The above release files should be verified using the PGP signatures and the project release KEYS. See verification instructions for a description of using the PGP and KEYS files for verification. A SHA512 checksum is also provided as an alternative verification method.
<dependency>
<groupId>org.apache.daffodil</groupId>
<artifactId>daffodil-japi_2.12</artifactId>
<version>3.2.1</version>
</dependency>libraryDependencies += "org.apache.daffodil" %% "daffodil-sapi" % "3.2.1"/etc/yum.repos.d/apache-daffodil.repo with the following content:
[apache-daffodil]
name=Apache Daffodil
baseurl=https://apache.jfrog.io/artifactory/daffodil-rpm/
enabled=1
gpgkey=https://downloads.apache.org/daffodil/KEYS
gpgcheck=1
repo_gpgcheck=0sudo dnf install apache-daffodilThis release is a patch on top of Release 3.2.0 to improve security and fix a major functional bug.
The Release Notes for 3.2.0 are still relevant to understand the features and functionality in this 3.2.1 patch release.
This release fixes three security CVEs by updating dependency versions.
A major feature, layering transforms with checksum/CRC capability, which was planned for the prior release (3.2.0) was found to be buggy when unparsing. This has been fixed.
There are no deprecations. This release is fully compatible with all functionality of the prior release.
The following dependencies have been added or updated
Core
Code Generator