Update dependency com.typesafe.play:play-logback_2.12 to v2.8.12 - autoclosed

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
com.typesafe.play:play-logback_2.12 (source)	dependencies	minor	2.6.11 -> 2.8.12

By merging this PR, the issue #114 will be automatically resolved and closed:

Severity	CVSS Score	CVE	Reachability
Medium	6.6	CVE-2021-42550
Medium	6.6	CVE-2021-42550

---

Release Notes

playframework/playframework (com.typesafe.play:play-logback_2.12)

v2.8.12

Compare Source

v2.8.11: Play 2.8.11

Compare Source

The Play Team is happy to announce the releases of Play 2.8.11.

This release brings in a new version of Akka Http including security updates.

📗 What is new?

Following pull requests got merged for this release:

• Update play-json and play-ws #​11030 by @​octonato
• update play-ws #​11028 by @​octonato
• use new community sonatype profile #​11024 by @​octonato
• Fixed ###replace: tag that led to incorrect docs #​10789 by @​arid-mangoss
• Clarified the allowedhost blacklist usage in documentation #​10839 by @​FuriousTurtle
• bump guava dependency to fix vulnerability #​10875 by @​johnduffell
• bump: Akka 2.6.17 and Akka HTTP 10.1.15 for Play 2.8.9 #​11019 by @​ennru
• Fix IOException when using sbt thin client (backport #​10890) #​11014 by @​mergify
• Remove Whitesource checks #​11003 by @​ennru
• Travis: remove explicit notifications (backport #​10984) #​11000 by @​mergify
• [2.8x] Fix cron job by upgrading akka + scalaJava8Compat (for Scala 2.13 only) #​10966 by @​mkurz
• Fix variable substitution in evolution warning (backport #​10931) #​10960 by @​mergify
• Fix cron jobs (repo.akka.io not used anymore) (backport #​10961) #​10963 by @​mergify
• Add play-test to PlayImport (backport #​10940) #​10959 by @​mergify
• Set MaxMetaspaceSize to 512m (like it was 4 month ago) (backport #​10877) #​10942 by @​mergify
• fix: change project starter link (backport #​10934) #​10935 by @​mergify
• Stop testing 0.13 #​10932 by @​ignasi35
• [2.8.x] Use sbt 1.5.5 for scripted tests #​10926 by @​mergify
• Update outdated links to scala-sbt.org in the documentation #​10918 by @​kaseken
• Fix tail-recursive deserializer (Lagom's #​3241) (backport #​10840) #​10916 by @​mergify
• Prefer -agentlib:jdwp= over -Xrunjdwp: (backport #​10885) #​10908 by @​mergify
• Run tests against Scala 2.12.14 and 2.13.6 and sbt 1.5.3 (backport #​10880) #​10891 by @​mergify
• Make sure scripted jobs use the same commit like publish-local did (backport #​10855) #​10872 by @​mergify
• [2.8.x] Run scripted tests against sbt 1.5.2 #​10856 by @​mergify
• [2.8.x] Remove bintray leftovers (fixes CRON build) #​10842 by @​mkurz
• [2.8.x] Run tests with sbt 1.5.1 #​10835 by @​mkurz
• Binders for OptionalInt, OptionalLong, OptionalDouble (backport #​10825) #​10830 by @​mergify
• Updated link to OWASP recommended to familiarize with CSRF #​10828 by @​TrevorNathan
• Also run netty http 1.1 microbenchmark encrypted (backport #​10820) #​10824 by @​mergify
• Fix docs: Flash cookie is signed (bp #​10818) #​10821 by @​mergify
• Initialize static Json objectMapper only once (bp #​10808) #​10812 by @​mergify
• Long jobs should appear first on a stage #​10811 by @​ignasi35

For more details see the full list of changes and the 2.8.11 milestone.

🙇 Credits

Finally, thanks to the community for their help with detailed bug reports, discussion about new features, and pull requests review. Play is only possible due to the help we had from amazing contributors.

If you find Play useful for work, please consider to support this Open Source project by becoming a backer or premium sponsor. You can donate to our Open Collective here.

Special thanks to the following contributors who helped with this release:

@​FuriousTurtle, @​PromanSEW, @​TrevorNathan, @​arid-mangoss, @​ennru, @​gmethvin, @​ignasi35, @​johnduffell, @​kaseken, @​mergify, @​mergify[bot], @​mkurz, @​octonato, @​rstento and @​scala-steward

Full Changelog: playframework/playframework@2.8.8...2.8.11

v2.8.10

Compare Source

v2.8.9

Compare Source

v2.8.8: Play 2.8.8

Compare Source

📣 Play 2.8.8 Released

The Play Team is happy to announce the releases of Play 2.8.8.

📗 What is new?

The following are the relevant changes of this bugfix release:

• Bump akka 2.6.14 #​10806 by @​ignasi35 which includes the bump to Jackson 2.11.x #​10788 by @​mergify.
• Add empty parentheses () to generated reverse route method depending on routes file (bp #​10671) #​10673 by @​mergify. This is related to https://github.com/scala/scala/releases/tag/v2.13.3 and will likely introduce compilation errors on your code.
• Play no longer uses Bintray to distribute the sbt plugin #​10804 by @​ignasi35
• Add support for sbt 1.5.0 (bp #​10796) #​10799 by @​mergify
• Make the routes generated sources reproducible #​10735 by @​mergify

Following pull requests got merged for this release:

• Bump akka 2.6.14 #​10806 by @​ignasi35
• Sunset bintray 2.1.x #​10804 by @​ignasi35
• Fix: Playdevmode compiles twice (requires sbt 1.4+) #​10373
• Akka-Http-Server: allow Headers.remove() to remove Content-Type and Content-Length (bp #​10797) #​10801 by @​mergify
• Run scripted tests with sbt 1.5.0 (bp #​10796) #​10799 by @​mergify
• Update netty-transport-native-epoll to 4.1.63.Final (bp #​10795) #​10798 by @​mergify
• Bump Jackson to 2.11.x (bp #​10781) #​10788 by @​mergify
• revert changes to playCommonClassloaderTask since we are using scala 2.12.13 (bp #​10782) #​10783 by @​mergify
• Make public DatabaseEvolutions.databaseEvolutions() (bp #​10754) #​10779 by @​mergify
• [2.8.x] Add release-drafter workflow for 2.8.x branch + docs update #​10775 by @​mkurz
• [2.8.x] Upgrade dependencies before releasing Play 2.8.8 #​10767 by @​mkurz
• Update play-file-watch to 1.1.16 (bp #​10759) #​10761 by @​mergify
• [2.8.x] Run scripted tests on sbt 1.4.x + refactoring #​10723 by @​mkurz
• fix Int overflow in BodyParsers.anyContent(maxLength: Option[Long]) (bp #​10741) #​10753 by @​mergify
• Routes compiler: Remove generation date, keep the source relative (bp #​10707) #​10735 by @​mergify
• Update play-file-watch to 1.1.15 (bp #​10736) #​10737 by @​mergify
• [2.8.x] Support sbt 1.4 virtual files for compilation and config errors #​10712 by @​mkurz
• gitignore .bsp folder (Build Server Protocol / sbt 1.4) (bp #​10631) #​10722 by @​mergify
• Scala 2.12.13 and 2.13.5 (bp #​10718) #​10721 by @​mergify
• Upgrade akka and akka-http (bp #​10717) #​10719 by @​mergify
• Catch Throwable instead of NonFatal when starting prod server (bp #​10690) #​10701 by @​mergify
• QueryStringBindable.unbind(): Do-do-do URLEncode for all queryString keys! (bp #​10370) #​10694 by @​mergify
• Add type annotation for Optional.empty (bp #​10442) #​10688 by @​mergify
• Java forms should handle "foo[].bar" fields when using subforms (index missing) (bp #​10680) #​10682 by @​mergify
• Java forms: Prefix a ValidationError's key with parent form field key (bp #​10666) #​10678 by @​mergify
• [2.8.x] Support sbt 1.4 virtual files when displaying error source #​10649 by @​mkurz
• Add empty parentheses () to generated reverse route method depending on routes file (bp #​10671) #​10673 by @​mergify
• Don't reload/(re-)compile or even start an app when shutting down in DEV mode (bp #​10661) #​10669 by @​mergify
• In DEV mode, only set the editor in the error handler if config is valid (bp #​10662) #​10663 by @​mergify
• Fix classloader memory leak, due to ClassTag (bp #​10500) #​10658 by @​mergify
• build: Switch to using javafmtCheckAll (new version) (bp #​9960) #​10652 by @​mergify
• fix DefaultTemporaryFileCreator leak (bp #​10498) #​10653 by @​mergify
• Fix build cache issues (bp #​10014) #​10651 by @​mergify
• Close digest-files in DefaultAssetsMetadata (bp #​10639) #​10646 by @​mergify
• Caffeine Cache Manager - Expose cache names (bp #​10637) #​10645 by @​mergify
• Correct the HostMatcher logic to get host and port (bp #​10456) #​10632 by @​mergify
• shutdown-happy-path: make test more reliable (bp #​10598) #​10600 by @​mergify

For more details see the full list of changes and the 2.8.8 milestone.

🙇 Credits

Special thanks to @​mkurz for his continued contributions and insight to push Play forward, and, in this release in particular, for the extra work to make the release come true.

Also, thanks to the community for their help with detailed bug reports, discussion about new features, and pull requests review. Play is only possible due to the help we had from amazing contributors.

Thanks to Lightbend for their continued sponsorship of the Play core team's efforts. Lightbend offers commercial support for Play.

Special thanks to the following contributors who helped with this release:

@​Captain1653, @​asazernik, @​benwaffle, @​dwijnand, @​eatkins, @​gokhanoner, @​helllamer, @​ignasi35, @​jtjeferreira, @​marcospereira, @​mkurz, @​octonato, @​pazvanti, @​pschichtel, @​raboof and @​xuwei-k

v2.8.7: Play 2.8.7

Compare Source

📣 Play 2.8.7 Released

The Play Team is happy to announce the releases of Play 2.8.7 and Play 2.7.9.

As we found a regression just after building the 2.8.6 and 2.7.8 releases, we followed up on those without announcing them.

📗 What is new?

The following are the relevant changes of this bugfix release:

• Let user overwrite limit memory size on form binding #​10543
• The Play Runner now works on Mac OS Big Sur #​10372
• We publish a Maven BOM pom.xml for Play 2.8 #​10549

For more details see the full list of changes and the 2.8.6 and 2.8.7 milestones.

Migration

To make the form binding size limit configurable, some sources may need adaptation to make the FormBinding implicits available (see Parser maxMemoryBuffer limits).

🙇 Credits

Finally, thanks to the community for their help with detailed bug reports, discussion about new features, and pull requests review. Play is only possible due to the help we had from amazing contributors.

Thanks to Lightbend for their continued sponsorship of the Play core team's efforts. Lightbend offers commercial support for Play.

v2.8.6

Compare Source

v2.8.5: Play 2.8.5

Compare Source

📣 Play 2.8.5 Released

The Play Team is proud to announce the release of Play 2.8.5.

📗 What is new?

The following is the main change of this bugfix release:

• (regression since 2.8.0) Json.toJson is serializing private fields by default for Jackson (https://github.com/playframework/playframework/pull/10523). This is potentially a data leak for users handling sensitive data on private fields of classes serialized as JSON.

Other improvements in this release:

• Remove the deprecated FakeKeyStore (https://github.com/playframework/playframework/pull/10487)

For more details see the full list of changes and the 2.8.5 milestone.

🙇 Credits

Finally, thanks to the community for their help with detailed bug reports, discussion about new features, and pull requests review. Play 2.8.5 is only possible due to the help we had from amazing contributors.

Thanks to Lightbend for their continued sponsorship of the Play core team's efforts. Lightbend offers commercial support for Play.

v2.8.4: Play 2.8.4

Compare Source

📣 Play 2.8.4 Released

The Play Team is proud to announce the release of Play 2.8.4.

📗 What is new?

The following are the main changes of this bugfix release:

• (regression) JsonNode deserializer support for @JsonRawValue as module (https://github.com/playframework/playframework/pull/10508)
• Extend data embedded into the synthetic PlayVersion (https://github.com/playframework/playframework/pull/10519)

For more details see the full list of changes and the 2.8.4 milestone.

🙇 Credits

Finally, thanks to the community for their help with detailed bug reports, discussion about new features, and pull requests review. Play 2.8.4 is only possible due to the help we had from amazing contributors.

Thanks to Lightbend for their continued sponsorship of the Play core team's efforts. Lightbend offers commercial support for Play.

v2.8.3: Play 2.8.3

Compare Source

📣 Play 2.8.3 Released

The Play Team is proud to announce the release of Play 2.8.3.

📗 What is new?

The following are the main changes of this bugfix release:

• Security Fix - Jsonnode deserializer as module (https://github.com/playframework/playframework/pull/10495) - read related CVE announcement
• Security Fix - Json parse on forms (https://github.com/playframework/playframework/pull/10495) - read related CVE announcement
• AkkaHttpServer: prevent access to not yet initialized fields (https://github.com/playframework/playframework/pull/10323)
• Support injecting default NamedCaffeineCache (https://github.com/playframework/playframework/pull/10359)
• Adds ClassActorSystemProvider in the DI (https://github.com/playframework/playframework/pull/10382)
• Fixes int binder error message and provides specs (https://github.com/playframework/playframework/pull/10413)
• Fix gzip buffering (https://github.com/playframework/playframework/pull/10428)

For more details see the full list of changes and the 2.8.3 milestone.

🙇 Credits

Finally, thanks to the community for their help with detailed bug reports, discussion about new features, and pull requests review. Play 2.8.3 is only possible due to the help we had from amazing contributors.

Thanks to Lightbend for their continued sponsorship of the Play core team's efforts. Lightbend offers commercial support for Play.

Special thanks to the following contributors who helped with this release:

• Al-Mothafar Al-Hasan
• Alec Theriault
• Arnout Engelen
• David Pinn
• Geoffrey Yip
• Ignasi Marimon-Clos
• Jacob Wahlgren
• James Roper
• Marcos Pereira
• Matthias Kurz
• Renato Cavalcanti
• Suiyi Fu
• Valy Dia
• Will Sargent
• joe gichuru
• slisaasquatch

v2.8.2

Compare Source

📣 Play 2.8.2 Released

The Play Team is proud to announce the release of Play 2.8.2.

📗 What is new?

The following are the main changes of this bugfix release:

• fix HTTP/2 support for JDK8 after u252 #​10274
• fixed CSRF handling for invalid content types #​10289
• artifacts for Scala 2.13 are compiled using 2.13.2 #​10279
• allow uploading empty files #​10113
• file upload temporary folder is unique again#​10194
• support compile-time injection of named caches (Caffeine) #​10070

For more details see the full list of changes and the 2.8.2 milestone.

🙇 Credits

Finally, thanks to the community for their help with detailed bug reports, discussion about new features, and pull requests review. Play 2.8.2 is only possible due to the help we had from amazing contributors.

Thanks to Lightbend for their continued sponsorship of the Play core team's efforts. Lightbend offers commercial support for Play.

Special thanks to the following contributors who helped with this release:

• Matthias Kurz
• Arnout Engelen
• Suiyi Fu
• Marcos Pereira
• slisaasquatch
• joe gichuru
• Renato Cavalcanti
• Alec Theriault
• Will Sargent
• Al-Mothafar Al-Hasan
• Jacob Wahlgren
• Valy Dia
• David Pinn
• Geoffrey Yip

v2.8.1: Play 2.8.1

Compare Source

📣 Play 2.8.1 Released

The Play Team is proud to announce the release of Play 2.8.1.

📗 What is new?

The following are the main changes of this bugfix release:

• Fix -Dconfig.resource in dev-mode. #​9972 / #​9978 / #​10010
• Gracefully shutdown Akka HTTP server using terminate. #​8453 / #​9737 / #​9970
• Use execute instead of executeQuery to lock evolutions. #​9839 / #​10005
• Upgrade Akka to 2.6.3. #​10016
• Undeprecate Cookies, deprecate extends CookieHeaderEncoding #​9939

For more details see the full list of changes and the 2.8.1 milestone.

🙇 Credits

Finally, thanks to the community for their help with detailed bug reports, discussion about new features, and pull requests review. Play 2.8.1 is only possible due to the help we had from amazing contributors.

Thanks to Lightbend for their continued sponsorship of the Play core team's efforts. Lightbend offers commercial support for Play.

Special thanks to the following contributors who helped with this release:

• Matthias Kurz: @​mkurz
• Marcos Pereira: @​marcospereira
• Renato Cavalcanti: @​renatocaval
• Dale Wijnand: @​dwijnand

v2.8.0: Play 2.8.0

Compare Source

📣 Play 2.8.0 Released

The Play Team is proud to announce the release of Play 2.8.0. This release adds many new features and continues our efforts to make Play more modular, flexible, and secure. Play 2.8.0 is the result of more than 10 months of relentless work from our fantastic community, comprehending more than a thousand changes made from 80 contributors.

📗 What is new?

The highlights in Play 2.8.0 include, but are not limited by:

Akka 2.6

Akka 2.6.0 was released a little over a month ago, and it has new APIs with type-safety for Akka Actors, better stability for Akka Cluster with Artery, and improved serialization.

Play 2.8.0 integrates Akka Typed with Dependency Injection, full integration with Akka Jackson support, and initial support for Akka Cluster Sharding Typed. These lay down the basis to evolve integration with multiple Akka Typed APIs, such as Akka Persistence Typed.

Scala 2.13

Play 2.8.0 not only supports Scala 2.13 but uses it as the default version. Play, all the samples, and seeds all use Scala 2.13 by default now.

Java 11

Play 2.8.0 is the first version were we officially support Java 11. Play, its standalone modules, samples and seeds are all tested against AdoptOpenJDK 8 & 11. We continue to support Java 8 as the default version.

Final changes to remove Global State

This was a long journey we started a few versions ago, deprecating the APIs, providing dependency injection support, and many other changes. Therefore, Play 2.8 removes APIs such as Play.current, Play.maybeApplication, and others that depend on them.

Improvements to Results APIs

Many minor improvements were made in the Java API: sendFile, sendPath and sendResource now support an onClose callback; send* methods now accept a parameter to set Content-Type header; the type parameter for file names when serving files is now an Optional which makes the API nicer when you need to send Optional.empty (instead of null). Moreover, Range results now support to pre-seek the Source when returning results for requests containing a Range header.

🎁 Updated Dependencies

Besides updates to newer versions of our own libraries (play-json, play-ws, twirl, cachecontrol, etc), many other important dependencies were updated to the newest versions:

• specs2 4.8.1
• Jackson 2.10.1
• Mockito 3.2.0
• HikariCP 3.4.1
• Hibernate Validator 6.1.0.Final
• Lightbend Config 1.4.0
• Caffeine 2.8.0
• sbt-native-packager 1.5.1

As usual, you can see the more details of those new features in the release highlights and learn how to migrate in our migration guide.

🗺️ How to start or migrate to Play 2.8

To get started with Play, follow the instructions in our Getting Started page. And if you need to migrate from an older version to Play 2.8, see our migration guide.

🙇 Thanks to our contributors

Finally, many, many thanks to the community for their help with detailed bug reports, discussion about new features, and pull requests.

Thanks to Lightbend for their continued sponsorship of the Play core team's efforts. Lightbend offers commercial support for Play.

Special thanks to the following contributors who helped with this release:

commits   added  removed
    231   17330     7071 Matthias Kurz
    155    7104     3190 Marcos Pereira
    154   29514    21862 Dale Wijnand
     88     105      105 Scala Steward
     53     920     2376 Renato Cavalcanti
     43     829      536 gurkankaymak
     42    2256      432 Ignasi Marimon-Clos
     16     129      990 Will Sargent
     12     734      836 Greg Methvin
      9      11        9 Albaro Pereyra
      6      72       46 Regan Koopmans
      5      10       10 sullis
      4      16       16 Bryant Larsen
      4     199      206 João Ferreira
      4      43        6 Eugene Yokota
      4      30       36 Roman Parshikov
      4      16        3 John Duffell
      4     178       54 yuuri111
      4     296       25 Nick Howes
      3       4        5 Jafer Khan
      3      69        6 Jakub Kozłowski
      3      48       57 Ruth Stento
      3     106       25 Arnout Engelen
      3       8       22 warrior911
      3      20        0 Ivan Toporkov
      3      63       21 golemiso
      3       9        9 James Roper
      3      38       38 Lukas Rytz
      2      17       15 To-om
      2      16        2 Rafael Zanella
      2       4        4 John Gutierrez
      2      18        3 Philippe Vinchon
      2       2        2 Natsumi
      2      56        0 Radim Kolar
      2       7        9 yohei.naruse
      2       3        1 Emmanuel Guiton
      2      46       12 ctoomey
      2       2        2 Byron Weber Becker
      2       2        2 Valentin Stoyanov
      2       8        8 duncangodwin
      2      53        0 a1kemist
      2     428       15 Peerapat A
      2      61       41 xuwei-k
      2      48       48 Hajime Shiozawa
      2      42        0 Geovanny Junio
      2       5        1 Felix
      2    1416        4 Gabriel Klappenbach
      2       6        3 Dominik Dorn
      2      35        5 Ander Parra
      1       2        2 Benoit Lemoine
      1       2        2 YourPsychiatrist
      1       2        0 Henri Cook
      1       2        1 igarashi-kazuya
      1     109        8 Mat2095
      1       0        1 Naoki Takezoe
      1      58        0 morellik
      1       0       37 Tim Moore
      1      56        0 Cédric Chantepie
      1      19        1 Yinan Ding
      1      15        5 Emmanuel GUITON
      1       1        1 Owen Miller
      1      32        5 Brandon Brown
      1       4        4 takashima0411
      1      10        7 Seung-Zin Nam
      1       0       10 Johannes Rudolph
      1       1        1 Yoshiyuki Sakamoto
      1       1       17 Francis De Brabandere
      1      14        0 Daniel Knittl-Frank
      1       0        5 Seth Tisue
      1       1        1 nickweitzel
      1       1        1 etienne
      1       3       26 Fajr Febriansyah
      1      62       16 Valy Dia
      1       2        2 Santiago
      1       1        1 PJ Fanning
      1      41        8 srirachapills
      1       2        0 bwbecker
      1       1        1 Sergey Morgunov
      1       0        1 Nafer Sanabria
      1       1        1 Felix Meißner
      1     113       48 gaurang-sawhney
      1       1        1 Zachary Mulgrew
      1       1        1 Jiangwr
      1       1        1 Nikolas

v2.7.9: Play 2.7.9

Compare Source

📣 Play 2.7.9 Released

The Play Team is happy to announce the releases of Play 2.8.7 and Play 2.7.9.

As we found a regression just after building the 2.8.6 and 2.7.8 releases, we followed up on those without announcing them.

📗 What is new?

The following are the relevant changes of this bugfix release:

• Let user overwrite limit memory size on form binding #​10543
• The Play Runner now works on Mac OS Big Sur #​10372
• We publish a Maven BOM pom.xml for Play 2.8 #​10549

For more details see the full list of changes and the 2.7.8 and 2.7.9 milestones.

Migration

To make the form binding size limit configurable, some sources may need adaptation to make the FormBinding implicits available (see Parser maxMemoryBuffer limits).

🙇 Credits

Finally, thanks to the community for their help with detailed bug reports, discussion about new features, and pull requests review. Play is only possible due to the help we had from amazing contributors.

Thanks to Lightbend for their continued sponsorship of the Play core team's efforts. Lightbend offers commercial support for Play.

v2.7.8

Compare Source

v2.7.7: Play 2.7.7

Compare Source

📣 Play 2.7.7 Released

The Play Team is proud to announce the release of Play 2.7.7.

📗 What is new?

The following are the main changes of this bugfix release:

• (regression) JsonNode deserializer support for @JsonRawValue as module (https://github.com/playframework/playframework/pull/10510)

For more details see the full list of changes and the 2.7.7 milestone.

🙇 Credits

Finally, thanks to the community for their help with detailed bug reports, discussion about new features, and pull requests review. Play 2.7.7 is only possible due to the help we had from amazing contributors.

Thanks to Lightbend for their continued sponsorship of the Play core team's efforts. Lightbend offers commercial support for Play.

Special thanks to the following contributors who helped with this release:

• Renato Cavalcanti
• Ignasi Marimon-Clos

v2.7.6: Play 2.7.6

Compare Source

📣 Play 2.7.6 Released

The Play Team is proud to announce the release of Play 2.7.6.

📗 What is new?

The following are the main changes of this bugfix release:

• Security Fix - Jsonnode deserializer as module (https://github.com/playframework/playframework/pull/10496) - read related CVE announcement
• Security Fix - Json parse on forms (https://github.com/playframework/playframework/pull/10496) - read related CVE announcement
• Re-enabling cross compilation for routes-compiler (https://github.com/playframework/playframework/pull/10354)
• Fix gzip buffering (https://github.com/playframework/playframework/pull/10429)

For more details see the full list of changes and the 2.7.6 milestone.

🙇 Credits

Finally, thanks to the community for their help with detailed bug reports, discussion about new features, and pull requests review. Play 2.8.3 is only possible due to the help we had from amazing contributors.

Thanks to Lightbend for their continued sponsorship of the Play core team's efforts. Lightbend offers commercial support for Play.

Special thanks to the following contributors who helped with this release:

• Arnout Engelen
• Ignasi Marimon-Clos
• Johannes Rudolph
• Play Team
• Renato Cavalcanti
• Sebastien Coquelin

v2.7.5: Play 2.7.5

Compare Source

📣 Play 2.7.5 Released

The Play Team is proud to announce the release of Play 2.7.5.

📗 What is new?

The following are the main changes of this bugfix release:

• Fix HTTP/2 support for JDK8 after u252 #​10281
• Fixed CSRF handling for invalid content types #​10293
• artifacts for Scala 2.13 are compiled using 2.13.2 #​10279

For more details see the full list of changes and the 2.7.5 milestone.

🙇 Credits

Finally, thanks to the community for their help with detailed bug reports, discussion about new features, and pull requests review. Play 2.7.5 is only possible due to the help we had from amazing contributors.

Thanks to Lightbend for their continued sponsorship of the Play core team's efforts. Lightbend offers commercial support for Play.

Special thanks to the following contributors who helped with this release:

• Matthias Kurz
• Renato Cavalcanti
• Ignasi Marimon-Clos
• Dale Wijnand
• Marcos Pereira
• Suiyi Fu
• Greg Methvin
• James Roper
• Jacob Wahlgren

v2.7.4: Play 2.7.4

Compare Source

The Play Team is pleased to announce the release of Play Framework 2.7.4. This is the latest stable release of Play 2.7.x series.

Changelog

This release mainly includes security and overall fixes.

For more details see the full list of changes and the 2.7.4 milestone.

Credits

Thanks to the community for their detailed bug reports and contributions. Special thanks to the following contributors who helped with this release: Dale Wijnand, Matthias Kurz, Renato Cavalcanti, Marcos Pereira, Jafer Khan, Eugene Yokota, Ignasi Marimon-Clos, Ander Parra, João Ferreira, rhdevlin, Vlad Romanenko, takashima0411, igarashi-kazuya, Arnout Engelen, nickweitzel, YourPsychiatrist, Brandon Brown, Owen Miller, Albaro Pereyra, etienne.

Thanks to Lightbend for their continued sponsorship of the Play core team's efforts. Lightbend offers commercial support for Play.

v2.7.3: Play 2.7.3

Compare Source

The Play Team is pleased to announce the release of Play Framework 2.7.3 with binaries for Scala 2.13. This is the latest stable release of Play 2.7.x series.

Changelog

In order to have a Scala 2.13 build we needed to remove one internal class that can't be compiled with Scala 2.13 (see playframework/playframework@1ad816e for details). The removed class, org.jdbcdslog.LogSqlDataSource, was only used internally so in principle users should not be impact by it.

For more details see the full list of changes and the 2.7.3 milestone.

Credits

Thanks to the community for their detailed bug reports and contributions.

Thanks to Lightbend for their continued sponsorship of the Play core team's efforts. Lightbend offers commercial support for Play.

v2.7.2: Play 2.7.2

Compare Source

The Play Team is pleased to announce the release of Play Framework 2.7.2, the latest stable release of Play.

Changelog

Play 2.7.2 is virtually similar to Play 2.7.1, released a few days before. It mainly fixes a problem with play-docs artifact generation, but from the users' perspective, nothing substantial changed. For more details see the full list of changes.

Credits

Thanks to the community for their detailed bug reports and contributions.

Thanks to Lightbend for their continued sponsorship of the Play core team's efforts. Lightbend offers commercial support for Play.

Special thanks to the following contributors who helped with this release: Dale Wijnand, Marcos Pereira, Renato Cavalcanti.

Join the Play Community

Want to discuss the new release or have questions related to Play? Visit the Play Framework forum.

v2.7.1: Play 2.7.1

Compare Source

Released 18 Apr 2019

• All changes
• GitHub milestone

For all the details, see the announcement here: https://blog.playframework.com/play-2-7-1-released/.

v2.7.0: Play 2.7.0

Compare Source

The Play Team is proud to announce the release of Play 2.7.0. This release adds many new features and continues our efforts to make Play more modular, flexible, and secure. Play 2.7.0 is the result of more than 1 year of relentless work from our fantastic community comprehending more than 720 changes made from almost 150 contributors.

What's new?

The highlights in Play 2.7.0 include:

gRPC support

gRPC is a transport mechanism for request/response and (non-persistent) streaming use cases. It is a schema-first RPC framework, where your protocol is declared in a protobuf service descriptor, and requests and responses will be streamed over an HTTP/2 connection. Play now offers play-grpc which is a module built on top of akka-grpc and gives you experimental support to declare your services in this format. See Akka gRPC's documentation on Why gRPC? for more information about when to use gRPC as your transport.

Akka Coordinated Shutdown

Play 2.6 introduced the usage of Akka's Coordinated Shutdown but still did not use it all across the core framework or expose it to the end user. Coordinated Shutdown is now used internally to handle Play's lifecycle.

The main advantage is that it gives you fine-grained phases where you can register tasks instead of just having a single phase like Play's application lifecycle. For example, you can add tasks to run before or after server binding, or after all the current requests finishes.

New cache implementation using Caffeine

Caffeine is a high performance, near optimal caching library based on Java 8. It is now the underlying cache library used by Play Cache APIs implementation since it is a much better option for a local cache than the version of EhCache we were using before.

Enhanced Content Security Policy support

There is a new Content Security Policy filter available that supports CSP nonce and hashes for embedded content. The previous setting of enabling CSP by default and setting it to default-src 'self' was too strict, and interfered with browser plugins.

The CSP filter uses Google's Strict CSP policy by default, which is a nonce based policy.

Direct access to request data without Http.Context

Historically, Play used play.mvc.Http.Context as a way to access request information and set some response data. It is a crucial part of Java HTTP & MVC APIs, but it is not a proper abstraction of how these APIs should work. You can now make your actions directly receive the request as a parameter, and consistent APIs were added to manipulate its data and the response.

See our detailed migration guide for examples showing how to migrate to the new APIs.

Major library updates

Play 2.7 brings a new version of most of its dependencies. The updates mainly include new features, security and overall fixes. See a list of the most important updates in our migration guide. Of course,