Play1.2.4+ release notes

Play 1.2.4 — Release notes

You can read about the bugs fixed in Play 1.2.4 on the road map page. This page highlights the most important changes.

Support for Java 7

Play now supports Java 7 out-of-the-box, so you can write the following code without any problems.

Map<String, List<String>> map = new HashMap<>();
String version = "1.2.4";
switch(version) {
	 case "1.2.4":
	    //code
	    break;
	  case "1.2.3":
	    //code
	    break;
	  case "1.2.2":
	    //code
	  default:
	    //code
	    break;
}

New binder implementation

The new binder implementation is more flexible and allows easy mapping from jQuery to Play. It is also possible to map more complex objects using this new implementation.

Latest WebSocket support

Play now supports the latest draft WebSocket specification, namely hybi-00 to hybi-10. Please refer to the WebSocket specification for more information.

Support for composite IDs

Fixtures now supports Composite IDs. The following annotations are also supported on your model and directly from the fixtures: @IdClass, @EmbeddedId. Please refer to the Hibernate documentation for more information.

Better IntelliJ support

The play idealize command now creates a complete IntelliJ project. You can directly open your Play project from IntelliJ.

Other improvements

There are also a number of small improvements, as well as 86 fixed bugs.

Play 1.2.5 — Release notes

The changes in this release are listed in the Play 1.2.5 milestone on Lighthouse, including 121 resolved tickets. The most important changes are:

• fixed multiple continuations/await bugs
• fixed multiple hibernate related issues
• security fix for hash-colission-atack
• JNDI DataSource under Glassfish 3
• improved chunked transfer/streaming support
• upgraded to hibernate 3.6.10
• upgraded to netty-3.4.2.Final
• web socket support for all browsers
• all libraries upgraded.

Play 1.2.6 — Release notes

• Fixed session injection vulnerability

       Description 

        A vulnerability has been found in Play’s session encoding. 


        An attacker may inject arbitrary data into a session, by tricking Play to place a specially crafted value containing null bytes into the Play session. 


        Impact 
        Any application that places user input data into Play’s stateless session mechanism may be vulnerable. 


        Typically, this will impact applications that store the username in the session for authentication purposes, and will allow an attacker to identify themselves as another user. 

Play 1.2.7 — Release notes

• Fixed broken flash scope

        Data stored in the flash scope can become persistent 


        Reproduction steps: 
        1. put something to flash with arbitrary key (i.e. “warning”) in interceptor (or index page); 
        2. put success or error message to flash in other action (i.e. “add”) and redirect to index page; 
        3. reload index page for multiple times and see that success and error messages in the flash scope are stored. 

转载于:https://my.oschina.net/conanxke/blog/208125