Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency org.hibernate:hibernate-entitymanager to v5 - autoclosed #9

Conversation

mend-for-github-com[bot]
Copy link

@mend-for-github-com mend-for-github-com bot commented Apr 18, 2023

This PR contains the following updates:

Package Type Update Change
org.hibernate:hibernate-entitymanager (source) compile major 4.3.11.Final -> 5.0.2.Final

By merging this PR, the issue #27 will be automatically resolved and closed:

Severity CVSS Score CVE
Critical Critical 9.8 CVE-2020-10683
High High 7.5 CVE-2018-1000632
High High 7.4 CVE-2020-25638
Medium Medium 6.5 CVE-2019-14900

Release Notes

hibernate/hibernate-orm

v5.0.2.Final: Second bug-fix release for 5.0

Compare Source

The complete list of changes can be found here.

For information on consuming the release into your build via your favorite dependency-management-capable build tool, see http://hibernate.org/orm/downloads/.

For those of you allergic to dependency-management-capable build tools, the release bundles can be obtained from SourceForge or BinTray.

v5.0.1.Final: First bug-fix release for 5.0

Compare Source

The complete list of changes can be found here.

For information on consuming the release into your build via your favorite dependency-management-capable build tool, see http://hibernate.org/orm/downloads/.

For those of you allergic to dependency-management-capable build tools, the release bundles can be obtained from SourceForge or BinTray.

v5.0.0.Final: 5.0.0 has gone Final!

Compare Source

Today I have released Hibernate ORM 5.0 (5.0.0.Final). This has been a long time coming and is the result
of the efforts of many folks. Thanks to everyone who helped us get here with fixes, bug reports, suggestions,
input and encouragement!

A lot of development has gone into 5.0. Here are the big points:

New bootstrap API

The venerable way to bootstrap Hibernate (build a SessionFactory) has been to use its Configuration class.
Configuration, historically, allowed users to iteratively add settings and mappings in any order and to query the
state of settings and mapping information in the middle of that process. Which meant that building the mapping
information could not effectively rely on any settings being available. This lead to many limitations and problems.

5.0 introduces a new bootstrapping API aimed at alleviating those limitations and problems, while allowing
better determinism and better integration. See the Bootstrap chapter in the User Guide for details on using
the new API.

Configuration is still available for use, although in a limited sense. Some of its methods have been removed. Under
the covers Configuration makes use of the new bootstrap API.

Spatial/GIS support

Hibernate Spatial is a project that has been around for a number of years. Karel Maesen has done an amazing job
with it.

Starting in 5.0 Hibernate Spatial is now part of the Hibernate project proper to allow it to better keep up with
upstream development. It is available as org.hibernate:hibernate-spatial. If your application has need for
GIS data, we highly recommend giving hibernate-spatial a try.

Java 8 support

Well, ok.. not all of Java 8. Specifically we have added support for Java 8 Date and Time API in regards to easily mapping
attributes in your domain model using the Java 8 Date and Time API types to the database. This support is available
under the dedicated hibernate-java8 artifact (to isolate Java 8 dependencies). For additional information, see
the Basic Types chapter in the Domain Model Mapping Guide.

Expanded AUTO id generation support

JPA defines support for GenerationType#AUTO limited to just Number types. Starting in 5.0 Hibernate offers expandable support for a broader
set of types, including built-in support for both Number types (Integer, Long, etc) and UUID. Users are also free to plug
in custom strategies for interpreting GenerationType#AUTO via the new org.hibernate.boot.model.IdGeneratorStrategyInterpreter extension.

Naming strategy split

NamingStrategy has been removed in favor of a better designed API. 2 distinct ones actually:

  • org.hibernate.boot.model.naming.ImplicitNamingStrategy - used whenever a table or column is not explicitly named to determine the name to use
  • org.hibernate.boot.model.naming.PhysicalNamingStrategy - used to convert a "logical name" (either implicit or explicit) name of a table or column
    into a physical name (e.g. following corporate naming guidelines)

Attribute Converter support

5.0 offers significantly improved support for JPA 2.1 AttributeConverters:

  • fully supported for non-@​Enumerated enum values
  • applicable in conjunction with @​Nationalized support
  • now called to handle null values
  • settable in hbm.xml by using type="converter:fully.qualified.AttributeConverterName"
  • integrated with hibernate-envers
  • collection values, map keys
  • support for conversion of parameterized types

Better "bulk id table" support

Support for "bulk id tables" has been completely redesigned to better fit what different databases support.

Transaction management

The transaction SPI underwent a major redesign as part of 5.0 as well. From a user perspective this generally
only comes into view in terms of configuration. Previously applications would work with the different backend
transaction stratagies directly via the org.hibernate.Transaction API. In 5.0 a level of indirection has been
added here. The API implementation of org.hibernate.Transaction is always the same now. On the backend, the
org.hibernate.Transaction impl talks to a org.hibernate.resource.transaction.TransactionCoordinator which represents
the "transactional context" for a given Session according to the backend transaction strategy. Users generally do not
need to care about the distinction.

The change is noted here because it might affect your bootstrap configuration. Whereas previously applications would
specify hibernate.transaction.factory_class and refer to a org.hibernate.engine.transaction.spi.TransactionFactory FQN,
with 5.0 the new contract is org.hibernate.resource.transaction.TransactionCoordinatorBuilder and is specified using the
hibernate.transaction.coordinator_class setting. See org.hibernate.cfg.AvailableSettings.TRANSACTION_COORDINATOR_STRATEGY
JavaDocs for additional details.

The following short-names are recognized:
jdbc::(the default) says to use JDBC-based transactions (org.hibernate.resource.transaction.backend.jdbc.internal.JdbcResourceLocalTransactionCoordinatorImpl)
jta::says to use JTA-based transactions (org.hibernate.resource.transaction.backend.jta.internal.JtaTransactionCoordinatorImpl)

See the User Guide for additional details.

Schema Tooling

5.0 offers much improvement in the area of schema tooling (export, validation and migration).

Typed Session API

Hibernate's native APIs (Session, etc) have been updated to be typed. No more casting!

Improved OSGi support

Really this started with a frustration over the fragility of hibernate-osgi tests. The first piece was a better testing setup using
Pax Exam and Karaf. This lead to us generating (and now publishing!) a Hibernate Karaf features file.

OSGi support has undergone some general improvement as well thanks to feedback from some Karaf and Pax developers and users.

See the Getting Started Guide for additional details on using the new Karaf features file.

Improved bytrecode enhancement capabilities

  • dirty tracking
  • bidirectional association management
  • lazy loading

Work on documentation

A lot of work has gone into the documentation for 5.0. Its still not complete (is documentation ever "complete"?), but it is much improved.

See the revamped http://hibernate.org/orm/documentation/5.0\[documentation page] for details.

BinTray

For now the plan is to publish the release bundles (zip and tgz) to BinTray. We will continue to publish to SourceForge as well. For the time being
we will publish the bundles to both.

Ultimately we will start to publish the "maven" artifacts there as well.

This is all a work in progress.

How to get it

See http://hibernate.atlassian.net/projects/HHH/versions/20851 for the complete list of changes.

See http://hibernate.org/orm/downloads/ for information on obtaining the releases.


  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Apr 18, 2023
@mend-for-github-com mend-for-github-com bot changed the title Update dependency org.hibernate:hibernate-entitymanager to v5 Update dependency org.hibernate:hibernate-entitymanager to v5 - autoclosed Jun 15, 2023
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/org.hibernate-hibernate-entitymanager-5.x branch June 15, 2023 01:43
@mend-for-github-com mend-for-github-com bot changed the title Update dependency org.hibernate:hibernate-entitymanager to v5 - autoclosed Update dependency org.hibernate:hibernate-entitymanager to v5 Jun 18, 2023
@mend-for-github-com mend-for-github-com bot reopened this Jun 18, 2023
@mend-for-github-com mend-for-github-com bot restored the whitesource-remediate/org.hibernate-hibernate-entitymanager-5.x branch June 18, 2023 13:06
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/org.hibernate-hibernate-entitymanager-5.x branch from 421520b to afdee56 Compare June 18, 2023 13:07
@mend-for-github-com mend-for-github-com bot changed the title Update dependency org.hibernate:hibernate-entitymanager to v5 Update dependency org.hibernate:hibernate-entitymanager to v5 - autoclosed Jul 13, 2023
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/org.hibernate-hibernate-entitymanager-5.x branch July 13, 2023 20:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security fix Security fix generated by Mend
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants