What's New With 6.x
Version 6.x release notes for the Ortus ORM Extension
6.5.2 - 2024-02-21
🐛 Fixed
6.5.1 - 2024-02-20
🐛 Fixed
Fixes empty string values coercing to
NULL
when no property type is declared. - Resolves OOE-25, introduced in 6.5.0.
6.5.0 - 2024-02-16
🐛 Fixed
Fixes an incorrect property name lookup for the
unsavedValue
persistent property attribute.Fixes the pre-event listeners to ignore empty strings in entity state properties if the field type is one of
string
,character
, ortext
. This resolves issues where apreInsert()
orpreUpdate()
throws a "can't cast [] to date value" when processing event listeners if a date field (for example) is unpopulated or has an emptydefault
attribute.
♻️ Changed
Add the entity name to the exception message when attempting to persist changes from preInsert
or preUpdate
event listeners. The updated exception message is now:
Error populating event state for persistance in [<entity name>] entity pre-event listener method: <error message from Hibernate>
🔐 Security
Bump Lucee build dependency to 5.4.4.38
to avoid vulnerable dependencies in the build process.
6.4.0 - 2023-12-05
🔐 Security
Resolve an Uncontrolled Resource Consumption vulnerability disclosed on 12/4/2023 by upgrading logback-core
to 1.3.14
. See vulnerability details.
⭐ Added
New ORMQueryExecute()
alias for the ORMExecuteQuery
. This new alias behaves identically to the ORMExecuteQuery()
method, but is named consistently with the queryExecute()
method.
🐛 Fixed
Fixes custom configuration support via
this.ormSettings.ormConfig
.Fixes named argument support for
entityLoad()
- LDEV-4285Fixes named argument support for
entityLoadByPK()
- LDEV-4461
♻️ Changed
While not technically a change in ORM functionality, the useDBforMapping
implementation has been greatly improved "under the hood", with tests to boot.
6.3.2 - 2023-09-29
🐛 Fixed
Fixed pre-event listeners to include parent component properties when checking for entity mutations to persist back to the event entity state. This resolves issues with changes made in preInsert()
/preUpdate()
not persisting if the changes are made on a persistent property from a parent component. Resolves OOE-14.
6.3.1 - 2023-09-26
🐛 Fixed
Refactored nullability checks to occur after pre-event listener methods fire. Resolves OOE-12
⭐ Added
Added context to the error message in CFCGetter
, which handles retrieving entity values from Hibernate code. This improves odd error messages in some edge cases with the Hibernate tuplizer.
6.3.0 - 2023-08-18
🔐 Security
Switched the EHCache library to use net.sf.ehcache.internal:ehcache-core.
Upgrades EHCache version from
2.10.6
to2.10.9.2
.Drops an embedded
rest-management-private-classpath
directoryDrops a number of (unused) vulnerable jackson and jetty libraries such as jackson-core.
As an added bonus, this reduces the final
.lex
extension file size by over 6 MB. 🎉
Note: While it is not 100% clear, some of these CVEs may have been false positives.
6.2.0 - 2023-08-03
♻️ Changed
Hibernate Upgraded from 5.4 to 5.6
This brings the Hibernate dependencies up to date (released Feb. 2023), and should not change any CFML-facing features for most users. (See CLOB columns in Postgres81)
See the migration guides for more info:
CLOB columns in Postgres81
Due to the Hibernate 5.6 upgrade, if you are using the PostgreSQL81
dialect and have CLOB
columns in your database, it is recommended you migrate existing text columns for LOBs to oid
.
Default EHCache Configuration
The default ehcache.xml
for EHCache changed to include clearOnFlush="true"
and diskSpoolBufferSizeMB="30MB"
properties to match Adobe ColdFusion 9's default ehCache.xml
config. Both these values represent default settings in EHCache itself.
🐛 Fixed
Fixes handling of
"timezone"
-typed column values. Previously, fields defined withormtype="timezone"
would neither use thedefault
value nor allow new values to be set. OOE-10Fixes entity state changes in
preInsert()
/preUpdate()
listeners for properties with nodefault
defined. OOE-9
6.1.0 - 2023-07-14
♻️ Changed
Lots of java source code cleanup that won't affect the CFML experience, but will aid in faster development and fewer bugs.
🐛Fixed
Any hibernate exceptions returned during schema generation are once again logged to the Lucee ORM log file.
💥 Removed
Dropped the public method from the Dialect class. This method was unused (to my knowledge) and unnecessary.
🔐 Security
Switched to Snyk vulnerability scanner to limit false positives. Security vulnerabilities will now be published on the GitHub repository's Security Advisories page.
Bumped Lucee dependency to to remove vulnerability notices on org.apache.tika:tika-core and commons-net:commons-net. These vulnerabilities are only theoretical, since Lucee is a dependency and not bundled with the extension.
6.0.0 - 2023-07-01
⭐ Added
Second-Level Caching
The extension will now throw an error if you try to configure an unsupported cache provider like , , etc. Previously, the extension would silently switch to ehcache if any cache provider besides EHCache was configured.
Hibernate Logging
This version re-enables Hibernate logging via SLF4j and LogBack. Hibernate root and cache loggers are defaulted to level, while SQL logging is set to if is enabled. (Set to .)
OWASP Dependency CVE Scans
The extension GitHub Release page now generates a dependency CVE report via Jeremy Long's OWASP dependency-check maven plugin. Any known CVEs contained in dependencies ( excluding and -scoped dependencies) will be noted in each release's CVE report artifact.
♻️ Changed
New Repo Layout
Java source moved to
All java classes are now under the package
Dropped the java source format-on-push in favor of format-on-save IDE tooling
New Test Layout
Internal tests rewritten to native Testbox specs
Cloned all ORM tests from the Lucee repository
Updated to TestBox 5.0
New Build (and .jar file) Layout
We re-architected the build to inline most dependencies. I.e. we no longer copy in extension dependencies as (custom-built) OSGI bundles, but instead as compiled classes.
This resolves intermittent issues with bundle resolution and/or duplicate bundle collision upon installing the ORM extension into a Lucee server prior to uninstalling the Lucee Hibernate extension.
This also removes a number of direct dependencies on custom OSGI bundles, thus it is more reliable and will offer easier dependency upgrades with less pain.
Other
The attribute is deprecated in Hibernate 5.x, and is no longer generated on HBM/XML mapping files to avoid Hibernate warning that Use of DOM4J entity-mode is considered deprecated.
🐛Fixed
The definition file for all built-ins was missed during the conversion to a Maven build. (Since v5.4.29.25). This caused the and built-in method calls to be picked up by Lucee core before being routed to this extension. No known errors resulted from this mistake, but we feel embarrassed anyway. 😅
Clear ORM context data once per ORM reload, not once per ORM entity parsing. This should improve ORM startup/reload time and avoid difficult session or cache manager lifecycle issues.
Last updated