVE-2024-47554). --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 434659a..c067f16 100644 --- a/pom.xml +++ b/pom.xml @@ -46,7 +46,7 @@ 4.13.1 3.2.2 - 2.11.0 + 2.19.0 3.18.0 2.18.3 4.0.4 From 2ed8b4bb2e8603eadc16de281fb2a543e21230c3 Mon Sep 17 00:00:00 2001 From: Bertrand Lorentz Date: Thu, 17 Jul 2025 13:41:04 +0200 Subject: [PATCH 09/13] pom: Remove unused property --- pom.xml | 2 -- 1 file changed, 2 deletions(-) diff --git a/pom.xml b/pom.xml index c067f16..ebf8886 100644 --- a/pom.xml +++ b/pom.xml @@ -36,8 +36,6 @@ 2024-08-02T09:50:45Z UTF-8 - s01.oss.sonatype.org - 11 ${java.version} From 933744212afefed067af2f95e84ad6c2774da19e Mon Sep 17 00:00:00 2001 From: Ioannis Rousochatzakis Date: Sat, 26 Jul 2025 00:42:41 +0200 Subject: [PATCH 10/13] fix: Update XPathProcessor to correctly handle context predicates --- .../eu/europa/ted/eforms/xpath/XPathProcessor.java | 11 +++++++---- .../europa/ted/eforms/xpath/XPathProcessorTest.java | 4 ++-- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/src/main/java/eu/europa/ted/eforms/xpath/XPathProcessor.java b/src/main/java/eu/europa/ted/eforms/xpath/XPathProcessor.java index e6e92be..fa6ef4b 100644 --- a/src/main/java/eu/europa/ted/eforms/xpath/XPathProcessor.java +++ b/src/main/java/eu/europa/ted/eforms/xpath/XPathProcessor.java @@ -76,17 +76,20 @@ private static String getContextualizedXpath(Queue contextQueue, // we want to use a dot step with the predicate of the path. if (!contextQueue.isEmpty() && !pathQueue.isEmpty() && pathQueue.peek().isSameAsOrNarrowerThan(contextQueue.peek())) { - contextQueue.poll(); // consume the same step from the contextQueue + // Consume the same step from the contextQueue and get its predicates + List contextPredicates = contextQueue.poll().getPredicates(); + // Keep only the predicates that are not in the context. + String pathPredicates = pathQueue.poll().getPredicates().stream().filter(p -> !contextPredicates.contains(p)).collect(Collectors.joining("")); if (contextQueue.isEmpty()) { // Since there are no more steps in the contextQueue, the relative xpath should // start with a dot step to provide a context for the predicate. - relativeXpath += "." + pathQueue.poll().getPredicateText(); + relativeXpath += "." + pathPredicates; } else { // Since there are more steps in the contextQueue which we will need to navigate back to, - // using back-steps, we will use a back-step to provide context of the predicate. + // using back-steps, we will use a back-step to provide context for the predicate. // This avoids an output that looks like ../.[predicate] which is valid but silly. contextQueue.poll(); // consume the step from the contextQueue - relativeXpath += ".." + pathQueue.poll().getPredicateText(); + relativeXpath += ".." + pathPredicates; } } diff --git a/src/test/java/eu/europa/ted/eforms/xpath/XPathProcessorTest.java b/src/test/java/eu/europa/ted/eforms/xpath/XPathProcessorTest.java index 0ea12c1..dd62236 100644 --- a/src/test/java/eu/europa/ted/eforms/xpath/XPathProcessorTest.java +++ b/src/test/java/eu/europa/ted/eforms/xpath/XPathProcessorTest.java @@ -65,7 +65,7 @@ void testIdentical() { @Test void testIdentical_WithPredicates() { - assertEquals(".[d = e][f = g]", contextualize("/a/b/c[d = e]", "/a/b/c[d = e][f = g]")); + assertEquals(".[f = g]", contextualize("/a/b/c[d = e]", "/a/b/c[d = e][f = g]")); } @Test @@ -181,7 +181,7 @@ void testPredicateDifferent() { @Test void testPredicateMoreInXpath() { - assertEquals("..[e][f]/c/d", contextualize("/a/b[e]/c", "/a/b[e][f]/c/d")); + assertEquals("..[f]/c/d", contextualize("/a/b[e]/c", "/a/b[e][f]/c/d")); } @Test From ebe008b814e2941d8b2c6bb70c6514b3e2d9be7d Mon Sep 17 00:00:00 2001 From: Ioannis Rousochatzakis Date: Sat, 26 Jul 2025 00:46:42 +0200 Subject: [PATCH 11/13] Update release notes for eForms Core Library 1.5.0 --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b71fd51..c27169f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,10 +1,10 @@ -# eForms Core Library 1.4.0 Release Notes +# eForms Core Library 1.5.0 Release Notes The eForms Core Library is a collection of utilities that are used by our sample applications as well as the EFX Toolkit for Java Developers. ## In this release -This release adds the option to indicate a qualifier for SDK components. If there are 2 or more classes that have an @SdkComponent annotation with the same version and component type, this allows you to differentiate them and load the component with the matching qualifier. +This release fixes an issue in the XPathProcessor that could cause a redundant predicate production when contextualising XPaths with multiple predicates. The versions of various dependencies was updated: ANTLR 4.13.1, JAXB 4.0.4, logback 1.5.3, ph-genericode 7.1.1. From dc8f377485a542f835152454922ad56a1f1980cf Mon Sep 17 00:00:00 2001 From: Bertrand Lorentz Date: Mon, 28 Jul 2025 09:25:45 +0200 Subject: [PATCH 12/13] CHANGELOG: Update with correct dependency version changes --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c27169f..d4632fe 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,7 @@ The eForms Core Library is a collection of utilities that are used by our sample This release fixes an issue in the XPathProcessor that could cause a redundant predicate production when contextualising XPaths with multiple predicates. -The versions of various dependencies was updated: ANTLR 4.13.1, JAXB 4.0.4, logback 1.5.3, ph-genericode 7.1.1. +The versions of various dependencies was updated: Apache Commons IO 2.19.0, Apache Commons Lang 3.18.0, Jackson 2.18.3, logback 1.5.18. ## Download From acbe461d2cb9f174b031519e15a786ad79acbd97 Mon Sep 17 00:00:00 2001 From: Ioannis Rousochatzakis Date: Tue, 29 Jul 2025 00:39:00 +0200 Subject: [PATCH 13/13] fix: Update version from 1.5.0-SNAPSHOT to 1.5.0 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index ebf8886..2ec8943 100644 --- a/pom.xml +++ b/pom.xml @@ -3,7 +3,7 @@ eu.europa.ted.eforms eforms-core-java - 1.5.0-SNAPSHOT + 1.5.0 eForms Core Library API and tools for eForms applications.