Download Latest Version
8.6.1 source code.tar.gz (4.9 MB)
Get an email when there's a new version of RESTHeart
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| restheart-darwin-arm64 | 2025-06-25 | 202.8 MB | |
| restheart-darwin-amd64 | 2025-06-25 | 206.7 MB | |
| restheart-windows-amd64.exe | 2025-06-25 | 208.0 MB | |
| restheart-linux-amd64 | 2025-06-25 | 218.6 MB | |
| restheart.tar.gz | 2025-06-25 | 51.6 MB | |
| restheart.zip | 2025-06-25 | 51.6 MB | |
| 8.5.0 source code.tar.gz | 2025-06-25 | 4.9 MB | |
| 8.5.0 source code.zip | 2025-06-25 | 5.7 MB | |
| README.md | 2025-06-25 | 3.2 kB | |
| Totals: 9 Items | 949.8 MB | 3 | |
RESTHeart 8.5.0 Release Notes
Release Date: June 25, 2025
Summary
RESTHeart 8.5.0 introduces origin whitelist patterns for enhanced CSRF protection with glob-like pattern matching, optimized Docker images with custom JRE for reduced size, and comprehensive dependency updates across the entire stack for improved security and performance.
New Features
Security Enhancements
Origin Whitelist Patterns Support
- Added support for glob-like patterns in the
OriginVetoerauthorizer through a newwhitelist-patternsconfiguration property - Enables flexible origin matching with patterns like
*.example.comorhttps://*.mydomain.com - Patterns are automatically converted to regular expressions for efficient matching
- Maintains full backward compatibility with the existing
whitelistproperty for exact and prefix matches - Enhanced logging to clarify which whitelist mechanism is being used
- Provides more flexible and secure CSRF protection for deployments with dynamic or wildcard origins
Infrastructure Improvements
Docker Image Optimization
- Implemented custom JRE creation using
jlinkwith only required modules for significantly reduced image size - Migrated to
debian:bookworm-slimbase image with integrated security updates - Removed unnecessary files and components to minimize Docker image footprint
- Improved deployment efficiency and security posture
Dependency Updates
Core Dependencies
- mongodb-driver-sync: Updated to latest version for improved MongoDB connectivity
- caffeine: Updated caching library for better performance
- gson: Updated JSON processing library
- commons-codec: Updated Apache Commons codec utilities
- commons-jxpath: Updated XPath processing library
- snakeyaml: Updated YAML configuration processing
- jna: Updated Java Native Access library
- tika-core: Updated Apache Tika content detection
Development and Testing
- junit-jupiter: Updated testing framework
- mockito-core: Updated mocking framework for tests
- checker-qual: Updated type checker annotations
- metrics-core & metrics-jvm: Updated application metrics libraries
- classgraph: Updated classpath scanning library
- Various Maven plugins: Updated build toolchain
Code Quality Improvements
- Enhanced code readability through strategic addition of
finalmodifiers - Improved annotation formatting for better maintainability
- General code quality improvements and refactoring
Technical Notes
The whitelist-patterns feature in OriginVetoer represents a significant enhancement for organizations deploying RESTHeart in environments with dynamic subdomains or multiple related domains. The glob pattern support allows for more maintainable security configurations while preserving the security guarantees of the existing exact-match whitelist system.
The Docker image optimizations can result in substantially smaller deployment artifacts, reducing both storage requirements and deployment times, particularly beneficial for containerized environments and CI/CD pipelines.