Release Notes 1.8
What’s New
Support of Tomcat 10 and Java 21
You can now run security.manager NEXT on Tomcat 10 and Java 21. Therefore, support for Tomcat 9 and Java 11 is dropped. Please refer to the system requirements for further details.
Update Notes
| If you skip several versions during the update, please also follow all update notes of the intervening versions. |
Update Tomcat and Java
Please update you Tomcat instance to version 10. In case you have been using Java 11 so far, please update to version 17 or 21.
Breaking change for queries used in feature restrictions and spatial restrictions (since 1.8.1)
Policies allow to define feature restrictions and spatial restrictions to limit access to features of a layer. Both types of restrictions require you to define a query that may contain references to attributes of the requesting user like this:
{
...
"restrictions": {
"user_level_only": {
"type": "feature",
"query": "LEVEL <= ${user.level}"
}
}
}security.manager now checks that user attributes only resolve to SQL literal values when they are replaced in query expressions.
If you have to accept user attribute values resolving to anything else than SQL literals, you must now explicitly mark them as insecure inside the query.
Otherwise user requests will fail with errors.
See section Accepted User Attributes for details.