This is a very modest bug fix release. Importantly, the bundled version of Prototype has been downgraded back to version 1.7, as the new version was causing a number of issues, especially under Internet Explorer.

The main improvement is security related; Tapestry will now integrate a hash-based message authentication code (HMAC) into serialized Java object data stored on the client (generally, this means the t:formdata hidden field used by the Form component).

When you first run your application under 5.3.6, you will see an alert and a console error concerning the HMAC configuration. You should update your application's configuration to set a unique, private value for the tapestry.hmac-passphrase configuration symbol.

And, as with any Tapestry upgrade, be sure to change your application's version number.

  • No labels