[maven-release-plugin][skip ci] prepare release 23.7.0.2

(MNT-24776) Category Picker Error when a User does not have Read Permissions to a Category

amps/ags/pom.xml

@@ -7,7 +7,7 @@
    <parent>
       <groupId>org.alfresco</groupId>
       <artifactId>alfresco-community-repo-amps</artifactId>
-      <version>23.6.0.23</version>
+      <version>23.7.0.2</version>
    </parent>
 
    <modules>

amps/ags/rm-automation/pom.xml

@@ -7,7 +7,7 @@
    <parent>
       <groupId>org.alfresco</groupId>
       <artifactId>alfresco-governance-services-community-parent</artifactId>
-      <version>23.6.0.23</version>
+      <version>23.7.0.2</version>
    </parent>
 
    <modules>

amps/ags/rm-automation/rm-automation-community-rest-api/pom.xml

@@ -7,7 +7,7 @@
    <parent>
       <groupId>org.alfresco</groupId>
       <artifactId>alfresco-governance-services-automation-community-repo</artifactId>
-      <version>23.6.0.23</version>
+      <version>23.7.0.2</version>
    </parent>
 
    <build>

amps/ags/rm-community/pom.xml

@@ -7,7 +7,7 @@
    <parent>
       <groupId>org.alfresco</groupId>
       <artifactId>alfresco-governance-services-community-parent</artifactId>
-      <version>23.6.0.23</version>
+      <version>23.7.0.2</version>
    </parent>
 
    <modules>

amps/ags/rm-community/rm-community-repo/.env

@@ -1,3 +1,3 @@
-SOLR6_TAG=2.0.13
+SOLR6_TAG=2.0.17
 POSTGRES_TAG=15.4
 ACTIVEMQ_TAG=5.18.3-jre17-rockylinux8

amps/ags/rm-community/rm-community-repo/pom.xml

@@ -8,7 +8,7 @@
    <parent>
       <groupId>org.alfresco</groupId>
       <artifactId>alfresco-governance-services-community-repo-parent</artifactId>
-      <version>23.6.0.23</version>
+      <version>23.7.0.2</version>
    </parent>
 
    <properties>

amps/ags/rm-community/rm-community-repo/test/resources/alfresco/version.properties

@@ -4,7 +4,7 @@
 
 # Version label
 version.major=23
-version.minor=6
+version.minor=7
 version.revision=0
 version.label=
 

amps/ags/rm-community/rm-community-rest-api-explorer/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-governance-services-community-repo-parent</artifactId>
-        <version>23.6.0.23</version>
+        <version>23.7.0.2</version>
     </parent>
 
     <build>

amps/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo</artifactId>
-        <version>23.6.0.23</version>
+        <version>23.7.0.2</version>
     </parent>
 
     <modules>

amps/share-services/pom.xml

@@ -8,7 +8,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-amps</artifactId>
-        <version>23.6.0.23</version>
+        <version>23.7.0.2</version>
     </parent>
 
     <properties>

core/pom.xml

@@ -7,7 +7,7 @@
    <parent>
       <groupId>org.alfresco</groupId>
       <artifactId>alfresco-community-repo</artifactId>
-      <version>23.6.0.23</version>
+      <version>23.7.0.2</version>
    </parent>
 
    <dependencies>

data-model/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo</artifactId>
-        <version>23.6.0.23</version>
+        <version>23.7.0.2</version>
     </parent>
 
     <properties>

mmt/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo</artifactId>
-        <version>23.6.0.23</version>
+        <version>23.7.0.2</version>
     </parent>
 
     <dependencies>

packaging/distribution/pom.xml

@@ -9,6 +9,6 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-packaging</artifactId>
-        <version>23.6.0.23</version>
+        <version>23.7.0.2</version>
     </parent>
 </project>

packaging/docker-alfresco/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-packaging</artifactId>
-        <version>23.6.0.23</version>
+        <version>23.7.0.2</version>
     </parent>
 
     <properties>

packaging/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo</artifactId>
-        <version>23.6.0.23</version>
+        <version>23.7.0.2</version>
     </parent>
 
     <modules>

packaging/tests/environment/.env

@@ -1,3 +1,3 @@
-SOLR6_TAG=2.0.13
+SOLR6_TAG=2.0.17
 POSTGRES_TAG=15.4
 ACTIVEMQ_TAG=5.18.3-jre17-rockylinux8

packaging/tests/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-packaging</artifactId>
-        <version>23.6.0.23</version>
+        <version>23.7.0.2</version>
     </parent>
 
     <modules>

packaging/tests/tas-cmis/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-tests</artifactId>
-        <version>23.6.0.23</version>
+        <version>23.7.0.2</version>
     </parent>
 
     <organization>

packaging/tests/tas-email/pom.xml

@@ -9,7 +9,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-tests</artifactId>
-        <version>23.6.0.23</version>
+        <version>23.7.0.2</version>
     </parent>
 
     <developers>

packaging/tests/tas-integration/pom.xml

@@ -9,7 +9,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-tests</artifactId>
-        <version>23.6.0.23</version>
+        <version>23.7.0.2</version>
     </parent>
 
     <developers>

packaging/tests/tas-restapi/pom.xml

@@ -8,7 +8,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-tests</artifactId>
-        <version>23.6.0.23</version>
+        <version>23.7.0.2</version>
     </parent>
 
     <properties>

packaging/tests/tas-webdav/pom.xml

@@ -9,7 +9,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-tests</artifactId>
-        <version>23.6.0.23</version>
+        <version>23.7.0.2</version>
     </parent>
 
     <developers>

packaging/war/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-packaging</artifactId>
-        <version>23.6.0.23</version>
+        <version>23.7.0.2</version>
     </parent>
 
     <properties>

pom.xml

@@ -2,7 +2,7 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
     <artifactId>alfresco-community-repo</artifactId>
-    <version>23.6.0.23</version>
+    <version>23.7.0.2</version>
     <packaging>pom</packaging>
     <name>Alfresco Community Repo Parent</name>
 
@@ -24,7 +24,7 @@
 
     <properties>
         <acs.version.major>23</acs.version.major>
-        <acs.version.minor>6</acs.version.minor>
+        <acs.version.minor>7</acs.version.minor>
         <acs.version.revision>0</acs.version.revision>
         <acs.version.label />
         <amp.min.version>${acs.version.major}.0.0</amp.min.version>
@@ -51,14 +51,14 @@
         <dependency.alfresco-server-root.version>7.0.1</dependency.alfresco-server-root.version>
         <dependency.activiti-engine.version>5.23.0</dependency.activiti-engine.version>
         <dependency.activiti.version>5.23.0</dependency.activiti.version>
-        <dependency.alfresco-transform-core.version>5.2.2-A.4</dependency.alfresco-transform-core.version>
+        <dependency.alfresco-transform-core.version>5.2.2</dependency.alfresco-transform-core.version>
-        <dependency.alfresco-transform-service.version>4.2.2-A.2</dependency.alfresco-transform-service.version>
+        <dependency.alfresco-transform-service.version>4.2.2</dependency.alfresco-transform-service.version>
         <dependency.alfresco-greenmail.version>7.0</dependency.alfresco-greenmail.version>
         <dependency.acs-event-model.version>0.0.33</dependency.acs-event-model.version>
 
         <dependency.aspectj.version>1.9.22.1</dependency.aspectj.version>
-        <dependency.spring.version>6.2.8</dependency.spring.version>
+        <dependency.spring.version>6.2.11</dependency.spring.version>
-        <dependency.spring-security.version>6.3.9</dependency.spring-security.version>
+        <dependency.spring-security.version>6.4.11</dependency.spring-security.version>
         <dependency.antlr.version>3.5.3</dependency.antlr.version>
         <dependency.jackson.version>2.17.2</dependency.jackson.version>
         <dependency.cxf.version>4.1.2</dependency.cxf.version>
@@ -113,7 +113,7 @@
         <dependency.jakarta-json-path.version>2.9.0</dependency.jakarta-json-path.version>
         <dependency.json-smart.version>2.5.2</dependency.json-smart.version>
         <alfresco.googledrive.version>4.1.0</alfresco.googledrive.version>
-        <alfresco.aos-module.version>3.3.0</alfresco.aos-module.version>
+        <alfresco.aos-module.version>3.4.0</alfresco.aos-module.version>
         <alfresco.api-explorer.version>23.4.0</alfresco.api-explorer.version> <!-- Also in alfresco-enterprise-share -->
 
         <alfresco.maven-plugin.version>2.2.0</alfresco.maven-plugin.version>
@@ -154,7 +154,7 @@
         <connection>scm:git:https://github.com/Alfresco/alfresco-community-repo.git</connection>
         <developerConnection>scm:git:https://github.com/Alfresco/alfresco-community-repo.git</developerConnection>
         <url>https://github.com/Alfresco/alfresco-community-repo</url>
-        <tag>23.6.0.23</tag>
+        <tag>23.7.0.2</tag>
     </scm>
 
     <distributionManagement>

remote-api/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo</artifactId>
-        <version>23.6.0.23</version>
+        <version>23.7.0.2</version>
     </parent>
 
     <dependencies>

remote-api/src/main/java/org/alfresco/repo/web/scripts/comments/CommentsPost.java

@@ -2,7 +2,7 @@
  * #%L
  * Alfresco Remote API
  * %%
- * Copyright (C) 2005 - 2016 Alfresco Software Limited
+ * Copyright (C) 2005 - 2025 Alfresco Software Limited
  * %%
  * This file is part of the Alfresco software. 
  * If the software was purchased under a paid Alfresco license, the terms of 
@@ -31,6 +31,14 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import org.apache.commons.lang3.StringUtils;
+import org.json.simple.JSONObject;
+import org.owasp.html.PolicyFactory;
+import org.owasp.html.Sanitizers;
+import org.springframework.extensions.webscripts.Cache;
+import org.springframework.extensions.webscripts.Status;
+import org.springframework.extensions.webscripts.WebScriptRequest;
+
 import org.alfresco.model.ContentModel;
 import org.alfresco.model.ForumModel;
 import org.alfresco.repo.content.MimetypeMap;
@@ -44,10 +52,6 @@ import org.alfresco.service.cmr.security.PermissionService;
 import org.alfresco.service.namespace.NamespaceService;
 import org.alfresco.service.namespace.QName;
 import org.alfresco.service.namespace.RegexQNamePattern;
-import org.json.simple.JSONObject;
-import org.springframework.extensions.webscripts.Cache;
-import org.springframework.extensions.webscripts.Status;
-import org.springframework.extensions.webscripts.WebScriptRequest;
 
 /**
  * This class is the controller for the comments.post web script.
@@ -58,7 +62,7 @@ import org.springframework.extensions.webscripts.WebScriptRequest;
 public class CommentsPost extends AbstractCommentsWebScript
 {
     /**
-     *  Overrides AbstractCommentsWebScript to add comment
+     * Overrides AbstractCommentsWebScript to add comment
      */
     @Override
     protected Map<String, Object> executeImpl(NodeRef nodeRef, WebScriptRequest req, Status status, Cache cache)
@@ -66,6 +70,19 @@ public class CommentsPost extends AbstractCommentsWebScript
         // get json object from request
         JSONObject json = parseJSON(req);
 
+        // Validating and Sanitizing comment content to prevent XSS
+        String commentContent = getOrNull(json, "content");
+        if (StringUtils.isBlank(commentContent))
+        {
+            throw new IllegalArgumentException("Comment content must not be empty");
+        }
+        else
+        {
+            PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
+            String safeContent = policy.sanitize(commentContent);
+            json.replace("content", safeContent);
+        }
+
         /* MNT-10231, MNT-9771 fix */
         this.behaviourFilter.disableBehaviour(nodeRef, ContentModel.ASPECT_AUDITABLE);
 
@@ -135,7 +152,7 @@ public class CommentsPost extends AbstractCommentsWebScript
     {
         Map<String, Object> result = new HashMap<String, Object>(4, 1.0f);
 
-        String creator = (String)this.nodeService.getProperty(commentNodeRef, ContentModel.PROP_CREATOR);
+        String creator = (String) this.nodeService.getProperty(commentNodeRef, ContentModel.PROP_CREATOR);
 
         Serializable created = this.nodeService.getProperty(commentNodeRef, ContentModel.PROP_CREATED);
         Serializable modified = this.nodeService.getProperty(commentNodeRef, ContentModel.PROP_MODIFIED);
@@ -143,7 +160,7 @@ public class CommentsPost extends AbstractCommentsWebScript
         boolean isUpdated = false;
         if (created instanceof Date && modified instanceof Date)
         {
-           isUpdated = ((Date)modified).getTime() - ((Date)created).getTime() > 5000;
+            isUpdated = ((Date) modified).getTime() - ((Date) created).getTime() > 5000;
         }
 
         // TODO refactor v0 Comments API to use CommentService (see ACE-5437)
@@ -229,8 +246,7 @@ public class CommentsPost extends AbstractCommentsWebScript
      */
     private NodeRef createCommentsFolder(final NodeRef nodeRef)
     {
-        NodeRef commentsFolder = AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<NodeRef>()
+        NodeRef commentsFolder = AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<NodeRef>() {
-        {
             public NodeRef doWork() throws Exception
             {
                 NodeRef commentsFolder = null;

remote-api/src/main/resources/alfresco/templates/webscripts/org/alfresco/repository/forms/pickerresults.lib.ftl

@@ -40,14 +40,17 @@
 		"items":
 		[
 		<#list results as row>
-			<#if row.item.hasPermission("Read")>
 			{
 				"type": "${row.item.typeShort}",
 				"parentType": "${row.item.parentTypeShort!""}",
 				"isContainer": ${row.item.isContainer?string},
 				<#if row.container??>"container": "${row.container!""}",</#if>
-				"name": "${row.item.properties.name!""}",
+                <#if row.item.properties?? && row.item.properties.name??>
-				<#if row.item.aspects??>
+                	"name": "${row.item.properties.name!""}",
+                <#else>
+                	"name": "${(row.item.name)!row.item?string!""}",
+                </#if>
+                <#if row.item.aspects??>
                  "aspects": [
                    <#list row.item.aspects as aspect>
                      "${shortQName(aspect)}"
@@ -55,10 +58,15 @@
                    </#list>
                    ],
                  </#if>
-				"title":<#if row.item.properties["lnk:title"]??>"${row.item.properties["lnk:title"]}",
+                <#if row.item.properties??>
-						<#elseif row.item.properties["ia:whatEvent"]??>"${row.item.properties["ia:whatEvent"]}",
+					"title":<#if row.item.properties["lnk:title"]??>"${row.item.properties["lnk:title"]}",
-						<#else>"${row.item.properties.title!""}",</#if>
+							<#elseif row.item.properties["ia:whatEvent"]??>"${row.item.properties["ia:whatEvent"]}",
-				"description": "${row.item.properties.description!""}",
+							<#else>"${row.item.properties.title!""}",</#if>
+					"description": "${row.item.properties.description!""}",
+                <#else>
+					"title": "${(row.item.name)!row.item?string!""}",
+					"description": "",
+                </#if>
 				<#if row.item.properties.modified??>"modified": "${xmldate(row.item.properties.modified)}",</#if>
 				<#if row.item.properties.modifier??>"modifier": "${row.item.properties.modifier}",</#if>
 				<#if row.item.siteShortName??>"site": "${row.item.siteShortName}",</#if>
@@ -76,7 +84,6 @@
 				"nodeRef": "${row.item.nodeRef}"<#if row.selectable?exists>,
 				"selectable" : ${row.selectable?string}</#if>
 			}<#if row_has_next>,</#if>
-			</#if>
 		</#list>
 		]
 	}

repository/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo</artifactId>
-        <version>23.6.0.23</version>
+        <version>23.7.0.2</version>
     </parent>
 
     <dependencies>

repository/src/main/java/org/alfresco/repo/event2/EventConsolidator.java

@@ -2,7 +2,7 @@
  * #%L
  * Alfresco Repository
  * %%
- * Copyright (C) 2005 - 2023 Alfresco Software Limited
+ * Copyright (C) 2005 - 2025 Alfresco Software Limited
  * %%
  * This file is part of the Alfresco software.
  * If the software was purchased under a paid Alfresco license, the terms of
@@ -39,8 +39,10 @@ import org.alfresco.service.namespace.QName;
 /**
  * Encapsulates events occurred in a single transaction.
  *
- * @param <REF> entity (e.g. node, child association, peer association) reference type
+ * @param <REF>
- * @param <RES> entity resource type
+ *            entity (e.g. node, child association, peer association) reference type
+ * @param <RES>
+ *            entity resource type
  */
 public abstract class EventConsolidator<REF extends EntityRef, RES extends Resource>
 {
@@ -90,23 +92,31 @@ public abstract class EventConsolidator<REF extends EntityRef, RES extends Resou
     /**
      * Builds and returns the {@link RepoEvent} instance.
      *
-     * @param eventInfo the object holding the event information
+     * @param eventInfo
+     *            the object holding the event information
      * @return the {@link RepoEvent} instance
      */
     public RepoEvent<DataAttributes<RES>> getRepoEvent(EventInfo eventInfo)
+    {
+        final RepoEvent.Builder<DataAttributes<RES>> builder = RepoEvent.builder();
+
+        configureRepoEventBuilder(builder, eventInfo);
+
+        return builder.build();
+    }
+
+    protected void configureRepoEventBuilder(RepoEvent.Builder<DataAttributes<RES>> builder, EventInfo eventInfo)
     {
         EventType eventType = getDerivedEvent();
 
         DataAttributes<RES> eventData = buildEventData(eventInfo, resource, eventType);
 
-        return RepoEvent.<DataAttributes<RES>>builder()
+        builder.setId(eventInfo.getId())
-            .setId(eventInfo.getId())
+                .setSource(eventInfo.getSource())
-            .setSource(eventInfo.getSource())
+                .setTime(eventInfo.getTimestamp())
-            .setTime(eventInfo.getTimestamp())
+                .setType(eventType.getType())
-            .setType(eventType.getType())
+                .setData(eventData)
-            .setData(eventData)
+                .setDataschema(EventJSONSchema.getSchemaV1(eventType));
-            .setDataschema(EventJSONSchema.getSchemaV1(eventType))
-            .build();
     }
 
     /**
@@ -114,9 +124,9 @@ public abstract class EventConsolidator<REF extends EntityRef, RES extends Resou
      */
     protected DataAttributes<RES> buildEventData(EventInfo eventInfo, RES resource, EventType eventType)
     {
-        return EventData.<RES>builder()
+        return EventData.<RES> builder()
-            .setEventGroupId(eventInfo.getTxnId())
+                .setEventGroupId(eventInfo.getTxnId())
-            .setResource(resource)
+                .setResource(resource)
-            .build();
+                .build();
     }
 }

repository/src/main/resources/alfresco/repository.properties

@@ -3,7 +3,7 @@
 repository.name=Main Repository
 
 # Schema number
-version.schema=19500
+version.schema=19600
 
 # Directory configuration