This is the consolidated list of changes between Tapestry versions 5.3.5 and 5.3.6. Tapestry 5.3.6 is a drop-in replacement for prior Tapestry 5.3 releases. To upgrade, just update the Maven dependency in your POM file (or download the new JAR file) and the new version will just work. However, please review the How to Upgrade instructions before upgrading.
This is a very modest bug fix release. Importantly, the bundled version of Prototype has been downgraded back to version 1.7, as the new version was causing a number of issues, especially under Internet Explorer.
The main improvement is security related; Tapestry will now integrate a hash-based message authentication code (HMAC) into serialized Java object data stored on the client (generally, this means the t:formdata
hidden field used by the Form component).
When you first run your application under 5.3.6, you will see an alert and a console error concerning the HMAC configuration. You should update your application's configuration to set a unique, private value for the tapestry.hmac-passphrase configuration symbol.
And, as with any Tapestry upgrade, be sure to change your application's version number.