Release date: 2021-02-09 + release process
Changes on the FTL side
-
Added
?eval_json
to evaluate JSON given as flat string. This was added as?eval
is routinely misused for the same purpose, which not only doesn't work for all JSON-s, but can be a security problem. See more here... -
Added new special variable,
time_zone
(referred like.time_zone
, like all special variables), to retrieve the current value of thetime_zone
setting as a string. -
Allowed escaping
#
with backlash in identifier names (not in string), as it used to occur in database column names. Like if you have a column name like#users
, you can refer to it asrow.\#users
. (Alternatively,row['#users']
always worked, but is often less convenient.) -
FREEMARKER-169: Fixed bug that made
?c
and "computer" number format inconsistent. Ifincomplatible_improvements
is set to 2.3.31 (or higher), when you set thenumber_format
setting tocomputer
(or you callEnvironment.getCNumberFormat()
), the format now matches the behavior of?c
, when formatting infinite (positive and negative), and NaN. Matching the behavior of?c
was always the intent, but before this incompatible improvement, thecomputer
format always behaved like?c
before incompatible improvements 2.3.21, where instead of "INF", and "NaN", the results used Unicode characters U+221E, and U+FFFD. -
Fixed bug where
.globals
weren't seen as namesapce, so something like<#assign name = value in .globals>
failed (although you should use<#global name = value>
instead anyway).
Changes on the Java side
-
More helpful parser error messages for nesting problems (caused by missed or malformed end-tags usually).
-
Added
DOMNodeSupport
andJythonSupport
boolean
properties toDefaultObjectWrapper
. This allows disabling the special wrapping of DOM nodes and Jython classes. This might be desirable for security reasons. -
FREEMARKER-145: Fixed bug where methods with "overloaded" return type may become inaccessible on Java 9+, if some overriding subclasses are not public. (This is because
java.beans.Introspector
behavior has changed with Java 9.) -
FREEMARKER-133: Fixed bug where FreeMarker sometimes tries to expose public methods that are defined or overridden in a non-public class, if the non-public class was then extended by a public class. Calling such method just ends up with
IllegalAccessException
, but they shouldn't be exposed on the first place. Furthermore, such a wrong method sometimes replaces the good version of the method, which would be callable. When this glitch happens is somewhat unpredictable, as it also depends on what methodsjava.beans.Introspector
exposes (which at very least can depend on the Java version), and in what order. -
Fixed bug where OSGi
Bundle-RequiredExecutionEnvironment
inMETA-INF/MANIFEST.FM
has incorrectly contained JavaSE-1.6, J2SE-1.5 -
FREEMARKER-159: Set
Automatic-Module-Name
tofreemarker
inMETA-INF/MANIFEST.FM
. In most cases this was the deduced Java 9 module name earlier, but that was fragile, as Java has deduced it from the jar file name. -
FREEMARKER-165: Fixed bug where where if the namespace expression in a block assignment (like
<#assign x in someNamespace>...</#assign>
) refers to a missing variable, or has the wrong type, FreeMarker has thrownNullPointerException
orClassCastException
, instead ofInvalidReferenceException
andNonNamespaceException
with proper helpful message.