# Description of Changes
- **What was changed**
- Relocated `png_to_webp.py` and `split_photos.py` from `scripts/` to
`app/core/src/main/resources/static/python/`.
- Updated `.github/labeler-config-srvaroa.yml` and
`.pre-commit-config.yaml` to include the new script directory in their
file-matching patterns.
- Added `GeneralUtils.extractScript(String scriptName)` to load Python
scripts from the classpath (`static/python/`), extract them into a
temporary directory at runtime, and return the filesystem path.
- **Why the change was made**
- To fix the Internal Server Error caused by missing script files at
their old locations.
- Ensure the Python helper scripts are packaged inside the JAR/WAR and
reliably accessible when the application runs.
- Only local installations were affected
---
## Checklist
### General
- [x] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [x] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md)
(if applicable)
- [ ] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md)
(if applicable)
- [x] I have performed a self-review of my own code
- [x] My changes generate no new warnings
### Documentation
- [ ] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)
### UI Changes (if applicable)
- [ ] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)
### Testing (if applicable)
- [ ] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing)
for more details.
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
### Description of Changes
This Pull Request was automatically generated to synchronize updates to
translation files and documentation. Below are the details of the
changes made:
#### **1. Synchronization of Translation Files**
- Updated translation files (`messages_*.properties`) to reflect changes
in the reference file `messages_en_GB.properties`.
- Ensured consistency and synchronization across all supported language
files.
- Highlighted any missing or incomplete translations.
#### **2. Update README.md**
- Generated the translation progress table in `README.md`.
- Added a summary of the current translation status for all supported
languages.
- Included up-to-date statistics on translation coverage.
#### **Why these changes are necessary**
- Keeps translation files aligned with the latest reference updates.
- Ensures the documentation reflects the current translation progress.
---
Auto-generated by [create-pull-request][1].
[1]: https://github.com/peter-evans/create-pull-request
---------
Co-authored-by: stirlingbot[bot] <195170888+stirlingbot[bot]@users.noreply.github.com>
This PR restructures testing scripts and Docker configurations to use centralized compose files, introduces new Docker Compose variants with integrated frontend services, and updates related CI workflows.
Migrate test scripts to reference testing/compose files and streamline test flows with forced rebuilds and direct curl checks.
Add ultra-lite, security, and security-with-login compose files under testing/compose, each defining both backend and frontend services.
Rename and adjust frontend imports and update CI workflows to build and validate the frontend separately.
**Pixee Fix ID:**
[fb5fe72b-5b22-4654-a733-20930cb4f96a](https://stirlingpdf.getpixee.com/analysis/3c9d2b94-57c2-4525-9776-c5cd149902c4/fix/fb5fe72b-5b22-4654-a733-20930cb4f96a)
<details>
<summary>Confidence: <b>HIGH</b></summary>
Fix confidence is a rating derived from an internal benchmark and
includes High, Medium, and Low confidence fixes. It comprises three
weighted scores reflecting the safety, effectiveness and cleanliness of
Pixee's code changes within a fix. [View Details in
Pixee.](https://stirlingpdf.getpixee.com/analysis/3c9d2b94-57c2-4525-9776-c5cd149902c4/fix/fb5fe72b-5b22-4654-a733-20930cb4f96a)
</details>
---
✨✨✨
## Remediation
This change fixes "java/PT" (id = java/PT) identified by Snyk.
## Details
Path traversal is a security vulnerability that occurs when an attacker
is able to access directories and files stored outside the intended
directory. It bypasses security mechanisms by manipulating variables
that reference files with `../` sequences. The fix involved adding
validation for `pdfFile` and `watermarkImage` to check for directory
traversal sequences, thereby preventing SecurityException occurrences.
Co-authored-by: pixeebotstirling[bot] <221352955+pixeebotstirling[bot]@users.noreply.github.com>
**Pixee Fix ID:**
[203062ab-1b9b-42b8-be64-1358106dccab](https://stirlingpdf.getpixee.com/analysis/3c9d2b94-57c2-4525-9776-c5cd149902c4/fix/203062ab-1b9b-42b8-be64-1358106dccab)
<details>
<summary>Confidence: <b>HIGH</b></summary>
Fix confidence is a rating derived from an internal benchmark and
includes High, Medium, and Low confidence fixes. It comprises three
weighted scores reflecting the safety, effectiveness and cleanliness of
Pixee's code changes within a fix. [View Details in
Pixee.](https://stirlingpdf.getpixee.com/analysis/3c9d2b94-57c2-4525-9776-c5cd149902c4/fix/203062ab-1b9b-42b8-be64-1358106dccab)
</details>
---
✨✨✨
## Remediation
This change fixes "java/PT" (id = java/PT) identified by Snyk.
## Details
Path Traversal is a security vulnerability that allows attackers to gain
unauthorized access to files and directories outside the permitted
access path by manipulating file paths. The fix involves adding
validation to detect potential directory traversal attempts by
normalizing the file path and checking if it begins with '..', thereby
preventing malicious manipulation.
Co-authored-by: pixeebotstirling[bot] <221352955+pixeebotstirling[bot]@users.noreply.github.com>
**Pixee Fix ID:**
[dab7f6f1-da39-4654-a537-2de8eee936db](https://stirlingpdf.getpixee.com/analysis/3c9d2b94-57c2-4525-9776-c5cd149902c4/fix/dab7f6f1-da39-4654-a537-2de8eee936db)
<details>
<summary>Confidence: <b>HIGH</b></summary>
Fix confidence is a rating derived from an internal benchmark and
includes High, Medium, and Low confidence fixes. It comprises three
weighted scores reflecting the safety, effectiveness and cleanliness of
Pixee's code changes within a fix. [View Details in
Pixee.](https://stirlingpdf.getpixee.com/analysis/3c9d2b94-57c2-4525-9776-c5cd149902c4/fix/dab7f6f1-da39-4654-a537-2de8eee936db)
</details>
---
✨✨✨
## Remediation
This change fixes "java/PT" (id = java/PT) identified by Snyk.
## Details
Path Traversal is a security vulnerability that allows attackers to
access files and directories stored outside the web root folder. The
impact can include unauthorized access to sensitive files. The fix
involved adding validation checks on filenames to ensure they do not
contain suspicious patterns like '..' or '/' which are indicative of
path traversal attempts.
Co-authored-by: pixeebotstirling[bot] <221352955+pixeebotstirling[bot]@users.noreply.github.com>
**Pixee Fix ID:**
[54568072-e1ef-4428-9da3-46b9197f6dcd](https://stirlingpdf.getpixee.com/analysis/3c9d2b94-57c2-4525-9776-c5cd149902c4/fix/54568072-e1ef-4428-9da3-46b9197f6dcd)
<details>
<summary>Confidence: <b>HIGH</b></summary>
Fix confidence is a rating derived from an internal benchmark and
includes High, Medium, and Low confidence fixes. It comprises three
weighted scores reflecting the safety, effectiveness and cleanliness of
Pixee's code changes within a fix. [View Details in
Pixee.](https://stirlingpdf.getpixee.com/analysis/3c9d2b94-57c2-4525-9776-c5cd149902c4/fix/54568072-e1ef-4428-9da3-46b9197f6dcd)
</details>
---
✨✨✨
## Remediation
This change fixes "java/Ssrf" (id = java/Ssrf) identified by Snyk.
## Details
Server-Side Request Forgery (SSRF) can allow attackers to make
unauthorized requests from the server, potentially accessing sensitive
internal systems. The fix involved adding a validation check to ensure
that the 'operation' parameter matches a safe regex pattern, thereby
preventing such vulnerabilities.
Co-authored-by: pixeebotstirling[bot] <221352955+pixeebotstirling[bot]@users.noreply.github.com>
**Pixee Fix ID:**
[8be62d8f-950d-4780-bc08-a8c04d176806](https://stirlingpdf.getpixee.com/analysis/3c9d2b94-57c2-4525-9776-c5cd149902c4/fix/8be62d8f-950d-4780-bc08-a8c04d176806)
<details>
<summary>Confidence: <b>HIGH</b></summary>
Fix confidence is a rating derived from an internal benchmark and
includes High, Medium, and Low confidence fixes. It comprises three
weighted scores reflecting the safety, effectiveness and cleanliness of
Pixee's code changes within a fix. [View Details in
Pixee.](https://stirlingpdf.getpixee.com/analysis/3c9d2b94-57c2-4525-9776-c5cd149902c4/fix/8be62d8f-950d-4780-bc08-a8c04d176806)
</details>
---
✨✨✨
## Remediation
This change fixes "java/PT" (id = java/PT) identified by Snyk.
## Details
Path Traversal vulnerabilities allow attackers to manipulate paths to
access files and directories that are outside of the intended scope. The
fix involves adding an import for java.io.File to handle file paths more
securely.
Co-authored-by: pixeebotstirling[bot] <221352955+pixeebotstirling[bot]@users.noreply.github.com>
**Pixee Fix ID:**
[baa2e86a-2e2f-4c8e-99e0-bc99ce846b94](https://stirlingpdf.getpixee.com/analysis/3c9d2b94-57c2-4525-9776-c5cd149902c4/fix/baa2e86a-2e2f-4c8e-99e0-bc99ce846b94)
<details>
<summary>Confidence: <b>HIGH</b></summary>
Fix confidence is a rating derived from an internal benchmark and
includes High, Medium, and Low confidence fixes. It comprises three
weighted scores reflecting the safety, effectiveness and cleanliness of
Pixee's code changes within a fix. [View Details in
Pixee.](https://stirlingpdf.getpixee.com/analysis/3c9d2b94-57c2-4525-9776-c5cd149902c4/fix/baa2e86a-2e2f-4c8e-99e0-bc99ce846b94)
</details>
---
✨✨✨
## Remediation
This change fixes "java/PT" (id = java/PT) identified by Snyk.
## Details
Path Traversal is a security vulnerability that enables attackers to
gain unauthorized access to files and directories stored outside the web
root folder. To address this, a fix was made by adding
java.nio.file.Paths import for path validation, ensuring that paths are
properly sanitized and validated.
Co-authored-by: pixeebotstirling[bot] <221352955+pixeebotstirling[bot]@users.noreply.github.com>
# Description of Changes
- **What was changed**:
- Added a new path filter configuration file at
`.github/config/.files.yaml` to centralize filter groups (`build`,
`app`, `openapi`, `project`).
- Updated `.github/workflows/build.yml` to:
- Rename the workflow to “Build and Test Workflow” and add a manual
`workflow_dispatch` trigger.
- Integrate the path-filter step and conditionally run jobs
(`check-generateOpenApiDocs`, `check-licence`, `docker-compose-tests`)
based on changed files.
- Standardize Gradle setup to version 8.14.
- Introduce a new `test-build-docker-images` job that builds Docker
images for each `Dockerfile*` in PRs.
- Updated `.github/workflows/pre_commit.yml` to cache pre-commit
dependencies via `cache-dependency-path:
./.github/scripts/requirements_pre_commit.txt`.
- Updated `.github/workflows/testdriver.yml` to add dedicated Gradle
(`gradle-version: 8.14`) and Node/npm setup steps with caching.
- **Why the change was made**:
To optimize CI performance by only running relevant jobs when specific
files change, improve maintainability through a single source of truth
for path filters, enable manual workflow dispatch, ensure consistent
environments (Gradle, Node), and speed up runs with better caching.
---
## Checklist
### General
- [x] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [x] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md)
(if applicable)
- [ ] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md)
(if applicable)
- [x] I have performed a self-review of my own code
- [x] My changes generate no new warnings
### Documentation
- [ ] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)
### UI Changes (if applicable)
- [ ] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)
### Testing (if applicable)
- [ ] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing)
for more details.
Bumps
[org.snakeyaml:snakeyaml-engine](https://bitbucket.org/snakeyaml/snakeyaml-engine)
from 2.9 to 2.10.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="61e3f77df2"><code>61e3f77</code></a>
Issue 56: improve code</li>
<li><a
href="ab996bb428"><code>ab996bb</code></a>
Issue 56: refactor rename variable</li>
<li><a
href="7b316bbad0"><code>7b316bb</code></a>
Issue 56: refactor rename variable</li>
<li><a
href="c46d5f7417"><code>c46d5f7</code></a>
Issue 56: remove unused merge code in StandardConstructor</li>
<li><a
href="553748c968"><code>553748c</code></a>
Fix issue 55 only for JSON</li>
<li><a
href="b484094bfc"><code>b484094</code></a>
Clarify when to expect NoSuchElementException</li>
<li><a
href="e6b30e3b8d"><code>e6b30e3</code></a>
Wrap IOException in UncheckedIOException by default</li>
<li><a
href="5d0fa73483"><code>5d0fa73</code></a>
Update changes</li>
<li><a
href="3e19067a98"><code>3e19067</code></a>
Update changes</li>
<li><a
href="4de1481f10"><code>4de1481</code></a>
Merge branch 'master' into issue-55-json</li>
<li>Additional commits viewable in <a
href="https://bitbucket.org/snakeyaml/snakeyaml-engine/branches/compare/snakeyaml-engine-2.10..snakeyaml-engine-2.9">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
### Description of Changes
This Pull Request was automatically generated to synchronize updates to
translation files and documentation. Below are the details of the
changes made:
#### **1. Synchronization of Translation Files**
- Updated translation files (`messages_*.properties`) to reflect changes
in the reference file `messages_en_GB.properties`.
- Ensured consistency and synchronization across all supported language
files.
- Highlighted any missing or incomplete translations.
#### **2. Update README.md**
- Generated the translation progress table in `README.md`.
- Added a summary of the current translation status for all supported
languages.
- Included up-to-date statistics on translation coverage.
#### **Why these changes are necessary**
- Keeps translation files aligned with the latest reference updates.
- Ensures the documentation reflects the current translation progress.
---
Auto-generated by [create-pull-request][1].
[1]: https://github.com/peter-evans/create-pull-request
---------
Co-authored-by: stirlingbot[bot] <195170888+stirlingbot[bot]@users.noreply.github.com>
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
### Description of Changes
This Pull Request was automatically generated to synchronize updates to
translation files and documentation. Below are the details of the
changes made:
#### **1. Synchronization of Translation Files**
- Updated translation files (`messages_*.properties`) to reflect changes
in the reference file `messages_en_GB.properties`.
- Ensured consistency and synchronization across all supported language
files.
- Highlighted any missing or incomplete translations.
#### **2. Update README.md**
- Generated the translation progress table in `README.md`.
- Added a summary of the current translation status for all supported
languages.
- Included up-to-date statistics on translation coverage.
#### **Why these changes are necessary**
- Keeps translation files aligned with the latest reference updates.
- Ensures the documentation reflects the current translation progress.
---
Auto-generated by [create-pull-request][1].
[1]: https://github.com/peter-evans/create-pull-request
Co-authored-by: stirlingbot[bot] <195170888+stirlingbot[bot]@users.noreply.github.com>
# Description of Changes
- **What was changed:**
- Renamed top-level directories: `stirling-pdf` → `app/core`, `common` →
`app/common`, `proprietary` → `app/proprietary`.
- Updated all path references in `.gitattributes`, GitHub workflows
(`.github/workflows/*`), scripts (`.github/scripts/*`), `.gitignore`,
Dockerfiles, license files, and template settings to reflect the new
structure.
- Added a new CI job `check-generateOpenApiDocs` to generate and upload
OpenAPI documentation.
- Removed redundant `@Autowired` annotations from `TempFileShutdownHook`
and `UnlockPDFFormsController`.
- Minor formatting and comment adjustments in YAML templates and
resource files.
- **Why the change was made:**
- To introduce a clear `app/` directory hierarchy for core, common, and
proprietary modules, improving organization and maintainability.
- To ensure continuous integration and Docker builds continue to work
seamlessly with the reorganized structure.
- To automate OpenAPI documentation generation as part of the CI
pipeline.
---
## Checklist
### General
- [x] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [x] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md)
(if applicable)
- [ ] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md)
(if applicable)
- [x] I have performed a self-review of my own code
- [x] My changes generate no new warnings
### Documentation
- [ ] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)
### UI Changes (if applicable)
- [ ] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)
### Testing (if applicable)
- [ ] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing)
for more details.
### Description of Changes
This Pull Request was automatically generated to synchronize updates to
translation files and documentation. Below are the details of the
changes made:
#### **1. Synchronization of Translation Files**
- Updated translation files (`messages_*.properties`) to reflect changes
in the reference file `messages_en_GB.properties`.
- Ensured consistency and synchronization across all supported language
files.
- Highlighted any missing or incomplete translations.
#### **2. Update README.md**
- Generated the translation progress table in `README.md`.
- Added a summary of the current translation status for all supported
languages.
- Included up-to-date statistics on translation coverage.
#### **Why these changes are necessary**
- Keeps translation files aligned with the latest reference updates.
- Ensures the documentation reflects the current translation progress.
---
Auto-generated by [create-pull-request][1].
[1]: https://github.com/peter-evans/create-pull-request
Co-authored-by: stirlingbot[bot] <195170888+stirlingbot[bot]@users.noreply.github.com>
Bumps
[com.unboundid.product.scim2:scim2-sdk-client](https://github.com/pingidentity/scim2)
from 2.3.5 to 4.0.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pingidentity/scim2/blob/master/CHANGELOG.md">com.unboundid.product.scim2:scim2-sdk-client's
changelog</a>.</em></p>
<blockquote>
<h2>v4.0.0 - 2025-Jun-10</h2>
<p>Removed support for Java 11. The UnboundID SCIM 2 SDK now requires
Java 17 or a later release.</p>
<p>Updated the following dependencies:</p>
<ul>
<li>Jackson: 2.18.3</li>
<li>Jakarta RS: 4.0.0</li>
<li>Jersey: 3.1.10</li>
</ul>
<p>Updated the default behavior for ADD patch requests with value
filters (e.g.,
<code>emails[type eq "work"].display</code>). The SCIM SDK
will now target existing values within the
multi-valued attribute. For more background on this type of patch
request, see the release notes for
the 3.2.0 release where this was introduced (but not made the default).
To restore the old behavior,
set the following property in your application:</p>
<pre><code>PatchOperation.APPEND_NEW_PATCH_VALUES_PROPERTY = true;
</code></pre>
<p>Updated <code>SearchRequestBuilder</code> to be more permissive of
ListResponses with non-standard attribute
casing (e.g., if a response includes a
<code>"resources"</code> array instead of
<code>"Resources"</code>).</p>
<p>Updated the class-level documentation of <code>SearchRequest</code>
to provide more background about how
searches are performed in the SCIM standard.</p>
<p>Added a new property that allows ignoring unknown fields when
converting JSON text to Java objects
that inherit from <code>BaseScimResource</code>. This behaves similarly
to the <code>FAIL_ON_UNKNOWN_PROPERTIES</code>
setting from the Jackson library, and allows for easier integration with
SCIM service providers
that include additional non-standard data in their responses. To enable
this setting, set the
following property in your application code:</p>
<pre><code>BaseScimResource.IGNORE_UNKNOWN_FIELDS = true;
</code></pre>
<p>Fixed an issue with methods that interface with schema extensions
such as
<code>BaseScimResource.getExtensionValues(String)</code>. These accepted
paths as a string, but previously
performed updates to the extension data incorrectly.</p>
<p>Simplified the implementation of the StaticUtils#toLowerCase method.
This had an optimization for
Java versions before JDK 9 that was especially beneficial for the most
common case of handling ASCII
characters. Since JDK 9, however, the String class has been updated so
that the class is backed by a
byte array as opposed to a character array, so it is more optimal to use
the JDK's implementation
directly while handling null values.</p>
<p>Previous releases of the SCIM SDK set many classes as
<code>final</code> to encourage applications to follow
strict compliance to the SCIM standard. However, this also makes it
difficult to integrate with
services that violate the standard. An example of this is a SCIM error
response that contains extra
fields in the JSON body. To help accommodate these integrations, the
SCIM SDK has been updated so
that several model classes are no longer <code>final</code>, allowing
applications to <code>extend</code> them if needed.
The following classes were updated:</p>
<ul>
<li>scim2-sdk-client builder classes such as
<code>CreateRequestBuilder.java</code></li>
<li><code>ErrorResponse.java</code></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="039c7e6264"><code>039c7e6</code></a>
Setting release version 4.0.0</li>
<li><a
href="ea0486470e"><code>ea04864</code></a>
Update CHANGELOG date for the 4.0.0 release.</li>
<li><a
href="bfd276e822"><code>bfd276e</code></a>
Make GenericScimResource extendable.</li>
<li><a
href="9008757a22"><code>9008757</code></a>
Clean up POM and remove Guava test dependency.</li>
<li><a
href="a954381dcc"><code>a954381</code></a>
Remove the deprecated ScimDateFormat class.</li>
<li><a
href="76f23141ff"><code>76f2314</code></a>
Enhance the Filter classes and their documentation</li>
<li><a
href="cfd9d7ecf9"><code>cfd9d7e</code></a>
Add a new filter method for SearchRequestBuilder.</li>
<li><a
href="3c3c0cad33"><code>3c3c0ca</code></a>
Fix CodeQL by adding Java 17 installation step</li>
<li><a
href="114ad5105b"><code>114ad51</code></a>
Import the default codeql.yaml</li>
<li><a
href="26fe8f180a"><code>26fe8f1</code></a>
Allow extending model classes</li>
<li>Additional commits viewable in <a
href="https://github.com/pingidentity/scim2/compare/scim2-2.3.5...scim2-4.0.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
