released: false apache: true title: 3.2.1 date: 2021-12-16 summary: > Upgrade dependencies to fix CVE-2021-44228 (Log4J) and CVE-2021-33813 (JDOM). Fix unparse checksum and CRC capability (JIRA DAFFODIL-2609)

artifact-root: “https://dist.apache.org/repos/dist/dev/daffodil/3.2.1-rc1/” checksum-root: “https://dist.apache.org/repos/dist/dev/daffodil/3.2.1-rc1/

key-file: “https://downloads.apache.org/daffodil/KEYS

source-dist: - “apache-daffodil-3.2.1-src.zip”

binary-dist: - “apache-daffodil-3.2.1-bin.tgz” - “apache-daffodil-3.2.1-bin.zip” - “apache-daffodil-3.2.1-bin.msi” - “apache-daffodil-3.2.1-1.noarch.rpm”

scala-version: 2.12

Security Improvements

This release fixes two security CVEs by updating dependency versions.

  • {% jira 2610 %} Update log4J dependency to fix CVE-2021-44228
  • {% jira 2611 %} Update JDOM dependency to fix CVE-2021-33813

Functional Improvements

A major feature, layering transforms with checksum/CRC capability, which was planned for the prior release (3.2.0) was found to be buggy when unparsing. This has been fixed.

  • {% jira 2608 %} PCAP fails with Daf 3.2.0 and IPv4 layers with checksum

Miscellaneous Changes

  • {% jira 2577 %} remove Info message about compiler component counts
  • {% jira 2145 %} Add scalac warnings
  • {% jira 2592 %} Move the daffodil_program_version variable outside of generated_code.c
  • {% jira 2534 %} Update ICU version - verify Daffodil impact of bug issue identified by IBM
  • {% jira 2587 %} dfdlx:lookAhead compiler error if used in default value of dfdl:newVariableInstance
  • {% jira 2600 %} encoding varies with environment - UTF-8 not properly set somewhere
  • {% jira 2602 %} Daffodil uses different versions of log4j-api and log4j-core

Deprecation/Compatibility

There are no deprecations. This release is fully compatible with all functionality of the prior release.

Dependency Changes

The following dependencies have been added or updated

Core

  • Log4j core 2.16.0 (update)
  • Log4j api 2.16.0 (update)
  • JDOM2 2.0.6.1 (update)

Code Generator (runtime2)

  • OS-Lib 0.8.0 (update)