Version 8x release notes


Release 8.10.0.0 (08/27/2018, logging, more expressive filter determination, and prep for v9.0.0.0)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. REP-7009 Updated the intrafilter-logging debugging mechanism in preparation for v9.0.0.0 changes.
    1. See the Troubleshooting guide for more information.

New Features

  1. REP-6969 Added support for more expressive filter determination in the <<architecture/system-model.adoc#,System Model>> using boolean operators.

Enhancements

  1. REP-7135 Improved the artifact deployment strategy to handle multiple Repose instances running concurrently.
  2. REP-7096 Updated the v9.0.0.0 ReposeRoutingServlet to be able to actually route requests.
    1. Note this servlet is not currently in use, but is included in the shipped artifacts.
  3. REP-7128 Updated the performance tests so that they have a more standard layout, and more fully allow integration in the IDE.

Bug Fixes

  1. NONE

Removed Features

  1. NONE

Known Issues

  1. REP-5531 While the Scripting filter schema indicates support for several languages, the Ruby and Lua implementations have multithreading issues and should not be used in this version of Repose.
  2. REP-6880 Repose will fail to load configuration files with embedded XSLT if the the XSLT Attribute Value Template (AVT, i.e., "{$param}") is used. The reason is that the Repose configuration output template tokens (i.e., "{$env_var$}") clash with the XSLT AVT tokens. The result is that the templating engine attempts to process the AVT (e.g., "{$param}") but cannot find the end of the "code island" (i.e., "$}") and so fails. This issue should only arise if the deprecated feature of embedding XSLT into a configuration file (such as the translation filter configuration) is used, and can be worked around by extracted the XSLT into a file referenced by the configuration file.

Deprecated Features

  1. NONE

Release 8.9.1.0 (07/10/2018, Valkyrie Filter Highest Permission Fix, Header Case Sensitivity Fix, Split Header Filter)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. REP-6038 Created the `ReposeFilterChain` this will eventually replace the `PowerFilterChain` and allow dynamic determination of the filter chain.

  2. REP-7081 Added OpenTracing Support to the `ReposeFilterChain`.

  3. REP-7008 Created the 'ReposeServlet' which will eventually replace the `EmptyServlet` and allow routing to be done by the servlet rather than the filter chain.

  4. REP-5083 Added the new Split Header Filter.

Enhancements

  1. NONE

Bug Fixes

  1. REP-7004 Fixed a bug in the Keystone v2 Basic Auth, Keystone v2, Openstack Identity v3, and Valkyrie Authorization filters where headers were potentially processed in a case sensitive way.

  2. REP-7064 Fixed the behavior of the Valkyrie filter where only the last device permission was considered when determining the authorization status of a request. Now all device permissions are considered.

Removed Features

  1. NONE

Known Issues

  1. REP-5531 While the Scripting filter schema indicates support for several languages, the Ruby and Lua implementations have multithreading issues and should not be used in this version of Repose.
  2. REP-6880 Repose will fail to load configuration files with embedded XSLT if the the XSLT Attribute Value Template (AVT, i.e., "{$param}") is used. The reason is that the Repose configuration output template tokens (i.e., "{$env_var$}") clash with the XSLT AVT tokens. The result is that the templating engine attempts to process the AVT (e.g., "{$param}") but cannot find the end of the "code island" (i.e., "$}") and so fails. This issue should only arise if the deprecated feature of embedding XSLT into a configuration file (such as the translation filter configuration) is used, and can be worked around by extracted the XSLT into a file referenced by the configuration file.

Deprecated Features

  1. NONE

Release 8.9.0.1 (06/09/2018, IP User Filter bug fix)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. NONE

Enhancements

  1. NONE

Bug Fixes

  1. REP-7054 Fixed the IP User filter to support the use of the X-Forwarded-For header for X-PP-Groups.

Removed Features

  1. NONE

Known Issues

  1. REP-5531 While the Scripting filter schema indicates support for several languages, the Ruby and Lua implementations have multithreading issues and should not be used in this version of Repose.
  2. REP-6880 Repose will fail to load configuration files with embedded XSLT if the the XSLT Attribute Value Template (AVT, i.e., "{$param}") is used. The reason is that the Repose configuration output template tokens (i.e., "{$env_var$}") clash with the XSLT AVT tokens. The result is that the templating engine attempts to process the AVT (e.g., "{$param}") but cannot find the end of the "code island" (i.e., "$}") and so fails. This issue should only arise if the deprecated feature of embedding XSLT into a configuration file (such as the translation filter configuration) is used, and can be worked around by extracted the XSLT into a file referenced by the configuration file.

Deprecated Features

  1. NONE

Release 8.9.0.0 (06/06/2018, Deployment Directory Scheme Change, Atom Feed Service Fixes, Log4j2 File Permission Upgrade)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. REP-6508 Simplified the deployment directory scheme to reduce disk usage in certain cases.

New Features

  1. Updated dependencies:

    1. Attribute Mapper: 2.2.1 → 3.0.0
      1. Attribute Mapper v3.0.0 release notes
    2. Jaeger Core: 0.24.0 → 0.27.0
      1. Jaeger Client Java v0.27.0 change log

Enhancements

  1. REP-6858 Updated Log4j to a version that allows setting of file permissions

Bug Fixes

  1. REP-6977 Fixed the atom feed service, now it actually works.

  2. REP-6974 Fixed reverse read option in the atom feed service, now it actually works.

Removed Features

  1. NONE

Known Issues

  1. REP-5531 While the Scripting filter schema indicates support for several languages, the Ruby and Lua implementations have multithreading issues and should not be used in this version of Repose.
  2. REP-6880 Repose will fail to load configuration files with embedded XSLT if the the XSLT Attribute Value Template (AVT, i.e., "{$param}") is used. The reason is that the Repose configuration output template tokens (i.e., "{$env_var$}") clash with the XSLT AVT tokens. The result is that the templating engine attempts to process the AVT (e.g., "{$param}") but cannot find the end of the "code island" (i.e., "$}") and so fails. This issue should only arise if the deprecated feature of embedding XSLT into a configuration file (such as the translation filter configuration) is used, and can be worked around by extracted the XSLT into a file referenced by the configuration file.
  3. The Atom Feed entry order configuration "reverse-read" is functionally inoperable.

Deprecated Features

  1. NONE

Release 8.8.4.0 (04/23/2018, OpenTracing updates, bug fixes, and internal tweaks)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. REP-6795 Added the new URI Redaction service which allows for the removal of sensitive data from URI's before external processing.

  2. REP-6862 Updated dependencies:

    1. Attribute Mapper: 2.2.0 → 2.2.1

      1. Attribute Mapper v2.2.1 release notes

      2. The big feature fixing a memory leak.

Enhancements

  1. REP-6674 Minor internal update to increase logging performance.
  2. REP-6765 Updated the Keystone v2 filter to forward users' domain ID.
  3. REP-6655 Added required configuration files to the examples directory and example configurations will now be replaced on upgrade.

Bug Fixes

  1. NONE

Removed Features

  1. NONE

Known Issues

  1. REP-5531 While the Scripting filter schema indicates support for several languages, the Ruby and Lua implementations have multithreading issues and should not be used in this version of Repose.
  2. REP-6880 Repose will fail to load configuration files with embedded XSLT if the the XSLT Attribute Value Template (AVT, i.e., "{$param}") is used. The reason is that the Repose configuration output template tokens (i.e., "{$env_var$}") clash with the XSLT AVT tokens. The result is that the templating engine attempts to process the AVT (e.g., "{$param}") but cannot find the end of the "code island" (i.e., "$}") and so fails. This issue should only arise if the deprecated feature of embedding XSLT into a configuration file (such as the translation filter configuration) is used, and can be worked around by extracted the XSLT into a file referenced by the configuration file.
  3. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 8.8.3.0 (03/30/2018, OpenTracing)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. REP-6654 Added OpenTracing Support.

Enhancements

  1. NONE

Bug Fixes

  1. NONE

Removed Features

  1. NONE

Known Issues

  1. REP-5531 While the Scripting filter schema indicates support for several languages, the Ruby and Lua implementations have multithreading issues and should not be used in this version of Repose.
  2. REP-6880 Repose will fail to load configuration files with embedded XSLT if the the XSLT Attribute Value Template (AVT, i.e., "{$param}") is used. The reason is that the Repose configuration output template tokens (i.e., "{$env_var$}") clash with the XSLT AVT tokens. The result is that the templating engine attempts to process the AVT (e.g., "{$param}") but cannot find the end of the "code island" (i.e., "$}") and so fails. This issue should only arise if the deprecated feature of embedding XSLT into a configuration file (such as the translation filter configuration) is used, and can be worked around by extracted the XSLT into a file referenced by the configuration file.
  3. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 8.8.2.0 (03/23/2018, Multi-Tenant Valkyrie, Simple RBAC, API Validation)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. REP-6628 Updated dependencies:

    1. API Checker: 2.6.0 → 2.6.1

      1. API Checker v2.6.1 release notes

      2. The big feature add is multi-tenant support for the RAX:ROLES WADL extension.
  2. REP-6448 Updated the Simple RBAC filter to support Multi-Tenant.
  3. REP-6550 Update the Valkyrie Authorization filter to care about quality when selecting a tenant ID for talking to the Valkyrie service.
  4. REP-6604 Update the Valkyrie Authorization filter to add roles to the X-Map-Roles header when role translation is configured.

Enhancements

  1. REP-6710 Removed the custom String Utilities in favor of the standard Apache Commons Lang version already in use elsewhere.

Bug Fixes

  1. REP-6588 Fixed an issue where certain servlet containers would throw an IllegalStateException when calling commitToResponse.

Removed Features

  1. NONE

Known Issues

  1. REP-5531 While the Scripting filter schema indicates support for several languages, the Ruby and Lua implementations have multithreading issues and should not be used in this version of Repose.
  2. REP-6880 Repose will fail to load configuration files with embedded XSLT if the the XSLT Attribute Value Template (AVT, i.e., "{$param}") is used. The reason is that the Repose configuration output template tokens (i.e., "{$env_var$}") clash with the XSLT AVT tokens. The result is that the templating engine attempts to process the AVT (e.g., "{$param}") but cannot find the end of the "code island" (i.e., "$}") and so fails. This issue should only arise if the deprecated feature of embedding XSLT into a configuration file (such as the translation filter configuration) is used, and can be worked around by extracted the XSLT into a file referenced by the configuration file.
  3. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 8.8.1.0 (02/15/2018, Multi-Tenant Keystone)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. REP-6447 Added multi-tenant support in the Keystone v2 and Keystone v2 Authorization filters.

  2. REP-6578 Updated the Tenant Culling filter to utilize the tenant to roles map now being populated by the Keystone v2 filter.

Enhancements

  1. REP-6470 Updated dependencies:

    1. API Checker: 2.5.1 → 2.6.0

      1. API Checker v2.6.0 release notes

Bug Fixes

  1. NONE

Removed Features

  1. NONE

Known Issues

  1. REP-5531 While the Scripting filter schema indicates support for several languages, the Ruby and Lua implementations have multithreading issues and should not be used in this version of Repose.
  2. REP-6880 Repose will fail to load configuration files with embedded XSLT if the the XSLT Attribute Value Template (AVT, i.e., "{$param}") is used. The reason is that the Repose configuration output template tokens (i.e., "{$env_var$}") clash with the XSLT AVT tokens. The result is that the templating engine attempts to process the AVT (e.g., "{$param}") but cannot find the end of the "code island" (i.e., "$}") and so fails. This issue should only arise if the deprecated feature of embedding XSLT into a configuration file (such as the translation filter configuration) is used, and can be worked around by extracted the XSLT into a file referenced by the configuration file.
  3. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 8.8.0.0 (02/05/2018, Environment Variable Substitution in Config, Jetty 9.4.8 Upgrade)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. REP-5616 Updated Jetty from 9.2.0.v20140526 to 9.4.8.v20171121.
    1. Prior to this update, when Repose received headers that were too large to process, a 413 (Payload Too Large) would be returned. With this update, a 431 (Request Header Fields Too Large) will be returned.
    2. Prior to this update, if you called getServerName on the Jetty wrapper and got back an IPv6 address, you would receive something like this: 2001:db8:cafe::17 (i.e. without the brackets required by the spec). With this update, calling that same method would result in getting: [2001:db8:cafe::17] (i.e. has brackets). Some URI normalization logic may not be able to handle the extraneous brackets.
    3. Prior to this update, there could be a distinction between a header with an empty string and a header with a null value. With this update, that distinction is lost. They must have gotten tired of QEs saying they had a large order but ending up with nothing in the end.
    4. Requests with malformed query parameters may no longer even get to Repose before being rejected.
    5. Additional details were documented in the Jira.

New Features

  1. REP-5401 - Added support for environment variable substitution in configuration files.

Enhancements

  1. REP-5616, REP-6436, REP-6274 - Updated dependencies:
    1. Jetty: 9.2.0.v20140526 → 9.4.8.v20171121
      1. https://github.com/eclipse/jetty.project/blob/jetty-9.4.x/VERSION.txt
    2. Gradle: 3.4 → 4.5
      1. https://github.com/gradle/gradle/releases/tag/v4.5.0
    3. JSONPath: 2.4.0 → 2.5.0
      1. https://github.com/josephpconley/play-jsonpath/blob/master/README.md
  2. REP-6390 - Internal changes to the Keystone v2 Filter in anticipation of splitting the authorization portion off into it's own filter.
  3. REP-6400 - Added the new Keystone v2 Authorization Filter which captures the authorization functionality of the Keystone v2 Filter.
  4. REP-6382 - Lots of little versioned docs updates.

Bug Fixes

  1. NONE

Removed Features

  1. NONE

Known Issues

  1. REP-5531 While the Scripting filter schema indicates support for several languages, the Ruby and Lua implementations have multithreading issues and should not be used in this version of Repose.
  2. REP-6880 Repose will fail to load configuration files with embedded XSLT if the the XSLT Attribute Value Template (AVT, i.e., "{$param}") is used. The reason is that the Repose configuration output template tokens (i.e., "{$env_var$}") clash with the XSLT AVT tokens. The result is that the templating engine attempts to process the AVT (e.g., "{$param}") but cannot find the end of the "code island" (i.e., "$}") and so fails. This issue should only arise if the deprecated feature of embedding XSLT into a configuration file (such as the translation filter configuration) is used, and can be worked around by extracted the XSLT into a file referenced by the configuration file.
  3. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 8.7.3.0 (11/17/2017, RegEx RBAC Filter, Keystone v2 Enhancements)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. REP-6159 New RegEx RBAC Filter allows role based access control with simple regular expression based resource matching.

Enhancements

  1. REP-6313 Keystone v2 Filter now supports ignoring of specified roles when authorizing.
  2. REP-6338 REP-6325 REP-6321 Documentation enhancements.

Bug Fixes

  1. NONE

Removed Features

  1. NONE

Known Issues

  1. REP-5531 While the Scripting filter schema indicates support for several languages, the Ruby and Lua implementations have multithreading issues and should not be used in this version of Repose.
  2. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 8.7.2.0 (11/1/2017, Attribute Mapping Library Upgrade)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. NONE

Enhancements

  1. REP-6294 - Updated dependencies:
    1. Attribute Mapper from v2.1.1 to v2.2.0.
      1. Attribute Mapper v2.2.0 release notes.

Bug Fixes

  1. NONE

Removed Features

  1. NONE

Known Issues

  1. REP-5531 While the Scripting filter schema indicates support for several languages, the Ruby and Lua implementations have multithreading issues and should not be used in this version of Repose.
  2. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 8.7.1.0 (10/25/2017, Attribute Mapping Library Upgrade round 2)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. NONE

Enhancements

  1. REP-6179 - Converted more old Wiki Docs over to the new Versioned Docs.
  2. REP-6133 - Updated the published Docker images to turn off local logging by default to be more in line with the expectations of a Twelve-Factor App.
  3. REP-6135 - Updated the published Docker images to support running the container using an arbitrarily assigned user ID as is expected by the OpenShift Container Platform.
  4. REP-6252, REP-6211 - Updated dependencies:
    1. Gradle LinkChecker Plugin from v0.2.0 to v0.3.0.
      1. Gradle LinkChecker Plugin v0.3.0 release notes.
    2. API Checker from v2.4.1 to v2.5.1.
      1. API Checker v2.5.1 release notes.
    3. Attribute Mapper from v2.0.1 to v2.1.1.
      1. Attribute Mapper v2.1.1 release notes.
    4. Saxon from v9.7.0-15 to v9.8.0-4.
      1. Saxon 9.8.0.4 release notes.

Bug Fixes

  1. REP-6186 - Updated the automated Release Verification to force the use of Java 8 since some GNU/Linux distributions are already providing Java 9 by default.

Removed Features

  1. NONE

Known Issues

  1. REP-5531 While the Scripting filter schema indicates support for several languages, the Ruby and Lua implementations have multithreading issues and should not be used in this version of Repose.
  2. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 8.7.0.2 (10/4/2017, Keystone v2 Get IDP Contract Update)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. NONE

Enhancements

  1. NONE

Bug Fixes

  1. REP-6162 Updated the Keystone v2 get IDP call to support the field name change from `approvedDomains` to `approvedDomainIds`.

Removed Features

  1. NONE

Known Issues

  1. REP-5531 While the Scripting filter schema indicates support for several languages, the Ruby and Lua implementations have multithreading issues and should not be used in this version of Repose.
  2. REP-6211 A bug was introduced into the API-Checker library that if encountered will cause a WADL to not load and in turn Repose will not operate.
  3. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 8.7.0.1 (9/28/2017, Attribute Mapping Library Upgrade)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. NONE

Enhancements

  1. REP-6115 Updated Dependencies:
    1. Attribute Mapper version from v2.0.0 to v2.0.1.
      1. See full Attribute Mapper v2.0.1 release notes for full feature list.

Bug Fixes

  1. NONE

Removed Features

  1. NONE

Known Issues

  1. REP-5531 While the Scripting filter schema indicates support for several languages, the Ruby and Lua implementations have multithreading issues and should not be used in this version of Repose.
  2. REP-6211 A bug was introduced into the API-Checker library that if encountered will cause a WADL to not load and in turn Repose will not operate.
  3. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 8.7.0.0 (9/26/2017, Tenant Culling Filter, Attribute Mapping Library Upgrade, Docker Enhancements)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. REP-5315 Updated Spring-managed bean names in JMX to be consistent with the metrics beans. In version 8.5.0.1, the Metrics Service library was updated which required a change to the names of the JMX metrics. This update brings the Spring-managed bean naming in line with the JMX metrics naming.
  2. REP-5766 Updated Dockerfile to run Repose as the repose user. Previously, the Dockerfile was configured to run Repose as the root user which caused issues in some environments. This change could require permissions changes depending on your level of customizations on top of the Repose Docker image.

New Features

  1. REP-5939 Added support for, and began publishing, a CentOS-based Docker image.
  2. REP-6098 Updated the SAML Policy Translation filter to allow multiple locations for default values in an effort to support multiple Identity Providers (IDP's).
  3. REP-5994 Brought the Tenant Culling Filter into the main filter bundle.
  4. REP-5727 Extracted trace ID logging to its own named logger.

Note

The org.openrepose.powerfilter.PowerFilter.trace-id-logging Logger in your Log4j2 configuration will determine the logging behavior for trace ID logging. If the org.openrepose.powerfilter.PowerFilter.trace-id-logging Logger has not been configured, it will inherit the org.openrepose.powerfilter.PowerFilter logger's configuration.

Enhancements

  1. REP-6001 Updated Dependencies:
    1. API Checker version from v2.3.0 to v2.4.1. 
      1. See full API Checker v2.4.1 release notes for full feature list.
    2. Attribute Mapper version from v1.3.0 to v2.0.0.
      1. See full Attribute Mapper v2.0.0 release notes for full feature list.
  2. REP-5767 Updated Dockerfiles to simplify usage of JAVA_OPTS.
  3. REP-6050 Update Contact Us page information across all the documentation.
  4. REP-5261 Confirmed the Translation filter will allow 100,000 Entity Expansions and updated the documentation accordingly.

Bug Fixes

  1. REP-5985 Updated the Jackson version from v2.4.0 to v2.8.9 to correct an issue where the Attribute Mapping Policy Validation filter was failing under certain conditions.

  2. REP-5885 Fixed the bug where an Error during processing would result in a 200 response from Repose.

Removed Features

  1. NONE

Known Issues

  1. REP-5531 While the Scripting filter schema indicates support for several languages, the Ruby and Lua implementations have multithreading issues and should not be used in this version of Repose.
  2. REP-6211 A bug was introduced into the API-Checker library that if encountered will cause a WADL to not load and in turn Repose will not operate.
  3. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 8.6.3.0 (8/15/2017, JSON and XML Support for Policy Files)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. REP-5521 Updated the API Checker library from v2.2.1 to v2.3.0.

    1. This brings the X-Relevant-Roles header population feature to the API Validator filter and Simple RBAC filter.

Enhancements

  1. REP-5694 Updated our Valkyrie documentation to include a link to Valkyrie's documentation.
  2. REP-5823 Updated the Keystone v2 filter to support multiple Java Regular Expressions for URI tenant extraction.
  3. REP-5617 Updated the the internal HTTP Servlet Response Wrapper to log a WARNING when a header is added to a response after it has been committed.

    1. NOTE: This message is logged to a separate logger and can be disabled by adding the following to the log4j2.xml:

      1. <Logger name="org.openrepose.commons.utils.servlet.http.HttpServletResponseWrapper_addHeaderWarning" level="off"/>

  4. REP-5853 Updated the SAML Policy Translation Filter and Attribute Mapping Policy Validation Filter to recover support for XML and JSON (which was removed in 8.6.2.0 (2017-06-13)).

  5. REP-5940 Updated the attribute-mapper library from v1.2.0 to v1.3.0.

Bug Fixes

  1. REP-5737 Updated the following filters to correct a typo that would prevent proper configuration schema validation.

    1. IP User filter

    2. Keystone v2 Basic Authentication filter

    3. OpenStack Identity v3 filter

    4. Rackspace Auth User filter

    5. SAML Policy Translation filter

      Warning

      As part of this correction, any configurations that were taking advantage of this lack of validation will cease to function. As a result, Repose will not service requests with the given configuration.

  2. REP-5748 Updated the Phone Home Service to correct a bug that was preventing the message from actually reaching back.

Removed Features

  1. NONE

Known Issues

  1. REP-5531 While the Scripting filter schema indicates support for several languages, the Ruby and Lua implementations have multithreading issues and should not be used in this version of Repose.
  2. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 8.6.2.0 (7/13/2017, YAML Support for Policy files)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. NONE

Enhancements

  1. REP-5757 Updated the SAML Policy Translation Filter to utilize YAML policy files.

    1. Updated the attribute-mapper library from v1.1.1 to v1.2.0 to bring in the YAML updates made in REP-5632.

  2. REP-5592 Updated the  Attribute Mapping Policy Validation Filter to only work for YAML bodies.

  3. REP-5694 Updated the Valkyrie Authorization filter versioned docs to point to the current Valkyrie service documentation.

Bug Fixes

  1. NONE

Removed Features

  1. NONE

Known Issues

  1. REP-5531 While the Scripting filter schema indicates support for several languages, the Ruby and Lua implementations have multithreading issues and should not be used in this version of Repose.
  2. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 8.6.1.1 (6/8/2017, Attribute Mapping Library Upgrade, Keystone v2 Filter Enhancements)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. NONE

Enhancements

  1. REP-5347 Repose is now using Attribute Mapping v1.1.1.
    1. XPath expressions in the path of remote attributes will now be validated.
  2. REP-5595 Attribute Mapping Policy Validator filter will use native JSON validation support in the Attribute Mapping library.
  3. REP-5520 Keystone v2 filter now:
    1. Forwards the new X-Auth-Token-Key header which points to cache token data for a user in the datastore.
    2. Add a WWW-Authenticate response header if it sees a 401 response from downstream filters / origin service, regardless of the cause.

Bug Fixes

  1. REP-5347 Attribute Mapping Policy Validator filter no longer removes the remote name attribute from the policy.

Removed Features

  1. NONE

Known Issues

  1. REP-5531 While the Scripting filter schema indicates support for several languages, the Ruby and Lua implementations have multithreading issues and should not be used in this version of Repose.
  2. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 8.6.0.0 (6/2/2017, Remote Datastore, RCN Roles, SAML Policy Validation, Bulk Metadata)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. REP-5265 Added the new Remote Datastore service which allows the Distributed Datastore service concept to work in dynamic containerized environments like OpenShift.
  2. REP-5343 Updated the Keystone v2 Filter to support the new Apply RCN Roles feature of Rackspace Keystone v2 Identity. Converted the old Keystone v2 Filter documentation over to the new versioned docs.
  3. REP-5345 The Attribute Mapping Policy Validation Filter has been released.
  4. REP-5523 The Repose Functional Test Framework has been released.
  5. REP-5221 Updated the API Checker library from v2.1.1 to v2.2.1.
  6. REP-5220 Metadata extension now supports bulk metadata.

Enhancements

  1. NONE

Bug Fixes

  1. REP-5387 Fixed potential issues with content type error messages when rax:roles is used.

Removed Features

  1. NONE

Known Issues

  1. REP-5595 The new Attribute Mapping Policy Validation filter drops the name field when validating a JSON policy prior to forwarding it to the origin service.
  2. REP-5531 While the Scripting filter schema indicates support for several languages, the Ruby and Lua implementations have multithreading issues and should not be used in this version of Repose.
  3. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 8.5.0.1 (4/14/2017, Incremental Improvements)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. REP-5204 The Metrics Service library has been updated from Yammer v2.2.0 to Dropwizard v3.2.0. The service interface has also been modified to provide a simpler, more flexible experience.
    1. As part of the upgrade, some metric names reported by various components have been changed. Furthermore, all metrics reported to JMX via the Metrics Service now follow a new naming scheme. Due to a technical issue with the new version of the metric library, EHCache metrics are no longer being reported, but there is planned work to restore them. See Metrics Service for details on the metrics currently being reported.

New Features

  1. REP-4024 The Header Normalization filter was updated to include removing headers on the Response.

Enhancements

  1. REP-4754 The Rate Limiting filter now handle unsupported media types in Accept header by returning a 406.
  2. REP-5130 Rackspace Auth User Filter now gives a more specific and quieter log message when it runs into a non-xml or non-json content type.

  3. REP-4725 Repose will no longer add a Server header to responses from neither the main endpoint nor the Dist-Datastore endpoint.

  4. REP-5214 The Via header configuration has been expanded in a backwards compatible way. However, there were some internal contract changes with the Via and Location header builders, but they should not affect any custom filters.

Bug Fixes

  1. REP-4970 Internal clean up removing an unnecessary dependency.

  2. REP-4465 Internal clean up converting some enums to constants.
  3. REP-3901 The Debian and RPM Repose Valve and WAR artifacts will now create the repose user and group even if the configuration files are already present.

Removed Features

  1. NONE

Known Issues

  1. REP-5531 While the Scripting filter schema indicates support for several languages, the Ruby and Lua implementations have multithreading issues and should not be used in this version of Repose.
  2. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 8.4.1.0 (2/24/2017, SAML Improvements)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. NONE

Enhancements

  1. REP-5101 SAML Policy Translation Filter can now take raw application/xml not just form encoded bodies.

Bug Fixes

  1. NONE

Removed Features

  1. NONE

Known Issues

  1. REP-5531 While the Scripting filter schema indicates support for several languages, the Ruby and Lua implementations have multithreading issues and should not be used in this version of Repose.
  2. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 8.4.0.2 (2/22/2017, SAML Fixes)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. NONE

Enhancements

  1. REP-5071 Repose is now using Attribute Mapping v1.0.2.

Bug Fixes

  1. REP-5100 Rate Limiting filter was mistakenly getting the full parameter map, and not just the query parameters.

Removed Features

  1. NONE

Known Issues

  1. REP-5531 While the Scripting filter schema indicates support for several languages, the Ruby and Lua implementations have multithreading issues and should not be used in this version of Repose.
  2. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 8.4.0.1 (2/4/2017, SAML Policy Filter)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. REP-4653 Rackspace Auth User filter updated to read request body of Forgot Password request to get the username and the Highly Efficient Record Processor (HERP) filter was updated to get X-User-Name from response headers.
  2. REP-4771 (REP-4832) Docker images are now published as part of the release process.
  3. REP-4795 (REP-4831) the SamlPolicyTranslationFilter has been released! See the documentation for more details.

    1. This included an update to the API-Checker library to v2.1.1.

Enhancements

  1. NONE

Bug Fixes

  1. REP-4928 The Keystone v2 filter will now return a 401 if self-validating tokens are being used and the Identity service responds with a 401.

  2. REP-4841 Repose now uses a more unique ID for User Access Events (UAE) in support of Cloud Auditing Data Federation (CADF).
  3. REP-4867 The Valkyrie Authorization filter now supports multiple Character Encoding schemes.
  4. REP-4954 Repose now supports Form Encoded requests (Content-Type: application/x-www-form-urlencoded).
  5. REP-4999 Leading and trailing whitespace in directory values in the container.cfg.xml file are now ignored.

Removed Features

  1. REP-4880 Internal utility classes JCharSequence and MessageDigester were removed.

Known Issues

  1. REP-5531 While the Scripting filter schema indicates support for several languages, the Ruby and Lua implementations have multithreading issues and should not be used in this version of Repose.
  2. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 8.3.0.1 (12/13/2016, Docs, CORS Fixes)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. REP-4712REP-4668REP-4592 Documentation is now being written in asciidoc and being maintained with the source code,  to be published with each version of Repose.
  2. REP-4604 Docker images are now built and published for every new version of Repose.

Enhancements

  1. REP-4734 Made Python stdlib available in the Scripting filter
  2. REP-4460 Rackspace Auth User filter will now parse the response of an mfa request for the session id and use it to populate headers on the second mfa request.
  3. REP-4726 HERP Filter will now look in the response if it doesn't find tenant id in the request.
  4. REP-4659 Updated API-Checker to v2.0.3 for better error handling and upgrades to saxon.
  5. REP-4640 No longer catch throwable where a tighter exception can be handled.
  6. REP-4570 Upgrade to Gradle 3.
  7. REP-4524 Rackspace Auth User filter now also writes the username to the X-User-Name header.

Bug Fixes

  1. REP-4490 Not honoring chunked transfer encoding configuration.
  2. REP-4558 Fixed the url in the example configurations that are shipped so that it reflects current location of the documentation.
  3. REP-4555 Updated the core libraries to not modify the case of headers during processing.
  4. REP-3390 CORS filter will no longer potentially leave out values in the Access-Control-Allow-Headers header, and it will now set the Access-Control-Allow-Origin header to "null" instead of not adding the header at all when the origin was not allowed.
  5. REP-4764 sendError in the response wrapper will now call sendError on the underlying response when appropriate.
  6. REP-4582 Fix how Rackspace Auth User Filter handles it's streams.
  7. REP-4674 CORS filter was updated to better distinguish between CORS requests and Same-Origin requests with CORS headers.  This enables Chrome and Safari making Same-Origin requests to not be unexpectedly rejected by the CORS filter.

Removed Features

  1. NONE

Known Issues

  1. REP-5531 While the Scripting filter schema indicates support for several languages, the Ruby and Lua implementations have multithreading issues and should not be used in this version of Repose.
  2. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 8.2.0.0 (10/18/2016, API-Checker/Validation updates, inclusion of back-ported features)


Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. REP-2756 Added a new option for the transaction id header to write a secondary header that contains a plain text version of the request id.
  2. REP-4336 Added a new option in the header translation filter to overwrite the target header's value instead of just adding a new value for it.
  3. REP-4225 Added optional bypass URL to the filter chain definition. If the request matches the bypass regex the entire filter chain will be bypassed and the request will go as is to the origin service.
  4. REP-4172 Added cluster-specific container configuration
  5. REP-4445 Add header for method used to authenticate the user
  6. REP-4446 The API Validation filter now supports limiting requests by how the client was authenticated (e.g. 'RSAKEY', 'PASSCODE', etc.).
  7. REP-4030 The URI Stripper filter now supports removing values from JSON and XML requests.

Enhancements

  1. REP-4497 Valkyrie filter can now be bypassed for non-dedicated tenants using the pass-non-dedicated-tenant configuration option.
  2. REP-4127 Logging a more correct message for I/O exceptions that are caught in the PowerFilterRouterImpl
  3. REP-4319 The Distributed Datastore can now be configured to use a specific HTTP Connection Pool which also provides Client Authentication.
  4. REP-4395 The API-Checker library was updated to v2.0.2.
    1. The API Validation filter now supports XPath 3.1 in plain parameters.
    2. The API Validation filter supports the new rax:authenticatedBy extension.

Bug Fixes

  1. REP-3653 Keystone v2 filter no longer re-uses cached responses on retries to avoid receiving the same invalid information.
  2. REP-4491 Highly Efficient Record Processor (HERP) filter now supports logging requests with any HTTP method including OPTIONS.

Removed Features

  1. NONE

Known Issues

  1. REP-5531 While the Scripting filter schema indicates support for several languages, the Ruby and Lua implementations have multithreading issues and should not be used in this version of Repose.
  2. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 8.1.0.0 (8/17/2016, Client Authentication, Atom Feed Consumption)


Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. REP-3415 The Atom Feed Consumption Service now supports Bottom-to-Top (Reverse Read) order.
  2. REP-2163 The OpenStack Identity v3 filter now supports subscribing to an atom feed service for token cache invalidation.
  3. REP-4010 The URI Stripper filter now supports adding stripped values into an JSON response.
  4. REP-4029 The URI Stripper filter now supports adding stripped values into an XML response.

Enhancements

  1. REP-999 The OpenStack Identity v3 filter was updated to use JSON pathing when parsing the Identity response which enables Repose to use less memory and handle Identity v3 API updates more gracefully.
  2. REP-2669 The Response Messaging Service default config no longer alters its behavior.
  3. REP-3395 The Atom Feed Consumption Service now uses the HTTP Connection Pool service to manage connections to the feed source.
  4. REP-4143 The Valve Installation now supports the configuration of a Java Keystore as the Truststore to support SSL/TLS Client Authentication.
  5. REP-1572 The OpenStack Identity v3 filter now supports quality values for multiple project IDs.
  6. REP-4145 The HTTP Connection Pool service now supports the configuration of a Java Keystore to support SSL/TLS Client Authentication.
  7. REP-4262/REP-4323 The API-Checker library was updated to v2.0.1.
    1. The API Validation filter now follows the RFC-7234 recommendation of adding a Warning header when it modifies the body.

Bug Fixes

  1. REP-4123 The 'daemonize' package will no longer be required for CentOS installations if System V is not being used to start Repose.
  2. REP-2942 The 'No X-Subject-Token present' exception in the OpenStack Identity v3 filter now reports as DEBUG rather than ERROR.
  3. REP-3106 The original intent of the pre-authorized roles bypass mechanism was put in place so that it also includes the Endpoint check in addition to the Project ID check.

Removed Features

  1. NONE

Known Issues

  1. REP-5531 While the Scripting filter schema indicates support for several languages, the Ruby and Lua implementations have multithreading issues and should not be used in this version of Repose.
  2. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 8.0.1.0 (6/7/2016, New Jetty configs exposed, Valkyrie Auth Changes)


Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. NONE

New Features

  1. REP-3918 Exposed the idleTimeout and soLingerTime configuration items for Valve's Jetty container in the container.cfg.xml.
  2. REP-3844 The Versioning filter now has support for the JSON format used by Identity in addition to the previously supported format for Compute.
  3. REP-3649 The Valkyrie filter now supports passing along the users auth token instead of using valkyrie specific credentials.

Enhancements

  1. NONE

Bug Fixes

  1. NONE

Removed Features

  1. NONE

Known Issues

  1. REP-5531 While the Scripting filter schema indicates support for several languages, the Ruby and Lua implementations have multithreading issues and should not be used in this version of Repose.
  2. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. NONE

Release 8.0.0.0 (6/2/2016, Wrapper Replacement, Gradle build, Artifact Id Standardization, Namespace Removal)

Key Summary T Assignee P Status story points Resolved
Loading...
Refresh

Breaking changes 

  1. REP-2958 Updated the DEB WAR installation module to have the proper name which was used prior to v7.0.0.0 and will be used again from v8.0.0.0 forward.
    1. FROM: repose-deb-war_<VERSION>_all.deb 
    2. TO: repose-war_<VERSION>_all.deb 
  2. REP-3283 Removed the Client Authentication (client-auth-n) and Client Authorization (client-authorization) filters which were previously annotated as deprecated in favor of the new Keystone v2 filter (keystone-v2).
  3. REP-3420 Removed deprecated filters
    1. IP Identity filter has been removed. Please use IP User filter.
    2. Content Normalization filter has been removed. Please use Header Normalization filter and URI Normalization filter.
  4. REP-3167 Tracing Header configuration format has changed. Refer to System Model for more details.
  5. REP-3168 Default timestamp format in the SLF4J HTTP Logging filter was changed. Refer to SLF4J HTTP Logging filter for more details.
  6. REP-3169 Remove the internal namespace conversion for configuration files
  7. REP-3222 & REP-3166 Upgraded the Scala version from v2.10.3 to v2.11.7 in both the Repose baseline and our dependency API-Checker.
    1. This will require all custom filters written in Scala to be updated and rebuilt.
  8. REP-2700 The required minimum version of Java is now 8.
  9. REP-3317 When Repose is configured for SSL, TLS Renegotiation is no longer allowed by default.  Refer to SSL/TLS Termination Configuration for more details.
  10. REP-3123 The connection pool service logic has changed. With this change, a default connection pool must be configured. THIS MEANS THAT A http-connection-pool.cfg.xml FILE MUST EXIST, WHEREAS IT WAS NOT REQUIRED BEFORE. The service will always return a connection pool to be used, but will log a warning if the request connection pool does not exist.
  11. REP-3581 Deprecated configuration in the container configuration (container.cfg.xml) has been removed.
  12. REP-3274 The URI Identity filter has been renamed to the URI User filter. The System Model and URI User configuration will need to be updated.  Refer to Upgrade Repose for more details.
  13. REP-3640 The Header Identity filter was renamed to the Header User filter, and the Header Identity Mapping filter was removed.  Please use the Header Translation filter instead.
  14. REP-3279 The Versioning filter no longer takes a service-root element as configuration.
  15. REP-3393 The keystone-v2-auth filter no longer needs a path to be configured as part of the Identity service URI.
  16. REP-3404 The Rackspace Identity Basic Authentication filter was renamed to the Keystone v2 Basic Authentication filter.  The System Model and filter configuration will need to be updated.  Refer to Upgrade Repose for more details.
  17. REP-1618 The MutableHttpRequestWrapper and MutableHttpResponseWrappers (and associated classes) have been replace with the newer HttpServletRequestWrapper and HttpServletResponseWraper. The FilterDirector and FilterLogicHandlerDelegate classes have also been removed in favor of keeping filter code in the filter itself.
  18. REP-2836 Guava types are no longer return by the core API. This prevents the need to depend on Guava when using the core API.
  19. REP-3906 Keystone v2 filter is aware of roles associated with a tenant for a given token. Details about this new tenanted roles behavior can be found on the Keystone v2 filter page.
  20. REP-2741 Artifact ids have changed on most artifacts to be more standard and more descriptive.

New Features

  1. REP-3623 The Scripting filter enables users to write custom filters for Repose using a variety of scripting languages.
  2. REP-3743 The verify-try-it-now command in the Repose Lint utility now supports taking a role as an option.
  3. REP-3396 SystemD is now supported and is the preferred mechanism for starting and stopping Repose.
  4. REP-3842 The Body Patcher Filter allows the application of Json Patches to both the request and the response body. 
  5. REP-2741 Build is now based in gradle, and can be run without downloading the build tool via the gradle wrapper.

Enhancements

  1. REP-3629 The Header Translation filter now allows you to specify the quality of the headers being created by the filter.
  2. REP-3603 Updated the Saxon library from v9.4.0.9 to v9.5.1-8.
  3. REP-3003 The JAR's, EAR's, & WAR's now all contain the version number in the manifest along with the time/date of when they were built and who built them.

Bug Fixes

  1. REP-3573 Intra-filter Logging was updated to handle custom wrappers that don't support re-reading of the request and response bodies.
  2. REP-2470 Intra-filter Logging was updated to handle custom filters closing the request input stream prematurely resulting in a 500 to the client.  Now a warning is logged and processing continues as expected.
  3. REP-3734 Some schema assertions were not being properly checked.  These assertions are now being enforced and will prevent invalid configurations from being used.  This will result in clearer error messages when Repose starts.
  4. REP-3667 The URI Normalization filter was not always respecting the order of targets in configuration which was exacerbated when running Repose in a Java 8 JVM.  This has been fixed.
  5. REP-3838 The IP User filter wil now use the X-Forwarded-For header when it is in the request.

Removed Features

  1. NONE

Known Issues

  1. REP-5531 While the Scripting filter schema indicates support for several languages, the Ruby and Lua implementations have multithreading issues and should not be used in this version of Repose.
  2. Atom Feed Consumption Service is non-functional. Fixed in  REP-6977 - Getting issue details... STATUS

Deprecated Features

  1. The System V and Upstart scripts are deprecated and will be removed in a future release.