Upcoming Release 9.1.0.0 (2019-??-??)

  • Enhancement | REP-7966 - Added option to System Model to allow a header value to be URL encoded before being sent to the origin service.

  • Enhancement | REP-7954 - Updated dependencies:

    • Jackson: 2.9.9 → 2.9.10

Integrators

  • Breaking Change | REP-6825 - Scala and all dependent libraries upgraded to 2.12 versions.

    • Akka: 2.4.20 → 2.5.23

    • Akka Http: 1.0 → 10.1.8

    • API Checker: 2.7.0 → 2.8.0

    • Diffson: 2.0.1 → 2.2.6

    • Gattling JsonPath: 0.6.4 → 0.6.10

    • Http Delegation: 4.0.0 → 5.0.0

    • Play Json: 2.5.2 → 2.7.4

    • Scala: 2.11.12 → 2.12.8

    • Scala Logging: 2.1.2 → 3.9.2

    • Scala Test: 2.2.0 → 3.0.8

    • Scopt: 3.2.0 → 3.7.1

9.0.1.0 (2019-06-24)

  • New | REP-7786 - Added the HTTP Logging Service.

  • New | REP-7600 - Added the OpenApi Validator Filter.

  • Bug Fix | REP-7608 - Fixed bug where Repose was acting like it was sending content when the body was empty and chunked encoding was on.

  • Bug Fix | REP-7663 - Fixed a file contention issue between Repose processes in the EAR unpacking logic.

  • Enhancement | REP-7391 - Updated dependencies:

    • Jetty: 9.4.8.v20171121 → 9.4.14.v20181114

  • Enhancement | REP-7150 - Added OWASP security dependency checking to the build.

    • Updated dependencies:

      • Akka: 2.3.12 → 2.4.20

      • Apache Commons: 3.3.2 → 3.8.1

      • Apache Thrift: 0.9.2 → 0.10.0

      • API Checker: 2.6.1 → 2.7.0

      • Groovy: 2.4.3 → 2.4.15

      • Guava: 18.0 → 27.0.1-jre

      • Jackson: 2.8.9 → 2.9.8

      • JRuby: 1.7.24 → Removed

      • Jython: 2.7.0 → 2.7.1

      • Scala Reflect: Undetermined → 2.11.12

      • Spring: 4.1.4.RELEASE → 4.3.21.RELEASE

  • Enhancement | REP-7775 - Move completely to the Jayway JSON Path library and away from the abandoned play-jsonpath.

    • Updated dependencies:

      • Jayway JSONPath: 2.2.0 → 2.4.0

  • Enhancement | REP-7539 - Updated Docker containers to use the built packages instead of depending on the package repo.

9.0.0.0 (2019-01-31)

  • Bug Fix | REP-7310 - Fixing the IllegalArgumentException thrown by the HERP Filter when incorrectly attempting to decode query parameters.

  • Bug Fix | REP-7387 - The IP User filter now returns a 400 when the X-Forwarded-For header contains a bad value.

  • Enhancement | REP-7386 - Added support for the upgrade_account account-level permission in the Valkyrie Authorization Filter.

  • Enhancement | REP-7519 - Added support for proxies to the HTTP Client Service.

  • Enhancement | REP-6379 - Updated the recommended SSL Protocol and Cipher lists and clarified this in the in the Container documentation.

  • Enhancement | REP-7534 - Updated all repository references to the new location.

  • Enhancement | Breaking Change | REP-6603 - Added support for multiple capture groups to the URL Extractor to Header Filter.

  • Enhancement | Breaking Change | REP-6663 - Added support for forwarding the response status line reason phrase from the origin service.

  • Enhancement | Breaking Change | REP-5147 - The Header Normalization filter now evaluates all targets not just the first to match.

  • Enhancement | Breaking Change | REP-3589 - Rewrote the HTTP Client Service.

    • Redesigned the HTTP Client Service API.

    • Moved the chunked-encoding configuration from the HTTP Client Service configuration to the System Model configuration.

    • Removed the http.connection.max-status-line-garbage configuration attribute.

    • Updated HTTP Components dependencies:

      • httpclient: 4.5.3 → 4.5.6

      • httpcore: 4.4.6 → 4.4.10

    • Migrated deprecated client parameter configuration to client builder configuration.

    • Instrumented HTTP clients to report certain metrics via the Metrics Service.

    • Removed the akka-http-client-service.

    • Removed the ServiceClient utility.

    • Removed the HttpComponentFactory utility.

    • Removed part of the RequestProxyService API.

    • Moved the HTTP request method check to the beginning of processing rather than just before proxying the request. As a result, Repose will reject requests with an unsupported HTTP method before any filter processing can occur.

      • Updated the HTTP response status code returned for a request with an unsupported method from a 500 to a 405.

  • Enhancement | Breaking Change | REP-7231 - Switching over to new filter, filter chain, and servlet classes.

    • Many unused and deprecated classes have been removed.

    • The Scripting Filter has been moved from the repose-experimental-filter-bundle to the repose-filter-bundle.

    • Filter activation has been made more dynamic.

    • Headers are no longer automatically split.

    • Headers with an empty value are now supported and will not be removed from requests/responses.

      • When querying rate limits via the the Rate Limiting Filter, an Accept header with an empty value will now result in a 406 response rather than a response of the default Content-Type: application/json.

    • A bug causing multiple OpenTracing headers (i.e., uber-trace-id) with potentially different values to be forwarded on the request to the origin service has been fixed. Now only a single OpenTracing header will be forwarded.

  • Enhancement | Breaking Change | REP-7490 - Cleaning up some log messages in pursuit of more meaningful logging.

    • Changing the org.eclipse.jetty logger level from off to warn in the default log4j2.xml configuration file.

    • Removing a log event with a message including Repose Devs might care about this trace by the org.openrepose.commons.config.parser.jaxb.JaxbConfigurationParser logger.

    • Changing the log level of events relating to unpacking artifacts by the org.openrepose.commons.utils.classloader.EarClassProvider logger from debug to trace.

  • Breaking Change | REP-4992 - Removed ambiguous setting for chunked encoding options on HTTP Client/Connection Pool Service.

  • Breaking Change | REP-7201 - The Rackspace Auth User, SAML Policy Translation, and Attribute Mapping Policy Validation filters were removed and placed in their own bundle.

  • Breaking Change | REP-5326 - Removed the deprecated via attribute from the Container configuration.

  • Breaking Change | REP-7338 - The WAR deployment was removed as an option.

  • Breaking Change | REP-4990 - Removed deprecated cache attributes from the OpenStack Identity v3 Filter.

    • Cache timeouts are now defined in seconds rather than milliseconds.

  • Breaking Change | REP-7428 - Removed support for URI-based tenant validation in the Keystone v2 Authorization Filter and Keystone v2 Filter.

  • Breaking Change | REP-4993 - Flush output filter was removed.

  • Breaking Change | REP-7314 - Removed support for system model clusters.

  • Breaking Change | REP-7486 - Removed the Response Messaging Service and documented a replacement solution.

  • Breaking Change | REP-7391 - Removed the soLingerTime attribute from the Container configuration.

8.10.0.0 (2018-08-27)

  • REP-6969 - Added support for more expressive filter determination in the System Model using boolean operators.

  • REP-7135 - Improved the artifact deployment strategy to handle multiple Repose instances running concurrently.

  • REP-7096 - Updated the ReposeRoutingServlet to be able to actually route requests.

  • REP-7128 - Updated the performance tests so that they have a more standard layout, and more fully allow integration in the IDE.

  • REP-7009 - Updated the intrafilter-logging debugging mechanism in preparation for v9.0.0.0 changes.

8.9.1.0 (2018-07-03)

8.9.0.1 (2018-06-08)

  • REP-7054 - IP User filter - support to use X-Forwarded-For header for X-PP-Groups

8.9.0.0 (2018-06-06)

8.8.4.0 (2018-04-23)

8.8.3.0 (2018-03-30)

  • REP-6654 - Added OpenTracing support.

  • REP-6674 - Switching usages of LazyLogging over to StrictLogging.

8.8.2.0 (2018-03-23)

  • REP-6588 - Updated the commitToResponse method of the HttpServletResponseWrapper to avoid writing headers or the body when an error has been sent. This should fix an issue with certain servlet containers where an IllegalStateException is thrown when calling commitToResponse after both writing to the output stream and calling sendError on the wrapped response.

  • REP-6628 - Updated dependencies:

  • REP-6550 - Update the Valkyrie Filter to care about quality when selecting a tenant ID for talking to the Valkyrie service.

  • REP-6604 - Update the Valkyrie Filter to add roles to the X-Map-Roles header when role translation is configured.

  • REP-6448 - Updated the Simple RBAC filter to support Multi-Tenant.

  • REP-6710 - Removed the custom String Utilities in favor of the standard Apache Commons Lang version already in use elsewhere.

8.8.1.0 (2018-02-15)

8.8.0.0 (2018-02-05)

8.7.3.0 (2017-11-17)

8.7.2.0 (2017-11-01)

8.7.1.0 (2017-10-25)

8.7.0.2 (2017-10-04)

  • REP-6162 - Updated the Keystone v2 get IDP call to support the field name change from approvedDomains to approvedDomainIds.

8.7.0.1 (2017-09-28)

8.7.0.0 (2017-09-26)

  • REP-5939 - Added support for, and began publishing, a CentOS-based Docker image.

  • REP-5766 - Updated Dockerfile to run Repose as the repose user.

  • REP-5767 - Updated Dockerfiles to simplify usage of JAVA_OPTS.

  • REP-5985 - Updated the Jackson version from v2.4.0 to v2.8.9 to correct some library mismatch issues.

  • REP-5315 - Updated Spring-managed bean names in JMX to be consistent with metric beans.

  • REP-5885 - Fixed the bug where an Error during processing would result in a 200 response from Repose.

  • REP-6050 - Update Contact Us page information across all the documentation.

  • REP-5261 - Confirmed the Translation filter will allow 100,000 Entity Expansions and updated the documentation accordingly.

  • REP-6098 - Updated the SAML Policy Translation filter to allow multiple locations for default values in an effort to support multiple Identity Providers (IDP’s).

  • REP-6001 - Updated dependencies:

  • REP-5994 - Brought the Tenant Culling Filter into the main filter bundle.

  • REP-5727 - Extracted trace ID logging to its own named logger.

    The org.openrepose.powerfilter.PowerFilter.trace-id-logging Logger in your Log4j2 configuration will determine the logging behavior for trace ID logging. If the org.openrepose.powerfilter.PowerFilter.trace-id-logging Logger has not been configured, it will inherit the org.openrepose.powerfilter.PowerFilter logger’s configuration.

8.6.3.0 (2017-08-15)

As part of this correction, any configurations that were taking advantage of this lack of validation will cease to function.

  • REP-5748 - Updated the Phone Home Service to correct a bug that was preventing the message from actually reaching back.

  • REP-5823 - Updated the Keystone v2 Filter to support multiple Java Regular Expressions for URI tenant extraction.

  • REP-5853 - Updated the SAML Policy Translation Filter and Attribute Mapping Policy Validation Filter to recover support for XML and JSON (which was removed in 8.6.2.0 (2017-06-13)).

  • REP-5617 - Updated the the internal HTTP Servlet Response Wrapper to log a WARNING when addHeader, addIntHeader, addDateHeader, or appendHeader is called after the response has been committed.

This message is logged to a separate logger and can be disabled by adding the following to the log4j2.xml:

<Logger name="org.openrepose.commons.utils.servlet.http.HttpServletResponseWrapper_addHeaderWarning" level="off"/>
  • REP-5521 - Updated the API Checker library from v2.2.1 to v2.3.0.

  • REP-5940 - Updated the attribute-mapper library from v1.2.0 to v1.3.0.

  • REP-3502 - Confirmed the correct use of the default ALL HTTP Method in all of the configuration files.

8.6.2.0 (2017-06-13)

  • REP-5757 - Updated the SAML Policy Translation Filter to utilize YAML policy files.

    • Updated the attribute-mapper library from v1.1.1 to v1.2.0 to bring in the YAML updates made in REP-5632

  • REP-5592 - Updated the Attribute Mapping Policy Validation Filter to only work for YAML bodies.

  • REP-5694 - Updated the Valkyrie Authorization Filter versioned docs to point to the current Valkyrie service documentation.

8.6.1.1 (2017-06-08)

  • REP-5520 - Updated the Keystone v2 Filter to provide the token cache key, and to generally handle 401 - Unauthroized responses.

  • REP-5347 - Updated the Attribute Mapping library from v1.0.2 to v1.1.1.

  • REP-5595 - Updated the Attribute Mapping Policy Validation Filter to utilize new Attribute Mapping library features for cleaner JSON validation.

8.6.0.0 (2017-06-02)

8.5.0.1 (2017-04-14)

  • REP-4024 - The Header Normalization Filter updated to include removing headers on the Response.

  • REP-3901 - The Debian and RPM Repose Valve and WAR artifacts will now create the repose user and group even if the configuration files are already present.

  • REP-5130 - Rackspace Auth User Filter now gives a more specific and quieter log message when it runs into a non-xml or non-json content type.

  • REP-4754 - The Rate Limiting Filter now returns a 406 if a user requests limits with an unsupported media type in the Accept header.

  • REP-4725 - Repose will no longer add a Server header to responses from neither the main endpoint nor the Dist-Datastore endpoint.

  • REP-5204 - The Metrics Service library has been updated from Yammer v2.2.0 to Dropwizard v3.2.0. The service interface has also been modified to provide a simpler, more flexible experience.

    As part of the upgrade, some metric names reported by various components have been changed. Furthermore, all metrics reported to JMX via the Metrics Service now follow a new naming scheme. Due to a technical issue with the new version of the metric library, EHCache metrics are no longer being reported, but there is planned work to restore them. See Metrics Service for details on the metrics currently being reported.

  • REP-5214 - The Via header configuration has been expanded in a backwards compatible way. However, there were some internal contract changes with the Via and Location header builders, but they should not affect any custom filters.

  • REP-4465 - Certain enums provided by Repose have been replaced by classes holding the same constant values.

8.4.1.0 (2017-02-24)

  • REP-5101 - SAML Policy Translation Filter now allows un-encoded application/xml requests in addition to the previous application/x-www-form-urlencoded requests.

8.4.0.2 (2017-02-21)

8.4.0.1 (2017-02-04)

  • REP-4795 REP-4831 - the SAML Policy Translation Filter has been released!

  • REP-4653 - The Rackspace Auth User Filter updated to read request body of Forgot Password request to get the username and the Highly Efficient Record Processor (HERP) Filter was updated to get X-User-Name from response headers.

  • REP-4928 - The Keystone v2 Filter will now return a 401 if self-validating tokens are being used and the Identity service responds with a 401.

  • REP-4841 - A more unique ID will be used for User Access Events (UAE) in support of Cloud Auditing Data Federation (CADF).

  • REP-4867 - The Valkyrie Authorization Filter now supports multiple Character Encoding schemes.

  • REP-4954 - Added support for Form Encoded requests (Content-Type: application/x-www-form-urlencoded).

  • REP-4880 - Internal utility classes JCharSequence and MessageDigester were removed.

  • REP-4892 - Versioned searching of these docs has been fixed.

  • REP-4999 - Leading and trailing whitespace in directory values in the container.cfg.xml file are now ignored.

8.3.0.1 (2016-12-13)

  • REP-4764 - sendError in the response wrapper will now call sendError on the underlying response when appropriate.

Prior Releases