IA is queueing up a number of updates to the Platform's third party dependencies to address CVEs in those dependencies. Most of these are distributed as transitives in the SDK and most of these have some breaking changes from the upgrade.
If you are an author of a third party module and you depend on these transitives, pay close attention to which dependencies we've upgraded and determine if your module is impacted. You may need to release a new version of your module which is compatible with the new version of the transitive dependency.
Planned Near-Term Upgrades:
| Name | Old Version | New Version | Ignition SDK Library |
|---|---|---|---|
| Apache Commons Compress | 1.19 | 1.23.0 | ignition-common |
| Apache Commons IO | 2.2 | 2.11.0 | ignition-common |
| Apache Commons Fileupload | 1.4 | 1.5 | gateway-api |
| Apache Xalan | 2.7.2 | Removed | client-api |
| Apache XML Graphics Commons | 2.3 | 2.8 | client-api |
| IA's Fork of Gson | 2.8.5 | 2.10.1 | ignition-common |
| Guava | 26.0 | 32.0.0 | ignition-common |
| Protobuf | 3.8.0 | 3.23.2 | gateway-api |
Tomorrow's early access build of 8.1 will include a dependency upgrade of Apache Commons Compress. Keep an eye out for the 8.1 Early Access Build Change Logs in the coming days / weeks for the other upgrades mentioned above.