# AMP Release 5.4.1

* [Introduction](#introduction)
* [New Features](#new-features)
* [Bug Fixes](#bug-fixes)
* [Other Changes](#other-changes)
* [Known Issues](#known-issues)
* [Backwards Compatibility](#backwards-compatibility)
* [Upgrade Instructions](#upgrade-instructions)

## Introduction

Thank you to our customers and users for their feedback and support.
Thanks also go to the Apache Brooklyn community for the many code contributions and
evolution of ideas at the heart of this product.

For more information, visit https://cloudsoft.io/amp, https://docs.cloudsoft.io
and http://brooklyn.apache.org.

## New Features

  For additional information, see the AMP 5.4.0 release notes.

## Bug Fixes

#### AMP core

* The version of XStream used has been updated to 1.4.11.1 to address the following security issues
  [[CVE-2017-7957] Improper Input Validation](https://ossindex.sonatype.org/vuln/764af3f0-05d8-4a8d-9421-1d51ed8f2fae)
  [[CVE-2016-3674] Information Exposure](https://ossindex.sonatype.org/vuln/325b0ce9-1324-4bb8-820d-032aaaf1a8ef)

* The version of commons compress has been updated to 1.18 to address the following security vulnerability 
  [[CVE-2012-2098] Algorithmic complexity vulnerability](https://nvd.nist.gov/vuln/detail/CVE-2012-2098)

* Fixes a problem with sessions timing out and prompting for login for different modules at different time, resulting in CSRF token mismatches.


## Other Changes

* TOSCA support is no longer included by default. The TOSCA bundle is now included in the `extras/brooklyn-tosca`
  folder along with a sample configuration file and a README which explains how to install the TOSCA support

## Known Issues

  For additional information, see the AMP 5.4.0 release notes.

## Backwards Compatibility

  For additional information, see the AMP 5.4.0 release notes.

## Deprecation Announcements

  For additional information, see the AMP 5.4.0 release notes.

## Installation and Upgrade Instructions

To install see https://docs.cloudsoft.io/operations/production-installation.html

To upgrade existing installations see https://docs.cloudsoft.io/operations/upgrades/