What's new in EzyPlatform 1.2.3?

This release introduces CronExpression into the common SDK, modernizes the workflow architecture, expands workflow-schema capabilities, and strengthens validation for return URLs and user input.
  1. Added CronExpression to the common SDK
    Introduced CronExpression for parsing and processing both 5-field and 6-field cron expressions. Supported syntax includes *, single values, ranges, steps, range-step combinations, and comma-separated lists. The class provides nextTimeOf(...) methods to calculate the next execution time and can generate human-readable descriptions such as every 5 minutes or at 08:00, every weekday. If no valid execution time can be found within four years, the methods return null or -1.
  2. Modernized workflow architecture
    The workflow API has been simplified by replacing the legacy WorkflowHandler pattern based on handle(Map input, Map output) with the new generic model WorkflowHandler<T, R> using the method R handle(T input). Added getPriority() to allow multiple handlers with the same name to be resolved according to priority. A new WorkflowHandlerManager was also introduced to manage workflow handlers, schema fetchers, and registered workflow definitions.
  3. Added workflow-handler schema support
    Introduced WorkflowHandlerSchema containing argumentSchema, resultSchema, description, and properties. Added WorkflowHandlerSchemaFetcher to separate workflow schema definitions from workflow execution logic, making documentation, tooling, and integrations easier to maintain.
  4. Enhanced workflow management with WorkflowHandlerManager
    WorkflowHandlerManager supports retrieving handlers by name, listing registered workflow names in sorted order, retrieving schema fetchers by workflow name, and accessing all registered schema fetchers. The manager uses lazy initialization when scanning EzySingletonFactory, reducing startup overhead and improving runtime efficiency.
  5. Strengthened return-URL validation and security
    Added DefaultValidator.isValidReturnUrl to reduce the risk of open redirects and header-injection attacks. The validator rejects empty URLs, URLs containing control characters, protocol-relative URLs such as //evil.com, and encoded slash/backslash patterns such as /%2f and /%5c. Only absolute URLs using http or https, with a valid host and without user-info or fragments, are accepted.
  6. Improved SQL-injection detection and validator utilities
    The validator now detects additional SQL-comment patterns including /*, */, and #, in addition to --. SQL-injection detection logic was also refined, replacing parenthesis-based checks with single-quote validation to improve detection accuracy. Additionally, normalizeHost was made public for reuse by other components.
  7. Simplified admin-role and user-role validation
    validateUserRoleName now returns a UserRoleNameModel and automatically handles missing-role scenarios. Role-deletion APIs and user-by-role queries now reuse the validator directly to avoid duplicated lookup and not-found logic. Validation of role-name collections no longer performs SQL-injection checks, focusing only on blank-value and existence validation.
  8. Additional improvements and breaking changes
    Numbers.toLongOrZeroFromObject(null) now consistently returns 0L. AdminEzyPlatformBackupWriter now uses String.isEmpty() when filtering empty lines. In addition, the legacy Workflow and WorkflowManager components have been removed, and AdminWorkflowManager has been renamed to AdminWorkflowHandlerManager. Projects using the old workflow API should migrate to WorkflowHandler<T, R> and WorkflowHandlerManager.