From 7667cd57edaa2a659730bd549a3038af45d42bb8 Mon Sep 17 00:00:00 2001 From: OLTranslationBot Date: Wed, 3 Jun 2026 07:43:54 +0000 Subject: [PATCH] Add zh-Hans translations for 2 blog posts Automated translation from en to zh-Hans Translated files: - 2026-04-21-26.0.0.4.adoc - 2026-05-19-26.0.0.5.adoc Updated English source files with language links: - posts/2026-04-21-26.0.0.4.adoc - posts/2026-05-19-26.0.0.5.adoc Generated by translation pipeline Signed-off-by: OLTranslationBot Co-authored-by-AI: IBM Bob (1.0.4) --- posts/2026-04-21-26.0.0.4.adoc | 3 + posts/2026-05-19-26.0.0.5.adoc | 3 + posts/zh-Hans/2026-04-21-26.0.0.4.adoc | 344 +++++++++++++++++++++ posts/zh-Hans/2026-05-19-26.0.0.5.adoc | 407 +++++++++++++++++++++++++ 4 files changed, 757 insertions(+) create mode 100644 posts/zh-Hans/2026-04-21-26.0.0.4.adoc create mode 100644 posts/zh-Hans/2026-05-19-26.0.0.5.adoc diff --git a/posts/2026-04-21-26.0.0.4.adoc b/posts/2026-04-21-26.0.0.4.adoc index 7e211fcbd8..d3f2b081f2 100644 --- a/posts/2026-04-21-26.0.0.4.adoc +++ b/posts/2026-04-21-26.0.0.4.adoc @@ -10,6 +10,9 @@ seo-description: This release introduces support for selecting JWT signature alg blog_description: This release introduces support for selecting JWT signature algorithms from JOSE headers and adds Java 26 support. It also removes the default LTPA keys password for enhanced security, and includes file transfer restrictions and security vulnerability fixes. open-graph-image: https://openliberty.io/img/twitter_card.jpg open-graph-image-alt: Open Liberty Logo +blog-available-in-languages: +- lang: zh-Hans + path: /zh-Hans/blog/2026/04/21/26.0.0.4.html --- = Enhanced JWT validation, Java 26 support, and more in 26.0.0.4 Navaneeth S Nair diff --git a/posts/2026-05-19-26.0.0.5.adoc b/posts/2026-05-19-26.0.0.5.adoc index c64332fa46..2f596079e7 100644 --- a/posts/2026-05-19-26.0.0.5.adoc +++ b/posts/2026-05-19-26.0.0.5.adoc @@ -10,6 +10,9 @@ seo-description: This release introduces official support for Jakarta EE 11, Spr blog_description: This release introduces official support for Jakarta EE 11, Spring Boot 4.0 applications, and updated TLS/SSL cipher handling in Open Liberty, including enhanced Spring Boot deployment support and simplified SSL cipher configuration. open-graph-image: https://openliberty.io/img/twitter_card.jpg open-graph-image-alt: Open Liberty Logo +blog-available-in-languages: +- lang: zh-Hans + path: /zh-Hans/blog/2026/05/19/26.0.0.5.html --- = Jakarta EE 11, Spring Boot 4.0, and more in 26.0.0.5 Navaneeth S Nair diff --git a/posts/zh-Hans/2026-04-21-26.0.0.4.adoc b/posts/zh-Hans/2026-04-21-26.0.0.4.adoc new file mode 100644 index 0000000000..eec607e75a --- /dev/null +++ b/posts/zh-Hans/2026-04-21-26.0.0.4.adoc @@ -0,0 +1,344 @@ +--- +layout: post +title: "26.0.0.4 中增强的 JWT 验证、Java 26 支持等功能" +# Do NOT change the categories section +categories: blog +author_picture: https://avatars3.githubusercontent.com/navaneethsnair1 +author_github: https://github.com/navaneethsnair1 +seo-title: 26.0.0.4 中增强的 JWT 验证、Java 26 支持等功能 - OpenLiberty.io +seo-description: 此版本引入了从 JOSE 头部选择 JWT 签名算法的支持,并添加了 Java 26 支持。它还删除了默认的 LTPA 密钥密码以增强安全性,并包含文件传输限制和安全漏洞修复。 +blog_description: 此版本引入了从 JOSE 头部选择 JWT 签名算法的支持,并添加了 Java 26 支持。它还删除了默认的 LTPA 密钥密码以增强安全性,并包含文件传输限制和安全漏洞修复。 +open-graph-image: https://openliberty.io/img/twitter_card.jpg +open-graph-image-alt: Open Liberty Logo +blog-available-in-languages: +- lang: en + path: /blog/2026/04/21/26.0.0.4.html +additional_authors: +- name: Ismath Badsha (翻译) + github: https://github.com/IsmathBadsha + image: https://avatars.githubusercontent.com/IsmathBadsha +--- += 26.0.0.4 中增强的 JWT 验证、Java 26 支持等功能 +Navaneeth S Nair +:imagesdir: / +:url-prefix: +:url-about: / +//Blank line here is necessary before starting the body of the post. + +此版本引入了从 JOSE 头部选择 JWT 签名算法的支持,并添加了 Java 26 支持。它还删除了默认的 LTPA 密钥密码以增强安全性,并包含文件传输限制和安全漏洞修复。 + +在 link:{url-about}[Open Liberty] 26.0.0.4 中: + +* <> +* <> +* <> +* <> +* <> +* <> + + +// // // // // // // // +// In the preceding section: +// Replace the TAG_X with a short label for the feature in lower-case, eg: mp3 +// Replace the FEATURE_1_HEADING with heading the feature section, eg: MicroProfile 3.3 +// Where the updates are grouped as sub-headings under a single heading +// (eg all the features in a MicroProfile release), provide sub-entries in the list; +// eg replace SUB_TAG_1 with mpr, and SUB_FEATURE_1_HEADING with +// Easily determine HTTP headers on outgoing requests (MicroProfile Rest Client 1.4) +// // // // // // // // + +查看 link:https://github.com/OpenLiberty/open-liberty/issues?q=label%3Arelease%3A26004+label%3A%22release+bug%22[26.0.0.4] 中已修复的错误列表。 + +查看 link:{url-prefix}/blog/?search=release&search!=beta[以前的 Open Liberty GA 版本博客文章]。 + + +[#run] + +// // // // // // // // +// LINKS +// +// OpenLiberty.io site links: +// link:{url-prefix}/guides/maven-intro.html[Maven] +// +// Off-site links: +//link:https://openapi-generator.tech/docs/installation#jar[Download Instructions] +// +// IMAGES +// +// Place images in ./img/blog/ +// Use the syntax: +// image::/img/blog/log4j-rhocp-diagrams/current-problem.png[Logging problem diagram,width=70%,align="center"] +// // // // // // // // + +== 使用 26.0.0.4 开发和运行您的应用程序 + +如果您使用 link:{url-prefix}/guides/maven-intro.html[Maven],请在 `pom.xml` 文件中包含以下内容: + +[source,xml] +---- + + io.openliberty.tools + liberty-maven-plugin + 3.12.0 + +---- + +或者对于 link:{url-prefix}/guides/gradle-intro.html[Gradle],请在 `build.gradle` 文件中包含以下内容: + +[source,gradle] +---- +buildscript { + repositories { + mavenCentral() + } + dependencies { + classpath 'io.openliberty.tools:liberty-gradle-plugin:4.0.0' + } +} +apply plugin: 'liberty' +---- +// // // // // // // // +// In the preceding section: +// Replace the Maven `3.11.5` with the latest version of the plugin: https://search.maven.org/artifact/io.openliberty.tools/liberty-maven-plugin +// Replace the Gradle `3.9.5` with the latest version of the plugin: https://search.maven.org/artifact/io.openliberty.tools/liberty-gradle-plugin +// TODO: Update GHA to automatically do the above. If the maven.org is problematic, then could fallback to using the GH Releases for the plugins +// // // // // // // // + +或者如果您使用 link:{url-prefix}/docs/latest/container-images.html[容器镜像]: + +[source] +---- +FROM icr.io/appcafe/open-liberty +---- + +或者查看我们的 link:{url-prefix}/start/[下载页面]。 + +如果您使用 link:https://plugins.jetbrains.com/plugin/14856-liberty-tools[IntelliJ IDEA]、link:https://marketplace.visualstudio.com/items?itemName=Open-Liberty.liberty-dev-vscode-ext[Visual Studio Code] 或 link:https://marketplace.eclipse.org/content/liberty-tools[Eclipse IDE],您还可以利用我们的开源 link:https://openliberty.io/docs/latest/develop-liberty-tools.html[Liberty 开发工具],直接在 IDE 中实现有效的开发、测试、调试和应用程序管理。 + +[link=https://stackoverflow.com/tags/open-liberty] +image::img/blog/blog_btn_stack.svg[在 Stack Overflow 上提问, align="center"] + +[#file_transfer] +== 向 `FileService` MBean 添加了阻止列表 +Liberty 中 `restConnector-2.0` 功能提供的 `FileService` MBean 现在包含一个 `blocklist` 属性。此属性由 `server.xml` 文件中的 `` 配置元素配置。此属性的默认值为 `${server.output.dir}/resources/security`。此增强功能通过默认限制对 `${server.output.dir}/resources/security` 的文件传输访问来解决安全漏洞 link:https://github.com/advisories/GHSA-c39w-6qgm-5cp7[CVE-2025-14915]。 + +如果需要对 `${server.output.dir}/resources/security` 进行 FileTransfer 访问,可以通过设置空阻止列表来恢复原始行为。 + +有关更多信息,请参阅 link:https://www.ibm.com/docs/en/was-liberty/nd?topic=manually-file-transfer[文档]。 + +[#ltpa] +== 删除默认 LTPA 密钥密码 + +删除默认 LTPA 密钥密码以解决安全漏洞 link:https://www.ibm.com/support/pages/node/7266845[CVE-2025-14917]。 + +以前,当 `` 元素中未定义 `keysPassword` 属性时,会使用 LTPA 密钥的默认密码。通过此更改,当未设置 `keysPassword` 属性时,不再使用默认密码。 + +对于现有服务器,如果 `server.xml` 文件中未配置 LTPA 密钥密码,则使用 `server.env` 文件中的 `keystore_password`。此值会重新加密 `ltpa.keys` 文件中的 LTPA 密钥。LTPA 密钥本身不受影响。除非在 `server create` 命令中使用 `--no-password` 选项,否则在服务器创建期间会在 `server.env` 文件中配置 `keystore_password`。 + +如果 `server.xml` 文件中的 `` 元素中未定义 `keysPassword`,并且 `server.env` 文件中未定义 `keystore_password`,则 LTPA 服务将失败。 +将显示以下错误消息: + +[source,text] +---- +CWWKS4118E: LTPA configuration error. A keysPassword attribute is not configured on the element, the 'ltpa_keys_password' environment variable is not set, and the 'keystore_password' environment variable is not set. +---- + +通过执行以下步骤确认已设置 LTPA 密钥密码: + +. 检查 `server.xml` 文件中的 `` 元素是否提供了 `keysPassword` 属性(例如,``)。 +* 如果已提供,则此更新不会影响您,无需进一步操作。 +* 如果未提供,请*不要*添加它,并继续执行下一步。 +. 检查 `server.env` 文件中是否存在 `keystore_password` 环境变量(例如,`keystore_password=myKeystorePassword`)。 +* 如果存在,则在服务器启动时使用 `keystore_password` 重新加密以前使用默认 `keysPassword` 加密的 LTPA 密钥。 +* 如果不存在,请继续执行下一步。 +. 将以下环境变量添加到 `server.env` 文件(确保在此处使用 `keystore_password`,而*不是*下一节中为新服务器描述的 `ltpa_keys_password`): ++ +[source,properties] +---- +keystore_password=your-desired-password +---- ++ +* 在服务器启动时,使用 `keystore_password` 重新加密以前使用默认 `keysPassword` 加密的 LTPA 密钥。 + +对于新服务器,在服务器创建期间会随机生成 `ltpa_keys_password` 值。它存储在 `server.env` 文件中,除非在 `server create` 命令中指定了 `--no-password` 选项。如果未为 `` 元素定义 `keysPassword` 属性,则使用随机生成的 `ltpa_keys_password`。 + +有关更多信息,请参阅 link:https://openliberty.io/docs/latest/reference/config/ltpa.html[LTPA] 配置元素。 + + +[#jwt] +== 支持从 JOSE 头部选择 JWT 签名和解密算法 + +JSON Web Token (JWT) 可以使用各种加密签名算法进行签名。通过此版本,JWT Consumer、MicroProfile JWT、OpenID Connect Client 和 Social Media Login 功能支持从 JOSE 头部选择 JWT 签名算法。此支持允许根据令牌头部使用不同的签名算法。 + +以前,只能为 `server.xml` 文件中的每个配置配置一个签名算法(例如,`RS256`)。如果传入的 JWT 使用不同的算法签名,验证将失败。此更新允许使用 JWT 头部中的签名算法进行验证。它提供了在单个配置中使用不同签名算法的灵活性。 + +=== 如何使用 + +要启用从头部选择签名算法,请将 `signatureAlgorithm` 属性设置为 `FROM_HEADER`,并可选择配置 `allowedSignatureAlgorithms` 属性以指定允许哪些算法。 + +如果未配置 `allowedSignatureAlgorithms`,则默认列表包含所有 Open Liberty 支持的签名算法:`RS256、RS384、RS512、HS256、HS384、HS512、ES256、ES384` 和 `ES512`。 + +当使用 `FROM_HEADER` 与非对称算法和信任库设置时,相应公钥的别名必须以其相应的算法为前缀(例如,`RS256_keyalias`)以进行自动选择。别名名称的其余部分无关紧要,只要它以签名算法字符串开头即可。在验证期间,服务器在信任库中搜索以 JWT 头部中指定的算法开头的别名。如果未找到算法前缀别名,则客户端会回退到使用 `trustedAlias` 属性(对于 `jwtConsumer`)或 `trustAliasName` 属性(对于 `openidConnectClient`、`oidcLogin` 和 `mpJwt`)指定的别名(如果已配置)。如果信任库中存在多个具有签名算法前缀的别名,Liberty 将使用找到的第一个。 + +请参阅以下 `server.xml` 文件配置示例,了解如何将这些设置应用于支持的元素: + +[source,xml] +---- + + + + + + + +---- + +=== 了解更多 + +*服务器配置:* + +* link:https://openliberty.io/docs/latest/reference/config/openidConnectClient.html[openidConnectClient] +* link:https://openliberty.io/docs/latest/reference/config/jwtConsumer.html[jwtConsumer] +* link:https://openliberty.io/docs/latest/reference/config/mpJwt.html[mpJwt] +* link:https://openliberty.io/docs/latest/reference/config/oidcLogin.html[oidcLogin] + +*文档:* + +* link:https://openliberty.io/docs/latest/reference/feature/openidConnectClient-1.0.html[OpenID Connect Client 1.0] +* link:https://openliberty.io/docs/latest/reference/feature/jwt-1.0.html[JSON Web Token 1.0] +* link:https://openliberty.io/docs/latest/reference/feature/mpJwt-2.1.html[MicroProfile JWT 2.1] +* link:https://openliberty.io/docs/latest/reference/feature/socialLogin-1.0.html[Social Media Login 1.0] + +[#java_26] +=== 支持 Java 26 +Java 26 是最近的 Java 版本,它引入了比早期版本更多的新功能和增强功能,值得查看。此版本不是长期支持 (LTS) 版本。 + +link:https://openjdk.org/projects/jdk/26/[Java 26] 中有 10 个新功能 (JEP)。其中五个是测试功能,五个是完全交付的功能。 + +*测试功能:* + +* 524:link:https://openjdk.org/jeps/524[加密对象的 PEM 编码(第二次预览)] +* 525:link:https://openjdk.org/jeps/525[结构化并发(第六次预览)] +* 526:link:https://openjdk.org/jeps/526[惰性常量(第二次预览)] +* 529:link:https://openjdk.org/jeps/529[Vector API(第十一次孵化)] +* 530:link:https://openjdk.org/jeps/530[模式、instanceof 和 switch 中的原始类型(第四次预览)] + +*已交付功能:* + +* 500:link:https://openjdk.org/jeps/500[准备使 Final 真正意味着 Final] +* 504:link:https://openjdk.org/jeps/504[删除 Applet API] +* 516:link:https://openjdk.org/jeps/516[使用任何 GC 的提前对象缓存] +* 517:link:https://openjdk.org/jeps/517[HTTP 客户端 API 的 HTTP/3] +* 522:link:https://openjdk.org/jeps/522[G1 GC:通过减少同步提高吞吐量] + +Java 26 中的新变更 JEP 500("准备使 Final 真正意味着 Final")开始通过限制使用深度反射时对 final 字段的修改来强制执行 final 字段的真正不可变性。 +在 Java 26 中,此类修改仍然有效,但默认情况下会触发运行时警告,为开发人员准备更严格的强制执行。 +未来的版本可能会抛出异常,使 final 真正不可变。 + +开发人员可以通过使用 JVM 标志(例如,`--illegal-final-field-mutation=deny`)提前选择加入此更严格的行为,以更早地检测问题。 +此更改提高了程序的正确性、安全性和 JVM 优化。 + +立即利用这些更改,以获得更多时间来评估您的应用程序和微服务在 Java 26 上的行为。 + +立即开始,下载最新版本的 link:https://developer.ibm.com/languages/java/semeru-runtimes/downloads/[IBM Semeru Runtime 26] 或 link:https://adoptium.net/temurin/releases/?version=26[Temurin 26],然后下载并安装 Open Liberty link:{url-prefix}/start/#runtime_releases[26.0.0.4]。使用设置为 Java 26 安装目录的 `JAVA_HOME` 更新 Liberty 服务器的 link:{url-prefix}/docs/latest/reference/config/server-configuration-overview.html#server-env[server.env] 文件并开始测试。 + +有关 Java 26 的更多信息,请参阅 Java 26 link:https://jdk.java.net/26/release-notes[发行说明页面]和 link:https://docs.oracle.com/en/java/javase/26/docs/api/index.html[API Javadoc 页面]。 + + +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/33622 +// Contact/Reviewer: ncpibm +// // // // // // // // +[#displayCustomizedExceptionText] +== Web 容器中 `displayCustomizedExceptionText` 属性的文档 +此版本为 `` 配置中的 `displayCustomizedExceptionText` 属性添加了文档,该属性允许用户使用更清晰的用户定义消息覆盖 Liberty 的默认错误消息(例如 SRVE0218E: Forbidden 和 SRVE0232E: An exception occurred)。 + +该功能通过简单的 `server.xml` 文件配置启用,其中自定义消息可以映射到特定的 HTTP 状态代码(`403` 和 `500`)。 + +测试确保这些自定义消息在所有支持的平台上正确替换 Liberty 的默认值,确认配置的文本在所有场景中一致返回。 + +[source,xml] +---- + +---- + +// DO NOT MODIFY THIS LINE. + +// // // // // // // // +// In the preceding section: +// Replace TAG_X/SUB_TAG_X with the given tag of your secton from the contents list +// Replace SUB_FEATURE_TITLE/FEATURE_X_TITLE with the given title from the contents list +// Replace FEATURE with the feature name for the server.xml file e.g. mpHealth-1.4 +// Replace LINK with the link for extra information given for the feature +// Replace LINK_DESCRIPTION with a readable description of the information +// // // // // // // // + +[#CVEs] +== 此版本中的安全漏洞 (CVE) 修复 +[cols="5*"] +|=== +|CVE |CVSS 评分 |漏洞评估 |受影响的版本 |备注 + +|https://www.cve.org/CVERecord?id=CVE-2025-14915[CVE-2025-14915] +|6.5 +|权限提升 +|17.0.0.3-26.0.0.3 +|影响 `restConnector-2.0` 功能 + +|https://www.cve.org/CVERecord?id=CVE-2025-14917[CVE-2025-14917] +|6.7 +|较弱的安全性 +|17.0.0.3-26.0.0.3 +|影响 `appSecurity-1.0`、`appSecurity-2.0`、`appSecurity-3.0`、`appSecurity-4.0` 和 `appSecurity-5.0` 功能 + +|https://www.cve.org/CVERecord?id=CVE-2026-1561[CVE-2026-1561] +|5.4 +|服务器端请求伪造 +|17.0.0.3-26.0.0.3 +|影响 `samlWeb-2.0` 功能 + +|https://www.cve.org/CVERecord?id=CVE-2026-29063[CVE-2026-29063] +|8.7 +|原型污染 +|17.0.0.3-26.0.0.3 +|影响 `openapi-3.1`、`mpOpenAPI-1.0`、`mpOpenAPI-1.1`、`mpOpenAPI-2.0`、`mpOpenAPI-3.0`、`mpOpenAPI-3.1`、`mpOpenAPI-4.0` 和 `mpOpenAPI-4.1` 功能 + +|=== +// +// If there are no CVEs fixed in this release, replace the table with: +// "There are no security vulnerability fixes in Open Liberty [26.0.0.4]." +// // // // // // // // +有关过去的安全漏洞修复列表,请参阅 link:{url-prefix}/docs/latest/security-vulnerabilities.html[安全漏洞 (CVE) 列表]。 + + +// // // // // // // // +// In the preceding section: +// For this section ask either Michal Broz or Tom Evans or the #openliberty-release-blog channel for Notable bug fixes in this release. +// Present them as a list in the order as provided, linking to the issue and providing a short description of the bug and the resolution. +// If the issue on Github is missing any information, leave a comment in the issue along the lines of: +// "@[issue_owner(s)] please update the description of this `release bug` using the [bug report template](https://github.com/OpenLiberty/open-liberty/issues/new?assignees=&labels=release+bug&template=bug_report.md&title=)" +// Feel free to message the owner(s) directly as well, especially if no action has been taken by them. +// For inspiration about how to write this section look at previous blogs e.g- 20.0.0.10 or 21.0.0.12 (https://openliberty.io/blog/2021/11/26/jakarta-ee-9.1.html#bugs) +// // // // // // // // + + + +== 立即获取 Open Liberty 26.0.0.4 + +通过 <> 提供。 diff --git a/posts/zh-Hans/2026-05-19-26.0.0.5.adoc b/posts/zh-Hans/2026-05-19-26.0.0.5.adoc new file mode 100644 index 0000000000..6a33dafa3a --- /dev/null +++ b/posts/zh-Hans/2026-05-19-26.0.0.5.adoc @@ -0,0 +1,407 @@ +--- +layout: post +title: "26.0.0.5 中的 Jakarta EE 11、Spring Boot 4.0 等" +# Do NOT change the categories section +categories: blog +author_picture: https://avatars3.githubusercontent.com/navaneethsnair1 +author_github: https://github.com/navaneethsnair1 +seo-title: 26.0.0.5 中的 Jakarta EE 11、Spring Boot 4.0 等 - OpenLiberty.io +seo-description: 此版本在 Open Liberty 中引入了对 Jakarta EE 11、Spring Boot 4.0 应用程序以及更新的 TLS/SSL 密码处理的正式支持,包括增强的 Spring Boot 部署支持和简化的 SSL 密码配置。 +blog_description: 此版本在 Open Liberty 中引入了对 Jakarta EE 11、Spring Boot 4.0 应用程序以及更新的 TLS/SSL 密码处理的正式支持,包括增强的 Spring Boot 部署支持和简化的 SSL 密码配置。 +open-graph-image: https://openliberty.io/img/twitter_card.jpg +open-graph-image-alt: Open Liberty Logo +blog-available-in-languages: +- lang: en + path: /blog/2026/05/19/26.0.0.5.html +additional_authors: +- name: Ismath Badsha (翻译) + github: https://github.com/IsmathBadsha + image: https://avatars.githubusercontent.com/IsmathBadsha +--- += 26.0.0.5 中的 Jakarta EE 11、Spring Boot 4.0 等 +Navaneeth S Nair +:imagesdir: / +:url-prefix: +:url-about: / +//Blank line here is necessary before starting the body of the post. + +// // // // // // // // +// In the preceding section: +// Do not insert any blank lines between any of the lines. +// Do not remove or edit the variables on the lines beneath the author name. +// +// "open-graph-image" is set to OL logo. Whenever possible update this to a more appropriate/specific image (For example if present a image that is being used in the post). However, it +// can be left empty which will set it to the default +// +// "open-graph-image-alt" is a description of what is in the image (not a caption). When changing "open-graph-image" to +// a custom picture, you must provide a custom string for "open-graph-image-alt". +// +// Replace TITLE with the blog post title eg: MicroProfile 3.3 is now available on Open Liberty 20.0.0.4 +// Replace GITHUB_USERNAME with your GitHub username eg: lauracowen +// Replace DESCRIPTION with a short summary (~60 words) of the release (a more succinct version of the first paragraph of the post). +// Replace AUTHOR_NAME with your name as you'd like it to be displayed, eg: Laura Cowen +// +// Example post: 2020-04-09-microprofile-3-3-open-liberty-20004.adoc +// +// If adding image into the post add : +// ------------------------- +// [.img_border_light] +// image::img/blog/FILE_NAME[IMAGE CAPTION ,width=70%,align="center"] +// ------------------------- +// "[.img_border_light]" = This adds a faint grey border around the image to make its edges sharper. Use it around screenshots but not +// around diagrams. Then double check how it looks. +// There is also a "[.img_border_dark]" class which tends to work best with screenshots that are taken on dark +// backgrounds. +// Change "FILE_NAME" to the name of the image file. Also make sure to put the image into the right folder which is: img/blog +// change the "IMAGE CAPTION" to a couple words of what the image is +// // // // // // // // + +此版本在 Open Liberty 中引入了对 Jakarta EE 11、Spring Boot 4.0 应用程序以及更新的 TLS/SSL 密码处理的正式支持,包括增强的 Spring Boot 部署支持和简化的 SSL 密码配置。 + +// // // // // // // // +// In the preceding section: +// Leave any instances of `tag::xxxx[]` or `end:xxxx[]` as they are. +// +// Replace RELEASE_SUMMARY with a short paragraph that summarises the release. Start with the lead feature but also summarise what else is new in the release. You will agree which will be the lead feature with the reviewers so you can just leave a placeholder here until after the initial review. +// // // // // // // // + +// // // // // // // // +// Replace the following throughout the document: +// Replace RELEASE_VERSION with the version number of Open Liberty, eg: 22.0.0.2 +// Replace RELEASE_VERSION_NO_PERIODS with the version number of Open Liberty wihtout the periods, eg: 22002 +// // // // // // // // + +在 link:{url-about}[Open Liberty] 26.0.0.5 中: + +* <> +* <> +* <> +* <> +* <> + +// // // // // // // // +// In the preceding section: +// Replace the TAG_X with a short label for the feature in lower-case, eg: mp3 +// Replace the FEATURE_1_HEADING with heading the feature section, eg: MicroProfile 3.3 +// Where the updates are grouped as sub-headings under a single heading +// (eg all the features in a MicroProfile release), provide sub-entries in the list; +// eg replace SUB_TAG_1 with mpr, and SUB_FEATURE_1_HEADING with +// Easily determine HTTP headers on outgoing requests (MicroProfile Rest Client 1.4) +// // // // // // // // + +查看 link:https://github.com/OpenLiberty/open-liberty/issues?q=label%3Arelease%3A26005+label%3A%22release+bug%22[26.0.0.5] 中已修复错误的列表。 + +查看 link:{url-prefix}/blog/?search=release&search!=beta[以前的 Open Liberty GA 版本博客文章]。 + + +[#run] + +// // // // // // // // +// LINKS +// +// OpenLiberty.io site links: +// link:{url-prefix}/guides/maven-intro.html[Maven] +// +// Off-site links: +//link:https://openapi-generator.tech/docs/installation#jar[Download Instructions] +// +// IMAGES +// +// Place images in ./img/blog/ +// Use the syntax: +// image::/img/blog/log4j-rhocp-diagrams/current-problem.png[Logging problem diagram,width=70%,align="center"] +// // // // // // // // + +== 使用 26.0.0.5 开发和运行您的应用程序 + +如果您使用 link:{url-prefix}/guides/maven-intro.html[Maven],请在 `pom.xml` 文件中包含以下内容: + +[source,xml] +---- + + io.openliberty.tools + liberty-maven-plugin + 3.12.0 + +---- + +或者对于 link:{url-prefix}/guides/gradle-intro.html[Gradle],请在 `build.gradle` 文件中包含以下内容: + +[source,gradle] +---- +buildscript { + repositories { + mavenCentral() + } + dependencies { + classpath 'io.openliberty.tools:liberty-gradle-plugin:4.0.0' + } +} +apply plugin: 'liberty' +---- +// // // // // // // // +// In the preceding section: +// Replace the Maven `3.11.5` with the latest version of the plugin: https://search.maven.org/artifact/io.openliberty.tools/liberty-maven-plugin +// Replace the Gradle `3.9.5` with the latest version of the plugin: https://search.maven.org/artifact/io.openliberty.tools/liberty-gradle-plugin +// TODO: Update GHA to automatically do the above. If the maven.org is problematic, then could fallback to using the GH Releases for the plugins +// // // // // // // // + +或者如果您使用 link:{url-prefix}/docs/latest/container-images.html[容器镜像]: + +[source] +---- +FROM icr.io/appcafe/open-liberty +---- + +或者查看我们的 link:{url-prefix}/start/[下载页面]。 + +如果您使用 link:https://plugins.jetbrains.com/plugin/14856-liberty-tools[IntelliJ IDEA]、link:https://marketplace.visualstudio.com/items?itemName=Open-Liberty.liberty-dev-vscode-ext[Visual Studio Code] 或 link:https://marketplace.eclipse.org/content/liberty-tools[Eclipse IDE],您还可以利用我们的开源 link:{url-prefix}/docs/latest/develop-liberty-tools.html[Liberty 开发工具],在 IDE 中实现有效的开发、测试、调试和应用程序管理。 + +[link=https://stackoverflow.com/tags/open-liberty] +image::img/blog/blog_btn_stack_zh-Hans.svg[在 Stack Overflow 上提问, align="center"] + +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/34848 +// Contact/Reviewer: jhanders34 +// // // // // // // // +[#jakarta_ee] +== Jakarta EE 11 Core Profile、Web Profile 和 Platform + +Jakarta EE 11 Core Profile、Web Profile 和 Platform 现在在 Open Liberty 中得到正式支持!我们首先要感谢所有在我们各种测试版中提供反馈的人。 + +Jakarta EE 11 标志着一个重要的里程碑。这是自 2017 年 Java EE 8 以来,Jakarta 首次向平台添加新规范,因此也是自该平台被 Eclipse Foundation 接管以来首次提供新的组件规范。在对现有 Java 规范进行许多更新的同时,它还从 Platform 中删除了所有可选规范和功能。当与 Jakarta EE 11 功能结合使用时,Liberty 继续支持这些可选规范和功能。 + +Core Profile 规范在 Jakarta EE 10 中引入,旨在为轻量级云原生应用程序(如基于 MicroProfile 的应用程序)提供配置文件。随着此版本中引入 Jakarta EE 11 支持,MicroProfile 7.0 和 7.1 功能现在也可以与 Jakarta EE 11 一起使用。您可以使用 Jakarta EE 10 或 Jakarta EE 11 功能运行 MicroProfile 7 应用程序。 + +以下规范构成了 Jakarta Platform 以及 Core 和 Web 配置文件: + +=== Jakarta EE Core Profile 11 +[[core_profile]] +[cols="4,2,3",options="header"] +|=== +| 规范 |更新 |Liberty 功能文档 + +| link:https://jakarta.ee/specifications/annotations/3.0/[Annotations 3.0] |主要更新 |link:{url-prefix}/docs/latest/reference/feature/cdi-4.1.html[cdi-4.1] +| link:https://jakarta.ee/specifications/restful-ws/4.0/[RESTful Web Services 4.0] |主要更新 | link:{url-prefix}/docs/latest/reference/feature/restfulWS-4.0.html[restfulWS-4.0], link:{url-prefix}/docs/latest/reference/feature/restfulWSClient-4.0.html[restfulWSClient-4.0] +| link:https://jakarta.ee/specifications/cdi/4.1/[Context and Dependency Injection 4.1 Lite] | 次要更新 | link:{url-prefix}/docs/latest/reference/feature/cdi-4.1.html[cdi-4.1] +| link:https://jakarta.ee/specifications/interceptors/2.2/[Interceptors 2.2] |次要更新 |link:{url-prefix}/docs/latest/reference/feature/cdi-4.1.html[cdi-4.1] +| link:https://jakarta.ee/specifications/dependency-injection/2.0/[Dependency Injection 2.0] |未更改 |link:{url-prefix}/docs/latest/reference/feature/cdi-4.1.html[cdi-4.1] +| link:https://jakarta.ee/specifications/jsonb/3.0/[JSON Binding 3.0] | 未更改 |link:{url-prefix}/docs/latest/reference/feature/jsonb-3.0.html[jsonb-3.0] +| link:https://jakarta.ee/specifications/jsonp/2.1/[JSON Processing 2.1] |未更改 | link:{url-prefix}/docs/latest/reference/feature/jsonp-2.1.html[jsonp-2.1] +|=== + +=== Jakarta EE Web Profile 11 +[[web_profile]] +[cols="4,2,3",options="header"] +|=== +| 规范 |更新 |Liberty 功能文档 + +| link:https://jakarta.ee/specifications/coreprofile/11/[Jakarta EE Core Profile 11] |主要更新 |参见前面的 <> +| link:https://jakarta.ee/specifications/data/1.0/[Data 1.0] |*新增* | link:{url-prefix}/docs/latest/reference/feature/data-1.0.html[data-1.0] +| link:https://jakarta.ee/specifications/expression-language/6.0/[Expression Language 6.0] |主要更新 |link:{url-prefix}/docs/latest/reference/feature/expressionLanguage-6.0.html[expressionLanguage-6.0] +| link:https://jakarta.ee/specifications/pages/4.0/[Pages 4.0] |主要更新 | link:{url-prefix}/docs/latest/reference/feature/pages-4.0.html[pages-4.0] +| link:https://jakarta.ee/specifications/security/4.0/[Security 4.0] |主要更新 |link:{url-prefix}/docs/latest/reference/feature/appSecurity-6.0.html[appSecurity-6.0] +| link:https://jakarta.ee/specifications/authentication/3.1/[Authentication 3.1] |次要更新 | link:{url-prefix}/docs/latest/reference/feature/appAuthentication-3.1.html[appAuthentication-3.1] +| link:https://jakarta.ee/specifications/concurrency/3.1/[Concurrency 3.1] |次要更新 | link:{url-prefix}/docs/latest/reference/feature/concurrent-3.1.html[concurrent-3.1] +| link:https://jakarta.ee/specifications/cdi/4.1/[Context and Dependency Injection 4.1] |次要更新 |link:{url-prefix}/docs/latest/reference/feature/cdi-4.1.html[cdi-4.1] +| link:https://jakarta.ee/specifications/faces/4.1/[Faces 4.1] |次要更新 | link:{url-prefix}/docs/latest/reference/feature/faces-4.1.html[faces-4.1] +| link:https://jakarta.ee/specifications/persistence/3.2/[Persistence 3.2] |次要更新 | link:{url-prefix}/docs/latest/reference/feature/persistence-3.2.html[persistence-3.2] +| link:https://jakarta.ee/specifications/servlet/6.1/[Servlet 6.1] |次要更新 |link:{url-prefix}/docs/latest/reference/feature/servlet-6.1.html[servlet-6.1] +| link:https://jakarta.ee/specifications/bean-validation/3.1/[Validation 3.1] |次要更新 | link:{url-prefix}/docs/latest/reference/feature/validation-3.1.html[validation-3.1] +| link:https://jakarta.ee/specifications/websocket/2.2/[WebSocket 2.2] |次要更新 |link:{url-prefix}/docs/latest/reference/feature/websocket-2.2.html[websocket-2.2] +| link:https://jakarta.ee/specifications/debugging/2.0/[Debugging Support for Other Languages 2.0] |未更改 |不适用 +| link:https://jakarta.ee/specifications/enterprise-beans/4.0/[Enterprise Beans 4.0 Lite] |未更改 |link:{url-prefix}/docs/latest/reference/feature/enterpriseBeansLite-4.0.html[enterpriseBeansLite-4.0] +| link:https://jakarta.ee/specifications/tags/3.0/[Standard Tag Library 3.0] | 未更改 | link:{url-prefix}/docs/latest/reference/feature/pages-4.0.html[pages-4.0] +| link:https://jakarta.ee/specifications/transactions/2.0/[Transactions 2.0] |未更改 |不适用(参见 link:{url-prefix}/docs/latest/reference/javadoc/liberty-jakartaee11-javadoc.html?package=allclasses-frame.html&class=jakarta/transaction/package-summary.html[Javadoc]) +|=== + +=== Jakarta EE Platform 11 +[[jakarta_ee_platform]] +[cols="4,2,3",options="header"] +|=== +| 规范 |更新 |Liberty 功能文档 + +| link:https://jakarta.ee/specifications/webprofile/11/[Jakarta EE Web Profile 11] |主要更新 |参见前面的 <> +| link:https://jakarta.ee/specifications/authorization/3.0/[Authorization 3.0] |主要更新 | link:{url-prefix}/docs/latest/reference/feature/appAuthorization-3.0.html[appAuthorization-3.0] +| link:https://jakarta.ee/specifications/activation/2.1/[Activation 2.1] |未更改 |link:{url-prefix}/docs/latest/reference/feature/mail-2.1.html[mail-2.1] +| link:https://jakarta.ee/specifications/batch/2.1/[Batch 2.1] |未更改 | link:{url-prefix}/docs/latest/reference/feature/batch-2.1.html[batch-2.1] +| link:https://jakarta.ee/specifications/connectors/2.1/[Connectors 2.1] |未更改 | link:{url-prefix}/docs/latest/reference/feature/connectors-2.1.html[connectors-2.1] +| link:https://jakarta.ee/specifications/enterprise-beans/4.0/[Enterprise Beans 4.0] |未更改 |link:{url-prefix}/docs/latest/reference/feature/enterpriseBeans-4.0.html[enterpriseBeans-4.0] +| link:https://jakarta.ee/specifications/mail/2.1/[Mail 2.1] |未更改 |link:{url-prefix}/docs/latest/reference/feature/mail-2.1.html[mail-2.1] +| link:https://jakarta.ee/specifications/messaging/3.1/[Messaging 3.1] |未更改 | link:{url-prefix}/docs/latest/reference/feature/messaging-3.1.html[messaging-3.1] +|=== + +注意:Enterprise Beans 4.0 未更改,但当 enterpriseBeans-4.0 功能与其他 Jakarta EE 11 功能一起配置时,可选的 EJB 2.x 功能不再启用。想要使用 EJB 2.x API 的用户还必须添加 enterpriseBeansHome-4.0 功能。 + +Liberty 提供了便利功能,用于运行 Jakarta EE 11 Web Profile(link:{url-prefix}/docs/latest/reference/feature/webProfile-11.0.html[webProfile-11.0])和 Jakarta EE 11 Platform(link:{url-prefix}/docs/latest/reference/feature/jakartaee-11.0.html[jakartaee-11.0])中包含的所有组件规范。这些便利功能使您能够使用各自规范中包含的所有 API 快速开发应用程序。对于应用程序客户端中的 Jakarta EE 11 功能,请使用 link:{url-prefix}/docs/latest/reference/feature/jakartaeeClient-11.0.html[jakartaeeClient-11.0] Liberty 功能。 + +要启用 Jakarta EE Platform 11 功能,请将 `jakartaee-11.0` 功能添加到 `server.xml` 文件中: + +[source,xml] +---- + + jakartaee-11.0 + +---- + +或者,要启用 Jakarta EE Web Profile 11 功能,请将 `webProfile-11.0` 功能添加到 `server.xml` 文件中: + +[source,xml] +---- + + webProfile-11.0 + +---- + +虽然 Core Profile 没有便利功能,但您可以通过将以下功能添加到 `server.xml` 文件来启用其等效功能: + +[source,xml] +---- + + jsonb-3.0 + jsonp-2.1 + cdi-4.1 + restfulWS-4.0 + +---- + +要在应用程序客户端容器上运行 Jakarta EE 11 功能,请在 `client.xml` 文件中添加以下条目: + +[source,xml] +---- + + jakartaeeClient-11.0 + +---- + +*更多信息参考*: + +* link:{url-prefix}/docs/latest/reference/diff/jakarta-ee11-diff.html[Jakarta EE 11 和 10 之间的差异] +* link:https://jakarta.ee/specifications/platform/11/[Jakarta EE Platform 11]、link:https://jakarta.ee/specifications/webprofile/11/[Jakarta EE Web Profile 11] 和 link:https://jakarta.ee/specifications/coreprofile/11/[Jakarta EE Core Profile 11] 规范。 +* link:{url-prefix}/docs/latest/reference/javadoc/liberty-jakartaee11-javadoc.html[Jakarta EE 11 Javadoc] + +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/33154 +// Contact/Reviewer: anjumfatima90 +// // // // // // // // +[#springboot] +== Spring Boot 4.0 +Open Liberty 目前支持运行 Spring Boot 1.5.x、2.x 和 3.x 应用程序。随着新的 `springBoot-4.0` 功能的引入,用户现在可以部署 Spring Boot 4.x 应用程序。虽然 Liberty 一直支持打包为 `WAR` 文件的 Spring Boot 应用程序,但此增强功能将支持扩展到 Spring Boot 4.x 应用程序的 `JAR` 和 `WAR` 格式。 + +`springBoot-4.0` 功能提供了在 Open Liberty 上运行 Spring Boot 4.x 应用程序的完整支持,以及在构建容器化应用程序时精简应用程序的能力。 + +要使用此功能,用户必须运行 Java 17 或更高版本并启用 Jakarta EE 11 功能。如果应用程序使用 servlet,则必须配置为使用 `servlet-6.1`。在 `server.xml` 文件中包含以下功能以配置服务器。 + +[source, xml] +---- + + springBoot-4.0 + servlet-6.1 + +---- + +部署 Spring Boot 应用程序的 `server.xml` 配置遵循早期 Liberty Spring Boot 版本中使用的相同方法。 + +[source, xml] +---- + +---- + +与早期版本一样,可以通过将 Spring Boot 应用程序 JAR 放置在 `/dropins/spring` 文件夹中来部署它。使用此部署方法时,可以省略 `server.xml` 文件中的 `springBootApplication` 配置。 + +// DO NOT MODIFY THIS LINE. + +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/34374 +// Contact/Reviewer: rangaran +// // // // // // // // +[#ssl] +== TLS/SSL 密码支持更新 +Liberty 现在使用 JDK 的有效密码列表进行 SSL 配置。SSL 配置中的 `securityLevel` 属性不再使用。此外,SSL 配置中的 `enabledCiphers` 属性已更新,以更灵活的方式自定义 SSL 密码。 + +Liberty 基于 `securityLevel` 的密码类别不再提供有意义的价值。`MEDIUM` 和 `LOW` 类别不包含任何剩余的密码。 + +`enabledCiphers` 属性现在有两种互斥模式:(1) 指定由空格分隔的自定义密码列表,或 (2) 指定过滤条件以从有效的 JDK 密码列表中添加 (+) 或删除 (-) 密码套件。如果 `enabledCiphers` 中设置的值包含静态条目和 +/- 条目,则会记录错误,服务器通过返回有效的 JDK 密码列表来忽略 `enabledCiphers` 值。 + +*现有用法:* 用户将 `securityLevel` 设置为 `HIGH` + +[source,xml] +---- + +---- + +`securityLevel` 属性现在被忽略,因此前面的 `` 配置等同于此处显示的配置,其中没有配置 `securityLevel` 属性。 + +[source,xml] +---- + +---- + +*现有用法:* 用户指定有效 JDK 列表中的所有密码,排除所有 TLS_RSA 密码,但保留一个(TLS_RSA_WITH_AES_128_GCM_SHA256) + +[source,xml] +---- + +---- + +*使用新语法的示例:* 使用通配符实现相同的逻辑 +[source,xml] +---- + +---- + +要了解有关传输安全性的更多信息,请参阅 link:{url-prefix}/docs/modules/reference/23.0.0.6/com.ibm.websphere.appserver.api.ssl_1.5-javadoc/com/ibm/websphere/ssl/Constants.html[SSL Constants Javadoc]、link:{url-prefix}/docs/modules/reference/23.0.0.6/com.ibm.websphere.appserver.api.ssl_1.5-javadoc/com/ibm/websphere/ssl/JSSEProvider.html[JSSEProvider Javadoc] 和 link:{url-prefix}/docs/latest/reference/config/ssl.html[SSL 配置参考]。 + +// DO NOT MODIFY THIS LINE. + +[#CVEs] +== 此版本中的安全漏洞 (CVE) 修复 +[cols="5*"] +|=== +|CVE |CVSS 评分 |漏洞评估 |受影响的版本 |备注 + +|https://www.cve.org/CVERecord?id=CVE-2026-3621[CVE-2026-3621] +|7.5 +|身份欺骗 +|17.0.0.3-26.0.0.4 +| + +|=== +// // // // // // // // +// In the preceding section: +// If there were any CVEs addressed in this release, fill out the table. For the information, reference https://github.com/OpenLiberty/docs/blob/draft/modules/ROOT/pages/security-vulnerabilities.adoc. If it has not been updated for this release, reach out to Kristen Clarke or Michal Broz. +// Note: When linking to features, use the +// `link:{url-prefix}/docs/latest/reference/feature/someFeature-1.0.html[Some Feature 1.0]` format and +// NOT what security-vulnerabilities.adoc does (feature:someFeature-1.0[]) +// +// If there are no CVEs fixed in this release, replace the table with: +// "There are no security vulnerability fixes in Open Liberty [RELEASE_VERSION]." +// // // // // // // // +有关过去安全漏洞修复的列表,请参阅 link:{url-prefix}/docs/latest/security-vulnerabilities.html[安全漏洞 (CVE) 列表]。 + + +[#bugs] +== 此版本中修复的值得注意的错误 + + +我们花了一些时间修复错误。以下部分仅描述了此版本中解决的一些问题。如果您感兴趣,这里是 link:https://github.com/OpenLiberty/open-liberty/issues?q=label%3Arelease%3A26005+label%3A%22release+bug%22[26.0.0.5 中修复的错误的完整列表]。 + +* link:https://github.com/OpenLiberty/open-liberty/issues/34716[当启用使用安全服务的功能且禁用 appSecurity 时的主题泄漏(CVE-2026-3621)] +* link:https://github.com/OpenLiberty/open-liberty/issues/34664[多模块 JSP 应用程序中的 java.lang.ClassCastException: org.apache.jasper.runtime.JspApplicationContextImpl] +* link:https://github.com/OpenLiberty/open-liberty/pull/34657[修复缓存的 JspApplicationContext 的类加载冲突] +* link:https://github.com/OpenLiberty/open-liberty/issues/34642[即使未使用授权码授予,oauthProvider 也强制执行 PKCE] + +// // // // // // // // +// In the preceding section: +// For this section ask either Michal Broz or Tom Evans or the #openliberty-release-blog channel for Notable bug fixes in this release. +// Present them as a list in the order as provided, linking to the issue and providing a short description of the bug and the resolution. +// If the issue on Github is missing any information, leave a comment in the issue along the lines of: +// "@[issue_owner(s)] please update the description of this `release bug` using the [bug report template](https://github.com/OpenLiberty/open-liberty/issues/new?assignees=&labels=release+bug&template=bug_report.md&title=)" +// Feel free to message the owner(s) directly as well, especially if no action has been taken by them. +// For inspiration about how to write this section look at previous blogs e.g- 20.0.0.10 or 21.0.0.12 (https://openliberty.io/blog/2021/11/26/jakarta-ee-9.1.html#bugs) +// // // // // // // // + + +== 立即获取 Open Liberty 26.0.0.5 + +通过 <> 获取。