4.7.8.Final

[jamezp]

What's Changed

Bug

• [RESTEASY-2845] - ResteasyWebTarget.proxy(Class) problem with questionmark in `@Path` with Regex
• [RESTEASY-2874] - Web Target Proxy not overriding content type header
• [RESTEASY-3177] - ClientInvocation may not always submit requests asynchronously
• [RESTEASY-3217] - MultipartFormDataOutput should use an ordered map instead of a HashMap
• [RESTEASY-3256] - CDI managed beans do not inject `@Context` injection targets
• [RESTEASY-3286] - CVE-2023-0482 RESTEasy: creation of insecure temp files

Task

• [RESTEASY-3283] - Do not throw an exception for OPTIONS request

Component Upgrade

• [RESTEASY-3287] - Upgrade Spring to 5.3.25

Full Changelog: 4.7.7.Final...4.7.8.Final

---

This discussion was created from the release 4.7.8.Final.

[dovezp]

@jamezp, So CVE-2023-0482 was addressed following 4.7.8.Final?

Why does GHSA-jrmh-v64j-mjm9 state that it affects <= 6.2.2.Final?

[dovezp]

@jamezp please update https://github.com/resteasy/resteasy/releases/tag/5.0.6.Final with disclosure of 4feb572 instead of "[5.0] Back ported fixes by @jamezp in #3412"

[jamezp]

It's been updated. This was also fixed in 4.7.8.Final as well in #3413.

[jamezp]

Just an FYI I've also filed GHSA-2c6g-pfx3-w7h8.