v12.4.0 🎁

🚀 New features and improvements

• HTM-1733 Support for feature attachments in edit component and object information, saved in an automatically created "sidecar" table (with attachment metadata and blob) next to the original feature type table. Note that the database account must have grants to create tables for this table to be created automatically when attachment attributes are configured in the admin.
• HTM-1760: Feature attributes are now not editable by default and need to be explicitly made editable (#1467) @steinkobben
• HTM-1708: Changes in the Tailormap configuration database can be audited/logged in the 'history' schema using Hibernate Envers (disabled by default).
• Created by, created on, modified by and modified on are saved for some configuration entities.
• HTM-1639: Introduce functionality to reset a Tailormap user account password by e-mail. This functionality is disabled by default and requires valid SMTP mailserver configuration.
• HTM-1703: 3D tileset style can be configured in app layer settings (#1440) @steinkobben

Minor changes

• HTM-1638: Add a task that checks the Solr status (#1528) @mprins
• EO-618: Portal: Inherit page authorization. Use specific tile type (#1519) @geertplaisier
• EO-618: Portal: Allow to set page and tile authorizations + add auth checks (#1496) @geertplaisier

Refactoring

• HTM-1667: Validate filters and add attribute aliases in back-end (#1419) @steinkobben
• Filter verify simplification (#1435) @matthijsln
• Refactor filter verification (#1421) @matthijsln
• Use JPA repository in token cleanup (#1422) @matthijsln

⛓️‍💥 Breaking changes

The e-mail addresses entered for Tailormap users must be now unique. If duplicate e-mail adresses exist the API will not start before this is fixed. This does not affect users that login via OIDC.

🔨 Security fixes en updates

• HTM-1722: Fix QOS.CH logback-core is vulnerable to Arbitrary Code Execution through file processing (#1443) @mprins

🐛 Bug Fixes

• HTM-1795: OpenAPI generation shows some errors (#1520) @mprins
• HTM-1783: Set editable to false if feature type crs does not match application crs (#1518) @steinkobben
• Fix auto-closing HttpClient for retrieving OpenID configuration too early, multiple OIDC configurations did not work (#1453) @matthijsln

🚦 Tests and Infrastructure

34 changes

• Bump com.google.errorprone:error_prone_core from 2.44.0 to 2.45.0 (#1523) @dependabot[bot]
• Apply changes resulting from adding OGC features API (#1525) @mprins
• Bump io.swagger.core.v3:swagger-annotations from 2.2.40 to 2.2.41 (#1511) @dependabot[bot]
• Bump org.codehaus.mojo:taglist-maven-plugin from 3.2.1 to 3.2.2 (#1514) @dependabot[bot]
• Bump org.codehaus.mojo:versions-maven-plugin from 2.19.1 to 2.20.1 (#1516) @dependabot[bot]
• HTM-1773: Bump org.springframework.boot:spring-boot-starter-parent from 3.5.7 to 3.5.8 (#1508) @dependabot[bot]
• Bump actions/checkout from 5 to 6 (#1507) @dependabot[bot]
• Bump org.immutables:value from 2.11.6 to 2.11.7 (#1504) @dependabot[bot]
• Bump io.fabric8:docker-maven-plugin from 0.47.0 to 0.48.0 (#1501) @dependabot[bot]
• Bump com.diffplug.spotless:spotless-maven-plugin from 3.0.0 to 3.1.0 (#1505) @dependabot[bot]
• Bump hibernate.version from 6.6.35.Final to 6.6.36.Final (#1503) @dependabot[bot]
• Bump org.owasp:dependency-check-maven from 12.1.8 to 12.1.9 (#1482) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-release-plugin from 3.1.1 to 3.2.0 (#1485) @dependabot[bot]
• Bump eclipse-temurin from 21.0.8_9-jre to 21.0.9_10-jre (#1489) @dependabot[bot]
• Bump com.google.errorprone:error_prone_core from 2.43.0 to 2.44.0 (#1488) @dependabot[bot]
• AttachmentHelper integration test refactoring (#1478) @mprins
• HTM-1755: update test expectations after adding extra tables and layers (#1477) @mprins
• Bump io.fabric8:docker-maven-plugin from 0.46.0 to 0.47.0 (#1474) @dependabot[bot]
• Allow skipping spotless (#1468) @mprins
• Bump prom/prometheus from v3.7.2 to v3.7.3 in /build/ci (#1459) @dependabot[bot]
• Bump org.openapitools:openapi-generator-maven-plugin from 7.16.0 to 7.17.0 (#1456) @dependabot[bot]
• Update postgis/postgis from 17-3.5 to 18-3.6 (#1451) @mprins
• Bump actions/upload-artifact from 4 to 5 (#1450) @dependabot[bot]
• Bump com.google.errorprone:error_prone_core from 2.42.0 to 2.43.0 (#1446) @dependabot[bot]
• Bump prom/prometheus from v3.7.1 to v3.7.2 in /build/ci (#1449) @dependabot[bot]
• HTM-1730: Bump org.springframework.boot:spring-boot-starter-parent from 3.5.6 to 3.5.7 (#1445) @dependabot[bot]
• Replace deprecated PMD rule and add the mockito agent to surefire/failsafe configs (#1439) @mprins
• Bump eclipse-temurin from 21.0.1_12-jre to 21.0.8_9-jre (#1438) @dependabot[bot]
• Bump prom/prometheus from v3.7.0 to v3.7.1 in /build/ci (#1437) @dependabot[bot]
• HTM-1710: Upgrade to Java 21 (#1423) @mprins
• Bump prom/prometheus from v3.6.0 to v3.7.0 in /build/ci (#1433) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-pmd-plugin from 3.27.0 to 3.28.0 (#1432) @dependabot[bot]
• Bump org.owasp:dependency-check-maven from 12.1.6 to 12.1.8 (#1427) @dependabot[bot]
• Disable mail health check (#1424) @matthijsln

🔨 Dependency updates

35 changes

• Bump org.webjars:swagger-ui from 5.30.2 to 5.30.3 (#1524) @dependabot[bot]
• HTM-1784: Use Hibernate json type, remove hypersistence-utils-hibernate-XX dependency (#1517) @mprins
• Bump sentry.version from 8.26.0 to 8.27.1 (#1512) @dependabot[bot]
• Bump org.geotools:gt-bom from 34.0 to 34.1 (#1513) @dependabot[bot]
• Bump io.swagger.core.v3:swagger-annotations from 2.2.40 to 2.2.41 (#1511) @dependabot[bot]
• Bump hibernate.version from 6.6.36.Final to 6.6.37.Final (#1515) @dependabot[bot]
• HTM-1773: Bump org.springframework.boot:spring-boot-starter-parent from 3.5.7 to 3.5.8 (#1508) @dependabot[bot]
• Bump okhttp.version from 5.3.0 to 5.3.2 (#1502) @dependabot[bot]
• Bump org.immutables:value from 2.11.6 to 2.11.7 (#1504) @dependabot[bot]
• Bump hibernate.version from 6.6.35.Final to 6.6.36.Final (#1503) @dependabot[bot]
• Followup on Solrj upgrade (#1475) (#1479) @mprins
• HTM-1777: Add json-path dependency version override to update from 2.9.0 to 2.10.0 (#1492) @mprins
• HTM-1775: Update Flyway version from 11.15.0 to 11.17.0 (#1491) @mprins
• HTM-1776: Update micrometer.version to 1.16.0 (#1490) @mprins
• HTM-1774: Remove deprecated javax.annotations.* and javax.inject.* annotations (#1494) @mprins
• Bump sentry.version from 8.25.0 to 8.26.0 (#1480) @dependabot[bot]
• Bump io.hypersistence:hypersistence-utils-hibernate-63 from 3.11.0 to 3.12.0 (#1484) @dependabot[bot]
• Bump org.webjars:swagger-ui from 5.30.1 to 5.30.2 (#1483) @dependabot[bot]
• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#1481) @dependabot[bot]
• Bump org.eclipse.jetty.ee10:jetty-ee10-bom from 12.0.29 to 12.0.30 (#1487) @dependabot[bot]
• Bump org.apache.solr:solr-solrj from 9.9.0 to 9.10.0 (#1475) @dependabot[bot]
• Bump org.junit:junit-bom from 6.0.0 to 6.0.1 (#1472) @dependabot[bot]
• Bump org.webjars:swagger-ui from 5.30.0 to 5.30.1 (#1473) @dependabot[bot]
• Bump hibernate.version from 6.6.33.Final to 6.6.34.Fi...

v12.3.0 🎁

🚀 New features and improvements

• HTM-1697: Add organisation field to user (#1418) @matthijsln
• HTM-1677: Add image to oidc configuration (#1399) @steinkobben

🐛 Bug Fixes

• HTM-1686: static oauth2 configuration broken (#1410) @matthijsln
• Fix: spring_session table not created on startup (#1402) @matthijsln

🚦 Tests and Infrastructure

• Bump org.openrewrite.maven:rewrite-maven-plugin from 6.18.0 to 6.20.0 (#1416) @dependabot[bot]
• Bump github/codeql-action from 3 to 4 (#1412) @dependabot[bot]
• Bump fsfe/reuse-action from 5 to 6 (#1411) @dependabot[bot]
• Bump org.junit:junit-bom from 5.13.4 to 6.0.0 (#1406) @dependabot[bot]
• Bump org.openapitools:openapi-generator-maven-plugin from 7.15.0 to 7.16.0 (#1405) @dependabot[bot]
• Bump yogeshlonkar/trivy-cache-action from 0.1.15 to 0.1.16 (#1403) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-dependency-plugin from 3.8.1 to 3.9.0 (#1409) @dependabot[bot]
• Bump org.owasp:dependency-check-maven from 12.1.5 to 12.1.6 (#1398) @dependabot[bot]
• Bump com.diffplug.spotless:spotless-maven-plugin from 2.46.1 to 3.0.0 (#1397) @dependabot[bot]
• Bump org.immutables:value from 2.11.3 to 2.11.4 (#1396) @dependabot[bot]

🔨 Dependency updates

• HTM-1662: Upgrade to GeoTools 34.x (#1387) @mprins
• Bump org.eclipse.jetty.ee10:jetty-ee10-bom from 12.0.27 to 12.0.28 (#1417) @dependabot[bot]
• Bump okhttp.version from 5.1.0 to 5.2.0 (#1415) @dependabot[bot]
• Bump org.webjars:swagger-ui from 5.29.2 to 5.29.3 (#1414) @dependabot[bot]
• Bump org.immutables:value from 2.11.4 to 2.11.6 (#1413) @dependabot[bot]
• Bump org.webjars:swagger-ui from 5.28.1 to 5.29.2 (#1407) @dependabot[bot]
• Bump io.swagger.core.v3:swagger-annotations from 2.2.37 to 2.2.38 (#1408) @dependabot[bot]
• Bump sentry.version from 8.22.0 to 8.23.0 (#1404) @dependabot[bot]
• Bump com.diffplug.spotless:spotless-maven-plugin from 2.46.1 to 3.0.0 (#1397) @dependabot[bot]
• Bump org.immutables:value from 2.11.3 to 2.11.4 (#1396) @dependabot[bot]

v12.2.1 🎁

⛓️‍💥 Breaking changes

Requires update of backends using the tailormap-api session using spring-session-jdbc deserialization:

• HTM-1680: Fix drawing admin / read-all authorizations (#1401) @matthijsln

🐛 Bug Fixes

• HTM-1680: Fix drawing admin / read-all authorizations (#1401) @matthijsln
• Ignore deserialization exceptions for JDBC sessions (#1400) @matthijsln

v12.2.0 🎁

🔨 Security fixes en updates

• HTM-1661: Bump org.springframework.boot:spring-boot-starter-parent from 3.5.5 to 3.5.6 (#1386) @dependabot[bot]

🐛 Bug Fixes

• HTM-1648: filter out empty children and invalid appLayers from /map response (#1376) @mprins

🚦 Tests and Infrastructure

12 changes

• Bump org.owasp:dependency-check-maven from 12.1.3 to 12.1.5 (#1392) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.11.3 to 3.12.0 (#1389) @dependabot[bot]
• Bump org.codehaus.mojo:versions-maven-plugin from 2.19.0 to 2.19.1 (#1393) @dependabot[bot]
• Bump com.google.errorprone:error_prone_core from 2.41.0 to 2.42.0 (#1391) @dependabot[bot]
• Bump prom/prometheus from v3.5.0 to v3.6.0 in /build/ci (#1388) @dependabot[bot]
• Apply the OpenRewrite Java 17 rules (#1385) @mprins
• HTM-1661: Bump org.springframework.boot:spring-boot-starter-parent from 3.5.5 to 3.5.6 (#1386) @dependabot[bot]
• Bump actions/setup-java from 4 to 5 (#1379) @dependabot[bot]
• Bump yogeshlonkar/trivy-cache-action from 0.1.14 to 0.1.15 (#1378) @dependabot[bot]
• Bump aquasecurity/trivy-action from 0.32.0 to 0.33.1 (#1380) @dependabot[bot]
• Bump actions/github-script from 7 to 8 (#1381) @dependabot[bot]
• Bump actions/stale from 9 to 10 (#1382) @dependabot[bot]

🔨 Dependency updates

• Bump sentry.version from 8.21.1 to 8.22.0 (#1390) @dependabot[bot]
• HTM-1661: Bump org.springframework.boot:spring-boot-starter-parent from 3.5.5 to 3.5.6 (#1386) @dependabot[bot]
• Bump io.swagger.core.v3:swagger-annotations from 2.2.36 to 2.2.37 (#1383) @dependabot[bot]

v12.1.3 🎁

🐛 Bug Fixes

• HTM-1657: Fix login problems for user where additional_properties is null (#1377) @matthijsln

v12.1.2 🎁

🐛 Bug Fixes

• Add alias to /describe just like /features (#1366) @matthijsln
• HTM-1645: Apply layer access rules to filters (#1375) @mprins

🚦 Tests and Infrastructure

• Remove spotify fmt-maven-plugin from pom.xml (#1374) @mprins
• Bump com.spotify.fmt:fmt-maven-plugin from 2.27 to 2.28 (#1370) @dependabot[bot]
• HTM-1273: cleanup PocTask, InterruptablePocTask and FailingPocTask (#1364) @mprins

🔨 Dependency updates

• Bump org.eclipse.jetty.ee10:jetty-ee10-bom from 12.0.25 to 12.0.27 (#1369) @dependabot[bot]
• Bump io.hypersistence:hypersistence-utils-hibernate-63 from 3.10.3 to 3.11.0 (#1371) @dependabot[bot]
• Bump sentry.version from 8.20.0 to 8.21.1 (#1367) @dependabot[bot]
• Bump org.webjars:swagger-ui from 5.28.0 to 5.28.1 (#1368) @dependabot[bot]

v12.1.1 🎁

🚦 Tests and Infrastructure

• Bump org.codehaus.mojo:versions-maven-plugin from 2.18.0 to 2.19.0 (#1362) @dependabot[bot]

🔨 Dependency updates

• Bump org.webjars:swagger-ui from 5.27.1 to 5.28.0 (#1363) @dependabot[bot]

v12.1.0 🎁

🚀 New features and improvements

• Extended filter configuration models (#1360, #1351) @steinkobben
• Support for ingesting metrics from frontend to expose via Actuator (#1331, #1342) @mprins
• HTM-1603: Create admin API for requesting the instance's application and application layer metric data @mprins
• Support for deleting metrics from Prometheus when layer (#1358, (#1354) or application is removed @mprins
• Use spring-session-jdbc and make UserDetails easily serializable for use in separate Spring Boot application using the same session (#1352) @matthijsln

🔨 Security fixes en updates

• Bump org.springframework.boot:spring-boot-starter-parent from 3.5.4 to 3.5.5 (#1349) @dependabot[bot]
• Assorted dependency updates (#1339) @mprins

🚦 Tests and Infrastructure

14 changes

• HTM-1606: Update CI stack to include a configured prometheus service (#1333) @mprins
• HTM-1605: Add code to generate application request metric in ViewerController (#1332) @mprins
• Bump org.openapitools:openapi-generator-maven-plugin from 7.14.0 to 7.15.0 (#1356) @dependabot[bot]
• Bump de.skuzzle.enforcer:restrict-imports-enforcer-rule from 2.6.1 to 3.0.0 (#1357) @dependabot[bot]
• Allow actuator access from internal networks and localhost (#1353) @matthijsln
• Bump org.springframework.boot:spring-boot-starter-parent from 3.5.4 to 3.5.5 (#1349) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.11.2 to 3.11.3 (#1343) @dependabot[bot]
• Bump modernizer-maven-plugin.version from 3.1.0 to 3.2.0 (#1345) @dependabot[bot]
• Bump hibernate.version from 6.6.25.Final to 6.6.26.Final (#1344) @dependabot[bot]
• Bump actions/checkout from 4 to 5 (#1334) @dependabot[bot]
• Bump eclipse-temurin from 17.0.15_6-jre to 17.0.16_8-jre (#1329) @dependabot[bot]
• Bump hibernate.version from 6.6.23.Final to 6.6.24.Final (#1326) @dependabot[bot]
• Bump hibernate.version from 6.6.22.Final to 6.6.23.Final (#1320) @dependabot[bot]
• Bump com.google.errorprone:error_prone_core from 2.40.0 to 2.41.0 (#1318) @dependabot[bot]
• Bump org.springframework.boot:spring-boot-starter-parent from 3.5.3 to 3.5.4 (#1314) @dependabot[bot]
• Bump com.diffplug.spotless:spotless-maven-plugin from 2.45.0 to 2.46.1 (#1316) @dependabot[bot]

🔨 Dependency updates

21 changes

• Bump sentry.version from 8.19.1 to 8.20.0 (#1355) @dependabot[bot]
• Bump Solr jetty.version override from 10.0.24 to 10.0.26 (#1350) @mprins
• Bump org.springframework.boot:spring-boot-starter-parent from 3.5.4 to 3.5.5 (#1349) @dependabot[bot]
• Bump io.swagger.core.v3:swagger-annotations from 2.2.35 to 2.2.36 (#1346) @dependabot[bot]
• Bump hibernate.version from 6.6.25.Final to 6.6.26.Final (#1344) @dependabot[bot]
• Assorted dependency updates (#1339) @mprins
• Bump sentry.version from 8.18.0 to 8.19.1 (#1335) @dependabot[bot]
• Bump org.eclipse.jetty.ee10:jetty-ee10-bom from 12.0.24 to 12.0.25 (#1336) @dependabot[bot]
• Bump org.immutables:value from 2.11.2 to 2.11.3 (#1337) @dependabot[bot]
• Bump org.webjars:swagger-ui from 5.27.0 to 5.27.1 (#1328) @dependabot[bot]
• Bump org.eclipse.jetty.ee10:jetty-ee10-bom from 12.0.23 to 12.0.24 (#1325) @dependabot[bot]
• Bump org.immutables:value from 2.11.1 to 2.11.2 (#1327) @dependabot[bot]
• Bump hibernate.version from 6.6.23.Final to 6.6.24.Final (#1326) @dependabot[bot]
• HTM-1594: Upgrade Oracle JDBC driver to current Java 17 release (#1324) @mprins
• Bump io.swagger.core.v3:swagger-annotations from 2.2.34 to 2.2.35 (#1323) @dependabot[bot]
• Bump sentry.version from 8.17.0 to 8.18.0 (#1322) @dependabot[bot]
• Bump hibernate.version from 6.6.22.Final to 6.6.23.Final (#1320) @dependabot[bot]
• Bump org.webjars:swagger-ui from 5.26.2 to 5.27.0 (#1319) @dependabot[bot]
• Bump org.springframework.boot:spring-boot-starter-parent from 3.5.3 to 3.5.4 (#1314) @dependabot[bot]
• Bump org.apache.solr:solr-solrj from 9.8.1 to 9.9.0 (#1315) @dependabot[bot]
• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#1317) @dependabot[bot]

v12.0.4 🎁

🚀 New features and improvements

• HTM-1586: Allow proxying layers from secured services for authenticated users (#1312) @matthijsln
• HTM-1411: Add login success|failure counters (#1310) @mprins
• HTM-1592: Extend data model to include dropdown list filters (#1301) @steinkobben
• HTM-1589: Create separate unique values controller for admin (#1292) @steinkobben
• Change uploads hash to SHA-1 and store in column (#1291) @matthijsln

🚦 Tests and Infrastructure

• HTM-1593: fix faulty testcase (#1307) @mprins
• Update drawing style testdata (#1313) @matthijsln
• Update Maven version from 3.9.9 to 3.9.11 (#1311) @mprins
• Bump hibernate.version from 6.6.19.Final to 6.6.22.Final (#1309) @mprins
• Update testdata setup (#1308) @mprins
• Bump com.google.errorprone:error_prone_core from 2.39.0 to 2.40.0 (#1296) @dependabot[bot]
• Bump com.diffplug.spotless:spotless-maven-plugin from 2.44.5 to 2.45.0 (#1298) @dependabot[bot]
• Bump aquasecurity/trivy-action from 0.31.0 to 0.32.0 (#1300) @dependabot[bot]
• Bump hibernate.version from 6.6.18.Final to 6.6.19.Final (#1289) @mprins

🔨 Dependency updates

• Bump geotools.version from 33.1 to 33.2 (#1302) @dependabot[bot]
• Bump okhttp.version from 5.0.0-alpha.17 to 5.1.0 (#1293) @dependabot[bot]
• Bump org.junit:junit-bom from 5.13.2 to 5.13.3 (#1299) @dependabot[bot]
• Bump sentry.version from 8.16.0 to 8.17.0 (#1295) @dependabot[bot]
• Bump org.webjars:swagger-ui from 5.25.3 to 5.26.2 (#1305) @dependabot[bot]
• Bump hibernate.version from 6.6.19.Final to 6.6.22.Final (#1309) @mprins
• Bump hibernate.version from 6.6.18.Final to 6.6.19.Final (#1289) @mprins
• Bump okhttp.version from 5.0.0-alpha.16 to 5.0.0-alpha.17 (#1285) @dependabot[bot]
• Bump org.eclipse.jetty.ee10:jetty-ee10-bom from 12.0.22 to 12.0.23 (#1286) @dependabot[bot]

v12.0.3 🎁

🚀 New features and improvements

• Add admin controller to find uploads by md5 of content (#1284) @matthijsln
• EK-50: Create endpoint to return latest upload of a category (#1281) @mprins
• EK-36: datamodel for the drawing style (#1270) @mprins
• HTM-1583: Extend slider filter model with input mode (#1273) @steinkobben

🚦 Tests and Infrastructure

• Bump org.apache.maven.plugins:maven-pmd-plugin from 3.26.0 to 3.27.0 (#1280) @dependabot[bot]
• Bump com.google.errorprone:error_prone_core from 2.38.0 to 2.39.0 (#1277) @dependabot[bot]
• Bump org.openapitools:openapi-generator-maven-plugin from 7.13.0 to 7.14.0 (#1279) @dependabot[bot]
• Bump io.swagger.core.v3:swagger-annotations from 2.2.33 to 2.2.34 (#1274) @dependabot[bot]

🔨 Dependency updates

• Bump org.immutables:value from 2.10.1 to 2.11.0 (#1287) @dependabot[bot]
• Bump sentry.version from 8.15.1 to 8.16.0 (#1282) @mprins
• Bump com.google.errorprone:error_prone_core from 2.38.0 to 2.39.0 (#1277) @dependabot[bot]
• Bump org.openapitools:openapi-generator-maven-plugin from 7.13.0 to 7.14.0 (#1279) @dependabot[bot]
• Bump io.swagger.core.v3:swagger-annotations from 2.2.33 to 2.2.34 (#1274) @dependabot[bot]
• Bump org.junit:junit-bom from 5.13.1 to 5.13.2 (#1278) @dependabot[bot]
• Bump org.webjars:swagger-ui from 5.25.2 to 5.25.3 (#1276) @dependabot[bot]
• Bump sentry.version from 8.14.0 to 8.15.1 (#1275) @dependabot[bot]