Kustvakt version 0.66

** Warning **

This release includes database change on OAuth2 access and refresh token tables, and Krill changes on index fingerprints, that may break previous installations. Existing cache built by client apps e.g. R-KorAP-Client should be removed and rebuilt.

New features

• a new admin API to remove invalid (expired and revoked) OAuth2 tokens

Updates

• Re-implemented admin filter
• Added foreign keys to the DB tables of access and refresh token scopes.

Library updates

• Bump nimbus-jose-jwt from 9.20 to 9.21 in /full by @dependabot in #338
• Bump maven-compiler-plugin from 3.10.0 to 3.10.1 in /full by @dependabot in #339
• Bump maven-compiler-plugin from 3.10.0 to 3.10.1 in /lite by @dependabot in #340
• Bump maven-compiler-plugin from 3.10.0 to 3.10.1 in /core by @dependabot in #341
• Bump flyway-core from 8.5.0 to 8.5.3 in /core by @dependabot in #342
• Bump unboundid-ldapsdk from 6.0.3 to 6.0.4 in /full by @dependabot in #346
• Bump flyway-core from 8.5.3 to 8.5.4 in /core by @dependabot in #345
• Bump mockserver-netty from 5.12.0 to 5.13.0 in /lite by @dependabot in #347
• Bump hibernate.version from 5.6.5.Final to 5.6.7.Final in /full by @dependabot in #348
• Bump mockserver-netty from 5.12.0 to 5.13.0 in /full by @dependabot in #349
• Bump spring.version from 5.3.16 to 5.3.17 in /core by @dependabot in #350
• Bump hibernate.version from 5.6.5.Final to 5.6.7.Final in /core by @dependabot in #351
• Bump joda-time from 2.10.13 to 2.10.14 in /core by @dependabot in #352
• Bump maven-shade-plugin from 3.2.4 to 3.3.0 in /lite by @dependabot in #354
• Bump maven-shade-plugin from 3.2.4 to 3.3.0 in /full by @dependabot in #355

Full Changelog: v0.65.1-release...v0.66-release

Kustvakt version 0.65.1

Introducing a new query parameter: show-tokens in the search API and a new web-service for retrieving field values of a virtual corpus.

New Features

• "show-tokens" option in the search API
• new web-service for retrieving field values, for instance text sigles of a virtual corpus (admin-only)

Library Updates

• Bump hibernate.version from 5.6.1.Final to 5.6.3.Final in /full by @dependabot in #297
• Bump hibernate.version from 5.6.1.Final to 5.6.3.Final in /core by @dependabot in #298
• Bump flyway-core from 8.0.5 to 8.3.0 in /core by @dependabot in #301
• Bump hibernate.version from 5.6.3.Final to 5.6.5.Final in /core by @dependabot in #317
• Bump slf4j-api from 1.7.33 to 1.7.35 in /core by @dependabot in #318
• Bump hibernate.version from 5.6.4.Final to 5.6.5.Final in /full by @dependabot in #319
• Bump nimbus-jose-jwt from 9.16-preview.1 to 9.18 in /full by @dependabot in #321
• Bump flyway-core from 8.4.2 to 8.4.4 in /core by @dependabot in #323
• Bump jetty.version from 9.4.44.v20210927 to 9.4.45.v20220203 in /core by @dependabot in #325
• Bump slf4j-api from 1.7.35 to 1.7.36 in /core by @dependabot in #326
• Bump maven-compiler-plugin from 3.9.0 to 3.10.0 in /lite by @dependabot in #327
• Bump maven-compiler-plugin from 3.9.0 to 3.10.0 in /core by @dependabot in #328
• Bump mockserver-netty from 5.11.2 to 5.12.0 in /full by @dependabot in #329
• Bump mockserver-netty from 5.11.2 to 5.12.0 in /lite by @dependabot in #330
• Bump json-smart from 2.4.7 to 2.4.8 in /core by @dependabot in #331
• Bump maven-compiler-plugin from 3.9.0 to 3.10.0 in /full by @dependabot in #332
• Bump flyway-core from 8.4.4 to 8.5.0 in /core by @dependabot in #333
• Bump spring.version from 5.3.15 to 5.3.16 in /core by @dependabot in #334
• Bump nimbus-jose-jwt from 9.18 to 9.20 in /full by @dependabot in #335

Full Changelog: v0.65-release...v0.65.1-release

v0.65-release

Kustvakt version 0.65

!!! SECURITY UPDATES
Please update all Kustvakt libraries, Krill to version 0.60.2 and Koral to version 0.38.1

Introducing a new cache mechanism.

New features:

• new cache mechanism replacing Ehcache
• retrieve KoralQuery of a virtual corpus
• list system virtual corpora

Changes to previous API

• removal of koralQuery from VC list
• removal of statistics from VC list

Library updates

• Bump flyway-core from 7.11.4 to 7.12.0 in /core by @dependabot in #229
• Bump nimbus-jose-jwt from 9.11.2 to 9.11.3 in /full by @dependabot in #230
• Bump nimbus-jose-jwt from 9.11.3 to 9.12 in /full by @dependabot in #233
• Bump flyway-core from 7.12.0 to 7.13.0 in /core by @dependabot in #234
• Bump flyway-core from 7.14.1 to 7.15.0 in /core by @dependabot in #248
• Bump spring.version from 5.3.9 to 5.3.10 in /core by @dependabot in #250
• Bump nimbus-jose-jwt from 9.13 to 9.14 in /full by @dependabot in #251
• Bump joda-time from 2.10.10 to 2.10.11 in /core by @dependabot in #252
• Bump nimbus-jose-jwt from 9.15 to 9.15.2 in /full by @dependabot in #255
• Bump joda-time from 2.10.11 to 2.10.12 in /core by @dependabot in #256
• Bump jetty.version from 9.4.43.v20210629 to 9.4.44.v20210927 in /core by @dependabot in #257
• Bump joda-time from 2.10.12 to 2.10.13 in /core by @dependabot in #278
• Bump hibernate.version from 5.5.7.Final to 5.6.1.Final in /core by @dependabot in #279
• Bump hibernate.version from 5.6.0.Final to 5.6.1.Final in /full by @dependabot in #280
• Bump flyway-core from 8.0.2 to 8.0.3 in /core by @dependabot in #281
• Bump flyway-core from 8.0.3 to 8.0.4 in /core by @dependabot in #282
• Bump spring.version from 5.3.12 to 5.3.13 in /core by @dependabot in #283

Full Changelog: v0.64-release...v0.65-release

Kustvakt version 0.64

Introducing a database migration of annotation tables, a more flexible cache configuration for named virtual corpora, OAuth2 client naming restrictions and some parameter changes.

Updates:

• Annotation data such as information on annotation layers, keys and values, are included in the database migration.
• Maximum cache heap and disk sizes can be setup in the kusvakt.conf file.
• OAuth2client names are restricted from using ambiguous characters.
• Ambiguous API parameter names e.g pertaining to super client properties, have been updated.
• Bugs fixes

Caveats:

This update is likely to break the database migration. Database should be backed up prior to the deployment. Some tables such as oauth2_client, oauth2_access_token, oauth2_access_token_scope may need to be dumped and restored to a new database.

Kustvakt version 0.63.1

Updates:

• Virtual corpus methods are generalized for query reference.
• "token type" and "client_id" have been added to the OAuth2 token list API response.
• Parameters referring to super client id and secrets have been updated for clarity.
• "client_type" has been added to the OAuth2 client list API response.
• Parameter "client_secret" has been removed from the OAuth2 client list API request.
• Parameter "redirectURI" has been altered to "redirect_uri" in OAuth2Client JSON definition.
• OAuth2 API responses and parameters in the error responses have been updated for coherence.
• Parameters "description" and "url" have been updated to "client_description" and "client_url" in the OAuth2 Client DTO for coherence.
• Bug fixes.

Kustvakt version 0.63

New features since 0.61.3:

• Introducing index version header
• Introducing docker
• Introducing query reference
• Added a new web-service for refreshing index and VC cache
• Added a web-service to obtain API info
• Added public metadata request in the search API
• Added pipe extension in search API
• Added support for multiple cq (corpusquery) parameters in search API
• Added OAuth2 token management via super client
• Added user setting management

Updates:

• Sample index has been updated

• Various updates in OAuth2 API including

  • removed URL requirement in client registration
  • removed client authentication from the client deregistration and client-secret reset APIs
  • added an admin API for clearing access token cache
  • added a web-service to list clients registered by a user
  • added a web-service to list active refresh tokens of a user

• Various updates in the user group API including

  • added user-group name pattern
  • replaced groupId with groupName and updated user group service paths
  • removed UserGroupJson

• Various updates in the virtual corpus API

  • added additional statistic figures to virtual corpus info API response
  • added users to hidden group when searching in a published VC

• KoralQuery in JSON responses is now unescaped

• cq is prefered to corpusQuery parameter in the statistic API

For more detailed information on changes, please look up the change log files.

Kustvakt version 0.61.3

New features:

• OAuth2 token revocation
• OAuth2 client secret reset
• OAuth2 super client
• Virtual corpus reference and rewrite
• REST API versioning
• Kustvakt server shutdown via HTTP Post request

Updates:

• Added field parameter to search controller
• Added highlight parameter to matchInfo controller

See detailed changes in the change log files.

Kustvakt full version 0.60.5

OAuth2 and OpenId authentication supports

New Features

• OAuth2 client registration
• OAuth2 authorization request
• OAuth2 request token with authorization code grant
• OAuth2 request token with password grant
• OAuth2 request token with client credentials grant
• OAuth2 authorization with OpenID Authentication
• Support for authorization scopes: search and match_info

Changes from previous release

• alterations of service API endpoints / URLs
• improved test settings for faster test suite runtime
• various bug fixes

Kustvakt full version 0.60.1

New features

• virtual corpus and user-group management for system admins
• user-group member role management

Changes

• added admin-related SQL codes
• updated AdminDao
• added optional username query parameter to group list controller
• added delete group member triggers
• added list user-group by username and status for system admin
• added user-group status in user-group DTO
• added check for hidden groups in user-group tests
• added database trigger test on deleting members when deleting group
• renamed VC type PREDEFINED to SYSTEM
• added VC list controller for system admin
• added VC controller tests with for system admin
• added hidden access removal when deleting published VC
• added check for hidden groups in VC controller tests
• added search user-group controller
• removed createdBy from VirtualCorpusJson
• moved member role setting from the invitation phase to the after-subscription phase
• added member role removal after deleting members
• added add and delete member role controllers

Bug fixes

• fixed non hierarchical URI causing kustvakt.conf is not found.