There’s a bunch of problems using Hibernate with concurrent access to the same rows in the database.
In Grails applications you could be forgiven for ignoring these, because in general the GORM Hibernate examples and documentation err on the side of simplicity rather than completeness.
In addition you may think that this does not affect you, but in all likelihood this is because you either have an application with no real “edit/update” functionality, or you have an insignificant number or users, and/or you have just been lucky so far.
The Grails Platform-Core plugin release 1.0.M3 introduced some new features for safer plugin development where Session, Request and Flash attributes are used.
Note that there is a 1.0.M6 release now which is the recommended version.
The new p:text tag behaves very much like the Grails g:message tag.
The key difference is that the tag supports prefixing the message keys, and automatically applies a prefix based on the name of the plugin that supplied the GSP.
You may have seen the recently announced vulnerability in Grails binding relating to dependency injection.
I wanted to explain this in a little more depth so that everybody knows how to tell whether or not their current systems are vulnerable to it and what this might mean. It is worth noting that new releases of Grails 1.3.x and 2.0.x have already been made by the team – upgrading to those now and redeploying your app will close this particular hole for you.