8.8.4.0 | Welcome to Repose

8.8.4.0 (2018-04-23)

REP-6674 - Minor internal update to increase logging performance.
REP-6765 - Updated the Keystone v2 filter to forward users' domain ID.
REP-6655 - Adding required configuration files to the examples directory. Also, example configurations will now be replaced on upgrade.
REP-6795 - Added the new URI Redaction service which allows for the removal of sensitive data from URI’s before external processing.
REP-6862 - Updated dependencies:
- Attribute Mapper: 2.2.0 → 2.2.1
  - Attribute Mapper v2.2.1 release notes

8.8.3.0 (2018-03-30)

REP-6654 - Added OpenTracing support.
REP-6674 - Switching usages of LazyLogging over to StrictLogging.

8.8.2.0 (2018-03-23)

REP-6588 - Updated the commitToResponse method of the HttpServletResponseWrapper to avoid writing headers or the body when an error has been sent. This should fix an issue with certain servlet containers where an IllegalStateException is thrown when calling commitToResponse after both writing to the output stream and calling sendError on the wrapped response.
REP-6628 - Updated dependencies:
- API Checker: 2.6.0 → 2.6.1
  - API Checker v2.6.1 release notes
    
    The case of the actual header does not matter, but the case of the rax:roles tenant must match the case of the param element’s name attribute in the API Validator filter's WADL.
REP-6550 - Update the Valkyrie Filter to care about quality when selecting a tenant ID for talking to the Valkyrie service.
REP-6604 - Update the Valkyrie Filter to add roles to the X-Map-Roles header when role translation is configured.
REP-6448 - Updated the Simple RBAC filter to support Multi-Tenant.
REP-6710 - Removed the custom String Utilities in favor of the standard Apache Commons Lang version already in use elsewhere.

8.8.1.0 (2018-02-15)

REP-6447 - Added multi-tenant support in the Keystone v2 and Keystone v2 Authorization filters.
REP-6578 - Updated Tenant Culling filter to utilize the tenant to roles map now being populated by the Keystone v2 filter.
REP-6470 - Updated dependencies:
- API Checker: 2.5.1 → 2.6.0
  - API Checker v2.6.0 release notes
    
    Multi-Tenant support is currently not supported when the mask rax roles feature is enabled.

8.8.0.0 (2018-02-05)

REP-5616, REP-6436, REP-6274 - Updated dependencies:
- Jetty: 9.2.0.v20140526 → 9.4.8.v20171121
  - https://github.com/eclipse/jetty.project/blob/jetty-9.4.x/VERSION.txt
- Gradle: 3.4 → 4.5
  - https://github.com/gradle/gradle/releases/tag/v4.5.0
- JSONPath: 2.4.0 → 2.5.0
  - https://github.com/josephpconley/play-jsonpath/blob/master/README.md
REP-5401 - Added support for environment variable substitution in configuration files.
REP-6390 - Internal changes to the Keystone v2 Filter in anticipation of splitting the authorization portion off into it’s own filter.
REP-6400 - Added the new Keystone v2 Authorization Filter which captures the authorization functionality of the Keystone v2 Filter.
REP-6382 - Lots of little versioned docs updates.

8.7.3.0 (2017-11-17)

REP-6159 - Added the new RegEx Role Based Access Control (RBAC) Filter.
REP-6313 - Updated Keystone v2 Filter to automatically ignore configured roles.
REP-6338 REP-6325 REP-6321 - Multiple documentation improvements.

8.7.2.0 (2017-11-01)

REP-6294 - Updated dependencies:
- Attribute Mapper: 2.1.1 → 2.2.0
  - Attribute Mapper v2.2.0 release notes

8.7.1.0 (2017-10-25)

REP-6133 - Updated the published Docker images to turn off local logging by default to be more in line with the expectations of a Twelve-Factor App.
REP-6135 - Updated the published Docker images to support running the container using an arbitrarily assigned user ID as is expected by the OpenShift Container Platform.
REP-6179 - Converted more old Wiki Docs over to the new Versioned Docs.
REP-6186 - Updated the automated Release Verification to force the use of Java 8 since some GNU/Linux distributions are already providing Java 9 by default.
REP-6252, REP-6211 - Updated dependencies:
- Gradle LinkChecker Plugin: 0.2.0 → 0.3.0
  - Gradle LinkChecker Plugin v0.3.0 release notes
- API Checker: 2.4.1 → 2.5.1
  - API Checker v2.5.1 release notes
- Attribute Mapper: 2.0.1 → 2.1.1
  - Attribute Mapper v2.1.1 release notes
- Saxon: 9.7.0-15 → 9.8.0-4
  - Saxon 9.8.0.4 release notes

8.7.0.2 (2017-10-04)

REP-6162 - Updated the Keystone v2 get IDP call to support the field name change from approvedDomains to approvedDomainIds.

8.7.0.1 (2017-09-28)

REP-6115 - Updated dependencies:
- Attribute Mapper: 2.0.0 → 2.0.1
  - Attribute Mapper v2.0.1 release notes

8.7.0.0 (2017-09-26)

REP-5939 - Added support for, and began publishing, a CentOS-based Docker image.
REP-5766 - Updated Dockerfile to run Repose as the repose user.
REP-5767 - Updated Dockerfiles to simplify usage of JAVA_OPTS.
REP-5985 - Updated the Jackson version from v2.4.0 to v2.8.9 to correct some library mismatch issues.
REP-5315 - Updated Spring-managed bean names in JMX to be consistent with metric beans.
REP-5885 - Fixed the bug where an Error during processing would result in a 200 response from Repose.
REP-6050 - Update Contact Us page information across all the documentation.
REP-5261 - Confirmed the Translation filter will allow 100,000 Entity Expansions and updated the documentation accordingly.
REP-6098 - Updated the SAML Policy Translation filter to allow multiple locations for default values in an effort to support multiple Identity Providers (IDP’s).
REP-6001 - Updated dependencies:
- API Checker: 2.3.0 → 2.4.1
  - API Checker v2.4.1 release notes
- Attribute Mapper: 1.3.0 → 2.0.0
  - Attribute Mapper v2.0.0 release notes
REP-5994 - Brought the Tenant Culling Filter into the main filter bundle.

REP-5727 - Extracted trace ID logging to its own named logger.

The org.openrepose.powerfilter.PowerFilter.trace-id-logging Logger in your Log4j2 configuration will determine the logging behavior for trace ID logging. If the org.openrepose.powerfilter.PowerFilter.trace-id-logging Logger has not been configured, it will inherit the org.openrepose.powerfilter.PowerFilter logger’s configuration.

8.6.3.0 (2017-08-15)

REP-5737 - Updated the following filters to correct a typo that would prevent proper configuration schema validation.

As part of this correction, any configurations that were taking advantage of this lack of validation will cease to function.

REP-5748 - Updated the Phone Home Service to correct a bug that was preventing the message from actually reaching back.
REP-5823 - Updated the Keystone v2 Filter to support multiple Java Regular Expressions for URI tenant extraction.
REP-5853 - Updated the SAML Policy Translation Filter and Attribute Mapping Policy Validation Filter to recover support for XML and JSON (which was removed in 8.6.2.0 (2017-06-13)).
REP-5617 - Updated the the internal HTTP Servlet Response Wrapper to log a WARNING when addHeader, addIntHeader, addDateHeader, or appendHeader is called after the response has been committed.

This message is logged to a separate logger and can be disabled by adding the following to the log4j2.xml:

<Logger name="org.openrepose.commons.utils.servlet.http.HttpServletResponseWrapper_addHeaderWarning" level="off"/>

REP-5521 - Updated the API Checker library from v2.2.1 to v2.3.0.
- This brings the X-Relevant-Roles header population feature to the API Validator filter and Simple RBAC filter.
REP-5940 - Updated the attribute-mapper library from v1.2.0 to v1.3.0.
REP-3502 - Confirmed the correct use of the default ALL HTTP Method in all of the configuration files.

8.6.2.0 (2017-06-13)

REP-5757 - Updated the SAML Policy Translation Filter to utilize YAML policy files.
- Updated the attribute-mapper library from v1.1.1 to v1.2.0 to bring in the YAML updates made in REP-5632
REP-5592 - Updated the Attribute Mapping Policy Validation Filter to only work for YAML bodies.
REP-5694 - Updated the Valkyrie Authorization Filter versioned docs to point to the current Valkyrie service documentation.

8.6.1.1 (2017-06-08)

REP-5520 - Updated the Keystone v2 Filter to provide the token cache key, and to generally handle 401 - Unauthroized responses.
REP-5347 - Updated the Attribute Mapping library from v1.0.2 to v1.1.1.
REP-5595 - Updated the Attribute Mapping Policy Validation Filter to utilize new Attribute Mapping library features for cleaner JSON validation.

8.6.0.0 (2017-06-02)

REP-5234 - Added the new Remote Datastore service which allows the Distributed Datastore service concept to work in dynamic containerized environments like OpenShift.
REP-5343 - Updated the Keystone v2 Filter to support the new Apply RCN Roles feature of Rackspace Keystone v2 Identity. Converted the old Keystone v2 Filter documentation over to the new versioned docs.
REP-5345 - The Attribute Mapping Policy Validation Filter has been released!
REP-5523 - The Repose Functional Test Framework has been released!
REP-5221 - Updated the API Checker library from v2.1.1 to v2.2.1.
- This brings the bulk metadata feature to the API Validator filter.

8.5.0.1 (2017-04-14)

REP-4024 - The Header Normalization Filter updated to include removing headers on the Response.
REP-3901 - The Debian and RPM Repose Valve and WAR artifacts will now create the repose user and group even if the configuration files are already present.
REP-5130 - Rackspace Auth User Filter now gives a more specific and quieter log message when it runs into a non-xml or non-json content type.
REP-4754 - The Rate Limiting Filter now returns a 406 if a user requests limits with an unsupported media type in the Accept header.
REP-4725 - Repose will no longer add a Server header to responses from neither the main endpoint nor the Dist-Datastore endpoint.

REP-5204 - The Metrics Service library has been updated from Yammer v2.2.0 to Dropwizard v3.2.0. The service interface has also been modified to provide a simpler, more flexible experience.

As part of the upgrade, some metric names reported by various components have been changed. Furthermore, all metrics reported to JMX via the Metrics Service now follow a new naming scheme. Due to a technical issue with the new version of the metric library, EHCache metrics are no longer being reported, but there is planned work to restore them. See Metrics Service for details on the metrics currently being reported.

REP-5214 - The Via header configuration has been expanded in a backwards compatible way. However, there were some internal contract changes with the Via and Location header builders, but they should not affect any custom filters.
REP-4465 - Certain enums provided by Repose have been replaced by classes holding the same constant values.

8.4.1.0 (2017-02-24)

REP-5101 - SAML Policy Translation Filter now allows un-encoded application/xml requests in addition to the previous application/x-www-form-urlencoded requests.

8.4.0.2 (2017-02-21)

REP-5100 - Rate Limiting Filter was mistakenly getting the full parameter map, and not just the query parameters.
REP-5071 - Repose is now using Attribute Mapping v1.0.2.

8.4.0.1 (2017-02-04)

REP-4795 REP-4831 - the SAML Policy Translation Filter has been released!
REP-4653 - The Rackspace Auth User Filter updated to read request body of Forgot Password request to get the username and the Highly Efficient Record Processor (HERP) Filter was updated to get X-User-Name from response headers.
REP-4928 - The Keystone v2 Filter will now return a 401 if self-validating tokens are being used and the Identity service responds with a 401.
REP-4841 - A more unique ID will be used for User Access Events (UAE) in support of Cloud Auditing Data Federation (CADF).
REP-4867 - The Valkyrie Authorization Filter now supports multiple Character Encoding schemes.
REP-4954 - Added support for Form Encoded requests (Content-Type: application/x-www-form-urlencoded).
REP-4880 - Internal utility classes JCharSequence and MessageDigester were removed.
REP-4892 - Versioned searching of these docs has been fixed.
REP-4999 - Leading and trailing whitespace in directory values in the container.cfg.xml file are now ignored.

8.3.0.1 (2016-12-13)

REP-4764 - sendError in the response wrapper will now call sendError on the underlying response when appropriate.

Prior Releases

Legacy Release Notes

Release Notes