# Description of Changes
- **What was changed:**
- Renamed top-level directories: `stirling-pdf` → `app/core`, `common` →
`app/common`, `proprietary` → `app/proprietary`.
- Updated all path references in `.gitattributes`, GitHub workflows
(`.github/workflows/*`), scripts (`.github/scripts/*`), `.gitignore`,
Dockerfiles, license files, and template settings to reflect the new
structure.
- Added a new CI job `check-generateOpenApiDocs` to generate and upload
OpenAPI documentation.
- Removed redundant `@Autowired` annotations from `TempFileShutdownHook`
and `UnlockPDFFormsController`.
- Minor formatting and comment adjustments in YAML templates and
resource files.
- **Why the change was made:**
- To introduce a clear `app/` directory hierarchy for core, common, and
proprietary modules, improving organization and maintainability.
- To ensure continuous integration and Docker builds continue to work
seamlessly with the reorganized structure.
- To automate OpenAPI documentation generation as part of the CI
pipeline.
---
## Checklist
### General
- [x] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [x] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md)
(if applicable)
- [ ] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md)
(if applicable)
- [x] I have performed a self-review of my own code
- [x] My changes generate no new warnings
### Documentation
- [ ] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)
### UI Changes (if applicable)
- [ ] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)
### Testing (if applicable)
- [ ] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing)
for more details.
Bumps
[com.unboundid.product.scim2:scim2-sdk-client](https://github.com/pingidentity/scim2)
from 2.3.5 to 4.0.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pingidentity/scim2/blob/master/CHANGELOG.md">com.unboundid.product.scim2:scim2-sdk-client's
changelog</a>.</em></p>
<blockquote>
<h2>v4.0.0 - 2025-Jun-10</h2>
<p>Removed support for Java 11. The UnboundID SCIM 2 SDK now requires
Java 17 or a later release.</p>
<p>Updated the following dependencies:</p>
<ul>
<li>Jackson: 2.18.3</li>
<li>Jakarta RS: 4.0.0</li>
<li>Jersey: 3.1.10</li>
</ul>
<p>Updated the default behavior for ADD patch requests with value
filters (e.g.,
<code>emails[type eq "work"].display</code>). The SCIM SDK
will now target existing values within the
multi-valued attribute. For more background on this type of patch
request, see the release notes for
the 3.2.0 release where this was introduced (but not made the default).
To restore the old behavior,
set the following property in your application:</p>
<pre><code>PatchOperation.APPEND_NEW_PATCH_VALUES_PROPERTY = true;
</code></pre>
<p>Updated <code>SearchRequestBuilder</code> to be more permissive of
ListResponses with non-standard attribute
casing (e.g., if a response includes a
<code>"resources"</code> array instead of
<code>"Resources"</code>).</p>
<p>Updated the class-level documentation of <code>SearchRequest</code>
to provide more background about how
searches are performed in the SCIM standard.</p>
<p>Added a new property that allows ignoring unknown fields when
converting JSON text to Java objects
that inherit from <code>BaseScimResource</code>. This behaves similarly
to the <code>FAIL_ON_UNKNOWN_PROPERTIES</code>
setting from the Jackson library, and allows for easier integration with
SCIM service providers
that include additional non-standard data in their responses. To enable
this setting, set the
following property in your application code:</p>
<pre><code>BaseScimResource.IGNORE_UNKNOWN_FIELDS = true;
</code></pre>
<p>Fixed an issue with methods that interface with schema extensions
such as
<code>BaseScimResource.getExtensionValues(String)</code>. These accepted
paths as a string, but previously
performed updates to the extension data incorrectly.</p>
<p>Simplified the implementation of the StaticUtils#toLowerCase method.
This had an optimization for
Java versions before JDK 9 that was especially beneficial for the most
common case of handling ASCII
characters. Since JDK 9, however, the String class has been updated so
that the class is backed by a
byte array as opposed to a character array, so it is more optimal to use
the JDK's implementation
directly while handling null values.</p>
<p>Previous releases of the SCIM SDK set many classes as
<code>final</code> to encourage applications to follow
strict compliance to the SCIM standard. However, this also makes it
difficult to integrate with
services that violate the standard. An example of this is a SCIM error
response that contains extra
fields in the JSON body. To help accommodate these integrations, the
SCIM SDK has been updated so
that several model classes are no longer <code>final</code>, allowing
applications to <code>extend</code> them if needed.
The following classes were updated:</p>
<ul>
<li>scim2-sdk-client builder classes such as
<code>CreateRequestBuilder.java</code></li>
<li><code>ErrorResponse.java</code></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="039c7e6264"><code>039c7e6</code></a>
Setting release version 4.0.0</li>
<li><a
href="ea0486470e"><code>ea04864</code></a>
Update CHANGELOG date for the 4.0.0 release.</li>
<li><a
href="bfd276e822"><code>bfd276e</code></a>
Make GenericScimResource extendable.</li>
<li><a
href="9008757a22"><code>9008757</code></a>
Clean up POM and remove Guava test dependency.</li>
<li><a
href="a954381dcc"><code>a954381</code></a>
Remove the deprecated ScimDateFormat class.</li>
<li><a
href="76f23141ff"><code>76f2314</code></a>
Enhance the Filter classes and their documentation</li>
<li><a
href="cfd9d7ecf9"><code>cfd9d7e</code></a>
Add a new filter method for SearchRequestBuilder.</li>
<li><a
href="3c3c0cad33"><code>3c3c0ca</code></a>
Fix CodeQL by adding Java 17 installation step</li>
<li><a
href="114ad5105b"><code>114ad51</code></a>
Import the default codeql.yaml</li>
<li><a
href="26fe8f180a"><code>26fe8f1</code></a>
Allow extending model classes</li>
<li>Additional commits viewable in <a
href="https://github.com/pingidentity/scim2/compare/scim2-2.3.5...scim2-4.0.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
# Description of Changes
This pull request introduces a comprehensive update to the application's
update notification and modal system, enhancing both the backend logic
and the user interface for update alerts. The changes include a new
modal dialog for update details, improved internationalization (i18n)
support, dynamic fetching of update information, and context-aware
download links. These improvements make update notifications clearer,
more informative, and tailored to the user's installation type.
**Key changes:**
**1. Update Notification and Modal System Overhaul**
- Added a new modal dialog (`showUpdateModal`) that displays detailed
update information, including current, latest, and latest stable
versions, update priority, breaking changes, migration guides, and a
list of available updates. The modal dynamically fetches and displays
full update details and adapts to dark mode.
([[app/core/src/main/resources/static/js/githubVersion.jsR206-R387](diffhunk://#diff-5a6376050581cc6f1fb0b6266af4d8a3db1332879459afd3a073b274b5ab637aR206-R387)])
- Enhanced the update button logic to reflect update priority visually
(e.g., urgent/normal/minor), store summary data, and trigger the modal
on click.
([[app/core/src/main/resources/static/js/githubVersion.jsL74-R190](diffhunk://#diff-5a6376050581cc6f1fb0b6266af4d8a3db1332879459afd3a073b274b5ab637aL74-R190)])
- Improved the update check process to use a new summary API endpoint
and handle missing or failed update data gracefully.
[[1]](diffhunk://#diff-5a6376050581cc6f1fb0b6266af4d8a3db1332879459afd3a073b274b5ab637aL19-R108)],
[[2]](diffhunk://#diff-5a6376050581cc6f1fb0b6266af4d8a3db1332879459afd3a073b274b5ab637aL74-R190)])
**2. Context-Aware Download Links**
- Introduced `getDownloadUrl()` to generate download links based on the
user's machine type and security configuration, ensuring only relevant
installers or jars are offered.
([[app/core/src/main/resources/static/js/githubVersion.jsL19-R108](diffhunk://#diff-5a6376050581cc6f1fb0b6266af4d8a3db1332879459afd3a073b274b5ab637aL19-R108)])
**3. Internationalization (i18n) Enhancements**
- Added new i18n keys for all update-related modal and notification
strings in `messages_en_GB.properties`.
([[app/core/src/main/resources/messages_en_GB.propertiesR369-R400](diffhunk://#diff-ee1c6999a33498cfa3abba4a384e73a8b8269856899438de80560c965079a9fdR369-R400)])
- Injected all necessary i18n constants into the frontend via
`navbar.html` for use in the modal and notifications.
([[app/core/src/main/resources/templates/fragments/navbar.htmlR14-R51](diffhunk://#diff-e7ef383033ea52a00c96e71d5d2c1ff08829078fa5c84c8e48e1bf8f48861ec6R14-R51)])
**4. General UI and Code Improvements**
- Ensured update button styling is reset before applying new styles and
improved accessibility by hiding the settings modal when the update
modal is shown.
[[1]](diffhunk://#diff-5a6376050581cc6f1fb0b6266af4d8a3db1332879459afd3a073b274b5ab637aR138)],
[[2]](diffhunk://#diff-5a6376050581cc6f1fb0b6266af4d8a3db1332879459afd3a073b274b5ab637aR206-R387)])
These changes collectively provide a more robust, user-friendly, and
maintainable update notification experience.
---
## Checklist
### General
- [ ] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [ ] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md)
(if applicable)
- [ ] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md)
(if applicable)
- [ ] I have performed a self-review of my own code
- [ ] My changes generate no new warnings
### Documentation
- [ ] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)
### UI Changes (if applicable)
- [ ] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)
### Testing (if applicable)
- [ ] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing)
for more details.
---------
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: Reece Browne <reecebrowne1995@gmail.com>
Co-authored-by: Reece Browne <74901996+reecebrowne@users.noreply.github.com>
Co-authored-by: a <a>
# Description of Changes
refactor(eml-to-pdf): Enhance compliance with PDF/ISO standards and MIME
specifications
This commit refactors the EML-to-PDF conversion utility to improve
standards compliance, implementing requirements from multiple RFCs and
ISO specifications:
### Standards Compliance Implemented:
• **PDF Standards (ISO 32000-1:2008)**: Added PDF version validation in
`attachFilesToPdf()`
to ensure 1.7+ compatibility for Unicode file embeddings
• **MIME Processing (RFC 2045/2046)**: Implemented case-insensitive MIME
type handling
in `processPartAdvanced()` with `toLowerCase(Locale.ROOT)` normalization
• **Content Encoding (RFC 2047)**: Enhanced `safeMimeDecode()` with
UTF-8→ISO-8859-1
charset fallback chains for robust header decoding
• **Content-ID Processing (RFC 2392)**: Added proper Content-ID
stripping with
`replaceAll("[<>]", "")` for embedded image references
• **Multipart Safety (RFC 2046)** (best practice, not compliance
related): Implemented recursion depth limiting (max 10 levels)
• **processMultipartAdvanced()**, setCatalogViewerPreferences used to
set PageMode.USE_ATTACHMENTS, but PDF spec 12.2 (Viewer Preferences)
requires a /ViewerPreferences dictionary for full control (e.g.,
/DisplayDocTitle). Docs suggested setting additional prefs like
/NonFullScreenPageMode to ensure attachments panel opens reliably across
viewers
• **addAttachmentAnnotationToPage**, annotations are set to
/Invisible=true but must remain interactive. PDF spec 12.5.6.15 (File
Attachment Annotations) requires /F flags to control print/view (e.g.,
NoPrint if not printable).
### Technical Improvements:
• **Coordinate System Handling**: Added rotation-aware coordinate
transformations
in PDF annotation placement following ISO 32000-1 Section 8.3
• **Charset Fallbacks**: Implemented progressive charset detection with
UTF-8
primary and ISO-8859-1 fallback in MIME decoding
• **Error Resilience**: Enhanced exception handling with specific error
types and
proper resource cleanup using try-with-resources patterns
• **HTML5 Compliance**: Updated email HTML generation with proper
DOCTYPE and
charset declarations for browser compatibility
### Security & Robustness:
• **Input Validation**: Added comprehensive null checks and boundary
validation
throughout attachment and multipart processing
• **XSS Prevention**: All user content now processed through
`escapeHtml()` or
`CustomHtmlSanitizer` before HTML generation
### Code Quality:
• **Method Signatures**: Updated `processMultipartAdvanced()` to include
depth
parameter for recursion tracking
• **Switch Expressions**: Modernized switch statements to use Java 17+
arrow syntax
where applicable
• **Documentation**: Added inline RFC/ISO references for
compliance-critical sections
All changes maintain backward compatibility while significantly
improving standards
adherence. Tested with various EML formats.
No major change. No change in tests. No change in aesthetic of the
resulting PDF. No change change in "user space" (except when user relied
on compliance of aforementioned stuff then a major improvement)
<!--
Please provide a summary of the changes, including:
- What was changed
- Why the change was made
- Any challenges encountered
Closes #(issue_number)
-->
---
## Checklist
### General
- [x] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [x] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md)
(if applicable)
- [ ] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md)
(if applicable)
- [x] I have performed a self-review of my own code
- [ ] My changes generate no new warnings
### Documentation
- [ ] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)
### UI Changes (if applicable)
- [ ] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)
### Testing (if applicable)
- [x] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing)
for more details.
# Description of Changes
- add **import** and **export buttons** to bookmark editor (bottom
right) to **copy and past bookmark data**
- the export reads the hidden `<input id="bookmarkData">` field and uses
`navigator.clipboard.writeText()` to copy it to the clipboard
- the import reads from `navigator.clipboard.readText()` and sets the
internal `bookmarks` variable, which is used to update the UI elements
- after successful import or export, the buttons flash in green to give
visual feedback to the user
- this provides non-technical users with an intuitive method to copy
bookmarks between files
- I have seen, that this is also possible with the pipeline tool, but
this requires multiple steps and familiarity with the pipeline:
1. use `extract-bookmarks` to generate `bookmarks.json`
2. open the file and copy the data
3. use `edit-table-of-contents` with the copied data
4. process the target file
- challenges:
- I used `navigator.clipboard` as opposed to `document.execCommand`. The
latter is used in `account.html`, `errorBanner.html` and
`errorBanner.js`, but is
[deprecated](https://developer.mozilla.org/en-US/docs/Web/API/Document/execCommand).
- I used the bootstrap-style rendering for the title attribute tooltip
for visual consistency in the bookmark editor, where the tooltip hovers
centered above the originating element. However, in most other places
the title tooltip follows the cursor and is slightly visually different.
- in case you are testing this on a mobile device (EDIT: or non-locally
hosted), the copy-to-clipboard might fail when hosted without SSL
(mobile only works in secure environment)
- similarly, when not using normal user interaction (i.e.
`element.click()` via console) the copy-to-clipboard will throw an error
`Clipboard write was blocked due to lack of user activation.`
---
## Checklist
### General
- [x] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [x] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md)
(if applicable)
- [ ] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md)
(if applicable)
- [x] I have performed a self-review of my own code
- [x] My changes generate no new warnings
### Documentation
- [ ] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [x] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)
### UI Changes (if applicable)
- [x] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)
<img width="600" alt="Bookmark editor with new Import/Export buttons in
the bottom right corner" title="Bookmark editor with new Import/Export
buttons in the bottom right corner"
src="https://github.com/user-attachments/assets/61b948a1-9f68-4793-9c86-a056bad6b7e1"
/>
<img width="300" alt="Bookmark editor with new Import/Export buttons
with low width layout" title="Bookmark editor with new Import/Export
buttons with low width layout"
src="https://github.com/user-attachments/assets/4fa7bc76-ca11-4268-b83a-8d1e612dc5b9"
/>
### Testing (if applicable)
- [x] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing)
for more details.
Bumps io.swagger.core.v3:swagger-core-jakarta from 2.2.34 to 2.2.35.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[org.eclipse.angus:angus-mail](https://github.com/eclipse-ee4j/angus-mail)
from 2.0.3 to 2.0.4.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="37c1c6ca1e"><code>37c1c6c</code></a>
Prepare release org.eclipse.angus:all:2.0.4</li>
<li><a
href="a53d904ca1"><code>a53d904</code></a>
Update changes log (<a
href="https://redirect.github.com/eclipse-ee4j/angus-mail/issues/169">#169</a>)</li>
<li><a
href="5d0e7b3f51"><code>5d0e7b3</code></a>
Update changes log</li>
<li><a
href="84fe702f7a"><code>84fe702</code></a>
Fix issue299 (<a
href="https://redirect.github.com/eclipse-ee4j/angus-mail/issues/166">#166</a>)
(<a
href="https://redirect.github.com/eclipse-ee4j/angus-mail/issues/167">#167</a>)</li>
<li><a
href="a15041d503"><code>a15041d</code></a>
Update README.md</li>
<li><a
href="005bec4025"><code>005bec4</code></a>
Merge pull request <a
href="https://redirect.github.com/eclipse-ee4j/angus-mail/issues/138">#138</a>
from eclipse-ee4j/2.0.3-RELEASE</li>
<li><a
href="637b1913d2"><code>637b191</code></a>
Update TCK-Results.md</li>
<li><a
href="2a375178f6"><code>2a37517</code></a>
Prepare next development cycle for 2.0.4-SNAPSHOT</li>
<li>See full diff in <a
href="https://github.com/eclipse-ee4j/angus-mail/compare/2.0.3...2.0.4">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
# Description of Changes
This PR improves the pre-commit workflow and formatting configuration to
enforce consistency and catch issues earlier in CI:
- **Pre-commit workflow (`pre_commit.yml`)**:
- Trigger now runs on `push` to `main` (previously scheduled weekly
only).
- Adds a `gradlew clean build` step to ensure the codebase compiles as
part of the pre-commit validation.
- Configures Java 17 using the Temurin distribution via
`actions/setup-java`.
- **.pre-commit-config.yaml**:
- Updated `ruff` to version `v0.12.7` (from `v0.12.0`).
- Updated `gitleaks` to `v8.28.0` (from `v8.27.2`).
- **Spotless configuration**:
- Added formatting for `test` sources across all Gradle modules
(`common`, `core`, `proprietary`, `stirling-pdf`).
- Ensures that test code follows the same formatting rules as production
code.
These changes help improve early feedback in development and CI by
integrating linting, formatting, and build checks directly into the
workflow on code pushes.
---
## Checklist
### General
- [x] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [x] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md)
(if applicable)
- [ ] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md)
(if applicable)
- [ ] I have performed a self-review of my own code
- [x] My changes generate no new warnings
### Documentation
- [ ] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)
### UI Changes (if applicable)
- [ ] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)
### Testing (if applicable)
- [ ] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing)
for more details.
Bumps com.opencsv:opencsv from 5.11.2 to 5.12.0.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
# Description of Changes
- **What was changed:**
- Updated `.github/labeler-config-srvaroa.yml` to include
`app/core/src/main/resources/static/pipeline/defaultWebUIConfigs/**`
under the labeler paths.
- Removed `COPY pipeline /pipeline` from all three Dockerfiles to slim
down images.
- Added a new `PIPELINE_PATH` constant and `getPipelinePath()` method in
`InstallationPathConfig.java`.
- Implemented `GeneralUtils.extractPipeline()` to copy default pipeline
JSON configs (`OCR images.json`, `Prepare-pdfs-for-email.json`,
`split-rotate-auto-rename.json`) from classpath into the installation
directory.
- Invoked `GeneralUtils.extractPipeline()` during initial setup in
`InitialSetup.java`.
- Updated `.gitignore` to treat `./pipeline/` as ignored.
- **Why the change was made:**
Ensures that default WebUI pipeline configurations are automatically
extracted at runtime rather than baked into the image, improving
flexibility and reducing image size.
---
## Checklist
### General
- [x] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [x] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md)
(if applicable)
- [ ] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md)
(if applicable)
- [x] I have performed a self-review of my own code
- [x] My changes generate no new warnings
### Documentation
- [ ] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)
### UI Changes (if applicable)
- [ ] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)
### Testing (if applicable)
- [ ] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing)
for more details.
---------
Co-authored-by: Anthony Stirling <77850077+Frooodle@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
# Description of Changes
This pull request introduces a new SSRF (Server-Side Request Forgery)
protection mechanism for URL handling in the application. Key changes
include adding a dedicated `SsrfProtectionService`, integrating
SSRF-safe policies into HTML sanitization, and extending application
settings to support configurable URL security options.
### SSRF Protection Implementation:
* **`SsrfProtectionService`**: Added a new service to handle SSRF
protection with configurable levels (`OFF`, `MEDIUM`, `MAX`) and checks
for private networks, localhost, link-local addresses, and cloud
metadata endpoints
(`app/common/src/main/java/stirling/software/common/service/SsrfProtectionService.java`).
### Application Configuration Enhancements:
* **`ApplicationProperties`**: Introduced a new `Html` configuration
class with nested `UrlSecurity` settings, allowing fine-grained control
over URL security, including allowed/blocked domains and internal TLDs
(`app/common/src/main/java/stirling/software/common/model/ApplicationProperties.java`).
[[1]](diffhunk://#diff-1c357db0a3e88cf5bedd4a5852415fadad83b8b3b9eb56e67059d8b9d8b10702R293)
[[2]](diffhunk://#diff-1c357db0a3e88cf5bedd4a5852415fadad83b8b3b9eb56e67059d8b9d8b10702R346-R364)
* **`settings.yml.template`**: Updated the configuration template to
include the new `html.urlSecurity` settings, enabling users to customize
SSRF protection behavior
(`app/core/src/main/resources/settings.yml.template`).
### HTML Sanitization Updates:
* **`CustomHtmlSanitizer`**: Integrated SSRF-safe URL validation into
the HTML sanitizer by using the `SsrfProtectionService`. Added a custom
policy for validating `img` tags' `src` attributes
(`app/common/src/main/java/stirling/software/common/util/CustomHtmlSanitizer.java`).
---
## Checklist
### General
- [ ] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [ ] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md)
(if applicable)
- [ ] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md)
(if applicable)
- [ ] I have performed a self-review of my own code
- [ ] My changes generate no new warnings
### Documentation
- [ ] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)
### UI Changes (if applicable)
- [ ] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)
### Testing (if applicable)
- [ ] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing)
for more details.
---------
Co-authored-by: a <a>
Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
