released: true apache: true title: 3.2.1 date: 2021-12-22 summary: > Patch release supercedes 3.2.0. Provides updated dependencies to fix CVE-2021-44228 (Log4J), CVE-2021-45105 (Log4J), and CVE-2021-33813 (JDOM). Fixes unparse checksum and CRC capability (JIRA DAFFODIL-2609) Otherwise contains all the same functionality as Release 3.2.0 which it replaces.
artifact-root: “https://www.apache.org/dyn/closer.lua/daffodil/3.2.1/” checksum-root: “https://downloads.apache.org/daffodil/3.2.1/”
key-file: “https://downloads.apache.org/daffodil/KEYS”
source-dist: - “apache-daffodil-3.2.1-src.zip”
binary-dist: - “apache-daffodil-3.2.1-bin.tgz” - “apache-daffodil-3.2.1-bin.zip” - “apache-daffodil-3.2.1-bin.msi” - “apache-daffodil-3.2.1-1.noarch.rpm”
This release is a patch on top of Release 3.2.0 to improve security and fix a major functional bug.
The Release Notes for 3.2.0 are still relevant to understand the features and functionality in this 3.2.1 patch release.
This release fixes three security CVEs by updating dependency versions.
A major feature, layering transforms with checksum/CRC capability, which was planned for the prior release (3.2.0) was found to be buggy when unparsing. This has been fixed.
There are no deprecations. This release is fully compatible with all functionality of the prior release.
The following dependencies have been added or updated
Core
Code Generator (runtime2)