Release date: 2021-02-16
Changes on the FTL side
?eval_jsonto evaluate JSON given as flat string. This was added as
?evalis routinely misused for the same purpose, which not only doesn't work for all JSON-s, but can be a security problem. See more here...
Added new special variable,
.time_zone, like all special variables), to retrieve the current value of the
time_zonesetting as a string.
#with backlash in identifier names (not in string), as it used to occur in database column names. Like if you have a column name like
#users, you can refer to it as
row['#users']always worked, but is often less convenient.)
FREEMARKER-169: Fixed bug that made
?cand "computer" number format inconsistent. If
incomplatible_improvementsis set to 2.3.31 (or higher), when you set the
computer(or you call
Environment.getCNumberFormat()), the format now matches the behavior of
?c, when formatting infinite (positive and negative), and NaN. Matching the behavior of
?cwas always the intent, but before this incompatible improvement, the
computerformat always behaved like
?cbefore incompatible improvements 2.3.21, where instead of "INF", and "NaN", the results used Unicode characters U+221E, and U+FFFD.
Fixed bug where
.globalsweren't seen as namesapce, so something like
<#assign name = value in .globals>failed (although you should use
<#global name = value>instead anyway).
Changes on the Java side
More helpful parser error messages for nesting problems (caused by missed or malformed end-tags usually).
DefaultObjectWrapper. This allows disabling the special wrapping of DOM nodes and Jython classes. This might be desirable for security reasons.
FREEMARKER-145: Fixed bug where methods with "overloaded" return type may become inaccessible on Java 9+, if some overriding subclasses are not public. (This is because
java.beans.Introspectorbehavior has changed with Java 9.)
FREEMARKER-133: Fixed bug where FreeMarker sometimes tries to expose public methods that are defined or overridden in a non-public class, if the non-public class was then extended by a public class. Calling such method just ends up with
IllegalAccessException, but they shouldn't be exposed on the first place. Furthermore, such a wrong method sometimes replaces the good version of the method, which would be callable. When this glitch happens is somewhat unpredictable, as it also depends on what methods
java.beans.Introspectorexposes (which at very least can depend on the Java version), and in what order.
Fixed bug where OSGi
META-INF/MANIFEST.FMhas incorrectly contained JavaSE-1.6, J2SE-1.5
META-INF/MANIFEST.FM. In most cases this was the deduced Java 9 module name earlier, but that was fragile, as Java has deduced it from the jar file name.
FREEMARKER-165: Fixed bug where where if the namespace expression in a block assignment (like
<#assign x in someNamespace>...</#assign>) refers to a missing variable, or has the wrong type, FreeMarker has thrown
ClassCastException, instead of
NonNamespaceExceptionwith proper helpful message.
Build related changes:
Simplified the way Apache Ivy is used in our Ant build. It's now used on the standard way, there's no
Test suite is now ran on ARM (64 bit) as well on CI (Travis).
FreeMarker Manual and web site now works much better on mobile, because of developments in the Docgen project.
Docgen is now a Maven project, and so a plain Maven dependency of the other projects (although, it's still only in the Apache Snapshot Repository, not in Central yet). With this we could get rid of our Ivy repository.