From 9fc174d12d8b9b3d54b62109b567d4c57e21a5f4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 May 2025 23:04:45 +0100 Subject: [PATCH 1/4] Bump actions/dependency-review-action from 4.6.0 to 4.7.0 (#3519) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.6.0 to 4.7.0.
Release notes

Sourced from actions/dependency-review-action's releases.

v4.7.0

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/dependency-review-action&package-manager=github_actions&previous-version=4.6.0&new-version=4.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/dependency-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 304267160..0cdd47933 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -24,4 +24,4 @@ jobs: - name: "Checkout Repository" uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: "Dependency Review" - uses: actions/dependency-review-action@ce3cf9537a52e8119d91fd484ab5b8a807627bf8 # v4.6.0 + uses: actions/dependency-review-action@38ecb5b593bf0eb19e335c03f97670f792489a8b # v4.7.0 From 662c2a4dfe39469e04938c560363dd39d15e85f0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 May 2025 23:05:06 +0100 Subject: [PATCH 2/4] Bump org.apache.xmlgraphics:batik-all from 1.18 to 1.19 (#3520) Bumps org.apache.xmlgraphics:batik-all from 1.18 to 1.19. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.xmlgraphics:batik-all&package-manager=gradle&previous-version=1.18&new-version=1.19)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 7359d0b6a..412db1b2e 100644 --- a/build.gradle +++ b/build.gradle @@ -479,7 +479,7 @@ dependencies { testImplementation "org.springframework.boot:spring-boot-starter-test:$springBootVersion" // Batik - implementation "org.apache.xmlgraphics:batik-all:1.18" + implementation "org.apache.xmlgraphics:batik-all:1.19" // TwelveMonkeys runtimeOnly "com.twelvemonkeys.imageio:imageio-batik:$imageioVersion" From 70717813f6df96222a94bffd7d0f32c592c1a175 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 May 2025 23:05:26 +0100 Subject: [PATCH 3/4] Bump io.micrometer:micrometer-core from 1.14.6 to 1.14.7 (#3521) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [io.micrometer:micrometer-core](https://github.com/micrometer-metrics/micrometer) from 1.14.6 to 1.14.7.
Release notes

Sourced from io.micrometer:micrometer-core's releases.

1.14.7

:star: New Features

  • Replace Meter.Id.getTags() with cheaper alternatives #6147

:lady_beetle: Bug Fixes

  • MultiGauge doesn't work with MeterFilter.map() #6146
  • Record cache.size in CaffeineCacheMetrics without enabling recordStats() #6128
  • TimedHandler shutdown hanging indefinitely #6194
  • Use snapshot consistently in AppOpticsMeterRegistry.writeSummary() #6181

:heart: Contributors

Thank you to all the contributors who worked on this release:

@​AlexElin, @​RafeArnold, and @​izeye

Commits
  • b6e5031 Bump com.tngtech.archunit:archunit-junit5 from 1.3.1 to 1.3.2 (#6226)
  • 6567cdc Merge branch '1.13.x' into 1.14.x
  • 80d4c9d Call Shutdown#check after finishing timing (#6194)
  • 7f82709 Bump maven-resolver from 1.9.22 to 1.9.23 (#6219)
  • a1a4f3d Bump maven-resolver from 1.9.22 to 1.9.23 (#6218)
  • a6adb3a Merge branch '1.13.x' into 1.14.x
  • fb2d4da Get Google Cloud project ID from env var for integration tests
  • 4f0cf53 Bump com.fasterxml.jackson.core:jackson-databind from 2.18.3 to 2.18.4 (#6214)
  • 33d1f7e Merge branch '1.13.x' into 1.14.x
  • 79939c3 Fix JavaDurationGetSecondsToToSeconds warnings for tests (#6207)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=io.micrometer:micrometer-core&package-manager=gradle&previous-version=1.14.6&new-version=1.14.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 412db1b2e..58dfb77ab 100644 --- a/build.gradle +++ b/build.gradle @@ -527,7 +527,7 @@ dependencies { implementation "org.bouncycastle:bcprov-jdk18on:$bouncycastleVersion" implementation "org.bouncycastle:bcpkix-jdk18on:$bouncycastleVersion" implementation "org.springframework.boot:spring-boot-starter-actuator:$springBootVersion" - implementation "io.micrometer:micrometer-core:1.14.6" + implementation "io.micrometer:micrometer-core:1.14.7" implementation group: "com.google.zxing", name: "core", version: "3.5.3" // https://mvnrepository.com/artifact/org.commonmark/commonmark implementation "org.commonmark:commonmark:0.24.0" From c660ad80ce1a2f1fc82fdfaee141c7b4d8124ae0 Mon Sep 17 00:00:00 2001 From: Ludy Date: Wed, 14 May 2025 00:06:14 +0200 Subject: [PATCH 4/4] Update legal URLs and improve OpenAPI metadata configuration (#3522) # Description of Changes Please provide a summary of the changes, including: - Updated default Terms & Conditions URL from `/terms-and-conditions` to `/terms` in: - `InitialSetup.java` - `settings.yml.template` - `allEndpointsRemovedSettings.yml` - Improved OpenAPI metadata in `OpenApiConfig.java`: - Added contact information (`name`, `url`, `email`) - Added license section with MIT license - Included terms of service link - Changed string comparison in `MetricsConfig.java` to use `"constant".equals(...)` format - Cleaned up and unified YAML formatting and comments - Merged and restructured `enterpriseEdition` settings under `premium.proFeatures` ### Why the change was made - Ensure legal links are consistent and up-to-date - Improve clarity and completeness of the OpenAPI specification for external consumers - Follow best practices for code readability and configuration structure - Prevent misconfiguration from outdated or redundant YAML sections --- ## Checklist ### General - [x] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [x] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md) (if applicable) - [x] I have performed a self-review of my own code - [x] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#6-testing) for more details. --- .../software/SPDF/config/InitialSetup.java | 2 +- .../software/SPDF/config/MetricsConfig.java | 2 +- .../software/SPDF/config/OpenApiConfig.java | 33 +++++++++----- src/main/resources/settings.yml.template | 12 ++--- testing/allEndpointsRemovedSettings.yml | 45 ++++++++++++------- 5 files changed, 58 insertions(+), 36 deletions(-) diff --git a/src/main/java/stirling/software/SPDF/config/InitialSetup.java b/src/main/java/stirling/software/SPDF/config/InitialSetup.java index 44de07d38..0adc3d133 100644 --- a/src/main/java/stirling/software/SPDF/config/InitialSetup.java +++ b/src/main/java/stirling/software/SPDF/config/InitialSetup.java @@ -73,7 +73,7 @@ public class InitialSetup { // Initialize Terms and Conditions String termsUrl = applicationProperties.getLegal().getTermsAndConditions(); if (StringUtils.isEmpty(termsUrl)) { - String defaultTermsUrl = "https://www.stirlingpdf.com/terms-and-conditions"; + String defaultTermsUrl = "https://www.stirlingpdf.com/terms"; GeneralUtils.saveKeyToSettings("legal.termsAndConditions", defaultTermsUrl); applicationProperties.getLegal().setTermsAndConditions(defaultTermsUrl); } diff --git a/src/main/java/stirling/software/SPDF/config/MetricsConfig.java b/src/main/java/stirling/software/SPDF/config/MetricsConfig.java index ba216be75..7012ad517 100644 --- a/src/main/java/stirling/software/SPDF/config/MetricsConfig.java +++ b/src/main/java/stirling/software/SPDF/config/MetricsConfig.java @@ -15,7 +15,7 @@ public class MetricsConfig { return new MeterFilter() { @Override public MeterFilterReply accept(Meter.Id id) { - if (id.getName().equals("http.requests")) { + if ("http.requests".equals(id.getName())) { return MeterFilterReply.NEUTRAL; } return MeterFilterReply.DENY; diff --git a/src/main/java/stirling/software/SPDF/config/OpenApiConfig.java b/src/main/java/stirling/software/SPDF/config/OpenApiConfig.java index d98c33257..d4ff7d167 100644 --- a/src/main/java/stirling/software/SPDF/config/OpenApiConfig.java +++ b/src/main/java/stirling/software/SPDF/config/OpenApiConfig.java @@ -5,7 +5,9 @@ import org.springframework.context.annotation.Configuration; import io.swagger.v3.oas.models.Components; import io.swagger.v3.oas.models.OpenAPI; +import io.swagger.v3.oas.models.info.Contact; import io.swagger.v3.oas.models.info.Info; +import io.swagger.v3.oas.models.info.License; import io.swagger.v3.oas.models.security.SecurityRequirement; import io.swagger.v3.oas.models.security.SecurityScheme; @@ -31,14 +33,25 @@ public class OpenApiConfig { // default version if all else fails version = "1.0.0"; } + Info info = + new Info() + .title(DEFAULT_TITLE) + .version(version) + .license( + new License() + .name("MIT") + .url( + "https://raw.githubusercontent.com/Stirling-Tools/Stirling-PDF/refs/heads/main/LICENSE") + .identifier("MIT")) + .termsOfService("https://www.stirlingpdf.com/terms") + .contact( + new Contact() + .name("Stirling Software") + .url("https://www.stirlingpdf.com") + .email("contact@stirlingpdf.com")) + .description(DEFAULT_DESCRIPTION); if (!applicationProperties.getSecurity().getEnableLogin()) { - return new OpenAPI() - .components(new Components()) - .info( - new Info() - .title(DEFAULT_TITLE) - .version(version) - .description(DEFAULT_DESCRIPTION)); + return new OpenAPI().components(new Components()).info(info); } else { SecurityScheme apiKeyScheme = new SecurityScheme() @@ -47,11 +60,7 @@ public class OpenApiConfig { .name("X-API-KEY"); return new OpenAPI() .components(new Components().addSecuritySchemes("apiKey", apiKeyScheme)) - .info( - new Info() - .title(DEFAULT_TITLE) - .version(version) - .description(DEFAULT_DESCRIPTION)) + .info(info) .addSecurityItem(new SecurityRequirement().addList("apiKey")); } } diff --git a/src/main/resources/settings.yml.template b/src/main/resources/settings.yml.template index 201f875dd..380faeb42 100644 --- a/src/main/resources/settings.yml.template +++ b/src/main/resources/settings.yml.template @@ -77,7 +77,7 @@ premium: appId: '' mail: - enabled: true # set to 'true' to enable sending emails + enabled: false # set to 'true' to enable sending emails host: smtp.example.com # SMTP server hostname port: 587 # SMTP server port username: '' # SMTP server username @@ -85,7 +85,7 @@ mail: from: '' # sender email address legal: - termsAndConditions: https://www.stirlingpdf.com/terms-and-conditions # URL to the terms and conditions of your application (e.g. https://example.com/terms). Empty string to disable or filename to load from local file in static folder + termsAndConditions: https://www.stirlingpdf.com/terms # URL to the terms and conditions of your application (e.g. https://example.com/terms). Empty string to disable or filename to load from local file in static folder privacyPolicy: https://www.stirlingpdf.com/privacy-policy # URL to the privacy policy of your application (e.g. https://example.com/privacy). Empty string to disable or filename to load from local file in static folder accessibilityStatement: '' # URL to the accessibility statement of your application (e.g. https://example.com/accessibility). Empty string to disable or filename to load from local file in static folder cookiePolicy: '' # URL to the cookie policy of your application (e.g. https://example.com/cookie). Empty string to disable or filename to load from local file in static folder @@ -113,11 +113,11 @@ system: name: postgres # set the name of your database. Should match the name of the database you create customPaths: pipeline: - watchedFoldersDir: '' #Defaults to /pipeline/watchedFolders - finishedFoldersDir: '' #Defaults to /pipeline/finishedFolders + watchedFoldersDir: '' # Defaults to /pipeline/watchedFolders + finishedFoldersDir: '' # Defaults to /pipeline/finishedFolders operations: - weasyprint: '' #Defaults to /opt/venv/bin/weasyprint - unoconvert: '' #Defaults to /opt/venv/bin/unoconvert + weasyprint: '' # Defaults to /opt/venv/bin/weasyprint + unoconvert: '' # Defaults to /opt/venv/bin/unoconvert fileUploadLimit: '' # Defaults to "". No limit when string is empty. Set a number, between 0 and 999, followed by one of the following strings to set a limit. "KB", "MB", "GB". ui: diff --git a/testing/allEndpointsRemovedSettings.yml b/testing/allEndpointsRemovedSettings.yml index fa83e2ff0..3290d6fef 100644 --- a/testing/allEndpointsRemovedSettings.yml +++ b/testing/allEndpointsRemovedSettings.yml @@ -11,7 +11,6 @@ # If you want to override with environment parameter follow parameter naming SECURITY_INITIALLOGIN_USERNAME # ############################################################################################################# - security: enableLogin: false # set to 'true' to enable login csrfDisabled: false # set to 'true' to disable CSRF protection (not recommended for production) @@ -62,18 +61,32 @@ security: privateKey: classpath:saml-private-key.key # Your private key. Generated from your keypair spCert: classpath:saml-public-cert.crt # Your signing certificate. Generated from your keypair -enterpriseEdition: - enabled: false # set to 'true' to enable enterprise edition +premium: key: 00000000-0000-0000-0000-000000000000 - SSOAutoLogin: false # Enable to auto login to first provided SSO - CustomMetadata: - autoUpdateMetadata: false # set to 'true' to automatically update metadata with below values - author: username # supports text such as 'John Doe' or types such as username to autopopulate with user's username - creator: Stirling-PDF # supports text such as 'Company-PDF' - producer: Stirling-PDF # supports text such as 'Company-PDF' + enabled: false # Enable license key checks for pro/enterprise features + proFeatures: + SSOAutoLogin: false + CustomMetadata: + autoUpdateMetadata: false # set to 'true' to automatically update metadata with below values + author: username # supports text such as 'John Doe' or types such as username to autopopulate with user's username + creator: Stirling-PDF # supports text such as 'Company-PDF' + producer: Stirling-PDF # supports text such as 'Company-PDF' + googleDrive: + enabled: false + clientId: '' + apiKey: '' + appId: '' + +mail: + enabled: false # set to 'true' to enable sending emails + host: smtp.example.com # SMTP server hostname + port: 587 # SMTP server port + username: '' # SMTP server username + password: '' # SMTP server password + from: '' # sender email address legal: - termsAndConditions: https://www.stirlingpdf.com/terms-and-conditions # URL to the terms and conditions of your application (e.g. https://example.com/terms). Empty string to disable or filename to load from local file in static folder + termsAndConditions: https://www.stirlingpdf.com/terms # URL to the terms and conditions of your application (e.g. https://example.com/terms). Empty string to disable or filename to load from local file in static folder privacyPolicy: https://www.stirlingpdf.com/privacy-policy # URL to the privacy policy of your application (e.g. https://example.com/privacy). Empty string to disable or filename to load from local file in static folder accessibilityStatement: '' # URL to the accessibility statement of your application (e.g. https://example.com/accessibility). Empty string to disable or filename to load from local file in static folder cookiePolicy: '' # URL to the cookie policy of your application (e.g. https://example.com/cookie). Empty string to disable or filename to load from local file in static folder @@ -88,6 +101,7 @@ system: customHTMLFiles: false # enable to have files placed in /customFiles/templates override the existing template HTML files tessdataDir: /usr/share/tessdata # path to the directory containing the Tessdata files. This setting is relevant for Windows systems. For Windows users, this path should be adjusted to point to the appropriate directory where the Tessdata files are stored. enableAnalytics: true # set to 'true' to enable analytics, set to 'false' to disable analytics; for enterprise users, this is set to true + enableUrlToPDF: false # Set to 'true' to enable URL to PDF, INTERNAL ONLY, known security issues, should not be used externally disableSanitize: false # set to true to disable Sanitize HTML; (can lead to injections in HTML) datasource: enableCustomDatabase: false # Enterprise users ONLY, set this property to 'true' if you would like to use your own custom database configuration @@ -100,13 +114,12 @@ system: name: postgres # set the name of your database. Should match the name of the database you create customPaths: pipeline: - watchedFoldersDir: "" #Defaults to /pipeline/watchedFolders - finishedFoldersDir: "" #Defaults to /pipeline/finishedFolders + watchedFoldersDir: '' # Defaults to /pipeline/watchedFolders + finishedFoldersDir: '' # Defaults to /pipeline/finishedFolders operations: - weasyprint: "" #Defaults to /opt/venv/bin/weasyprint - unoconvert: "" #Defaults to /opt/venv/bin/unoconvert - - + weasyprint: '' # Defaults to /opt/venv/bin/weasyprint + unoconvert: '' # Defaults to /opt/venv/bin/unoconvert + fileUploadLimit: '' # Defaults to "". No limit when string is empty. Set a number, between 0 and 999, followed by one of the following strings to set a limit. "KB", "MB", "GB". ui: appName: '' # application's visible name