Version 7x release notes

February 19, 2015 - present

 


Release 7.3.8.2 (1/16/2017, backport of v8.x feature)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. NONE

Enhancements

  1. NONE

Bug Fixes

  1. REP-4928 This is a backport of a v8.x feature that fixes a bug with the Keystone v2 filter returning 5xx error codes when using self-validating tokens. 4xx codes are now returned.

Removed Features

  1. NONE

Known Issues

  1. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 7.3.8.1 (10/22/2016, backport of v8.x feature)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. NONE

Enhancements

  1. NONE

Bug Fixes

  1. REP-4575 This is a backport of a v8.x feature that fixes a bug with HTTP Request Input Streams not honoring the mark/reset contract under certain circumstances.

Removed Features

  1. NONE

Known Issues

  1. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 7.3.8.0 (10/07/2016, HERP and Valkyrie Changes)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. NONE

Enhancements

  1. REP-4497 Valkyrie filter can now be bypassed for non-dedicated tenants using the pass-non-dedicated-tenant configuration option.

Bug Fixes

  1. REP-4491 HERP filter now supports logging requests with any HTTP method including OPTIONS.

Removed Features

  1. NONE

Known Issues

  1. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 7.3.7.1 (10/22/2016, Mislabled v7.3.8.1)

This release was unintentionally published and should be ignored; some or all of the artifacts may not be available.


Release 7.3.7.0 (08/22/2016, Auth User Changes)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. NONE

Enhancements

  1. REP-4341 The Rackspace Auth User filter now supports RSA Token credentials and differentiates Rackers from other users based on the presence of the Rackspace domain (BACKPORT).

Bug Fixes

  1. NONE

Removed Features

  1. NONE

Known Issues

  1. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 7.3.6.0 (06/08/2016, Valkyrie Auth Changes)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. REP-4069 The Valkyrie filter now supports passing along the users auth token instead of using valkyrie specific credentials.

Enhancements

  1. NONE

Bug Fixes

  1. NONE

Removed Features

  1. NONE

Known Issues

  1. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 7.3.5.0 (05/10/2016, New JSON Path filter)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. REP-3843 Added the new Body Extractor to Header filter to support extracting a value from a request's body using JSONPath when the Content-Type is JSON.

Enhancements

  1. NONE

Bug Fixes

  1. NONE

Removed Features

  1. NONE

Known Issues

  1. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 7.3.4.0 (04/15/2016, Lint script custom role support)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. NONE

Enhancements

  1. REP-3743 Added support for specifying the role on the command line when running the Lint script

Bug Fixes

  1. NONE

Removed Features

  1. NONE

Known Issues

  1. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 7.3.3.2 (03/21/2016, Double Encoding of Query Parameter Names)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. NONE

Enhancements

  1. NONE

Bug Fixes

  1. REP-3720 Double encoding of query parameter names for ACT

Removed Features

  1. NONE

Known Issues

  1. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 7.3.3.0 (03/08/2016, Header on call to Identity)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. REP-3577 HTTP Connection Pool configuration lets you configure headers to add to requests being sent for a particular pool.

Enhancements

  1. NONE

Bug Fixes

  1. NONE

Removed Features

  1. NONE

Known Issues

  1. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 7.3.2.0 (02/17/2016, Repose Lint, Cache Invalidation for Keystone v2v2, Groups call for Rackers)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. REP-2320 Atom Feed Consumption Service has been implemented, and can be used by Repose developers.

Enhancements

  1. REP-3454 Updated the output of the Repose Lint CLI tool for checking configurations.
    1. To receive the output similar to the original implementation use the -verbose switch.
  2. REP-3212 Handling 404s from the groups call to Identity by passing the request, but not populating the X-PP-Groups header.
  3. REP-2196 Updated the Keystone v2 filter to utilize the Atom Feed service to perform cache invalidation/eviction of tokens.

Bug Fixes

  1. REP-3504 Fixed a potential issue in the Rate Limiting filter when the http-methods attribute was not set in the configuration and instead relied on the default.

Removed Features

  1. NONE

Known Issues

  1. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 7.3.1.0 (01/21/2016, Basic Auth PW, Foyer role, Misc tech debt and bug fixes)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. REP-3304 Add Username/Password Authentication to Rackspace Identity Basic Authentication filter
  2. REP-2974 Repose Lint CLI utility is available as a DEB/RPM package in the same repository as Repose. The following functionality has been implemented:
    1. Check the status of traffic from OpenStack Identity users with the "foyer" role through a given configuration.

Enhancements

  1. REP-3324 Jacoco version set in one place within build to ensure consistency across build.
  2. REP-3325 Tests updated for maximum compatibility in preparation with move to Java 8.
  3. REP-3235 Updated to API-Checker v1.1.4. This specifically added the new capability for default header values.
    1. For full information on what this new version provides/fixes, please see the API-Checker release notes

Bug Fixes

  1. REP-3175 The Add Header Filter no longer requires headers to be configured for both the request and response.
  2. REP-3199 Updated the API Validation filter handler to account for multiple roles being returned from Keystone/Identity and being placed in the X-Roles header.
  3. REP-3204 Updated the Keystone v2 filter to properly make the groups call to Keystone/Identity.

Removed Features

  1. NONE

Known Issues

  1. NONE

Deprecated Features

  1. NONE

Release 7.3.0.0 (12/03/2015, Valkyrie Authorization enhancements and bug fixes)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. REP-2500 The Akka service client was updated to accept a connection pool id, and the auth filters were updated to make the pool id configurable.  Custom filters using the AkkaServiceClient interface will need to be updated to use the new AkkaServiceClientFactory which allows a connection pool id to be specified when creating an AkkaServiceClient instance (example changeset updating a filter).  Setups not using a custom filter should see no behavior change other than the bug fix to start using again the configured connection pool id in the Client Authorization and Client Authentication filters.

New Features

  1. REP-2793 There is a new IP User filter that provides for using CIDR notation to match one of many groups.
  2. REP-2128 There is a new URL Extractor to Header filter that allows a portion of the URL to be put into a header.
  3. REP-3109 All authentication filters (i.e., client-auth, keystone-v2, and openstack-identity-v3) now support prefix-aware tenant comparison.

Enhancements

  1. REP-3043 The Valkyrie Authorization filter will no longer attempt to cull responses from the Origin Service if the status code is not a 200 series code.
  2. REP-3025 The Valkyrie Authorization filter will now allow for specifying the HTTP methods on which to perform culling of the response.

Bug Fixes

  1. REP-2941 The JAVA variable from the sysconfig file is used in the version check rather than the instance of java on the path.
  2. REP-3145 The keystone-v2, and openstack-identity-v3 authentication filters now account for tenanted URLs. 

Removed Features

  1. NONE

Known Issues

  1. Keystone v2 filter doesn't correctly make the Groups call to Keystone/Identity.  Issue fixed in  REP-3204 - Getting issue details... STATUS  and released in Repose 7.3.1.0.

Deprecated Features

  1. The IP Identity filter has been deprecated in favor of the expanded capabilities of the new IP User filter.

Release 7.2.2.0 (11/20/2015, Valkyrie null uri handling)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. REP-2970 Flexible device ID field handling for null field values and non-matching regular expressions.
  2. REP-2604 The API Validation filter now supports the new RAX Metadata Extension.

Enhancements

  1. REP-2631 The API-Checker library was upgraded to v1.1.3 and it brings with it WADL Tools v1.0.31.

Bug Fixes

  1. REP-2946 The Debian Filter-Bundle and Extensions-Filter-Bundle now look for the "repose-deb-war" package that is supplied by the Repose v7.x Debian WAR files even though it is incorrect.
    1. NOTE: The package name of the Repose Debian WAR file will be changed back to the proper package name, "repose-war", in the v8.0.0.0 release.
    2. NOTE: The Repose WAR startup issues that were being caused by missing/incorrectly defaulted context parameters has was also corrected.
  2. REP-2884 The API Validation filter and Simple RBAC filter now support group names with spaces.

Removed Features

  1. NONE

Known Issues

  1. Filter Bundle installation no longer fails on Debian WAR deployments due to the package name change, but the packages names will not be corrected until v8.0.0.0. See  REP-2946 - Getting issue details... STATUS
  2. Keystone v2 filter doesn't correctly make the Groups call to Keystone/Identity.  Issue fixed in  REP-3204 - Getting issue details... STATUS  and released in Repose 7.3.1.0.

Deprecated Features

  1. NONE

Release 7.2.1.1 (11/09/2015, Valkyrie account_admin bug fix)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. NONE

Enhancements

  1. NONE

Bug Fixes

  1. REP-3059 The Valkyrie filter will now authorize users with the account_admin role for the device specified in the X-Device-Id header when enable-bypass-account-admin is configured to false.
    1. The initial release of this feature only supported the culling logic and didn't enforce it for the device id authorization.

Removed Features

  1. NONE

Known Issues

  1. Filter Bundle installation no longer fails on Debian WAR deployments due to the package name change, but the packages names will not be corrected until v8.0.0.0. See  REP-2946 - Getting issue details... STATUS
  2. Keystone v2 filter doesn't correctly make the Groups call to Keystone/Identity.  Issue fixed in  REP-3204 - Getting issue details... STATUS  and released in Repose 7.3.1.0.

Deprecated Features

  1. NONE

Release 7.2.1.0 (11/06/2015, Valkyrie acount_admin enhancement)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. NONE

Enhancements

  1. REP-2972 Updated the Valkyrie Authorization filter to provide behavior more consistent with the common use case. This behavior has been unstable/flapping until this introduction of the enable-bypass-account-admin attribute to the configuration.

Bug Fixes

  1. REP-2886 Fix a bug regarding parsing groups output from Openstack Identity V3. Group Descriptions are optional.
  2. REP-2880 The behavior of the Rackspace Basic Auth Filter has been changed so that it is less opaque about what happens with certain responses from Identity.
    1. Identity Response  ->  Basic Auth Filter Response
    2. 403 -> 403
    3. 404 -> 401
    4. 400 -> 401 - In this particular case, the response from Identity will be logged at the WARN level to the Repose logs. This should assist in debugging why the request was bad.
  3. REP-2233 If you use rate limiting with multiple limit-groups and have many limit elements within them and you have duplicate IDs across limit elements in those groups, repose will clobber limits inappropriately. This was fixed by ensuring that each <limit> element has a unique ID across a single RateLimiting Filter's configuration.

Removed Features

  1. NONE

Known Issues

  1. Filter Bundle installation no longer fails on Debian WAR deployments due to the package name change, but the packages names will not be corrected until v8.0.0.0. See  REP-2946 - Getting issue details... STATUS
  2. Keystone v2 filter doesn't correctly make the Groups call to Keystone/Identity.  Issue fixed in  REP-3204 - Getting issue details... STATUS  and released in Repose 7.3.1.0.

Deprecated Features

  1. NONE

Release 7.2.0.0 (10/16/2015, CORS Headers, Valkyrie x-roles enhancement)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. REP-2529 New filter to support CORS requests.

Enhancements

  1. REP-2827 Updated Valkyrie filter.  The device level permission will be added to the list of roles when configured to translate permissions (in addition to the account level permissions).
  2. REP-2685 Changed the default component name for the API-Checker used in the API-Validator and Simple RBAC filters. This is now modifiable so the new default will need to be changed if the old logging messages are still desired. 

Bug Fixes

  1. REP-2387 Resolved problem where split headers were not logged well when using the Intrafilter Logging. Now all headers, regardless of split, will be properly logged, for both request and response.
  2. REP-2729 The init scripts for both Debian-based and RPM-based distros now do some sanity checking before starting. It validates a minimum Java version as well as a java executable on the path.

Removed Features

  1. NONE

Known Issues

  1. Filter Bundle installation will fail on Debian WAR deployments due to a package name change causing a missing dependency. See  REP-2946 - Getting issue details... STATUS
  2. Keystone v2 filter doesn't correctly make the Groups call to Keystone/Identity.  Issue fixed in  REP-3204 - Getting issue details... STATUS  and released in Repose 7.3.1.0.
  3. Rate limiting data may be corrupted if multiple limits share the same limit ID value. To avoid this issue, all group IDs and limit IDs should be unique. See  REP-2233 - Getting issue details... STATUS

Deprecated Features

  1. NONE 

Release 7.1.7.1 (10/31/2015, Valkyrie Account_Admin coding fix)

 

Key Summary T Assignee P Status story points
Loading...
Refresh

Breaking changes 

  1. NONE

 New Features

  1. NONE

 Enhancements

  1. NONE

 Bug Fixes

  1. REP-3007  Valkyrie JSON response parsing is causing fatal out of memory exception.

 Removed Features

  1. NONE

 Known Issues

  1. Filter Bundle installation will fail on Debian WAR deployments due to a package name change causing a missing dependency. See  REP-2946 - Getting issue details... STATUS

  2. Keystone v2 filter doesn't correctly make the Groups call to Keystone/Identity.  Issue fixed in  REP-3204 - Getting issue details... STATUS  and released in Repose 7.3.1.0.
  3. Rate limiting data may be corrupted if multiple limits share the same limit ID value. To avoid this issue, all group IDs and limit IDs should be unique. See  REP-2233 - Getting issue details... STATUS

 Deprecated Features

  1. NONE

Release 7.1.7.0 (9/30/2015, Valkyrie and Simple RBAC enhancements)

 

Key Summary T Assignee P Status story points
Loading...
Refresh

Breaking changes

  1. NONE

 New Features

  1. REP-2185 The Keystone v2 filter now supports self-validating tokens.
  2. REP-2253 New ServletResponseWrapper

 Enhancements

  1. REP-2676 The Keystone v3 filter now populates X-PP-User header with the Name rather than the ID for consistency with the Keystone v2 filters.
  2. REP-2733 The Phone Home service now includes the creation date as well as the JVM's version and name.
  3. REP-2821 Updated the Simple-RBAC filter to support WADL parameter syntax to provide a basic wildcard like functionality.
  4. REP-2811 Updated Valkyrie filter. Now allows blanket access to all devices if user has account_admin permission.

 Bug Fixes

  1. NONE

 Removed Features

  1. NONE

 Known Issues

  1. Filter Bundle installation will fail on Debian WAR deployments due to a package name change causing a missing dependency. See  REP-2946 - Getting issue details... STATUS
  2. Keystone v2 filter doesn't correctly make the Groups call to Keystone/Identity.  Issue fixed in  REP-3204 - Getting issue details... STATUS  and released in Repose 7.3.1.0.
  3. Rate limiting data may be corrupted if multiple limits share the same limit ID value. To avoid this issue, all group IDs and limit IDs should be unique. See  REP-2233 - Getting issue details... STATUS

 Deprecated Features

  1. NONE

Release 7.1.6.2 (9/25/2015, Valkyrie bug fix)

Key Summary T Assignee P Status story points
Loading...
Refresh

 Breaking changes

  1. NONE

 New Features

  1. NONE 

 Enhancements

  1. NONE

 Bug Fixes

  1. REP-2798 Valkyrie pre-authorized roles now supports multiple roles in a single header value.

 Removed Features

  1. NONE

 Known Issues

  1. Filter Bundle installation will fail on Debian WAR deployments due to a package name change causing a missing dependency. See  REP-2946 - Getting issue details... STATUS
  2. Keystone v2 filter doesn't correctly make the Groups call to Keystone/Identity.  Issue fixed in  REP-3204 - Getting issue details... STATUS  and released in Repose 7.3.1.0.
  3. Rate limiting data may be corrupted if multiple limits share the same limit ID value. To avoid this issue, all group IDs and limit IDs should be unique. See  REP-2233 - Getting issue details... STATUS

 Deprecated Features

  1. NONE

Release 7.1.6.0 (9/22/2015, Tracing header enhancements (seamless), valkyrie pre-authroized roles)

Key Summary T Assignee P Status story points
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. REP-2517 Tracing header now supports containing a Base64 encoded JSON object.  This header was previously populated with a unique identifier; that identifier will now be in the "requestId" field of the JSON object. 

Enhancements

  1. REP-2650 Updated the Valkyrie filter to allow for bypassing when pre-authorized roles are present.

Bug Fixes

  1. NONE

Removed Features

  1. NONE

Known Issues

  1. Filter Bundle installation will fail on Debian WAR deployments due to a package name change causing a missing dependency. See  REP-2946 - Getting issue details... STATUS
  2. Keystone v2 filter doesn't correctly make the Groups call to Keystone/Identity.  Issue fixed in  REP-3204 - Getting issue details... STATUS  and released in Repose 7.3.1.0.
  3. Rate limiting data may be corrupted if multiple limits share the same limit ID value. To avoid this issue, all group IDs and limit IDs should be unique. See  REP-2233 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 7.1.5.1 (9/9/2015, Bug Fixes, Valkyrie List Culling)

Key Summary T Assignee P Status story points
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. REP-1840 Refactor of Keystone v2 Filter for stability, maintainability, and complete JSON support as Keystone is dropping XML support.
    1. Note: AuthN and AuthZ will become just one filter, the new Keystone v2 Filter.
  2. REP-2379 In the SLF4J HTTP Logging configuration, you can now specify a custom date format for the Time Received entry as documented here.
  3. REP-560 Added a "Phone Home" service which will send usage data to a collection endpoint. This service is optional. By default, the service is not enabled. If enabled, the default collection endpoint will be one which is maintained by the Repose team.
  4. REP-2607 Impersonator roles are now forwarded with the Keystone v2 filter and Client Authentication filter in the X-Impersonator-Roles header.

Enhancements

  1. REP-2464 Authentication filters will no longer remove roles headers, but rather, it will simply add any roles obtained during authentication.
  2. REP-2670 The default tenant ID is no longer required by the Client Authentication and Keystone v2 filters in responses from Identity.
  3. REP-2598 Guave dependency updated to latest version.
  4. REP-2660 Removed usage of custom classes in API Validator in favor library provided versions.
  5. REP-2549 Valkyrie filter now supports the ability to remove items from a list in response based on device permissions.
  6. REP-2603 Valkyrie filter nows supports gathering a users account level permissions and translating them to roles for usage in rbac.

Bug Fixes

  1. REP-2521 NAST/Tenant ID checks are now case-sensitive.

Removed Features

  1. NONE

Known Issues

  1. Filter Bundle installation will fail on Debian WAR deployments due to a package name change causing a missing dependency. See  REP-2946 - Getting issue details... STATUS
  2. Keystone v2 filter doesn't correctly make the Groups call to Keystone/Identity.  Issue fixed in REP-3204 - Getting issue details... STATUS  and released in Repose 7.3.1.0.
  3. Rate limiting data may be corrupted if multiple limits share the same limit ID value. To avoid this issue, all group IDs and limit IDs should be unique. See  REP-2233 - Getting issue details... STATUS

Deprecated Features

  1. REP-1840  Client Auth-N and Auth-Z filters have been deprecated in favor of new Keystone v2 filter. New filter has feature parity for all features other than cache invalidation which will be coming shortly.

Release 7.1.4.0 (8/03/2015, User Access Events bug fixes, Log4J2x dependencies)

Key Summary T Assignee P Status story points
Loading...
Refresh

Breaking changes 

  1. Filter Bundle installation will fail on Debian WAR deployments due to a package name change causing a missing dependency. See  REP-2946 - Getting issue details... STATUS

New Features

  1. REP-2357 Now generates and adds a trace ID to feed invalidation requests in the log. The trace ID stays consistent across feeds of multiple pages.
  2. REP-2388 You can use the Rate Limiting filter following a Header Translation filter that copies the x-roles into x-pp-groups to rate limit roles even when the header contains more than one role/group per header.

Enhancements

  1. REP-2319 Filter classes no longer need to be Spring annotated (i.e. @Named) if they don't have a constructor with any arguments (i.e. has no constructor or has a no-arg constructor)
  2. REP-2355 Allows you to configure Repose to ignore inbound trace IDs (i.e. a new trace ID will always be generated) using the rewrite-tracing-header attribute on system-model.

Bug Fixes

  1. REP-2524 Audit Events Fix for Validator errors not being returned when in delegating mode
  2. REP-2458 Fixed the issue with WAR file deployments failing with ClassNotFound exception due to missing dependency for Log4J 2.x
  3. REP-2378 Updated trace logging for filters to not include the filter ID in the description when it's null (i.e. it'll log "add-header" instead of "null-add-header").
  4. REP-2404 The Distributed Datastore Service now includes the trace ID as the X-Trans-Id header.

Removed Features

  1. NONE

Known Issues

  1. Filter Bundle installation will fail on Debian WAR deployments due to a package name change causing a missing dependency. See  REP-2946 - Getting issue details... STATUS
  2. Rate limiting data may be corrupted if multiple limits share the same limit ID value. To avoid this issue, all group IDs and limit IDs should be unique. See  REP-2233 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 7.1.3.1 (7/20/2015, User Access Events bug fixes, Tracing fixes)

Key Summary T Assignee P Status story points
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. NONE

Enhancements

  1. NONE

Bug Fixes

  1. REP-2356 An empty x-trans-id header no longer added when Tracing is disabled.
  2. REP-2335 The Response Messaging Service will now try to encode an error message to match the content type configured.
  3. REP-2439 The Rackspace Identity Basic Auth Filter will now return UNAUTHORIZED (401) if either the User Name, Password (API Key), or both are empty.

Removed Features

  1. NONE

Known Issues

  1. WAR file deployment will fail with ClassNotFound exception due to missing dependency. See  REP-2458 - Getting issue details... STATUS
  2. Filter Bundle installation will fail on Debian WAR deployments due to a package name change causing a missing dependency. See  REP-2946 - Getting issue details... STATUS
  3. Rate limiting data may be corrupted if multiple limits share the same limit ID value. To avoid this issue, all group IDs and limit IDs should be unique. See  REP-2233 - Getting issue details... STATUS

Deprecated Features

  1. NONE
  • NOTE: Repose v2.13.2 and lower have reached the End-of-Support date of August 15, 2015 as was previously announced on repose-announce AT Lists DOT OpenRepose DOT org

Release 7.1.3.0 (7/09/2015, User Access Events bug fixes, Tracing fixes, Response code feature)

Key Summary T Assignee P Status story points
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. REP-2317 An undefined HTTP Request method now returns the status code 400 instead of 500.

Enhancements

  1. NONE

Bug Fixes

  1. REP-2318 The HERP filter no longer truncates the logged User Agent header value retrieved from the client request.
  2. REP-2271 Error is no longer thrown if username and password are left blank for Basic Auth.
  3. REP-2304 Fixed issue where responses codes were getting overwritten in some cases in API Validator when both multi match and delegating were turned on.
  4. REP-2316 Fixed issue where client authentication would erroneously generate a 500 status code when in delegating mode and no credentials were provided.
  5. REP-2393 Fixed issue where client authentication would would send a quality as part of a header value.
    • Note: This issue is actually with the way MutableServletRequest handles headers. REP-2393 is a short-term fix until the wrappers we use support quality in a more sane way.

Removed Features

  1. NONE

Known Issues

  1. WAR file deployment will fail with ClassNotFound exception due to missing dependency. See  REP-2458 - Getting issue details... STATUS
  2. Filter Bundle installation will fail on Debian WAR deployments due to a package name change causing a missing dependency. See  REP-2946 - Getting issue details... STATUS
  3. Rate limiting data may be corrupted if multiple limits share the same limit ID value. To avoid this issue, all group IDs and limit IDs should be unique. See  REP-2233 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 7.1.2.0 (6/10/2015, API Coverage Handler, Simple RBAC Filter, Tracing ID in logs)

Key Summary T Assignee P Status
Loading...
Refresh

New Features

  1. REP-2097 Simple RBAC filter created to reduce the overhead of using Role Based Access Control. Namely, a WADL no longer needs to be constructed.
  2. REP-1872 API Coverage Handler for api-checker allows gathering usage data for an API.
  3. Log entries corresponding to a particular request can be tagged with a unique identifier for that request.

Enhancements

  1. Tracing in all the logs! The tracing header coming in(or if repose originates it) will be logged for all repose actions, including actions triggering across Distributed Datastores. You can use the log4j pattern %X{traceGuid} to output the GUID into your logs. Repose's default log config will ship with this included now.
  2. Dependency information has been added to all RPM/Debian artifacts.
  3. REP-1872REP-2142 If the API Validator filter is configured to enable-api-coverage="true" and there is a logger named "api-coverage-logger" in the Log4J configuration, then the path taken by each request will be logged there.

  4. Add upstream JSON support for the rate limiting get limits call. Repose limits can now be combined with origin service limits when the origin service describes its limits using JSON.

Bug Fixes

  1. REP-1661 Repose logs invalid filter chain exceptions as errors when starting up.

Removed Features

  1. NONE

Known Issues

  1. WAR file deployment will fail with ClassNotFound exception due to missing dependency. See  REP-2458 - Getting issue details... STATUS
  2. Filter Bundle installation will fail on Debian WAR deployments due to a package name change causing a missing dependency. See  REP-2946 - Getting issue details... STATUS
  3. Rate limiting data may be corrupted if multiple limits share the same limit ID value. To avoid this issue, all group IDs and limit IDs should be unique. See  REP-2233 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 7.1.1.0 (5/19/2015, Tracing Header, Domain Authentication for Keystone V3)

Key Summary T Assignee P Status
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. REP-1704REP-2147 Local and Process Tracing initial implementation

Enhancements

  1. REP-1980 enables an optional domain id to be included with the Admin Token authentication for the Openstack Identity V3 filter.
  2. REP-2105 has the Valkyrie Authorization filter return a 403/404 if hybrid: is not on the tenant.

Bug Fixes

  1. REP-2164 Updated all of the filters that were not explicitly setting the Response Status Code so that at the very least it is being set to the status of the previous filter in the chain to prevent an unintended 500 being returned.
  2. REP-2130 Fixed key mismatch  for cache invalidation in client authentication filter.

Removed Features

  1. NONE

Known Issues

  1. WAR file deployment will fail with ClassNotFound exception due to missing dependency. See  REP-2458 - Getting issue details... STATUS
  2. Filter Bundle installation will fail on Debian WAR deployments due to a package name change causing a missing dependency. See  REP-2946 - Getting issue details... STATUS
  3. Rate limiting data may be corrupted if multiple limits share the same limit ID value. To avoid this issue, all group IDs and limit IDs should be unique. See  REP-2233 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release:7.1.0.2 (04/17/2015: Valkyrie filter, PCI Compliance, Artifact Signing)

Key Summary T Assignee P Status story points
Loading...
Refresh

Breaking changes 

  1. REP-1820 Splittable headers are no longer being split every time they are modified, they are now split on request upon entering the filter chain, and on the request when leaving the origin service. 

New Features

  1. REP-1973 adds a new command line option --show-ssl-params which will dump the default enabled SSL Protocols and Ciphers as well as all the available Protocols and Ciphers. This was added to be used with the also new SSL configuration options allowing you to supply a whiltelist/blacklist of SSL Ciphers and Protocols to be used when Repose terminates SSL. There's also an option to disable TLS Renegotiation.
  2. REP-1952 Repose returns a 405 when a TRACE method hits the Distributed Datastore service.
  3. REP-808 Adds a new filter for Rackspace to authenticate a user against a specific device permission using Valkyrie 
  4. REP-1820 Adds a new filter MergeHeaderFilter, this filter allows you to merge a header with multiple values into a single comma separated value for either the request or the response. Expected usage is for origin services that can't handle requests with large numbers of headers when receiving large numbers of the same header (ex. Accept).

Enhancements

  1. REP-1980 enables an optional domain id to be included with the Admin Token authentication for the Openstack Identity V3 filter.
  2. REP-1837 enables rax:captureHeader to be used on a wadl param in api validator to put a param into a specified header
  3. REP-1933 enables an alias for rax:captureHeader="x-device-id" rax:device="true" for use with capturing the device id out of a uri

Bug Fixes

  1. REP-1973 resolves a bug with not being able to find the SSL keystore in Repose Version 7
  2. REP-2038 resolves a bug where a null pointer exception was thrown when media-variants were not configured in the uri-normalization filter

Removed Features

  1. NONE

Known Issues

  1. WAR file deployment will fail with ClassNotFound exception due to missing dependency. See  REP-2458 - Getting issue details... STATUS
  2. Filter Bundle installation will fail on Debian WAR deployments due to a package name change causing a missing dependency. See  REP-2946 - Getting issue details... STATUS
  3. Rate limiting data may be corrupted if multiple limits share the same limit ID value. To avoid this issue, all group IDs and limit IDs should be unique. See  REP-2233 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Notes

  1. Updated the Copyright and License header in the source files so they can be monitored by the build process. REP-1865 - Getting issue details... STATUS
  2. An example configuration for whitelisting and blacklisting specific protocols and ciphers is available here.

Release 7.0.1.1 (03/20/2015: User Access Events, Bug Fixes)

Key Summary T Assignee P Status story points
Loading...
Refresh

Breaking changes

  1. NONE

New Features

  1. Wadl configuration in API-Validator filter actually supports relative and absolute paths, allowing one to store their WADLs somewhere not under /etc/repose  REP-1435 - Getting issue details... STATUS

Enhancements

  1. All of the Authentication and Authorization filters now return a 503 and the retry-after header when a call fails because of a service unavailability due to rate limiting (i.e., 413 and 429 return codes).  REP-1229 - Getting issue details... STATUS
  2. Licensing information for Repose source has been updated to ONLY Apache License v2.0.  REP-1905 - Getting issue details... STATUS
  3. Api Validator now allows using pre-compiled wadls to speed up start time. This will disable validation of the wadl document as a consequence under the assumption that the checker document was created from a valid wadl. REP-1850 - Getting issue details... STATUS

Bug Fixes

  1. The URI Identity filter will now populate the X-PP-Groups header with the configured value rather than always using the default.  REP-1754 - Getting issue details... STATUS
  2. Client AuthN feed invalidation fails to reset once existing marker becomes invalid.  REP-1888 - Getting issue details... STATUS

Removed Features

  1. NONE

Known Issues

  1. WAR file deployment will fail with ClassNotFound exception due to missing dependency. See  REP-2458 - Getting issue details... STATUS
  2. Filter Bundle installation will fail on Debian WAR deployments due to a package name change causing a missing dependency. See  REP-2946 - Getting issue details... STATUS
  3. Rate limiting data may be corrupted if multiple limits share the same limit ID value. To avoid this issue, all group IDs and limit IDs should be unique. See  REP-2233 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 7.0.0.1 (02/19/2015: Logging Upgrade to Log4J 2.x,  Spring Refactor Work, Namespace Normalization)

Key Summary T Assignee P Status story points
Loading...
Refresh

Breaking Changes

  1. The underlying logging infrastructure has been upgraded from Log4J 1.x to Log4J 2.x  REP-810 - Getting issue details... STATUS
    1. All local Log4J 1.x properties files will need to be converted to Log4J 2.x XML or JSON files.
      1. Refer to: http://logging.apache.org/log4j/2.x/manual/migration.html
      2. And: http://logging.apache.org/log4j/2.x/manual/configuration.html
    2. At this time, the YAML configuration file format supported by Log4J 2.x is not supported by Repose due to an incompatibility in the bundled parser.
    3. The mechanism for loading the logging configuration from the `container.cfg.xml` file has also been updated.

      1. The `logging-configuration` element's `href` attribute now expects an actual URL.

      2. Only the file URL protocol is supported.
      3. For backwards compatibility, absolute and relative paths are also accepted.
  2. The XML Namespaces for the configuration files have all been normalized to the new package naming  REP-1246 - Getting issue details... STATUS
    1. These old namespaces are deprecated:
      1. docs.api.rackspacecloud.com/repose/

      2. docs.rackspacecloud.com/repose/

      3. openrepose.org/repose/

      4. openrepose.org/components/

    2. and have been updated to the new namespace:
      1. docs.openrepose.org/repose/

    3. This version of Repose will:

      1. recognize the use of an old namespace

      2. log an error informing you of the deprecated usage
      3. programatically update it to the new namespace
    4. A future release of Repose will not contain this backwards compatible behavior.
  3. A lot of artifact information was updated, but the end result would only affect those building custom filters against the artifacts. REP-1245 - Getting issue details... STATUS
    1. All of the Maven groupId's in the Repose codebase:
      1. com.rackspace.cloud.services.clients
      2. com.rackspace.papi.commons
      3. com.rackspace.papi.components.experimental
      4. com.rackspace.papi.components.extensions
      5. com.rackspace.papi.components
      6. com.rackspace.papi.core
      7. com.rackspace.papi.documentation
      8. com.rackspace.papi.external.clients
      9. com.rackspace.papi.external
      10. com.rackspace.papi.external.testing
      11. com.rackspace.papi
      12. com.rackspace.papi.service
      13. com.rackspace.papi.test
      14. com.rackspace.papi.test.mocks
      15. com.rackspace.repose.installation.deb.cli-utils
      16. com.rackspace.repose.installation.deb.filters.extensions
      17. com.rackspace.repose.installation.deb.filters
      18. com.rackspace.repose.installation.deb
      19. com.rackspace.repose.installation.deb.valve
      20. com.rackspace.repose.installation.deb.war
      21. com.rackspace.repose.installation
      22. com.rackspace.repose.installation.rpm.cli-utils
      23. com.rackspace.repose.installation.rpm.filters.extensions
      24. com.rackspace.repose.installation.rpm.filters
      25. com.rackspace.repose.installation.rpm
      26. com.rackspace.repose.installation.rpm.valve
      27. com.rackspace.repose.installation.rpm.war
      28. com.rackspace.repose.services
    2. have been changed to org.openrepose with the exception of four Rackspace specific modules that have been changed from com.rackspace.papi.components to org.openrepose.rackspace.
    3. Almost all of the artifactId remained the same. The biggest exception is the main artifactId was changed from papi to repose.
    4. Additionally the RPM and DEB installation modules have had the embedded into the artifactId.
      1. From:
        1. repose-cli-utils
        2. repose-extensions-filter-bundle
        3. repose-filter-bundlerepose-valve
        4. repose-war
      2. To:
        1. repose-deb-cli-utils
        2. repose-deb-extensions-filter-bundle
        3. repose-deb-filter-bundle
        4. repose-deb-valve
        5. repose-deb-war
      3. And:
        1. repose-rpm-cli-utils
        2. repose-rpm-extensions-filter-bundle
        3. repose-rpm-filter-bundle
        4. repose-rpm-valve
        5. repose-rpm-war
      4. However these still produce the same actual artifacts with the .deb and .rpm file extensions as always.

New Features

  1. The HTTP Delegation Library may now be used by any filter.  REP-1270 - Getting issue details... STATUS
  2. The API Validator filter now supports delegation.  REP-1270 - Getting issue details... STATUS
  3. The Client AuthN filter now supports delegation.  REP-1271 - Getting issue details... STATUS
  4. The OpenStack Identity v3 filter now supports delegation.  REP-1304 - Getting issue details... STATUS
  5. The Client Authorization filter now supports delegation  REP-1302 - Getting issue details... STATUS
  6. The Delegation Response Processor filter. See: Delegation Response Processor (DeRP) Filter REP-1283 - Getting issue details... STATUS
  7. The Highly Efficient Record Processor filter. See: Highly Efficient Record Processor (HERP) filter REP-1272 - Getting issue details... STATUS

Bug Fixes

  1. The Null Pointer Exception that was previously being loudly logged, is now handled more appropriately and not logged.  REP-1526 - Getting issue details... STATUS
    1. The root cause of the loud NPE was in the the client-auth-n and client-auth-z filters and has been fixed.
      If they timeout while communicating with the Identity service, then the Response Status Code is set to GATEWAY_TIMEOUT (504).
      If they fail to successfully authenticate/authorize with the Identity service, then the original behavior of returning a Response Status Code of INTERNAL_SERVER_ERROR (500) is still in effect.
      Any unexpected exceptions that do reach that point are now noted at the Error level and the full stack trace is at the Debug level.
  2. In Openstack-V3 filter, the RAX-AUTH:projectId entry was changed to RAX-AUTH:project_id.  REP-1598 - Getting issue details... STATUS

Removed Features

  1. NONE

Known Issues

  1. WAR file deployment will fail with ClassNotFound exception due to missing dependency. See  REP-2458 - Getting issue details... STATUS
  2. Filter Bundle installation will fail on Debian WAR deployments due to a package name change causing a missing dependency. See  REP-2946 - Getting issue details... STATUS
  3. Rate limiting data may be corrupted if multiple limits share the same limit ID value. To avoid this issue, all group IDs and limit IDs should be unique. See  REP-2233 - Getting issue details... STATUS

Deprecated Features

  1. NONE