Version 2x release notes

*** NOTE: Repose v2.13.2 and lower have reached the End-of-Support date of August 15, 2015 as was previously announced on repose-announce AT Lists DOT OpenRepose DOT org

May 10, 2012 - February 10, 2014 

 


Release 2.13.2 (04/09/14: Improved Connection Pool Logging)

This release adds more logging to the connection pool for debugging purposes.

New Features 

  1. HttpClient
    1. Additional logging was added to the Http Client connection pool to give a view into the state of the pool at client request time. This can be seen by turning logging up to the TRACE level for com.rackspace.papi.service.httpclient.impl.HttpConnectionPoolServiceImpl. (TK-128040)

Release 2.13.1 (12/16/13: Improved Connection Handling During Reconfig, Bug Fixes)

This release will include improved handling of connections during Repose reconfigurations and several bug fixes.

New Features 

  1. HttpClient
    1. Improved handling of connections during Repose reconfigurations to ensure connections are not being dropped prematurely. A message will be logged every 5 seconds if a user of the HTTP client service is still actively using a connection pool that has been deemed decommissioned. (B-56184)
    2. Logging added around creation and shutdown of connections pools and usage of pools that are being kept alive after a reconfiguration.

Bug Fixes

  1. Rate Limit Filter
    1. Unescaped % in URI returns 500 as of Repose 2.8.3 (D-16104)
  2. API Validator Filter
    1. Paths including the '+' character are not handled correctly
  3. Not shutting down when running in Tomcat (D-16370)
  4. With this release, we have verified that the following defect no longer exists: "Intermittently removes all headers from request when using a header xslt and large number of concurrent requests (D-14176)." The issue was likely resolved with the update of the HTTP Client Connection Pooling in 2.10.0.

Known Issues

  1. API Validator Filter
    1. Versioning of the Api Validator filter currently does not work. To set the XSD engine, please use the 'xsd-engine' attribute instead of 'use-saxon'
    2. rax:roles defined in methods/resources with hrefs not working (D-16090)
  2. Client Authentication Filter
    1. Repose currently does not work with Keystone OpenStack Identity implementation due to this bughttps://bugs.launchpad.net/keystone/+bug/1065233
    2. When a single user sends a burst of requests where there is no auth token present in Repose cache or expired in cache, there is a potential of Repose occasionally returning 500. We have a feature to rework cache expiration that will alleviate this. (B-52618, B-58747, B-57363)
  3. Flush Output Filter
    1. Usability concerns experienced due to reported issues with requests hanging (D-12729)
  4. Translation Filter

    1. Relative Paths in XSLs don't seem to work (D-11514)
    2. JSON content body translated to JSONX, not translated automatically back to json (D-14109)

    3. Request translations should ignore accept parameter (D-13361)

  5. Versioning Filter
    1. Does not use configured service-root (D-13344)
    2. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".
  6. System Model
    1. Repose fails to detect unrecognizable service in service list (D-14320)

  7. Rate Limit Filter
    1. During a burst of requests in a single rate limit bucket, more requests than the configured rate limit may go through. (D-16618)

Release 2.13.0 (11/25/13: Better Handling of Expiring Auth Tokens) (Check out the demo here: Release Demo)

This release will include better handling of expiring auth tokens so that a burst of requests with an auth token that has just expired in the Repose cache will result in only 1 call being made between Repose and the Identity Service to validate the auth token and get the allowed groups for the validated token.  This should minimize the calls between Repose and Identity for the same auth token, and result in less calls being rate limited between Repose and Identity (which was visible to the client as 500 responses).

New Features 

  1. Performance Improvement: Better Handling of Expiring Auth Tokens during Token Validation - AuthN Filter (B-52618)
  2. Performance Improvement: Better Handling of Expiring Auth Tokens for Groups - AuthN Filter (B-58747)

Bug Fixes

  1. Rate Limit Filter
    1. Limit keys can collide if two separate URL paths have different captured values that concatenate to the same resultant string. (D-16092) 

Release Instructions

  1. For RPM based installations, please use the installation instructions here: Installing Repose (D-16371)

  2. This release introduces a shutdown issue when running in a Tomcat or Glassfish container. (D-16370 Repose 2.13.0 not shutting down when running in Tomcat)

Known Issues

  1. API Validator Filter
    1. Versioning of the Api Validator filter currently does not work. To set the XSD engine, please use the 'xsd-engine' attribute instead of 'use-saxon'
    2. rax:roles defined in methods/resources with hrefs not working (D-16090)
  2. Client Authentication Filter
    1. Repose currently does not work with Keystone OpenStack Identity implementation due to this bughttps://bugs.launchpad.net/keystone/+bug/1065233
    2. When a single user sends a burst of requests where there is no auth token present in Repose cache or expired in cache, there is a potential of Repose occasionally returning 500. We have a feature to rework cache expiration that will alleviate this. (B-52618, B-58747, B-57363)
  3. Flush Output Filter
    1. Usability concerns experienced due to reported issues with requests hanging (D-12729)
  4. Translation Filter

    1. Relative Paths in XSLs don't seem to work (D-11514)
    2. JSON content body translated to JSONX, not translated automatically back to json (D-14109)

    3. Request translations should ignore accept parameter (D-13361)
    4. Intermittently removes all headers from request when using a header xslt and large number of concurrent requests (D-14176)

  5. Versioning Filter
    1. Does not use configured service-root (D-13344)
    2. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".
  6. System Model
    1. Repose fails to detect unrecognizable service in service list (D-14320)

  7. Rate Limit Filter
    1. During a burst of requests in a single rate limit bucket, more requests than the configured rate limit may go through. (D-16618)
  8. Repose 2.13.0 not shutting down when running in Tomcat (D-16370)

  9. Error with YUM install instructions on http://repo.openrepose.org/el.html.  Use install instructions at: Installing Repose (D-16371)


Release 2.12.2 (2/5/14: Update API Checker dependency to resolve bug in API Validator Filter)

This release was to update the API Checker dependency to fix an issue with the API Validation Filter.

Bug Fixes:

Update Repose dependency API Checker from 1.0.12 to version 1.0.15, to resolve issue with rax:roles


Release 2.12.0 (11/1/13: Update API-Validator to allow return of 403 instead of 404 when role not found, Metrics improvements)

This release will include the ability to configure a service to return a 403 when a role isn't found, vs the default 404 of with API-Validator.

New Features 

  1. API Validator - ability to use rax:roles defined in a WADL.  Using this method to perform Role Based Access Control will also return 403 Forbidden responses when a user is not authorized to access a resource or method (vs the current 404 and 405 responses when configuring RBAC roles directly in the validator.cfg.xml).  This feature has been validated with simpler WADLs.  WADLs that include href links to resources/methods currently are not supported for the rax:roles feature. (D-16090)
  2. Additional JMX metrics are being captured for a per-filter processing time(delay) to handle a request/response. (FilterProcessingTime,scope=Delay) 
  3. Added Tomcat support for spock functional test framework

In-Flight Features

  1. Better Handling of Expiring Auth Tokens (B-52618)

Bug Fixes

  1. Fixed loading of configuration information MBean when API Validator configuration is loaded or updated (D-15753).
  2. Fixed attribute "use-capture-groups" false does not work when no capture groups in uri-regex (D-13377)

  3. Fixed when using capture groups, if the captured content between rate limits (defined by uri-regexes) matches, all requests matching either regex will count toward the limit for both regexes. (D-15895)
  4. Fixed PATCH dropping message bodies. (D-16007)

Known Issues

  1. API Validator Filter
    1. Versioning of the Api Validator filter currently does not work. To set the XSD engine, please use the 'xsd-engine' attribute instead of 'use-saxon'
    2. rax:roles defined in methods/resources with hrefs not working (D-16090)
  2. Client Authentication Filter
    1. Repose currently does not work with Keystone OpenStack Identity implementation due to this bughttps://bugs.launchpad.net/keystone/+bug/1065233
    2. When a single user sends a burst of requests where there is no auth token present in Repose cache or expired in cache, there is a potential of Repose occasionally returning 500.  We have a feature to rework cache expiration that will alleviate this. (B-52618, B-58747, B-57363)
  3. Flush Output Filter
    1. Usability concerns experienced due to reported issues with requests hanging (D-12729)
  4. Translation Filter

    1. Relative Paths in XSLs don't seem to work (D-11514)
    2. JSON content body translated to JSONX, not translated automatically back to json (D-14109)

    3. Request translations should ignore accept parameter (D-13361)
    4. Intermittently removes all headers from request when using a header xslt and large number of concurrent requests (D-14176)

  5. Versioning Filter
    1. Does not use configured service-root (D-13344)
    2. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".
  6. Rate Limit Filter
    1. Limit keys can collide if two separate URL paths have different captured values that concatenate to the same resultant string. (D-16092)
  7. System Model
    1. Repose fails to detect unrecognizable service in service list (D-14320)

  8. Rate Limit Filter
    1. During a burst of requests in a single rate limit bucket, more requests than the configured rate limit may go through. (D-16618)
  9. Repose Core
    1. Repose will return a 500 for a request with URI query parameters that fail to decode properly (indicating they are improperly encoded to begin with). (D-16104)

Release 2.11.0 (10/17/13: Rate Limiting supports PATCH)

This release will includes the ability to specify PATCH as an http method available for rate limiting.

New Features 

PATCH Support:

  1. Added HTTP Patch method to RateLimiting Filter (B-57862). - After release, discovered that PATCH is dropping the request body.

In-Flight Features

  1. Better Handling of Expiring Auth Tokens (B-52618)

Bug Fixes

  1. Fixed a bug where communication failures between distributed datastores caused 503's to be returned to the client. Now, it falls back to the local datastore instead, so service is not interrupted (D-14567?)

Release Instructions

Known Issues

  1. API Validator Filter
    1. Versioning of the Api Validator filter currently does not work. To set the XSD engine, please use the 'xsd-engine' attribute instead of 'use-saxon'
  2. Client Authentication Filter
    1. Repose currently does not work with Keystone OpenStack Identity implementation due to this bughttps://bugs.launchpad.net/keystone/+bug/1065233
    2. When a single user sends a burst of requests where there is no auth token present in Repose cache or expired in cache, there is a potential of Repose occasionally returning 500.  We have a feature to rework cache expiration that will alleviate this. (B-52618, B-58747, B-57363)
  3. Flush Output Filter
    1. Usability concerns experienced due to reported issues with requests hanging (D-12729)
  4. RateLimiting Filter
    1. Attribute "use-capture-groups" false does not work when no capture groups in uri-regex (D-13377)

  5. Translation Filter

    1. Relative Paths in XSLs don't seem to work (D-11514)
    2. JSON content body translated to JSONX, not translated automatically back to json (D-14109)

    3. Request translations should ignore accept parameter (D-13361)
    4. Intermittently removes all headers from request when using a header xslt and large number of concurrent requests (D-14176)

  6. Versioning Filter
    1. Does not use configured service-root (D-13344)
    2. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".
  7. System Model
    1. Repose fails to detect unrecognizable service in service list (D-14320)

  8. Repose Core
    1. Repose will return a 500 for a request with URI query parameters that fail to decode properly (indicating they are improperly encoded to begin with). (D-16104)

 


Release 2.10.2 (10/16/13: Fix dependency issue with Glassfish and Repose 2.10.1)

This release includes a fix for the Java library dependency issue introduced in Repose 2.10.1 that appears with running the Repose ROOT.war deployment in a Glassfish container.

Bug Fixes 

  1. Fix for Java library dependency issue introduced in Repose 2.10.1 with Repose ROOT.war and Glassfish.

In-Flight Features

  1. Better Handling of Expiring Auth Tokens (B-52618)

Known Issues

  1. API Validator Filter
    1. Versioning of the Api Validator filter currently does not work. To set the XSD engine, please use the 'xsd-engine' attribute instead of 'use-saxon'
  2. Client Authentication Filter
    1. Repose currently does not work with Keystone OpenStack Identity implementation due to this bughttps://bugs.launchpad.net/keystone/+bug/1065233
    2. When a single user sends a burst of requests where there is no auth token present in Repose cache or expired in cache, there is a potential of Repose occasionally returning 500.  We have a feature to rework cache expiration that will alleviate this. (B-52618, B-58747, B-57363)
  3. Flush Output Filter
    1. Usability concerns experienced due to reported issues with requests hanging (D-12729)
  4. RateLimiting Filter
    1. Attribute "use-capture-groups" false does not work when no capture groups in uri-regex (D-13377)

  5. Translation Filter

    1. Relative Paths in XSLs don't seem to work (D-11514)
    2. JSON content body translated to JSONX, not translated automatically back to json (D-14109)

    3. Request translations should ignore accept parameter (D-13361)
    4. Intermittently removes all headers from request when using a header xslt and large number of concurrent requests (D-14176)

  6. Versioning Filter
    1. Does not use configured service-root (D-13344)
    2. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".
  7. System Model
    1. Repose fails to detect unrecognizable service in service list (D-14320)

  8. Repose Core
    1. Repose will return a 500 for a request with URI query parameters that fail to decode properly (indicating they are improperly encoded to begin with). (D-16104)

Release 2.10.1 (10/15/13: Fix bad handling of commas in headers)

This release includes a bug fix for the API Validator filter to ensure that headers that allow for comments and commas within the comments section will be not be improperly parsed into two headers.

Bug Fixes 

  1. API Validator Filter - Any header that allows for comments and commas within the comments section will be improperly parsed in to two headers. (D-15729)
    1. Includes fix for: Any header that allows for comments and commas within the comments section will be improperly parsed in to two headers. (D-15227)

In-Flight Features

  1. Better Handling of Expiring Auth Tokens (B-52618)

Known Issues

  1. API Validator Filter
    1. Versioning of the Api Validator filter currently does not work. To set the XSD engine, please use the 'xsd-engine' attribute instead of 'use-saxon'
  2. Client Authentication Filter
    1. Repose currently does not work with Keystone OpenStack Identity implementation due to this bughttps://bugs.launchpad.net/keystone/+bug/1065233
    2. When a single user sends a burst of requests where there is no auth token present in Repose cache or expired in cache, there is a potential of Repose occasionally returning 500.  We have a feature to rework cache expiration that will alleviate this. (B-52618)
  3. Flush Output Filter
    1. Usability concerns experienced due to reported issues with requests hanging (D-12729)
  4. RateLimiting Filter
    1. Attribute "use-capture-groups" false does not work when no capture groups in uri-regex (D-13377)

  5. Translation Filter

    1. Relative Paths in XSLs don't seem to work (D-11514)
    2. JSON content body translated to JSONX, not translated automatically back to json (D-14109)

    3. Request translations should ignore accept parameter (D-13361)
    4. Intermittently removes all headers from request when using a header xslt and large number of concurrent requests (D-14176)

  6. Versioning Filter
    1. Does not use configured service-root (D-13344)
    2. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".
  7. System Model
    1. Repose fails to detect unrecognizable service in service list (D-14320)

  8. Glassfish Deployment
    1. When loading Repose and the API Validator, a dependency error occurs with the guava library.
  9. Repose Core
    1. Repose will return a 500 for a request with URI query parameters that fail to decode properly (indicating they are improperly encoded to begin with). (D-16104)

 


Release 2.10.0 (10/01/13: HTTP Connection Pooling for Auth Filters)

This release will include the HttpConnectionPool Service for improved performance.

New Features 

  1. HTTP Connection Pool service now applies to Repose communication with external Authentication Services with the Client Authentication filter.
  2. Whitelist Handling for Commas in Headers
    1. Only headers defined by RFC2616 and internal Repose headers will be processed and split using ',' as the delimiter.
  3. Generation of Docbook documentation with Each Release
  4. Log4j.property defaults for Valve Deb and RPM Installation
    1. Removed consoleOut configuration in defualt log4j.properties file.
  5. Better build pipeline for more reliable builds
    1. Massive migration of Jmeter functional tests to Spock/GDeproxy
  6. Chunked Encoding option for Http Connection Pool Service  (B-56201)
  7. Test categories for functional tests tied to Maven profiles

In-Flight Features

  1. Better Handling of Expiring Auth Tokens (B-52618)
  2. Porting Repose JMeter test suite to Spock/Groovy (B-55702)

Bug Fixes

  1. Changed how wadl paths are generated to allow for windows file paths.(D-14157)

Release Instructions

Known Issues

  1. API Validator Filter
    1. Versioning of the Api Validator filter currently does not work. To set the XSD engine, please use the 'xsd-engine' attribute instead of 'use-saxon'
  2. Client Authentication Filter
    1. Repose currently does not work with Keystone OpenStack Identity implementation due to this bughttps://bugs.launchpad.net/keystone/+bug/1065233
    2. When a single user sends a burst of requests where there is no auth token present in Repose cache or expired in cache, there is a potential of Repose occasionally returning 500.  We have a feature to rework cache expiration that will alleviate this. (B-52618)
  3. Flush Output Filter
    1. Usability concerns experienced due to reported issues with requests hanging (D-12729)
  4. RateLimiting Filter
    1. Attribute "use-capture-groups" false does not work when no capture groups in uri-regex (D-13377)

  5. Translation Filter

    1. Relative Paths in XSLs don't seem to work (D-11514)
    2. JSON content body translated to JSONX, not translated automatically back to json (D-14109)

    3. Request translations should ignore accept parameter (D-13361)
    4. Intermittently removes all headers from request when using a header xslt and large number of concurrent requests (D-14176)

  6. Versioning Filter
    1. Does not use configured service-root (D-13344)
    2. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".
  7. System Model
    1. Repose fails to detect unrecognizable service in service list (D-14320)

  8. Repose Core

    1. Any header that allows for comments and commas within the comments section will be improperly parsed in to two headers. (D-15227)
    2. Repose will return a 500 for a request with URI query parameters that fail to decode properly (indicating they are improperly encoded to begin with). (D-16104)

Release 2.9.0 (9/11/13: URI Stripper Filter, Bug Fixes)

This release will includes a new URI Stripper filter and various bug fixes.

New Features

  1. URI Stripper Filter - The URI Stripper filter allows Repose to strip out a specific section of the request URI. It also allows some logic to edit the 'Location' if there is one present in the response. (B-54757)

In-Flight Features

  1. HttpConnectionPool Service
    1. Your Repose installation will, by default, allow reuse of HTTP connections with Client Auth-N, Client Auth-Z for enhanced performance
    2. Ability to customize your connection pooling settings via an optional config file: http-connection-pool.cfg.xml (B-54671)

Bug Fixes

  1. RPM init.d Fix (D-15195)
    1. The packaged sysconfig file contained errors which prevented it from overriding daemonize parameters. The USER and PID_FILE variables were being refered to as $user and $pid_file respectively, which made it so these were not applied to the daemonize command
  2. Exposing config passwords in log messages (D-15183)
    1. When in debug mode, instead of logging config passwords, passwords will now show as starred out in system logs.

Known Issues

  1. API Validator Filter
    1. Loading External WADL Fails in Windows (D-14157)

    2. Versioning of the Api Validator filter currently does not work. To set the XSD engine, please use the 'xsd-engine' attribute instead of 'use-saxon'
  2. Client Authentication Filter
    1. Repose currently does not work with Keystone OpenStack Identity implementation due to this bughttps://bugs.launchpad.net/keystone/+bug/1065233
    2. When a single user sends a burst of requests where there is no auth token present in Repose cache or expired in cache, there is a potential of Repose occasionally returning 500.  We have a feature to rework cache expiration that will alleviate this. (B-52618)
  3. Flush Output Filter
    1. Usability concerns experienced due to reported issues with requests hanging (D-12729)
  4. RateLimiting Filter
    1. Attribute "use-capture-groups" false does not work when no capture groups in uri-regex (D-13377)

  5. Translation Filter

    1. Relative Paths in XSLs don't seem to work (D-11514)
    2. JSON content body translated to JSONX, not translated automatically back to json (D-14109)

    3. Request translations should ignore accept parameter (D-13361)
    4. Intermittently removes all headers from request when using a header xslt and large number of concurrent requests (D-14176)

  6. Versioning Filter
    1. Does not use configured service-root (D-13344)
    2. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".
  7. System Model
    1. Repose fails to detect unrecognizable service in service list (D-14320)

  8. Repose Core

    1. Any header that allows for comments and commas within the comments section will be improperly parsed in to two headers. (D-15227)
    2. Repose will return a 500 for a request with URI query parameters that fail to decode properly (indicating they are improperly encoded to begin with). (D-16104)

Release 2.8.6 (8/27/13: API Validator update, Client Authentication Filter bug fixes)

This release will include an updated version of WADL Tools used by the API Validator and Client Authentication bug fixes.

Bug Fixes

  1. Client Authentication Filter
    1. Fix the non-backwards compatible break in 2.8.4 with client-auth-n.cfg.xml.  It is unnecessary to add an empty <service-admin-roles/> to your config (D-14988)
    2. When delegable is true, requests are no longer passed to origin service with an identity header status of "Indeterminate" when the user token is invalid or the admin token is invalid (D-15016)
  2. API Validator Filter
    1. Updated internal dependency (WADL-Tools) which addresses some issues whenhandling namespaces in X-PATHs

Known Issues

  1. API Validator Filter
    1. Loading External WADL Fails in Windows (D-14157)

    2. Versioning of the Api Validator filter currently does not work. To set the XSD engine, please use the 'xsd-engine' attribute instead of 'use-saxon'
  2. Client Authentication Filter
    1. Repose currently does not work with Keystone OpenStack Identity implementation due to this bughttps://bugs.launchpad.net/keystone/+bug/1065233
    2. When a single user sends a burst of requests where there is no auth token present in Repose cache or expired in cache, there is a potential of Repose occasionally returning 500.  We have a feature to rework cache expiration that will alleviate this. (B-52618)
  3. Flush Output Filter
    1. Usability concerns experienced due to reported issues with requests hanging (D-12729)
  4. RateLimiting Filter
    1. Attribute "use-capture-groups" false does not work when no capture groups in uri-regex (D-13377)

  5. Translation Filter

    1. Relative Paths in XSLs don't seem to work (D-11514)
    2. JSON content body translated to JSONX, not translated automatically back to json (D-14109)

    3. Request translations should ignore accept parameter (D-13361)
    4. Intermittently removes all headers from request when using a header xslt and large number of concurrent requests (D-14176)

  6. Versioning Filter
    1. Does not use configured service-root (D-13344)
    2. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".
  7. System Model
    1. Repose fails to detect unrecognizable service in service list (D-14320)

  8. Performance
    1. Lack of reuse of HTTP connections may lead to too many open sockets during heavy usage patterns.  Client Auth-N, Client Auth-Z
  9. Repose Core
    1. Repose will return a 500 for a request with URI query parameters that fail to decode properly (indicating they are improperly encoded to begin with). (D-16104)

Release 2.8.4 (8/22/13: Header Translation Filter bug fix, Client Auth tenant validation)

New Features

  1.   Client-Auth-n tenant validation
      (NOTE: This release causes a non-backwards compatible change to the client-auth-n.cfg.xml file.  Please add an empty <service-admin-roles/> to your config, otherwise you may experience 500s)
    1. Removes belongsTo query parameter.
    2. Adds support for service-admin roles in client auth configuration.
    3. If, upon authentication, tenant's role matches a role in the service-admin roles list, no tenant validation is made (basically, the verification that the auth token belongs to the tenant in request).
    4. If tenant's role does not match any roles in the service-admin role list, tenant validation is performed as usual.
    5. Caching strategy is updated as such.

Bug Fixes

  1.   Fixed bug with new filter that prevent all header values from being transferred to new header name.

Known Issues

  1. API Validator Filter
    1. Loading External WADL Fails in Windows (D-14157)

    2. Versioning of the Api Validator filter currently does not work. To set the XSD engine, please use the 'xsd-engine' attribute instead of 'use-saxon'
  2. Client Authentication Filter
    1. Repose currently does not work with Keystone OpenStack Identity implementation due to this bughttps://bugs.launchpad.net/keystone/+bug/1065233
    2. When a single user sends a burst of requests where there is no auth token present in Repose cache or expired in cache, there is a potential of Repose occasionally returning 500.  We have a feature to rework cache expiration that will alleviate this. (B-52618)
    3. Non-backwards compatible change to the client-auth-n.cfg.xml file.  Please add an empty <service-admin-roles/> to your config, otherwise you may experience 500s (D-14988)
    4. When delegable is true, requests are being passed to origin service with an identity header status of "Indeterminate" when the user token is invalid or the admin token is invalid (D-15016)
  3. Flush Output Filter
    1. Usability concerns experienced due to reported issues with requests hanging (D-12729)
  4. RateLimiting Filter
    1. Attribute "use-capture-groups" false does not work when no capture groups in uri-regex (D-13377)

  5. Translation Filter

    1. Relative Paths in XSLs don't seem to work (D-11514)
    2. JSON content body translated to JSONX, not translated automatically back to json (D-14109)

    3. Request translations should ignore accept parameter (D-13361)
    4. Intermittently removes all headers from request when using a header xslt and large number of concurrent requests (D-14176)

  6. Versioning Filter
    1. Does not use configured service-root (D-13344)
    2. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".
  7. System Model
    1. Repose fails to detect unrecognizable service in service list (D-14320)

  8. Performance
    1. Lack of reuse of HTTP connections may lead to too many open sockets during heavy usage patterns.  Client Auth-N, Client Auth-Z
  9. Repose Core
    1. Repose will return a 500 for a request with URI query parameters that fail to decode properly (indicating they are improperly encoded to begin with). (D-16104)

Release 2.8.3 (8/20/13: Connection Pools, Metrics, Header Translation Filter)

This release will include additional Yammer/JMX implementation.

New Features

  1. Metrics instrumentation completed for:
    1. Header Normalization
    2. URI Normalization
    3. Versioning
  2. Client Authentication Filter
    1. Configurable service admin roles are not subject to tenant validation
  3. HttpConnectionPool Service
    1. Your Repose installation will, by default, allow reuse of HTTP connections with Origin Service and Distributed Datastore for enhanced performance
    2. Uses Apache HttpClient to support connection pooling
    3. Ability to customize your connection pooling settings via an optional config file: http-connection-pool.cfg.xml
    4. DEPRECATED - ability to switch connection framework via the -cf cmdline.  A warning will be logged indicating that the chosen connection framework (jersey/ning) is no longer supported.
    5. DEPRECATED - container configuration options for 'connection-timeout', 'read-timeout', and 'proxy-thread-pool' within container.cfg.xml file.  A warning will be logged indicating that the options are no longer supported and to please use the http-connection-pool.cfg.xml to set connection pooling options.
  4. Metrics Service
    1. Option to enable/disable metrics reporting via the metrics.cfg.xml configuration file.
  5. Header Translation Filter (B-53877)
    1. One to one or one to many translation of header names.
    2. Option to remove original header.

Bug Fixes

  1. API Validator Filter
    1. Returns 200s After Loading a Bad Config (D-14108)

  2. Compression Filter
    1. Leaves original 'Content-Encoding' header after content is uncompressed (D-13944)
  3. When the Location header is passed from the origin service to Repose, Repose will not separate the Location header value into multiple Location headers using commas as a delimiter.
  4. Poorly defined query parameters are removed from the request before the request is sent to the origin service (e.g., /path/to/resource?&id=12345 will become /path/to/resource?id=12345 after going through Repose, but before hitting the origin service).

Release Instructions

  1. This release includes a change in default HTTP connection framework.
    1. Previously, the default was Jersey, and there was a configuration option to use Ning or Apache instead of Jersey. The new default is Apache, and there is no option to use Ning or Jersey instead of Apache.
    2. Previously, the default was to send non-chunked-encoded requests through to the origin service. With this release, the default will be to send chunked-encoded requests to the origin service.

Known Issues

  1. API Validator Filter
    1. Loading External WADL Fails in Windows (D-14157)

    2. Versioning of the Api Validator filter currently does not work. To set the XSD engine, please use the 'xsd-engine' attribute instead of 'use-saxon'
  2. Client Authentication Filter
    1. Repose currently does not work with Keystone OpenStack Identity implementation due to this bughttps://bugs.launchpad.net/keystone/+bug/1065233
    2. When a single user sends a burst of requests where there is no auth token present in Repose cache or expired in cache, there is a potential of Repose occasionally returning 500.  We have a feature to rework cache expiration that will alleviate this. (B-52618)
  3. Flush Output Filter
    1. Usability concerns experienced due to reported issues with requests hanging (D-12729)
  4. RateLimiting Filter
    1. Attribute "use-capture-groups" false does not work when no capture groups in uri-regex (D-13377)

  5. Translation Filter

    1. Relative Paths in XSLs don't seem to work (D-11514)
    2. JSON content body translated to JSONX, not translated automatically back to json (D-14109)

    3. Request translations should ignore accept parameter (D-13361)
    4. Intermittently removes all headers from request when using a header xslt and large number of concurrent requests (D-14176)

  6. Versioning Filter
    1. Does not use configured service-root (D-13344)
    2. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".
  7. System Model
    1. Repose fails to detect unrecognizable service in service list (D-14320)

  8. Performance
    1. Lack of reuse of HTTP connections may lead to too many open sockets during heavy usage patterns.  Client Auth-N, Client Auth-Z
  9. Repose Core
    1. Repose will return a 500 for a request with URI query parameters that fail to decode properly (indicating they are improperly encoded to begin with). (D-16104)

Release 2.8.2 (8/8/13:  Yammer/JMX Metrics, PATCH HTTP method support, package management in freight)

This release will include additional Yammer/JMX implementation.  Repose will also now support requests with the PATCH HTTP method. We also released instructions on our wiki for freight 

New Features

  1. Changed system model to not allow DD filter and service at the same time.
    1. Done through XSD now instead of Java logic.
    2. Uses last good config when in error.
  2. PATCH Support:
    1. Added HTTP Patch support for Repose using the Apache Connection Framework.
  3. Freight package support
    1. freight programs create the files needed to serve a Debian archive. Repose team has published wiki instructions to use the new freight package because the old repository packaging has issues.
  4. In API validator filter versioning of configuration has been added. To understand backwards compatibility and added attributes please read "How does versioning work" on this link.

In-Flight Features

Connection Pooling Service will be added in the coming releases.  With this new feature, your Repose installation will, by default, allow reuse of HTTP connections for enhanced performance. 

Bug Fixes

  1. Service Authentication no longer logs erroneous "unexpected response code" error messages.
  2. API validator filter no longer returns 200s after initially loading a bad config
  3. Client Authorization will return response code 500 instead of 403 when this authentication filter call identity service for endpoints and identity service is rate-limiting and returning 413 to Repose. Also other scenarios that are not 200 based on identity service responses will be returning 500 response code. See the table.
  4. Client Authentication will return response codes as specified in the table to origin service, which will adhere to open stack authentication contracts.
  5. D-14015 - Fixed issue with errors returning 200 on bad DD calls.
  6. D-14212 - Debian repository no longer returns the extensions-filter-bundle when requesting the filter-bundle.  Additionally, the extensions-filter-bundle can now be installed via dpkg or apt-get.
    1. INSTALL WARNING: When installing the extensions-filter-bundle via apt-get or dpkg, manual cleanup may be needed to remove a manually installed version of the extensions-filter-bundle from your artifacts directory (default: /usr/share/repose/filters)

Known Issues

  1. API Validator Filter
    1. Returns 200s After Loading a Bad Config (D-14108)

    2. Loading External Wadl Fails in Windows (D-14157)

    3. version
  2. Client Authentication Filter
    1. Repose currently does not work with Keystone OpenStack Identity implementation due to this bughttps://bugs.launchpad.net/keystone/+bug/1065233
    2. When a single user sends a burst of requests where there is no auth token present in Repose cache or expired in cache, there is a potential of Repose occasionally returning 500.  We have a feature to rework cache expiration that will alleviate this. (B-52618)
  3. Compression Filter
    1. Leaves original 'Content-Encoding' header after content is uncompressed (D-13944)
  4. Flush Output Filter
    1. Usability concerns experienced due to reported issues with requests hanging (D-12729)
  5. RateLimiting Filter
    1. Attribute "use-capture-groups" false does not work when no capture groups in uri-regex (D-13377)

  6. Translation Filter

    1. Relative Paths in XSLs don't seem to work (D-11514)
    2. JSON content body translated to JSONX, not translated automatically back to json (D-14109)

    3. Request translations should ignore accept parameter (D-13361)
    4. Intermittently removes all headers from request when using a header xslt and large number of concurrent requests (D-14176)

  7. Versioning Filter
    1. Does not use configured service-root (D-13344)
    2. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".
  8. System Model
    1. Repose fails to detect unrecognizable service in service list (D-14320)

  9. Performance
    1. Lack of reuse of HTTP connections may lead to too many open sockets during heavy usage patterns.  Client Auth-N, Client Auth-Z, Rate Limiting (via Dist Datastore)

Release 2.8.1 (7/10/13: Improved Cache Expiration and Pass Service Catalog as Headers)

Release 2.8.1 of Repose also includes changes to the api-checker.  Releases notes for api-checker are here: https://github.com/InABlender/api-checker/blob/master/RELEASE.md

This release will include improved cache expiration such that Repose can be configured to listen to an Atom Feed of Identity events that can trigger a cache reload or purge for updated users or tokens. It will also include passing additional information from the Auth service to the origin service so that the origin service can use that info for processing without additional requests to Auth.

New Features

  1. Added the ability to read an Identity Atom Feed for events that will trigger a cache reload or purge for updated users or tokens.
  2. Added the ability have the auth-n filter pass the service catalog from the Identity service, as a base 64 header, to the origin service.
  3. Added the ability to have the auth-n filter to pass token expiration from the Identity service, as a token expiration header to the origin service.
  4. Improved filter configuration validation.  Improperly configured filters will now error on filter startup with a log message indicating the bad configuration setting.  The following filters had improvements:
    1. Header Identity Mapping
    2. Rate Limiting
      • Uniqueness check on limit-group ids, groups within a limit-group
      • Only one default limit-group is allowed
      • Unique http-methods, and uri-regexes within a limit group
    3. API Validator
      • Default set to true for the following options: remove-dups, validate-checker, join-xpath-checks
    4. HttpLogging
    5. Translation
    6. URI Identity
    7. Header Identity
    8. Response Messaging
    9. Versioning
      • Uniqueness check on id
      • Required: id, href, pp-dest-id
      • Changed "status" to optional with a default of CURRENT
      • Uniqueness check on media-type within a version-mapping
  5. Added attribute Datastore-warn-limit(optional) in rate limiting filter that defines limit to log a warning on size when an object is stored in to the datastore over this limit.

  6. API-Validator Filter improvements
    1. Supports versioned configuration files for backwards compatibility
    2. Replaced use-saxon attribute with xsd-engine attribute in the newest version
  7. Metrics instrumentation completed for:
    1. Request (to origin service) timeouts
    2. Destination router
    3. Api Validator
  8. OpenStack Identity Filter will now pass the 'x-default-region' header to the Origin Service if the validated user has a default region

Bug Fixes

  1. Reconfiguring the API Validator will no longer result in MXBeans being left behind from previous configuration (slow memory leak on reconfiguration)

  2. Fixed shutdown issues with the distributed datastore service

  3. Client Authentication cache - will log a warning and use max cache timeout if the authentication service provides a timeout exceeding the maximum limit
  4. Fixed thread safety issue in Translation filter

Known Issues

  1. API Validator Filter
    1. Memory leak when initializing Validator successive times (D-12899)
    2. Returns 200s After Loading a Bad Config (D-14108)

    3. Loading External Wadl Fails in Windows (D-14157)

  2. Client Authentication Filter
    1. Returning Proper Return Code based on Identity RC - If Repose receives an error response from the Identity service that is unrelated to the validation of a user token, Repose is returning an improper 401 response to the user. (D-13211)
    2. Repose currently does not work with Keystone OpenStack Identity implementation due to this bug.
    3. Multiple connections to Identity Service on bursts of requests from a single user where auth token is not present in Repose cache or has expired from the cache.
  3. Compression Filter
    1. Leaves original 'Content-Encoding' header after content is uncompressed (D-13944)
  4. Flush Output Filter
    1. Usability concerns experienced due to reported issues with requests hanging (D-12729)
  5. RateLimiting Filter
    1. Attribute "use-capture-groups" false does not work when no capture groups in uri-regex (D-13377)
    2. Rate-limiting not handling 404s from DD Service properly, returns 200s (D-14015)

  6. Translation Filter

    1. Relative Paths in XSLs don't seem to work (D-11514)
    2. JSON content body translated to JSONX, not translated automatically back to json (D-14109)

    3. Request translations should ignore accept parameter (D-13361)
    4. Intermittently removes all headers from request when using a header xslt and large number of concurrent requests (D-14176)

  7. Versioning Filter
    1. Does not use configured service-root (D-13344)
    2. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".
  8. System Model
    1. Inconsistent behavior when defining endpoints and service clusters together (D-13410)

    2. Repose fails to detect unrecognizable service in service list (D-14320)

  9. Package Management
    1. Debian repository may return the extensions-filter-bundle when requesting the filter-bundle.  Additionally, the extensions-filter-bundle cannot be installed via dpkg or apt-get. (D-14212)
    2. Issues exist with the 2.8.1 Debian repository missing the .change.    To work around this issue, please use the /freight repository.  You willl need to import a new GPG key from that repository first.
  10. Performance
    1. Lack of reuse of HTTP connections may lead to too many open sockets during heavy usage patterns.  Client Auth-N, Client Auth-Z, Rate Limiting (via Dist Datastore)

Release 2.8.0.2  (7/26/13 - Client Authentication Cache Offset)

This release of Repose introduces a new feature that will randomize auth token expiration (within a given window of time) so that we no longer see Identity request traffic peak and requests to Identity to refresh auth tokens are more spread out.

New Features

  1. Client Authentication allows for a cache-offset attribute which applies a plus or minus offset to a token expiration.  This will help spread out bursts of requests to Identity service for new or expired tokens in Repose's cache.

Bug Fixes

Known Issues

  1. API Validator Filter
    1. Memory leak when initializing Validator successive times (D-12899)
    2. Returns 200s After Loading a Bad Config (D-14108)

    3. Loading External Wadl Fails in Windows (D-14157)

  2. Client Authentication Filter
    1. Returning Proper Return Code based on Identity RC - If Repose receives an error response from the Identity service that is unrelated to the validation of a user token, Repose is returning an improper 401 response to the user. (D-13211)
    2. Repose currently does not work with Keystone OpenStack Identity implementation due to this bug.
    3. Multiple connections to Identity Service on bursts of requests from a single user where auth token is not present in Repose cache or has expired from the cache.
  3. Compression Filter
    1. Leaves original 'Content-Encoding' header after content is uncompressed (D-13944)
  4. Flush Output Filter
    1. Usability concerns experienced due to reported issues with requests hanging (D-12729)
  5. RateLimiting Filter
    1. Attribute "use-capture-groups" false does not work when no capture groups in uri-regex (D-13377)
    2. Rate-limiting not handling 404s from DD Service properly, returns 200s (D-14015)

  6. Translation Filter

    1. Relative Paths in XSLs don't seem to work (D-11514)
    2. JSON content body translated to JSONX, not translated automatically back to json (D-14109)

    3. Request translations should ignore accept parameter (D-13361)
    4. Intermittently removes all headers from request when using a header xslt and large number of concurrent requests (D-14176)

  7. Versioning Filter
    1. Does not use configured service-root (D-13344)
    2. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".
  8. System Model
    1. Inconsistent behavior when defining endpoints and service clusters together (D-13410)

    2. Repose fails to detect unrecognizable service in service list (D-14320)

  9. Package Management
    1. Debian repository may return the extensions-filter-bundle when requesting the filter-bundle.  Additionally, the extensions-filter-bundle cannot be installed via dpkg or apt-get. (D-14212)
  10. Performance
    1. Lack of reuse of HTTP connections may lead to too many open sockets during heavy usage patterns.  Client Auth-N, Client Auth-Z, Rate Limiting (via Dist Datastore)

Release 2.8.0  (5/31/13 - Validator Config Enhancements, Deprecate Distributed Datastore Filter)

This release includes a simplified validator config and deprecation of the distributed datastore filter. Both make Repose easier to configure and will decrease the likelihood of bad configs.

New Features

  1. The use of the Distributed Datastore Filter is now deprecated; use of the filter now results in a WARNING (This filter is deprecated). Use of the Distributed Datastore as both a service and a filter results in an ERROR message and a 503 (Service Unavailable) for request.
  2. Changed "role" attribute in API (WADL/XSD) Validation Filter from being able to accept single value to multiple values, so that multiple roles need to have same capabilities then they can listed together.

Bug Fixes

  1. Passing a request with no accept header through a Valve Deployment of Repose using Jersey will no longer result in Repose sending 'text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2' in the accept header.
    1. Valve

Known Issues

  1. API Validator Filter
    1. Memory leak when initializing Validator successive times (D-12899)
    2. Returns 200s After Loading a Bad Config (D-14108)

    3. Loading External Wadl Fails in Windows (D-14157)

  2. Client Authentication Filter
    1. Returning Proper Return Code based on Identity RC - If Repose receives an error response from the Identity service that is unrelated to the validation of a user token, Repose is returning an improper 401 response to the user. (D-13211)
    2. Repose currently does not work with Keystone OpenStack Identity implementation due to this bug.
    3. Multiple connections to Identity Service on bursts of requests from a single user where auth token is not present in Repose cache or has expired from the cache.
  3. Compression Filter
    1. Leaves original 'Content-Encoding' header after content is uncompressed (D-13944)
  4. Flush Output Filter
    1. Usability concerns experienced due to reported issues with requests hanging (D-12729)
  5. RateLimiting Filter
    1. Attribute "use-capture-groups" false does not work when no capture groups in uri-regex (D-13377)
    2. Rate-limiting not handling 404s from DD Service properly, returns 200s (D-14015)

  6. Translation Filter

    1. Relative Paths in XSLs don't seem to work (D-11514)
    2. JSON content body translated to JSONX, not translated automatically back to json (D-14109)

    3. Request translations should ignore accept parameter (D-13361)
    4. Intermittently removes all headers from request when using a header xslt and large number of concurrent requests (D-14176)

  7. Versioning Filter
    1. Does not use configured service-root (D-13344)
    2. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".
  8. System Model
    1. Inconsistent behavior when defining endpoints and service clusters together (D-13410)

    2. Repose fails to detect unrecognizable service in service list (D-14320)

  9. Package Management
    1. Debian repository may return the extensions-filter-bundle when requesting the filter-bundle.  Additionally, the extensions-filter-bundle cannot be installed via dpkg or apt-get. (D-14212)
  10. Performance
    1. Lack of reuse of HTTP connections may lead to too many open sockets during heavy usage patterns.  Client Auth-N, Client Auth-Z, Rate Limiting (via Dist Datastore)

Release 2.7.0 (5/13/13 - Compress/Decompress Data)

This release includes the Compression Filter which is needed to prevent XXE injections through compressed data.

New Features

  1. Created the Compression Filter which compresses and decompresses data. This filter can be used to prevent XXE injections through compressed data.
  2. Added the Distributed Datastore Service.

In-Flight Features

Bug Fixes

  1. API Validator Filter with multi-match set to true will now display the error message of the highest privileged validator that fails.

Release Instructions

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

  2. Repose currently does not work with Keystone OpenStack Identity implementation due to this bug.

Release 2.6.12 (5/1/13 - Improved Management and Monitoring)

This release includes a new version of the api-checker (1.0.8) which includes several bug fixes. It also improves management and monitoring capabilities and adds attributes that can be used to improve performance.

New Features

  1. Exposed an MBean in JMX to allow deletion of distributed datastore cache data.
  2. Clarified source of errors in error messaging for authentication service.
  3. Added attribute "use-capture-groups" to Rate Limiting Filter and if set to false will count all the requests with the uri-regex that has the capture group towards the limit count. By default it is set to true. This will help prevent users from inadvertantly caching an excessive number of rate limiting groups.
  4. Added Yammer Metrics for Distribute-Datastore cache.

In-Flight Features

Service list is added to System Model v2.0 which allows you define which services to be loaded in the service context to be available for filter in a cluster. There no services that are currently to be in this service list.

Bug Fixes

  1. Repose configured to use the Apache ConnectionFramework and the Response Messaging Service susceptible to NullPointerExceptions when Response contains an empty body.
  2. Repose not validating system-model.cfg.xml and container.cfg.xml against XSD.

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

  2. Repose currently does not work with Keystone OpenStack Identity implementation due to this bug.

Release 2.6.11 (3/20/13 - Update Translation, Bug Fixes)

This release includes expansion to the translation feature and bug fixes.

New Features

  1. Updated to api-checker v1.0.7
  2. Re-write host header functionality added. System model

Bug Fixes

The following bugs were fixed for this release:

Release Instructions

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

  2. Repose currently does not work with Keystone OpenStack Identity implementation due to this bug.

Release 2.6.10 (3/18/13 - Bug Fixes)

This release includes expansion to the translation feature and bug fixes.

New Features

Bug Fixes

The following bugs were fixed for this release:

  1. Avoid double encoding query parameters when using the Apache HTTP Client library with Repose.

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

  2. Repose currently does not work with Keystone OpenStack Identity implementation due to this bug.

Release 2.6.9 (3/15/13 - Updated Api-Checker)

This release includes expansion to the translation feature and bug fixes.

New Features

  1. Update to Api-Checker Release 1.0.6.

Bug Fixes

  1. "validate-checker" attribute is removed from Validator config, requiring validator to be always checked if invalid with useful error message.
  2. Client authorization component updated to issue a 401 when token fails validation (it is expired or invalid) with WWW-Authenticate error following format WWW-Authenticate: Keystone uri="https://identity.api.rackspacecloud.com/v2.0"

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

  2. Repose currently does not work with Keystone OpenStack Identity implementation due to this bug.

Release 2.6.8 (3/8/13 - Bug Fixes)

This release includes expansion to the translation feature and bug fixes.

Bug Fixes

The following bugs were fixed for this release:

  1. Configuring an empty <target> element in the 'uri-normalization' filter causes NullPointerExceptions in Repose when Repose is sent a request with query parameters.
  2. Query Parameters are no longer stripped out of requests when using the apache connection framework.
  3. Added auth header info on 401's.

Release Instructions

  • The validator-checker attribute of validator.cfg.xml is deprecated. It will now default to true regardless of presence or assigned value.

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

  2. Repose currently does not work with Keystone OpenStack Identity implementation due to this bug.

Release 2.6.7 (3/4/13 - Bug Fixes)

This release includes expansion to the translation feature and bug fixes.

Bug Fixes

The following bugs were fixed for this release:

  1. Update header parsing logic to allow characters normally reserved for parameters ( semi-colon and equals ).
  2. Fix issue when getting preferred headers and the header is not present.  Return specified default value instead of empty list.

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

  2. Repose currently does not work with Keystone OpenStack Identity implementation due to this bug.

Release 2.6.6 (2/28/13 - Updated Api-Checker)

This release includes Api-Checker version 1.0.5.

New Features

  1. Update to Api-Checker Release 1.0.5.

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

  2. Repose currently does not work with Keystone OpenStack Identity implementation due to this bug.

Release 2.6.5 (2/28/13 - Translation Updates)

This release includes expansion to the translation feature and bug fixes.

New Features

  1. Translation Content Type is now optional.  If not specified, then original content-type is preserved.
  2. Accept in translation config is now optional and defaults to */*
  3. Content-Type in translation config is now optional and defaults to */*

Bug Fixes

The following bugs were fixed for this release:

  1. Omit XML declaration from translation output by default.
  2. Unknown content is wrapped in CDATA within an unknown-content element prior to passing into the translation chain.

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

  2. Repose currently does not work with Keystone OpenStack Identity implementation due to this bug.

Release 2.6.4 (2/27/13 - Allow Response Body on DELETE)

This release includes an update to allow a response body on a DELETE.

New Features

  1. Allow a response body on a DELETE when using the Apache HTTP Client connection framework.

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

  2. Repose currently does not work with Keystone OpenStack Identity implementation due to this bug.

Release 2.6.3 (2/21/13 - Bug Fix)

This release includes a bug fix.

Bug Fixes

The following bugs were fixed for this release:

  1. RPM for Root.war install: Supplementary group list will now be appended rather than overwrite for tomcat.

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

  2. Repose currently does not work with Keystone OpenStack Identity implementation due to this bug.

Release Instructions

This release includes many changes to permissions.

  1. All files are owned by repose:repose which is created on installation of the repose-valve and repose-war rpm.
  2. The repose-war rpm modifies group membership of the tomcat user adding it to the repose group.

Release 2.6.2 (2/19/13 - Translation Enhancements)

This release includes expansion to the translation feature and bug fixes.

New Features

  1. Distributed Datastore
    1. Default to not Allow All mode
    2. If allowAll is set to false and no Allowed hosts are configured in the dist-datastore.cfg.xml file, only members of the deployed Repose Cluster can access the datastore.
  2. Translation
    1. Headers, Query Parameters and other Request related information are now injecting into translation chains to be used in XSLs as needed
    2. XSLs can "write" new headers, query parameters and a subset of the request information to custom output streams.  These new values will be applied to the request and/or response.

Bug Fixes

The following bugs were fixed for this release:

  1. Repose needs to be restarted if the Container configuration file is invalid during startup.
  2. Repose will no longer print the stack trace when an Authentication Service returns an invalid response when validating user tokens.
    1. Repose will still return '500' Responses when the Authentication service (Client Authentication filter) returns an invalid Response for the validate token call.
  3. Adding a parameter to the header 'Content-Type' would cause the Translation filter to not catch intended requests.

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

  2. Repose currently does not work with Keystone OpenStack Identity implementation due to this bug.

Release 2.6.1 (1/29/13 - Updated Validator)

This release will include an updated version of the api-checker.

New Features

  1. Updated to api-checker-1.0.4

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

  2. Repose currently does not work with Keystone OpenStack Identity implementation due to this bug.
  3. With this release, Repose needs to restarted if it is started with an invalid Container config or an invalid RMS config and then configs are fixed.

Release Instructions

This release will break configuration for services using the Root.war deployment. The following changes must be made:

  1. User will need to pass in the following parameters as JVM option or servlet parameters (e.g. <Parameter> within Tomcat's context.xml configuration).
    1. "repose-cluster-id" with value same as the cluster id in the Repose System-Model configuration file.
    2. "repose-node-id" with value same as the node-id in the Repose System-Model Configuration file that the repose will be running as.

Release 2.6.0 (1/25/13 - Config Validation, Self-Configuring Repose)

This release will include functionality to will include features to improve usability of Repose.

New Features

  1. All configuration xml's that correspond to filter elements in system-model.cfg.xml are validated against XSD's in the filter.
  2. Validator filter feature enable-ignore-xsd-extension now defaults to true.
  3. Updated Repose  loading and reloading of configuration process to handle invalid configuration files.
  4. Added a JMX MBean to expose the configured filters for a repose instance.
  5. Repose will scan the System Model configuration file and self configure Repose Node(s) accordingly.
  6. Translation component will automatically remove, without expanding, user defined entities from requests and responses.  This is to prevent XXE attacks against Repose or any service behind repose.

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

  2. Repose currently does not work with Keystone OpenStack Identity implementation due to this bug.
  3. With this release, Repose needs to restarted if it is started with an invalid Container config or an invalid RMS config and then configs are fixed.


Release 2.5.0 (12/10/12 - RBAC and Global Roles)

This release will include functionality to will include features to complete Phase II for Repose for RBAC and Global Roles.

New Features

  1. API Validator filter now allows WADL to be embedded in the validator.cfg.xml
  2. Translation filter now allows XSL to be embedded in the translation.cfg.xml
  3. Added %r and %h options to http-logging filter

Bug Fixes

The following bugs were fixed for this release:

  1. JMX reporting for 400s and 500s now report all 4xx and 5xx responses from repose.
  2. Added http-logging support for 24-hour time so AM/PM can be distinguished with %t format.

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

  2. Repose currently does not work with Keystone OpenStack Identity implementation due to this bug.

Release 2.4.1 (11/28/12 - Optional 429 Response for Over Limits)

This release will include functionality to will include additional RBAC features and an option to use either the 413 or the 429 response code and custom message on rate limiting over limits response.

New Features

  1. Added attribute 'multi-role-match' to allow requests to be validated against multiple roles with different XSD and WADL's.
  2. Added attribute 'overLimit-429-responseCode' to allow 429 response code and custom message on rate limiting over limits response. If this attribute is not set or set false, default would be 413 response code.
  3. Added attribute 'check-headers' to Api-Validator config which will cause the validator to check for required headers according to the WADL.

Bug Fixes

The following bugs were fixed for this release:

In-Flight Features

New code for these features has been submitted in this release; however, these features are not yet complete:

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

  2. Repose currently does not work with Keystone OpenStack Identity implementation due to this bug.

Release 2.4.0 (11/12/12 - Translation)

New functionality includes the translation filter, a replicated-datastore option, and Windows compatibility fixes. 

New Features

  1. Added translation filter, which allows Repose users to specify chains to stylesheets to be applied to responses based on response code, accept header and response content type.  Also, JSON payloads are converted into JSONx prior to XSL processing.
  2. Added replicated-datastore filter (BETA) that enables an alternate distributed datastore implementation.  The replicated datastore keeps a copy of the datastore data on each node.
  3. Windows compatibility fixes

Refactoring

  1. Removed rate limiting delegation and the X-PP-Rate-Limited header that supported rate limiting delegation.

Bug Fixes

The following bugs were fixed for this release:

  1. Unregister JMX beans on shutdown.
  2. Ignore body content on non-PUT/POST requests.

In-Flight Features

New code for these features has been submitted in this release; however, these features are not yet complete:

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

  2. Repose currently does not work with Keystone OpenStack Identity implementation due to this bug.

Release 2.3.6 (10/24/2012 - Bug Fixes)

This release includes expansion of the HTTP Logging filter, updates to the location header, and updates to the rate limiting filter.

New Features

  1. Added http-logging support for %D and %T, the time taken to serve the request, in microseconds and seconds respectively.
  2. Updated LOCATION header rewrite logic to account for versioned URI mappings.
  3. Update rate limiting so calls to query limits (e.g. /limits) now get rate limited.
  4. Remove rate limiting format attribute for 'OPENSTACK' or 'LBAAS'.  This was an optional attributed that defaulted to OPENSTACK and no one was using the LBAAS format yet.  Now that Repose has translation, the translation component should be used to support this type of functionality where rate limit formats are configurable.
  5. Added %B and %M options to http-logging filter
  6. Specifying the Default Router (Deprecated as of V2.4) in the Filter List is no longer necessary. Repose will automatically try to route to a Destination designated as "default" if no other routes are specified.
  7. Added attribute 'content-body-read-limit' to configure the maximum size of the request content.

Bug Fixes

The following bugs were fixed for this release:

  1. The via http header is now added to the response.
  2. Removed mis-leading ClassLoader debug messages and aligned the Repose ClassLoader with the Java ClassLoader
  3. Fixed bug where Response Messaging Service (RMS) returned content-type of "*/*" for requests whose accept type was "*/*".
  4. Fixed bug where Repose was not reporting Response size in Http Logging filter.
  5. Fixed bug where Repose was logging 0 instead of - when %b http-logging formatter was specified.
  6. Patch Fix for validation filter which contains a bug fix where certain WADLs with shared resource_types were not parsed correctly.

In-Flight Features

New code for these features has been submitted in this release; however, these features are not yet complete:

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

 


Release 2.3.5 ()

 


Release 2.3.4 (10/1/2012 - Bug Fixes)

Bug Fixes

The following bugs were fixed for this release:

  1. Fix issue with distributed datastore that could cause repose to return an empty 200 response when a repose node in a cluster is unavailable.

In-Flight Features

New code for these features has been submitted in this release; however, these features are not yet complete:

  1. Translation Filter

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".


Release 2.3.3 (9/21/2012 - Bug Fixes)

Bug Fixes

The following bugs were fixed for this release:

  1. Rewrite LOCATION header with repose host and port for any responses that return LOCATION header.  Prior to this change, repose only rewrote the LOCATION header when a redirect was received.
  2. Repose will now correctly retrieve a new admin token after the token expires or is invalidated.
  3. Fix spelling error in repose logrotate.

In-Flight Features

New code for these features has been submitted in this release; however, these features are not yet complete:

  1. Translation Filter

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".


Release 2.3.2 (9/12/2012 - Reporting Info via JMX and Bug Fixes)

New Features

  1. Repose reporting information now exposed via JMX.

Bug Fixes

The following bugs were fixed for this release:

  1. Response Input Stream was closed twice, causing stack trace to be logged under some conditions.

In-Flight Features

New code for these features has been submitted in this release; however, these features are not yet complete:

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".


Release 2.3.1 (8/29/2012)

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".


Release 2.3.0 (8/28/2012 - CLI Util for Clear Auth Token Cache)

New functionality provides enhancements to the CLI Utility.

New Features

  1. Repose cli-util allows user to remove auth token, roles, and groups from the local cache.  Instructions for new functionality are here: cli-util remove token, roles, and groups.
  2. Add repose-valve init.d script to the list of conffiles for the Valve Debian Install.  This allows the ops engineer to add classpath parameters to the repose-valve script knowing the changes are preserved on a Repose upgrade.
  3. Changed token and group caching login in client authentication to cache based on tenant id and token.  Since multiple users can share a tenant id, this will eliminate cache conflicts.

Bug Fixes

The following bugs were fixed for this release:

  1. Allow absolute paths for dot file output for API Validation filter.

In-Flight Features

New code for these features has been submitted in this release; however, these features are not yet complete:

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".


Release 2.2.2 (8/17/2012 - Vary Header)

Hot fix for Vary Header issue.

New Features

  1. Repose will now set the X-Forwarded-For Header.

Bug Fixes

The following bugs were fixed for this release:

  1. Fixed issue with Location header in which Repose was not setting a scheme.
  2. Fixed issue with Vary header in which Repose was not sending back all header values.

In-Flight Features

New code for these features has been submitted in this release; however, these features are not yet complete:

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".


Release 2.2.1 (8/16/2012 - Via Header, Insecure Mode, Location Header)

New functionality provides setting of the Via header, and the ability to run Repose in insecure mode (i.e. Repose can communicate with other services over SSL and accept all certs).

New Features

The following features have been added and tested for this release:

  1. A system property has been added to allow Repose to run in insecure mode (accepting all certs from origin services and auth services running over SSL).  To enable this option when running repose-valve.jar "-k" or "--insecure" should be specified.  When running Repose ROOT.war a system property called "insecure" should be passed in with a value of "true".
  2. Updated API Validator filter to initialize validators on start up instead of on first request.
  3. Repose will now set a Via header on all passed requests. Configuration
  4. Repose will now set/add the X-Forwarded-For header
  5. Repose will now set/add X-Impersonator-Id and X-Impersonator-Name when an impersonated token is used.

Bug Fixes

The following bugs were fixed for this release:

  1. Updated notification code to correctly restore appropriate class loader when dispatching event notifications.  This will allow additional ear files to correctly subscribe to and receive event notifications.
  2. Fixed issue in which caused multiple location headers to return to the requester.

In-Flight Features

New code for these features has been submitted in this release; however, these features are not yet complete:

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".


Release 2.2.0 (8/3/2012 - API Validation Filter and Cache Groups)

New functionality provides enhancements to cache groups for calls to Auth from the Rate Limiting filter.  This will improve performance and reduce the number of calls to Auth.

New Features

The following features have been added and tested for this release:

  1. Added caching of user groups.  This includes the addition of an xml attribute (group-cache-timeout) in client-auth-n.cfg.xml.  This attribute specifies the amount of time (in milliseconds) to cache the user groups.  The attribute is optional and defaults to 600000 milliseconds (10 minutes) if not specified.
  2. Add Config for Max TTL for Auth Cache.  A new xml attribute, token-cache-timeout, was added to the client-auth-n.cfg.xml file.  This value can be used to specify the maximum TTL for auth tokens to be cached.  If the TTL of the token is less than the token-cache-timeout value, then the token's TTL will be used instead.
  3. Add API/XSD/WADL Validator filter: API (WADL/XSD) Validation Filter to allow validation of requests against specified WADLs.  Different WADLs (validators) can be configured based on a user's role.  One validator can be marked as the default validator, which will be used when a user either has no roles or none of the user's roles match a configured validator.

Bug Fixes

The following bugs were fixed for this release:

  1. REPOSE will attempt to preserve its header values throughout the filter chain, even when 3rd party filters are integrated into the filter chain.
  2. Client Authorization returns a 200 when an exception occurs communicating with auth service.
  3. NullPointerException in Client Authorization when response from auth service is not 200.

In-Flight Features

New code for these features has been submitted in this release; however, these features are not yet complete:

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".


 


Release 2.1.7 (07/20/2012 - Bug Fixes)

Bug Fixes

The following bugs were fixed for this release:

  1. Fix issue with response bodies not being returned when integrating repose with 3rd party filters.

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

 


Release 2.1.6 (07/17/2012)

New functionality provides enhancements to ...

New Features

The following features have been added and tested for this release:

  1. Non-Tenanted Mode for OpenStack Authentication Filter
  2. Initial integration with the API (WADL/XSD) Validation Filter
  3. New Extensions filter bundle.  Filters which integrate with external projects may be packaged here to help avoid dependency conflicts and to isolate functionality from core repose filters.

Bug Fixes

The following bugs were fixed for this release:

  1. BufferOverflow issue with HTTP Logging Filter during heavy load fixed.
  2. Always send query params to the end service, even when no value is specified.

In-Flight Features

New code for these features has been submitted in this release; however, these features are not yet complete:

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

  2. Response bodies are not returned when 3rd party filters are integrated with repose.  This is an issue when the 3rd party filter does not use our MutableHttpServletRequest/Response objects.

Release 2.1.5 (7/09/2012)

New functionality provides enhancements to ...

New Features

The following features have been added and tested for this release:

  1. New Performance Test Results
  2. Repose will no longer buffer then entire response unless necessary. Previously, repose read the entire response into a buffer as it was received from the service.  

Bug Fixes

The following bugs were fixed for this release:

  1. Corrected issue that would cause repose to endlessly send a response if the service returned a 2k response using chunked encoding.
  2. Repose will no longer return a 200 when it receives a URI that it cannot properly send to the end service.
  3. During start-up, repose will return a 503 until repose has initialized the filter chain.

In-Flight Features

New code for these features has been submitted in this release; however, these features are not yet complete:

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".


Release 2.1.4 (6/25/2012 - Bug Fixes)

New functionality provides bug fixes.

Bug Fixes

The following bugs were fixed for this release:

  1. Provide rate limiting functionality for rate limits configured with http-methods set to "ALL".

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

  2. While the service is starting up (for about the first 5 seconds) it will return HTTP 200's like all requests are succeeding. After the service has finished starting it will return correct response codes.


Release 2.1.3 (6/14/2012 - Bug Fixes)

New functionality provides bug fixes.

Bug Fixes

The following bugs were fixed for this release:

  1. Return response body when origin service returns a 401.

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

  2. While the service is starting up (for about the first 5 seconds) it will return HTTP 200's like all requests are succeeding. After the service has finished starting it will return correct response codes.


Release 2.1.2 (6/8/2012 - Bug Fixes and Processing Time Tracking)

New functionality provides bug fixes and the ability to track processing time.

New Features

The following features have been added and tested for this release:

  1. filter elements in system-model.cfg.xml can now specify a uri-regex attribute.  Only requests which have an URI matching the pattern will be handled by this instance of the filter.
  2. passing the header x-trace-request: true to repose will return headers with processing time for each filter that processed the request.  Also, the amount of time that repose waited for a response from the service will be returned in the x-route-Time response header.

Bug Fixes

The following bugs were fixed for this release:

  1. Fixed bug where plus sign used in URL query parameters was not being decoded as a space before being sent to the origin service.
  2. Fixed bug where exception thrown on redirects.

In-Flight Features

New code for these features has been submitted in this release; however, these features are not yet complete:

(none)

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

  2. While the service is starting up (for about the first 5 seconds) it will return HTTP 200's like all requests are succeeding. After the service has finished starting it will return correct response codes.


Release 2.1.1 (5/28/2012 - Basic Spring Integration and Performance Improvement)

New functionality provides basic Spring integration.

New Features

The following features have been added and tested for this release:

  1. Integrated Spring dependency injection into repose and configured internal services to be Spring components.  These services are now available to filters using Spring DI or by using the ServletContextHelper.
  2. New Performance Test Results

Bug Fixes

The following bugs were fixed for this release:

  1. Resolved an issue that caused a new Jersey client to be created on each request.  This was causing unnecessary overhead on each request.

In-Flight Features

New code for these features has been submitted in this release; however, these features are not yet complete:

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

  2. While the service is starting up (for about the first 5 seconds) it will return HTTP 200's like all requests are succeeding. After the service has finished starting it will return correct response codes.

 


Release 2.1.0 (5/21/2012 - URI Normalization)

New functionality provides enhancements to request normalization.

New Features

The following features have been added and tested for this release:

  1. Auto-clean of deployment directories is implemented.  If auto-clean is set to true the deployment directory is removed when repose is stopped via the repose-valve.jar, a graceful tomcat shutdown, a "kill -HUP pid", or a "kill pid".  If the user does a "kill -9" the deployment directory will remain as repose will not receive the proper signal to terminate.
  2. Clean Up script now packaged in DEBRPM, and CLI-Utils packages.
  3. URI-Normalization
    1. Normalizes Query Parameters and media-type extensions for URIs.

Bug Fixes

The following bugs were fixed for this release:

In-Flight Features

New code for these features has been submitted in this release; however, these features are not yet complete:

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

  2. While the service is starting up (for about the first 5 seconds) it will return HTTP 200's like all requests are succeeding. After the service has finished starting it will return correct response codes.

 


Release 2.0.0 (5/10/2012 - System Model Update)

New functionality provides better clarity in the system model representation, allowing an easier deployment of Repose.  This will include a non-backwards compatible change to the Repose system model and enhancements to request normalization.

New Features

The following features have been added and tested for this release:

  1. Added support for LBaaS rate limits json format which is the OpenStack draft format.
  2. Regression Environment
    1. Regression environment build is now implemented using Chef-Solo
    2. Cloud Servers username and apikey required for configuration
  3. Update power-proxy.cfg.xml format to version 2.0.  This introduces new system model concepts to better represent the logical architecture of the services, such as: service-domain, destinations and endpoints.  Components that provide routing information now only need specify the ID of the destination.  The repose routing logic will determine a host, port and root-path for routing the request to the destination.  This simplifies the logic necessary in components such as versioning, default-router and destination-router.
  4. Root Context Router has been renamed to Destination Router to better reflect its enhanced capabilities.  This routing component now has the ability to specify either an internal or an external destination.
  5. Default Router updated to select the destination from the list of endpoints/target-domains listed in the destinations section of power-proxy.cfg.xml.  The first entry with default="true" is added to the list of possible destinations for this request with a quality of -1.0.
  6. Versioning updated to specify a destination id that must match the id of an endpoint/target-domain listed in the destinations section of power-proxy.cfg.xml.
  7. Updated System Model Interrogator to account for multiple listen ports and schemes when determining on which host/node we are running and to which service domain we belong.  See the configuration page for more information on how REPOSE uses the port information and on how to specify it for ROOT.war and valve deployments.
  8. Service Authentication Filter
    1. Component to allow Repose to pass Basic Auth credentials to the origin service.
  9. Updated the header value quality logic to choose the first header value that has the highest quality factor.  So, if multiple header  values have the same quality factor, the first one sent will be the value used.
  10. Header Normalization Filter
    1. A more robust header normalization filter which allows targeting of specific URI and HTTP Method combinations for which to normalize headers.
  11. Added repose-war and repose-filters RPMs for installation.
  12. Updated IP Identity filter to include an IP white list.  Request IPs that match one of the IPs in the white list will be assigned to a different group.  The white list supports network addresses using the CIDR notation.
  13. CLI Utility DEB and RPM packages.

Bug Fixes

The following bugs were fixed for this release:

In-Flight Features

New code for these features has been submitted in this release; however, these features are not yet complete:

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

  2. While the service is starting up (for about the first 5 seconds) it will return HTTP 200's like all requests are succeeding. After the service has finished starting it will return correct response codes.

  3. auto-clean of deployment directories has not been implemented.  Until auto-clean is available, it is recommended that old deployment working directories are deleted manually.  Repose creates a new sub-directory in the deployment directory upon start up.