Change Log

Changes for Version 3.0

There are a significant number of changes in version 3.0.

Changes for Version 2.0.5

Versions between 2.0 and 2.0.5 are bug fix releases only. Versions 2.0.1, 2.0.2 and 2.0.5 contained security fixes, so upgrading to at least 2.0.5 is vital, clearly the latest release is always recommended. The exact fixes can be viewed in the bug tracking system:

Changes for Version 2.0

There are a large number of changes for version 2.0, and a number of milestone releases.

The full list of changes for version 2.0
The change list for milestone 3
The change list for milestone 2
The change list for milestone 1

Changes for Version 1.1.4

DWR 1.1.4 contains a number of security and bug fixes:

It was possible to craft a request to DWR that avoided the include/exclude checks allowing an attacker to access public methods that should not be accessible. These checks are now made properly.
It was also possible to craft attacks that caused out of memory errors which could cause the servlet engine to stop responding. The fix limits the number of calls that are possible in a batch. The limit can be adjusted using the new maxCallCount init-param.
Some Weblogic users that use forwardToString() may have experienced difficulties due to Weblogic making assumptions about inheritance hierarchies. This release works around these assumptions.

Changes for Version 1.1.3

DWR 1.1.3 contains a single security related bugfix:

The issue is not serious in that it does not allow an attacker to get at anything he shouldn't, or to execute anything he shouldn't. However with a properly crafted input it might be possible to send DWR into an infinite loop. This release fixes that issue.

Changes for Version 1.1.2

DWR 1.1.2 is a bugfix-only release with one minor enhancement back-ported from the 2.0 branch:

New Feature: TextHtmlHandler allows you to recover when your session times out
WebContext.forwardToString handles encoding properly
FacesExtensionFilter handles being unable to get a facesContext better
The bug the prevented setting JS compression levels has been fixed
Timeouts are fixed
DWR is more robust against moving page during an XHR request
IFrame fallback when ActiveX is turned off now works more often
Warnings are better defined to be breakage that could be caused by a browser bug
Warnings now default to off
Fixed marshalling problem with some combinations of nulls in parameter list
JSF filter now cleans up after itself and avoids an NPE
Object converter handles inputs properly

Changes for Version 1.1.1

DWR 1.1.1 is a bugfix-only release:

Fix for the broken JSF integration
Fix for the addRows() that caused some minor issues
Better warning messages to people don't get confused by lack of Hibernate etc.
Fix for missing trailing / issue. This might make life hard for people that needed the pathInfo==null hack. If you wish to re-instate the old logic you will need to add a new parameter to the DWR servlet in web.xml: nullPathInfoWorkaround=true
Added the strings for MSXML6.0
Fix for https/iframe compatibility using src='javascript:void(0)'

Changes for Version 1.1

This release contains enough changes to warrant a change log just for DWR 1.1.

Changes for Version 1.0

Many bug fixes and documentation updates.
New HibernateBeanConverter which avoids marshalling uninitialized properties, and an updated BeanConverter (superclass of HBC) that has include/exclude params to control the conversion of properties.
Move website to Drupal to make it easier to keep it up to date and to allow people to colaborate

Changes for Version 0.9

Javascript is now compressed. This will do something like half the download time. The only compression done is to strip out the comments and remove all spaces at the start of a line. This helps debugging by keeping the line numbers the same, and is reasonably simple to implement without breaking the Javascript.
The extra type info system has been updated to use the new <signatures> element. This should be much more natural for Java programmers.
The website has undergone a serious upgrade, lots more documentation.
You can use a call meta-data object to specify timeouts and error handlers in addition to callback functions.
util.js has been reworked. Non core functions have been deprecated and may be moved in a later release. The ability to add <li> elements to <ol> and <ul> lists has been added.
Some internal work to make for easier integration with Spring and other frameworks.

Changes for Version 0.8

The changes planned for version 0.7 were rolled into version 0.8, so 0.7 never existed as a separate release.

Batch sending of remote calls:
DWR will now send a group of remote calls together in a single batch to reduce network latency. See DWREngine.beginBatch() and DWREngine.endBatch() for more information.
Provision of call ordering promises:
DWR can return results in the order in which they were sent using DWREngine.setOrdered(). Warning: Setting this to true will slow down your application, and it expose you to timeouts if a message gets lost. In addition and it may well mean that you are being lazy and not thinking about the asynchronous model properly.
Fine grained access control:
You can now specify exactly which methods are allowed and disallowed using the include and exclude elements in dwr.xml:
```
<create creator="new" javascript="JDate" class="java.util.Date">
  <include method="getSeconds"/>

  <include method="getMinutes"/>
</create>
```
The alternative is to <exclude .../>. You can do one or the other but not both.
J2EE role based authorization:
You can now specify that certain methods are only available to users with certain roles:
```
<create creator="new" javascript="JDate" class="java.util.Date">

  <auth method="toString" role="devel"/>
</create>
```
This requires you to have added J2EE security turned on in your web.xml.
Methods on java.lang.Object (like wait()) are now disallowed.
Enhanced debug pages:
The debug pages at http://localhost:8080/[YOUR-WEB-APP]/dwr have been enhanced to allow you to enter parameters other than strings, to show more detail on returned objects and to give more feedback on why methods are unavailable.
Auto-fill of Servlet Spec parameters:
If you have a DWR remoted method that has an HttpServletRequest parameter then DWR will automatically fill it in for you. This gives you a way of accessing HttpServletRequest like ExecutionContext except that you don't get the dependency on DWR. It also works for HttpServletResponse etc.
Logging is now fine grained, and there is more of it:
If you were turning DWR debug on globally, you probably don't want to any more!
You can specify detailed type information for collections:
List, Set etc don't have type info (and even under 1.5 it seems you can't get at it) so you can specify the types in dwr.xml:
```
<create creator="new" javascript="Test"
    class="uk.ltd.getahead.testdwr.Test">

  <parameter method="testBeanSetParam" number="0"
      type="uk.ltd.getahead.testdwr.TestBean"/>
</create>
```
This solution is not perfect, and there is an update planned post 1.0

Changes for Version 0.6.1

Spring fix to only create 1 Factory (Marc Logemann, Roustem Karimov, Joe Walker)
JavaScript documentation uses JSDoc (Joe Walker)
Update website to have better Spring info (Joe Walker)

Changes for Version 0.6

Better documentation (Joe Walker)
Better error messages (Joe Walker)
New ScriptedCreator (Joe Walker)
Wider support for browsers (Brian Doyle, Joe Walker, Mark Goodwin)
Performance fixes (Benjamin Francioni, Joe Walker)
Fix to support Jetty (Mark Murphy)
Better SpringCreator (Joe Walker, Bram Smeets, Marc Logemann)
Logging via commons-logging if it is avaiable (Joe Walker)
New ContextCreator (Frank Nestel)
URL tweak to provide more info to web log analysers (Joe Walker)
New converters for DOM, JDOM, XOM, DOM4J (Joe Walker)
Validation demo (Joe Walker)
Range selection addition to DWRUtil (Mark Goodwin, Joe Walker)
OnReturn addition to DWRUtil (Joe Walker)

Changes for Version 0.5

Conversion from global javascript methods to static object-based methods (Joe Walker)
Various bug fixes in utils.js (Joe Walker)
Change license to ASL 2.0 (Joe Walker)
Fix to support Weblogic 8.1.3 (John Christopher)
Updated Spring creator (Marc Logemann)
New Creator init system using a map rather than a DOM element (Joe Walker)

Changes for Version 0.4

Have a way for DWR to call a JSP and return the data as a string to javascript
Added code to support StringEscapeUtils.escapeJavaScript() from commons-lang
Extracted Creator and Converter types along with Configurator that reads dwr.xml files
Changed all javascript variables and functions to be prefixed dwr to avoid namespace clases
Spring integration allowing you to get beans from spring
Vastly improved documentation

Changes for Version 0.3

Added execute using XMLHttpRequest, or a fallback to iframe. (Joe Walker)
Changed compilations to include 1.3 VMs. Not tested on anything but 1.4/5 though (Dennis Graham)
Tweak to make server responses clearer in demo pages (Joe Walker)
Separated engine.js to make changing it easier (Joe Walker)
Fixed a bug that caused the errorHandler to be called whatever (Dave Rooney)
Fixed a bug that failed to cut up the allowed parameter properly (Daniel Wunsch)
Added an ant build file (Joe Walker)
Execute static methods without creating bean (suggested by Nils Kilden-Pedersen)
I've added more documentation to the home page about ExecutionContext. Access to HttpServletRequest and associated classes is now possible using uk.ltd.getahead.dwr.ExecutionContext. For example: req = ExecutionContext.getExecutionContext().getHttpServletRequest();
Fixed caching issues (Joe Walker)
Broke the main servlet down a bit because it was getting too big (Joe Walker)
New demo site (Joe Walker)