All notable changes to this project are documented in this file following the Keep a CHANGELOG conventions. This project adheres to Semantic Versioning.
- Java 17 as minimum required version
- Upgraded parent project (authzforce-ce-parent): 9.0.0
- Upgraded dependences
- Spring Core: 6.0.11
- everit-json-schema: 1.14.3
- CVEs by upgrading:
- Parent project (authzforce-ce-parent): 8.5.0
- Maven dependencies:
- authzforce-ce-xacml-model: 8.5.0
- com.github.everit-org.json-schema/org.everit.json.schema -> com.github.erosb/everit-json-schema: 1.14.2
- Spring Core: 5.3.29
authzforce-ce-xacml-model
dependency: missingXacmlAttributeId
enum value for standard XACML 3.0 Core attributeurn:oasis:names:tc:xacml:2.0:resource:target-namespace
(used for<Content>
processing) has been added
- CVE-2021-22696 and CVE-2021-3046 fixed by upgrading authzforce-ce-parent to v8.0.3
- Fix for authzforce/server#64 (loading schemas in offline mode fails)
- CVE-2021-22118: updated parent version to 8.0.2 -> Spring to 5.2.15
- Backward compatibility on XacmlJsonUtils#canonicalizeResponse(), i.e. avoid breaking compatibility for reverse dependencies
- JSON schema identifiers in XACML/JSON schemas: updated to valid links on github
- XacmlJsonUtils#canonicalizeResponse() to better identify similar XACML/JSON responses
- Upgraded parent project version: 8.0.0
- Upgraded to Java 11 (Java 8 no longer supported)
- Upgraded spring-core: 5.2.10
- Upgraded parent project version: 7.6.0
- Upgraded dependencies:
- spring-core: 5.1.14
- org.everit.json.schema: 1.12.1
- Upgraded dependencies:
- JSON schema for XACML Policy(Set)
- XSLT stylesheets for XACML XML-to-JSON Request/Response/Policy/PolicySet conversion
XacmlJsonUtils#canonicalizeResponse(...)
method: remove IncludeInResult properties in Response (useless, esp. for comparison)
- CVE affecting Spring v4.3.18: upgraded to 4.3.20
- Parent project version (authzforce-ce-parent):7.5.0
- Managed dependency versions:
- Spring: 4.3.18 (fixes CVE)
- Managed dependency versions:
- Copyright company name
- Parent project version (authzforce-ce-parent):7.3.0
- Managed dependency versions:
- Spring: 4.3.14.RELEASE
- Managed dependency versions:
- Renamed Xacml3JsonUtils class to XacmlJsonUtils
- Replaced format uri with uri-reference in JSON schemas to match XML anyURI
- Added maven build plugins: dependency-check-maven, pmd, findbugs, surefire, licence
- New JSON schema in file
Policy.schema.json
for XACML-equivalent JSON policies (actually a superset of XACML model), ie. non-standard XACML/JSON schema defined by AuthzForce
- Parent project version (authzforce-ce-parent): 7.0.0 -> 7.1.0
- Managed dependency versions:
- org.everit.json.schema: 1.6.0 -> 1.6.1
- guava: 21.0 -> 22.0
- json: 20170516 -> 20171018
- Managed dependency versions:
- Initial release on GitHub