What's Changed
- chore: revert nightly by @moabu in #14069
- fix(jans-cedarling): fix race condition in shutdown by @SafinWasi in #14076
- docs: add JARM doc by @ossdhaval in #13969
- docs(OIDC feature): created documentation for CIBA #4733 by @yuriyz in #14077
- fix(jans-auth-server): added request_uri validation in AuthorizeAction.getRequestedClaims by @yuriyz in #14086
- fix(config-api):audit endpoint changes by @pujavs in #14027
- fix(jans-cedarling): problem with normalizing token iss by @olehbozhok in #14084
- fix: remove gradle/wrapper/gradle-wrapper.jar from android projects by @duttarnab in #14089
- perf(jans-cedarling): optimize string types, logging path and entity serialization by @dagregi in #14090
- fix(jans-cedarling): remove outdated fields in Cedarling docs by @olehbozhok in #14096
- fix(jans-auth-server): escaped postLogoutUri in EndSessionUtils by @yuriyz in #14103
- fix(docs): OIDC consent by @ossdhaval in #14017
- fix(jans-fido2): align surefire JUnit engine version with jans-bom by @imran-ishaq in #14085
- feat(jans-cedarling): reject non-HTTPS issuer URLs at JWT fetch by @tareknaser in #14102
- perf(jans-cedarling): replace RwLock with ArcSwap to reduce lock contention by @dagregi in #14108
- fix(jans-auth-server): added validation for sector_identifier_uri in RedirectionUriService by @yuriyz in #14111
- fix(docs): fix incorrect placeholder by @ossdhaval in #14118
- feat(jans-cedarling): Synchronize JWT bootstrap defaults & enforce strict validation as default by @olehbozhok in #14098
- chore: avoid reloading attributes per user retrieval by @jgomer2001 in #14121
- feat(jans-cedarling): add CEDARLING_JWT_STATUS_LIST_REFRESH_INTERVAL_MAX bootstrap property by @olehbozhok in #14106
- ci: publish to PYPI by @moabu in #14116
- docs: add lost OpenSearch plugin entry by @jgomer2001 in #14129
- feat(jans-fido2): add Fido2MetricsConstants unit tests by @imran-ishaq in #14095
- fix: correct urls in Chart.yaml and README by @misba7 in #14146
- feat(jans-auth-server): how to test interception scripts? - sample unit test and docs #12663 by @yuriyz in #14147
- fix(cloud-native): regression after k8s python client upgraded to v36 by @iromli in #14157
- chore(cloud-native): update OCI image dependencies by @iromli in #14159
- ci: SLSA L3 by @moabu in #14152
- feat(jans-cedarling): warn at startup when JWT sig or status validation is disabled by @tareknaser in #14141
- feat(cedarling): Support static bearer token presentation for Lock Server API authorization by @yurem in #14151
- feat(cedarling): update cedarling-java build by @yurem in #14161
- refactor(jans-cedarling): replace explicit MemoryLogger eviction with SparKV earliest-expiration policy by @haileyesus2433 in #14162
- feat(jans-cedarling): remove wheel dependency from sidecar by @SafinWasi in #14125
- feat(jans-auth-server): added User Info JWT to Token Status List #14007 by @yuriyz in #14163
- feat: sync test-cases and README of java binding as per new policy store by @duttarnab in #14165
- perf(jans-cedarling): reduce clones through Arc sharing by @dagregi in #14173
- fix(jans-cedarling): disable token cache when max TTL is zero by @pradhankukiran in #14166
- fix(jans-pycloudlib): check if combined multi-parts secret already a valid JSON string by @iromli in #14183
- fix: improve OpenSSF scorecard security posture by @mo-auto in #14187
- fix(cloud-native): update pycloudlib to handle invalid multi-parts secret by @iromli in #14191
- feat(jans-lock): update integration with jans-lock and add integration tests by @yurem in #14169
- feat(jans-fido2): add JUnit 5 coverage for UserMetricsUpdateRequest DTO by @imran-ishaq in #14138
- feat(jans-fido2): fix test dependecies by @yurem in #14196
- feat(jans-cedarling): cap HTTP response body size on every remote fetch by @tareknaser in #14168
- chore: sync tarp with the latest cedarling changes by @duttarnab in #14182
- chore(jans-cedarling): improve wasm optimization build flags by @olehbozhok in #14202
- fix(jans-fido2): align AppleAttestationProcessorTest mocks with getAp… by @imran-ishaq in #14198
- ci: publish Java artifacts to GitHub Packages + Releases (jenkins offboarding A) by @mo-auto in #14199
- ci: repoint artifact consumers off jenkins/maven.jans.io to GitHub (offboarding B) by @mo-auto in #14210
- build: migrate Maven deps off jenkins/maven.jans.io to Central + Packages (offboarding B3) by @mo-auto in #14212
- test(jans-fido2): add JUnit 5 coverage for Fido2MetricsData DTO by @imran-ishaq in #14139
- fix(ci): build cedarling uniffi native lib in build-test (unblock nightly) by @mo-auto in #14218
- docs: refactor navigation for quick start guides by @ossdhaval in #14216
- ci: chain nightly/release pipeline via workflow_run (offboarding C) by @mo-auto in #14215
- fix(ci): publish agama-inbound jar so the auth-server image can build by @mo-auto in #14228
- fix(ci): clean leftover draft nightly releases before recreating by @mo-auto in #14229
- fix(docker-fido2): retry external cert/MDS downloads to survive transient errors by @mo-auto in #14230
- fix(docker-fido2): make FIDO MDS TOC seed download best-effort by @mo-auto in #14232
- docs(jans-cedarling): fix per-file trusted-issuer format by @tareknaser in #14209
- fix: treat secret as in rfc4226 by @jgomer2001 in #14237
- ci(jans-cedarling): upgrade OPA version by @SafinWasi in #14241
- feat(jans-fido2): add Fido2UserMetrics rate-calculation unit tests by @imran-ishaq in #14193
- Update ExternalResourceOwnerPasswordCredentialsService.java by @ayushjain0702 in #14149
- fix(cedarling-flask-sidecar): regenerate uv.lock to sync python-dotenv specifier by @mo-auto in #14250
- ci(docker): split all-in-one into post-matrix job, exclude shibboleth from build_all by @mo-auto in #14252
- feat(jans-cedarling): make Cedar schema optional by @olehbozhok in #14214
- feat(jans-cedarling): updating policies from URL by ttl by @haileyesus2433 in #14174
- feat(jans-cedarling): Cedarling PostgreSQL Extension by @haileyesus2433 in #13856
- ci(docker): pass JANS_SOURCE_VERSION as build-arg from current commit SHA by @mo-auto in #14269
- fix(jans-auth-server): p-256 signature happens with X or Y curve being less than 32 bytes, breaking RFC 7518 §6.2.1.2 by @ayushjain0702 in #14256
- ci: run the Java integration test-suite on GitHub against AIO (jenkins offboarding D) by @mo-auto in #14225
- fix(cloud-native): unable to generate auth keys by @iromli in #14275
- ci: remove docker-jans-monolith (jenkins offboarding E) by @mo-auto in #14277
- ci: final jenkins.jans.io / maven.jans.io reference cleanup (jenkins offboarding F) by @mo-auto in #14314
- test(jans-auth-server): improved ECDSAPublicKeyTest by @ayushjain0702 in #14317
- ci: drop the last jenkins.jans.io reference (offboarding follow-up) by @mo-auto in #14316
- fix!(jans-cedarling): default entities can be silently overridden by request-supplied entities by @olehbozhok in #14258
- fix(jans-cli-tui): typo in auidit logs search by date by @devrimyatar in #14323
- fix(jans-cedarling): update Cedarling build triggers to workflow_run by @haileyesus2433 in #14328
- The FIDO Alliance conformance suite expects every attestation/assertion by @imran-ishaq in #14265
- docs: fix typography by @SafinWasi in #14330
- fix(config-api): config-api fido2 metrics parameter null check by @pujavs in #14274
- Fix(jans fido2) cosmetic error message grammer fix by @ayushjain0702 in #14334
- fix(ci): resolve go-vet PR-check failures by @mo-auto in #14340
- feat(jans-cedarling): improve policy store URI detection using content-type by @dagregi in #14201
- feat(jans-tarp): add Claude and Ollama LLM providers from AI assistant; remove Gemini and DeepSeek by @duttarnab in #14331
- perf(jans-cedarling): zero-copy JSON marshal via goccy/go-json by @dagregi in #14348
- fix(ci): by passing the pgrx-managed pg_config explicitly so the matrix version is the only one active. by @haileyesus2433 in #14346
- fix(jans-cedarling): fix collection of cedarling-java binding jar in the Janssen Build and Publish script by @duttarnab in #14359
- docs(jans-cedarling): use iss not issuer in attribute checklist by @tareknaser in #14361
- docs: add request object doc by @ossdhaval in #14126
- feat(jans-auth-server): add support for Identity Assertion JWT Authorization Grant #14142 by @yuriyz in #14178
- fix(jans-linux-setup): typo fix identity_assertion_identity_assertion -> identity_assertion_identityassertion by @yuriyz in #14367
- ci: manual release-trigger, terraform-provider AIO tests, provider spec sync by @mo-auto in #14355
- Enforce the WebAuthn assertion checks during verification by @imran-ishaq in #14267
- feat(jans-cedarling): support splitting Cedar schema across multiple files by @olehbozhok in #14259
- feat(cloud-native): sync identity assertion templates by @iromli in #14370
- fix(ci): suffix release image tags and sync Cargo.lock on bump by @mo-auto in #14373
- fix(jans-fido2): reject Apple attestation without x5c by @imran-ishaq in #14273
- fix(ci): config-api release URL, flask-sidecar uv.lock, tf-authz post-build by @mo-auto in #14381
- fix(ci): purge the deploy target version so a re-release overwrites (409) by @mo-auto in #14389
- refactor(jans-cedarling): consolidate refresh metrics, remove authz duplication, and optimize refresh rebuilds by @haileyesus2433 in #14362
- fix(ci): all-in-one re-run poll + build release packages from the tag by @mo-auto in #14392
- fix(ci): build all-in-one on the release/nightly chain (was silently skipped) by @mo-auto in #14394
- fix(ci): all-in-one poll needs actions:read (was silently 403 → timeout) by @mo-auto in #14399
- fix(ci): give the all-in-one poll a GH_TOKEN (was failing every gh api call) by @mo-auto in #14401
New Contributors
- @ayushjain0702 made their first contribution in #14149
Full Changelog: v2.1.0...v2.2.0