Pull request #973: BUILD-541 Unit test to ensure ClassLoader cannot be obtained in freemarker templatesMerge in PLATFORM/main from BUILD-541 to master
* commit '074560bb287de2a64b5e983116d2faebc3e63d57':
BUILD-541 Unit test to ensure ClassLoader cannot be obtained in freemarker templates
Pull request #970: MAGNOLIA-8185 Extracted and updated implementation of path locks into a global componentMerge in PLATFORM/main from ~JSIMAK/main:MAGNOLIA-8185-extract-path-lock-mechanism-from-publishing-modules-into-core to master
* commit 'a8de55fc791de9f476265b714dd7cbeb4a9309ea':
MAGNOLIA-8185 Extracted and updated implementation of path locks into a global component
Pull request #968: MAGNOLIA-8180 Order cors filter after uriSecurity on installMerge in PLATFORM/main from ~JSIMAK/main:bugfix/MAGNOLIA-8180-clone-cors-headers-not-added-for-unauthorized-401-requests to master
* commit '6a4877eb9fd43cdc43ad6dae2997129b1c5d0f31':
MAGNOLIA-8180 Order cors filter before uriSecurity on install
Pull request #963: PAGES-333 Update the deleted template nameMerge in PLATFORM/main from VNPD/main:PAGES-333 to master
* commit '686e9a7bb726dad0472815f60ef596458d167291':
PAGES-333 Align deleted template constant, mark all deleted template related code as deprecated
Pull request #962: MAGNOLIA-8154 bypass CSRF token check for Vaadin heartbeat and UIDLMerge in PLATFORM/main from ~MDUERIG/main:MAGNOLIA-8154 to master
* commit '058897450e57ac2d5d948c83a51ef0e1429f5fdf':
MAGNOLIA-8154 bypass CSRF token check for Vaadin heartbeat and UIDL
MAGNOLIA-8142 Use URI.toASCIIString instead of URLEncoder* URLEncoder, despite its name, doesn't actually do URL encoding. It does HTML form encoding, which isn't what you want in a URL (except maybe as part of a query string, after a question mark). A key difference is that forward slash is encoded as "%2F" instead of being left alone. For actual URL encoding, you want URI.toASCIIString, which follows RFC 2396.*
MAGNOLIA-8142 Use encoded servlet path for cookie path, since request uri may contain extra path info with invalid semicolon character* Turns out that in some cases unearthed by integration tests ';jsessionid' is appended to the URL.
HttpServletRequest#getRequestURI() contains the invalid semicolon character which makes Tomcat's cookie processor fail validation
Pull request #960: MAGNOLIA-8142 Use encoded requestURI when UTF-8 is enabled for Cookie's path.Merge in PLATFORM/main from MAGNOLIA-8142 to master
* commit '0f47873790d8195cb1051f8bd69fb074d818e753':
MAGNOLIA-8142 Use encoded requestURI when UTF-8 is enabled for Cookie's path.
MAGNOLIA-8142 Use encoded requestURI when UTF-8 is enabled for Cookie's path.* This way non ASCII characters won't be used according to RFC6265
* Extract method for Cookie generation
* Unit test
Pull request #955: MAGNOLIA-8134 Vulnerability: jdom2-2.0.6Merge in PLATFORM/main from bugfix/MAGNOLIA-8134 to master
* commit '38f2367f0edfd1f80881acc6b31059772d8cdeb1':
MAGNOLIA-8134 migrate from jdom1 to jdom2
Pull request #950: MAGNOLIA-8125 bubble up activation status for any non mgnl:content nodesMerge in PLATFORM/main from ~RKOVARIK/main:MGNLUI-6575 to master
* commit '65f8579c73458cf93fcefe4ee1829ffe2341c3cd':
MAGNOLIA-8125 adjust observation tests
MAGNOLIA-8125 bubble up activation status for any non mgnl:content nodes
Pull request #954: MAGNOLIA-8128 Add admin and system users permisions to edit their homeScreen propertyMerge in PLATFORM/main from ~MDIVILEK/main:MAGNOLIA-8128 to master
* commit '13e89b45f3bf5bc3d69bc53c36f3b2e036417af0':
MAGNOLIA-8128 Add admin users permisions to edit their homeScreen property
Pull request #941: MAGNOLIA-8115 CSRF token check skipped for GET requests and admincentralMerge in PLATFORM/main from ~MDUERIG/main:MAGNOLIA-8115 to master
* commit '5923485ad797ba7b9245a8c0a1af11bd83658dc5':
MAGNOLIA-8115 bypass authenticated users in admincentral as Vaadin's csrf protection mechanisms kicks in at this point
MAGNOLIA-8115 only enable form login for methods allowed by configuration
MAGNOLIA-8115 include servlet context in CSRF cookie path
MAGNOLIA-8115 prev...
Pull request #940: MAGNOLIA-8112 Internal location to redirect to can be a relative pathMerge in PLATFORM/main from MAGNOLIA-8112 to master
* commit 'f3dc2b23bf4d979117c260b13a9cdbe24e31bcce':
QA Test renaming
QA Use try with resources + rename method param
MAGNOLIA-8112 Internal location to redirect to can be a relative path
MAGNOLIA-8112 Internal location to redirect to can be a relative path* LoginFilter#getRedirectLocation redirects to absolute URL in case of the self redirect (to the browser URL user accessed before login and which was forwarded to login page), which might be http behind proxy although the browser uses https.
Pull request #936: MAGNOLIA-6442 Check NPE for injector before checking explicit binding keyMerge in PLATFORM/main from MAGNOLIA-6442 to master
* commit '3bd760ed9ceb8dee91565134926abb00400dea92':
MAGNOLIA-6442 Improve log error when loading module by catching all throwable
MAGNOLIA-6442 Check NPE for injector before checking explicit binding key
Pull request #939: MAGNOLIA-8108 Prevent NPE for none version node when restoring previous versionMerge in PLATFORM/main from MAGNOLIA-8108 to master
* commit '09eef60fe699ffdd4ecd2034ea1b04dc284e0c17':
MAGNOLIA-8108 Prevent NPE for none version node when restoring previous version