[maven-release-plugin][skip ci] prepare for next development iteration

[maven-release-plugin][skip ci] prepare release 25.3.0.61
Revert "MNT-24776 adding if-else conditionals to avoid null values"
2025-10-22 15:12:38 +00:00 · 2025-10-22 09:51:01 +00:00 · 2025-10-22 09:50:59 +00:00 · 2025-10-22 14:33:09 +05:30 · 2025-10-22 13:08:21 +05:30 · 2025-10-19 00:08:29 +00:00
28 changed files with 132 additions and 123 deletions
--- a/amps/ags/pom.xml
+++ b/amps/ags/pom.xml
@@ -7,7 +7,7 @@
   <parent>
      <groupId>org.alfresco</groupId>
      <artifactId>alfresco-community-repo-amps</artifactId>
-      <version>25.3.0.56</version>
+      <version>25.3.0.62-SNAPSHOT</version>
   </parent>

   <modules>
--- a/amps/ags/rm-automation/pom.xml
+++ b/amps/ags/rm-automation/pom.xml
@@ -7,7 +7,7 @@
   <parent>
      <groupId>org.alfresco</groupId>
      <artifactId>alfresco-governance-services-community-parent</artifactId>
-      <version>25.3.0.56</version>
+      <version>25.3.0.62-SNAPSHOT</version>
   </parent>

   <modules>
--- a/amps/ags/rm-automation/rm-automation-community-rest-api/pom.xml
+++ b/amps/ags/rm-automation/rm-automation-community-rest-api/pom.xml
@@ -7,7 +7,7 @@
   <parent>
      <groupId>org.alfresco</groupId>
      <artifactId>alfresco-governance-services-automation-community-repo</artifactId>
-      <version>25.3.0.56</version>
+      <version>25.3.0.62-SNAPSHOT</version>
   </parent>

   <build>
--- a/amps/ags/rm-community/pom.xml
+++ b/amps/ags/rm-community/pom.xml
@@ -7,7 +7,7 @@
   <parent>
      <groupId>org.alfresco</groupId>
      <artifactId>alfresco-governance-services-community-parent</artifactId>
-      <version>25.3.0.56</version>
+      <version>25.3.0.62-SNAPSHOT</version>
   </parent>

   <modules>
--- a/amps/ags/rm-community/rm-community-repo/pom.xml
+++ b/amps/ags/rm-community/rm-community-repo/pom.xml
@@ -8,7 +8,7 @@
   <parent>
      <groupId>org.alfresco</groupId>
      <artifactId>alfresco-governance-services-community-repo-parent</artifactId>
-      <version>25.3.0.56</version>
+      <version>25.3.0.62-SNAPSHOT</version>
   </parent>

   <properties>
--- a/amps/ags/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityServiceImpl.java
+++ b/amps/ags/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityServiceImpl.java
@@ -31,6 +31,7 @@ import static org.alfresco.service.cmr.security.PermissionService.GROUP_PREFIX;

 import java.util.Collections;
 import java.util.HashSet;
+import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Set;

@@ -247,7 +248,7 @@ public class ExtendedSecurityServiceImpl extends ServiceBaseImpl
     */
    private Set<String> getAuthorities(String group)
    {
-        Set<String> result = new HashSet<>();
+        Set<String> result = new LinkedHashSet<>();
        result.addAll(authorityService.getContainedAuthorities(null, group, true));
        return result;
    }
--- a/amps/ags/rm-community/rm-community-repo/source/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImpl.java
+++ b/amps/ags/rm-community/rm-community-repo/source/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImpl.java
@@ -33,6 +33,7 @@ import java.io.Serializable;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashSet;
+import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Set;

@@ -325,8 +326,8 @@ public class ExtendedPermissionServiceImpl extends PermissionServiceImpl impleme
            return aclReaders;
        }

-        HashSet<String> assigned = new HashSet<>();
-        HashSet<String> readers = new HashSet<>();
+        Set<String> assigned = new LinkedHashSet<>();
+        Set<String> readers = new LinkedHashSet<>();

        for (AccessControlEntry ace : acl.getEntries())
        {
@@ -412,8 +413,8 @@ public class ExtendedPermissionServiceImpl extends PermissionServiceImpl impleme
            return aclWriters;
        }

-        HashSet<String> assigned = new HashSet<>();
-        HashSet<String> readers = new HashSet<>();
+        Set<String> assigned = new LinkedHashSet<>();
+        Set<String> readers = new LinkedHashSet<>();

        for (AccessControlEntry ace : acl.getEntries())
        {
@@ -485,7 +486,7 @@ public class ExtendedPermissionServiceImpl extends PermissionServiceImpl impleme
        Set<String> writers = getWriters(aclId);

        // add the current owner to the list of extended writers
-        Set<String> modifiedWrtiers = new HashSet<>(writers);
+        Set<String> modifiedWrtiers = new LinkedHashSet<>(writers);
        String owner = ownableService.getOwner(nodeRef);
        if (StringUtils.isNotBlank(owner) &&
                !owner.equals(OwnableService.NO_OWNER) &&
--- a/amps/ags/rm-community/rm-community-rest-api-explorer/pom.xml
+++ b/amps/ags/rm-community/rm-community-rest-api-explorer/pom.xml
@@ -7,7 +7,7 @@
    <parent>
        <groupId>org.alfresco</groupId>
        <artifactId>alfresco-governance-services-community-repo-parent</artifactId>
-        <version>25.3.0.56</version>
+        <version>25.3.0.62-SNAPSHOT</version>
    </parent>

    <build>
--- a/amps/pom.xml
+++ b/amps/pom.xml
@@ -7,7 +7,7 @@
    <parent>
        <groupId>org.alfresco</groupId>
        <artifactId>alfresco-community-repo</artifactId>
-        <version>25.3.0.56</version>
+        <version>25.3.0.62-SNAPSHOT</version>
    </parent>

    <modules>
--- a/amps/share-services/pom.xml
+++ b/amps/share-services/pom.xml
@@ -8,7 +8,7 @@
    <parent>
        <groupId>org.alfresco</groupId>
        <artifactId>alfresco-community-repo-amps</artifactId>
-        <version>25.3.0.56</version>
+        <version>25.3.0.62-SNAPSHOT</version>
    </parent>

    <properties>
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -7,7 +7,7 @@
   <parent>
      <groupId>org.alfresco</groupId>
      <artifactId>alfresco-community-repo</artifactId>
-      <version>25.3.0.56</version>
+      <version>25.3.0.62-SNAPSHOT</version>
   </parent>

   <dependencies>
--- a/data-model/pom.xml
+++ b/data-model/pom.xml
@@ -7,7 +7,7 @@
    <parent>
        <groupId>org.alfresco</groupId>
        <artifactId>alfresco-community-repo</artifactId>
-        <version>25.3.0.56</version>
+        <version>25.3.0.62-SNAPSHOT</version>
    </parent>

    <properties>
--- a/mmt/pom.xml
+++ b/mmt/pom.xml
@@ -7,7 +7,7 @@
    <parent>
        <groupId>org.alfresco</groupId>
        <artifactId>alfresco-community-repo</artifactId>
-        <version>25.3.0.56</version>
+        <version>25.3.0.62-SNAPSHOT</version>
    </parent>

    <dependencies>
--- a/packaging/distribution/pom.xml
+++ b/packaging/distribution/pom.xml
@@ -9,6 +9,6 @@
    <parent>
        <groupId>org.alfresco</groupId>
        <artifactId>alfresco-community-repo-packaging</artifactId>
-        <version>25.3.0.56</version>
+        <version>25.3.0.62-SNAPSHOT</version>
    </parent>
 </project>
--- a/packaging/docker-alfresco/pom.xml
+++ b/packaging/docker-alfresco/pom.xml
@@ -7,7 +7,7 @@
    <parent>
        <groupId>org.alfresco</groupId>
        <artifactId>alfresco-community-repo-packaging</artifactId>
-        <version>25.3.0.56</version>
+        <version>25.3.0.62-SNAPSHOT</version>
    </parent>

    <properties>
--- a/packaging/pom.xml
+++ b/packaging/pom.xml
@@ -7,7 +7,7 @@
    <parent>
        <groupId>org.alfresco</groupId>
        <artifactId>alfresco-community-repo</artifactId>
-        <version>25.3.0.56</version>
+        <version>25.3.0.62-SNAPSHOT</version>
    </parent>

    <modules>
--- a/packaging/tests/pom.xml
+++ b/packaging/tests/pom.xml
@@ -6,7 +6,7 @@
    <parent>
        <groupId>org.alfresco</groupId>
        <artifactId>alfresco-community-repo-packaging</artifactId>
-        <version>25.3.0.56</version>
+        <version>25.3.0.62-SNAPSHOT</version>
    </parent>

    <modules>
--- a/packaging/tests/tas-cmis/pom.xml
+++ b/packaging/tests/tas-cmis/pom.xml
@@ -7,7 +7,7 @@
    <parent>
        <groupId>org.alfresco</groupId>
        <artifactId>alfresco-community-repo-tests</artifactId>
-        <version>25.3.0.56</version>
+        <version>25.3.0.62-SNAPSHOT</version>
    </parent>

    <organization>
--- a/packaging/tests/tas-email/pom.xml
+++ b/packaging/tests/tas-email/pom.xml
@@ -9,7 +9,7 @@
    <parent>
        <groupId>org.alfresco</groupId>
        <artifactId>alfresco-community-repo-tests</artifactId>
-        <version>25.3.0.56</version>
+        <version>25.3.0.62-SNAPSHOT</version>
    </parent>

    <developers>
--- a/packaging/tests/tas-integration/pom.xml
+++ b/packaging/tests/tas-integration/pom.xml
@@ -9,7 +9,7 @@
    <parent>
        <groupId>org.alfresco</groupId>
        <artifactId>alfresco-community-repo-tests</artifactId>
-        <version>25.3.0.56</version>
+        <version>25.3.0.62-SNAPSHOT</version>
    </parent>

    <developers>
--- a/packaging/tests/tas-restapi/pom.xml
+++ b/packaging/tests/tas-restapi/pom.xml
@@ -8,7 +8,7 @@
    <parent>
        <groupId>org.alfresco</groupId>
        <artifactId>alfresco-community-repo-tests</artifactId>
-        <version>25.3.0.56</version>
+        <version>25.3.0.62-SNAPSHOT</version>
    </parent>

    <properties>
--- a/packaging/tests/tas-webdav/pom.xml
+++ b/packaging/tests/tas-webdav/pom.xml
@@ -9,7 +9,7 @@
    <parent>
        <groupId>org.alfresco</groupId>
        <artifactId>alfresco-community-repo-tests</artifactId>
-        <version>25.3.0.56</version>
+        <version>25.3.0.62-SNAPSHOT</version>
    </parent>

    <developers>
--- a/packaging/war/pom.xml
+++ b/packaging/war/pom.xml
@@ -7,7 +7,7 @@
    <parent>
        <groupId>org.alfresco</groupId>
        <artifactId>alfresco-community-repo-packaging</artifactId>
-        <version>25.3.0.56</version>
+        <version>25.3.0.62-SNAPSHOT</version>
    </parent>

    <properties>
--- a/pom.xml
+++ b/pom.xml
@@ -2,7 +2,7 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <artifactId>alfresco-community-repo</artifactId>
-    <version>25.3.0.56</version>
+    <version>25.3.0.62-SNAPSHOT</version>
    <packaging>pom</packaging>
    <name>Alfresco Community Repo Parent</name>

@@ -154,7 +154,7 @@
        <connection>scm:git:https://github.com/Alfresco/alfresco-community-repo.git</connection>
        <developerConnection>scm:git:https://github.com/Alfresco/alfresco-community-repo.git</developerConnection>
        <url>https://github.com/Alfresco/alfresco-community-repo</url>
-        <tag>25.3.0.56</tag>
+        <tag>HEAD</tag>
    </scm>

    <distributionManagement>
--- a/remote-api/pom.xml
+++ b/remote-api/pom.xml
@@ -7,7 +7,7 @@
    <parent>
        <groupId>org.alfresco</groupId>
        <artifactId>alfresco-community-repo</artifactId>
-        <version>25.3.0.56</version>
+        <version>25.3.0.62-SNAPSHOT</version>
    </parent>

    <dependencies>
--- a/remote-api/src/main/java/org/alfresco/repo/web/scripts/comments/CommentsPost.java
+++ b/remote-api/src/main/java/org/alfresco/repo/web/scripts/comments/CommentsPost.java
@@ -2,7 +2,7 @@
 * #%L
 * Alfresco Remote API
 * %%
- * Copyright (C) 2005 - 2016 Alfresco Software Limited
+ * Copyright (C) 2005 - 2025 Alfresco Software Limited
 * %%
 * This file is part of the Alfresco software. 
 * If the software was purchased under a paid Alfresco license, the terms of 
@@ -31,7 +31,10 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;

+import org.apache.commons.lang3.StringUtils;
 import org.json.simple.JSONObject;
+import org.owasp.html.PolicyFactory;
+import org.owasp.html.Sanitizers;
 import org.springframework.extensions.webscripts.Cache;
 import org.springframework.extensions.webscripts.Status;
 import org.springframework.extensions.webscripts.WebScriptRequest;
@@ -67,6 +70,19 @@ public class CommentsPost extends AbstractCommentsWebScript
        // get json object from request
        JSONObject json = parseJSON(req);

+        // Validating and Sanitizing comment content to prevent XSS
+        String commentContent = getOrNull(json, "content");
+        if (StringUtils.isBlank(commentContent))
+        {
+            throw new IllegalArgumentException("Comment content must not be empty");
+        }
+        else
+        {
+            PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
+            String safeContent = policy.sanitize(commentContent);
+            json.replace("content", safeContent);
+        }
+
        /* MNT-10231, MNT-9771 fix */
        this.behaviourFilter.disableBehaviour(nodeRef, ContentModel.ASPECT_AUDITABLE);

--- a/remote-api/src/main/resources/alfresco/templates/webscripts/org/alfresco/repository/forms/pickerresults.lib.ftl
+++ b/remote-api/src/main/resources/alfresco/templates/webscripts/org/alfresco/repository/forms/pickerresults.lib.ftl
@@ -45,12 +45,8 @@
 				"parentType": "${row.item.parentTypeShort!""}",
 				"isContainer": ${row.item.isContainer?string},
 				<#if row.container??>"container": "${row.container!""}",</#if>
-                <#if row.item.properties?? && row.item.properties.name??>
-                	"name": "${row.item.properties.name!""}",
-                <#else>
-                	"name": "${(row.item.name)!row.item?string!""}",
-                </#if>
-                <#if row.item.aspects??>
+				"name": "${row.item.properties.name!""}",
+				<#if row.item.aspects??>
                 "aspects": [
                   <#list row.item.aspects as aspect>
                     "${shortQName(aspect)}"
@@ -58,15 +54,10 @@
                   </#list>
                   ],
                 </#if>
-                <#if row.item.properties??>
-					"title":<#if row.item.properties["lnk:title"]??>"${row.item.properties["lnk:title"]}",
-							<#elseif row.item.properties["ia:whatEvent"]??>"${row.item.properties["ia:whatEvent"]}",
-							<#else>"${row.item.properties.title!""}",</#if>
-					"description": "${row.item.properties.description!""}",
-                <#else>
-					"title": "${(row.item.name)!row.item?string!""}",
-					"description": "",
-                </#if>
+				"title":<#if row.item.properties["lnk:title"]??>"${row.item.properties["lnk:title"]}",
+						<#elseif row.item.properties["ia:whatEvent"]??>"${row.item.properties["ia:whatEvent"]}",
+						<#else>"${row.item.properties.title!""}",</#if>
+				"description": "${row.item.properties.description!""}",
 				<#if row.item.properties.modified??>"modified": "${xmldate(row.item.properties.modified)}",</#if>
 				<#if row.item.properties.modifier??>"modifier": "${row.item.properties.modifier}",</#if>
 				<#if row.item.siteShortName??>"site": "${row.item.siteShortName}",</#if>
--- a/repository/pom.xml
+++ b/repository/pom.xml
@@ -7,7 +7,7 @@
    <parent>
        <groupId>org.alfresco</groupId>
        <artifactId>alfresco-community-repo</artifactId>
-        <version>25.3.0.56</version>
+        <version>25.3.0.62-SNAPSHOT</version>
    </parent>

    <dependencies>
Author	SHA1	Message	Date
alfresco-build	14da8d2002	[maven-release-plugin][skip ci] prepare for next development iteration	2025-10-22 09:51:01 +00:00
alfresco-build	6a4bbb021c	[maven-release-plugin][skip ci] prepare release 25.3.0.61	2025-10-22 09:50:59 +00:00
Debjit Chattopadhyay	42d70b17c7	Revert "MNT-24776 adding if-else conditionals to avoid null values" Revert "MNT-24776 adding if-else conditionals to avoid null values"	2025-10-22 14:33:09 +05:30
Debjit Chattopadhyay	c7eba0ddc8	Revert "MNT-24776 adding if-else conditionals to avoid null values" This reverts commit `be02be5a8b`.	2025-10-22 13:08:21 +05:30
alfresco-build	266094c0e1	[maven-release-plugin][skip ci] prepare for next development iteration	2025-10-19 00:08:29 +00:00
alfresco-build	e442b4acf0	[maven-release-plugin][skip ci] prepare release 25.3.0.60	2025-10-19 00:08:28 +00:00
Alfresco CI User	fd1028a685	[force] Force release for 2025-10-19.	2025-10-19 00:05:12 +00:00
alfresco-build	0a7e275a9c	[maven-release-plugin][skip ci] prepare for next development iteration	2025-10-17 06:19:01 +00:00
alfresco-build	d1bbba7286	[maven-release-plugin][skip ci] prepare release 25.3.0.59	2025-10-17 06:18:59 +00:00
Somnath-Deshmukh	e1baddebee	Fix/mnt 25359 (#3613 ) Prevent XSS attack during posting a comment	2025-10-17 10:58:02 +05:30
alfresco-build	3263dcaf2f	[maven-release-plugin][skip ci] prepare for next development iteration	2025-10-12 00:09:47 +00:00
alfresco-build	8926f7f9a7	[maven-release-plugin][skip ci] prepare release 25.3.0.58	2025-10-12 00:09:45 +00:00
Alfresco CI User	764a1b656c	[force] Force release for 2025-10-12.	2025-10-12 00:04:45 +00:00
alfresco-build	cf265f2dea	[maven-release-plugin][skip ci] prepare for next development iteration	2025-10-10 08:32:39 +00:00
alfresco-build	fd0d5204eb	[maven-release-plugin][skip ci] prepare release 25.3.0.57	2025-10-10 08:32:36 +00:00
Piotr Żurek	f9b8a4b42d	Fix missing import	2025-10-10 09:44:45 +02:00
Piotr Żurek	fcdc1438e7	Fix formatting	2025-10-10 09:26:24 +02:00
Axel Faust	7cd1416561	Governance Serivces: LinkedHashSet for stable reader/writer authorities set order + hash code for in-place group names (#2664 )	2025-10-10 08:39:23 +02:00
alfresco-build	f197757f94	[maven-release-plugin][skip ci] prepare for next development iteration	2025-10-09 09:23:06 +00:00