XL Deploy 4.0.2 released


XebiaLabs Support -

Dear XebiaLabs community,

We are pleased to announce the release of XL Deploy 4.0.2. This minor version of XL Deploy includes security updates, improvements and bug fixes.

Please see below for the release notes. Don't forget to review the upgrade manual for general upgrade instructions as well as version-specific upgrade instructions and deprecation notes.

Kind regards,
The XebiaLabs Team.

Security fixes

  • [DEPL-6642] - Upgrade commons-fileupload to avoid security risks CVE-2013-0248, CVE-2014-0050
  • [DEPL-6643] - Upgrade Jackrabbit to avoid security risk JCR-3630 XSS
  • [DEPL-6644] - Upgrade Spring framework to avoid security risk CVE-2013-7315
  • [DEPL-6645] - Upgrade RESTEasy to avoid security risks RESTEASY-662, RESTEASY-669, RESTEASY-670
  • [DEPL-6646] - Upgrade Spring Security and Spring Security LDAP to avoid security risk CVE-2014-0097
  • [DEPL-6647] - Remove AntiSamy and Xerces to avoid security risk CVE-2009-2625
  • [DEPL-6661] - Upgrade to xstream 1.4.7 to avoid security risk CVE-2013-7285


  • [DEPL-6419] - Deprecate targetFileName property of file.Folder type
  • [DEPL-6634] - Make property previousDeployedApplication point to the previous deployed application

Bug fixes

  • [DEPL-6089] - File placeholders do not work in FreeMarker templates of the generic plugin
  • [DEPL-6435] - Staging step does not close Overthere connections
  • [DEPL-6579] - Tasks do not respond to 'Stop' or 'Abort' commands when FAILING
  • [DEPL-6660] - Date UTC Conversion upgrader is slow and can cause OutOfMemoryErrors
  • [DEPL-6701] - NoSuchElementException when upgrading a composite package
  • [DEPL-6722] - In the database plugin, when using dependencies for rollback scripts the subfolders are not uploaded
  • [DEPL-6748] - Temporary folders in the work directory are not deleted when using the plan analyzer
Have more questions? Submit a request