...
- Disabled serialization and deserialization of dynamic proxies
- Disabled deserialization of external entities in XML files
- Disabled spring's Expression Language support
Who is this release meant for?
Anyone running OpenMRS Platform (1.9.0 and later)
Anyone running OpenMRS Reference Application 2.0, 2.1, 2.2, 2.3
| Warning |
|---|
If you are running serialization.xstream or metadata sharing or reporting module, they expose some security risks too, so you're strongly recommended to upgrade them to the versions below: Serialization.xstream 0.2.10 or later Metadata sharing 1.1.10 or later Reporting 0.9.8.1 or later |
Who is this release meant for?
...
later |
...
Community Input
A huge thanks to the people that contributed code to this release, not to mention all the people that contributed in countless other ways to support this release and be a great part of the shaping it and the whole infrastructure team!
...