-
v2.5.4-hotfix — Plugin Entity & JPMS Fix Pre-release
released this
2026-05-13 00:01:38 +02:00 | 88 commits to main since this releasev2.5.4-hotfix
Hotfix for v2.5.4-dev addressing compilation failures and CodeQL security alerts.
Fixes
- Added missing getters/setters to Plugin entity for sandbox fields
- Fixed PluginSandboxService.validateJpmsIsolation() type error (ResolvedModule vs Module)
- PluginStorageService.stageJar(): added isValidJarName() validation (CodeQL path-injection)
- PluginLoaderService.loadPlugin(): validate jarPath is absolute local file before URL conversion (CodeQL SSRF)
Workflow Status
- ✅ Compose Smoke Test
- ✅ CodeQL
- ⚠️ Migration Validation (pre-existing: synapse-plugin-api not in Maven Central)
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads