Play 2.8.16 fixes security vulnerabilities

[mkurz]

The Play Team is happy to announce the release of Play 2.8.16.

📗 What is new?

The following are the relevant changes of this bugfix release:

• Patched a moderate CVE to prevent a denial of service when binding forms to deeply-nested JSON objects. [2.8.x] add depth limit for JSON form binding #11301
• Patched a minor CVE that can sometimes result in developer mode errors showing in production mode. [2.8.x] Introduce DevHttpErrorHandler #11305
• Adds support for the 'bundleresource' protocol, when checking URLs. Adding support for checking URL with protocol='bundleresource' existence #11108

The following pull requests got merged for this release:

• [2.8.x] Introduce DevHttpErrorHandler #11305 [2.8.x] Introduce DevHttpErrorHandler by @BillyAutrey, @mkurz
• [2.8.x] add depth limit for JSON form binding #11301 [2.8.x] add depth limit for JSON form binding by @gmethvin, @mkurz
• [2.8.x] GHA: Also release on publish event + secrets inherit #11291 [2.8.x] GHA: Also release on publish event + secrets inherit by @mkurz
• [2.8.x] Refactor badges #11289 [2.8.x] Refactor badges by @mkurz
• [2.8.x] Bump version of sharable workflows to v2 #11269 [2.8.x] Bump version of sharable workflows to v2 by @ihostage
• [2.8.x] Adding support for checking URL with protocol='bundleresource' existence #11252 [2.8.x] Adding support for checking URL with protocol='bundleresource' existence by @asaelitz, @mkurz
• [2.8.x] Remove play-enhancer from docs, project is dead #11265 [2.8.x] Remove play-enhancer from docs, project is dead by @PromanSEW
• [2.8.x] Switch to GitHub actions #11262 [2.8.x] Switch to GitHub actions by @mkurz
• [2.8.x] Make scripts more userfriendly if running outside of CI #11228 [2.8.x] Make scripts more userfriendly if running outside of CI by @mkurz

For more details see the full list of changes and the 2.8.16 milestone.

❤️ Thanks to our premium sponsors!

If you find this OSS project useful for work, please consider asking your company to support it by becoming a sponsor.
You can also individually sponsor the project by becoming a backer.

🙇 Thanks to our contributors

Finally, thanks to the community for their help with detailed bug reports, discussions about new features and pull request reviews. This project is only possible due to the help we had from amazing contributors.
Special thanks to all code contributors who helped with this particular release.

---

This discussion was created from the release Play 2.8.16.