As of the 30th of December, we have released Axon Framework 4.5.6.
The majority of changes in this release are dependency updates for (1) ease of mind and (2) to resolve security predicaments.
Here is an exert of the most interesting changes made in this release:
-
Although Axon Framework doesn’t use the log4j-core dependency directly, we updated it to the most recent version for ease of mind.
You can follow these increments in issues #2038, #2040 and #2052. -
Contributor
jasperfect
spotted a predicament with duplicate aggregate creation combined with using caches.
Axon didn’t invalidate the cache as it should have, causing unexpected behavior.
You can find the issue description here.
Additionally, you can find the pull request solving the problem here. -
Contributor
shubhojitr
stated in issue #2051 that theaxonserver-connector-java
project pulled in a non-secure version ofgrpc-netty
.
As this isn’t an issue on Axon Framework itself, we solved the problem under the connector project.
As a follow-up, we incremented the framework’s version for theaxonserver-connector-java
project to 4.5.4, which contains the most recent version of thegrpc-bom
.
For an exhaustive list of all the changes, check out the 4.5.6 release notes.