• v2.5.4-hotfix 8edaef8e2d

    FTMahringer released this 2026-05-13 00:01:38 +02:00 | 88 commits to main since this release

    v2.5.4-hotfix

    Hotfix for v2.5.4-dev addressing compilation failures and CodeQL security alerts.

    Fixes

    • Added missing getters/setters to Plugin entity for sandbox fields
    • Fixed PluginSandboxService.validateJpmsIsolation() type error (ResolvedModule vs Module)
    • PluginStorageService.stageJar(): added isValidJarName() validation (CodeQL path-injection)
    • PluginLoaderService.loadPlugin(): validate jarPath is absolute local file before URL conversion (CodeQL SSRF)

    Workflow Status

    • Compose Smoke Test
    • CodeQL
    • ⚠️ Migration Validation (pre-existing: synapse-plugin-api not in Maven Central)
    Downloads