v2.15.2

• MODAT-167 Vert.x 4.5.8 fixing Netty form POST OOM CVE-2024-29025
• MODAT-166 Illegal base64 character 5f when decoding token with username with umlaut

v2.15.1

• MODAT-164 Quesnelia deps: Vert.x 4.5.4, log4j 2.23.0
• MODAT-163 Add tenantId to RouteApi response
• MODAT-159 allow.cross.tenant.requests=false to disable consortia options
• MODAT-160 When a token isn't present in a request, return 400 rather than 403

v2.15.0

Deploy failure

v2.14.1

MODAT-156 - Response head already sent for legacy token tenant feature

v2.14.0

Support for enhanced consortial support(ECS), finalization of refresh token rotation (RTR)

• MODAT-154 Update dependencies for Poppy
• MODAT-153 Check "error" in GET /_/tenant/ in AuthTokenTest
• MODAT-152 Create new token type DummyTokenExpiring
• MODAT-151 Implement enhanced security mode
• MODAT-149 Make RTR compatible with ECS
• Add running application in consortia mode locally without redeploying mod-authtoken
• MODAT-148 Allow cross tenant requests only when special system property variable presented
• MODAT-146 Update to Java 17
• MODAT-145 Use GitHub Workflows api-lint and api-schema-lint and api-doc
• MODAT-143 Provide ability to cross tenant requests for consortia members
• Use free port in test
• MODAT-133 Finalize refresh token backend
• MODAT-65 Configurable access/refresh token expiration

v2.13.0

• MODAT-142 Upgrade to vertx-lib 3.0.0, Vert.x 4.3.8
• MODAT-140 Upgrade dependencies (Vertx, log4j, okapi-common, nimbus-jose-jwt)

v2.12.0

• MODAT-134 Allow users interface 15.0 thru 16.0

v2.11.1

• MODAT-136 Fix Upgrade from 2.9.1 (Lotus) to 2.11.0 (Morning Glory) fails
• MODAT-137 Upgrade to Vert.x 4.3.3 fixing https for WebClient

v2.11.0

This is the first version of mod-authtoken that uses Postgresql storage.

• MODAT-132 Upgrade dependencies (folio-vertx-lib 2.0.0, Vert.x 4.3.1, ..
• MODAT-128 jwt.signing.key hint on BadSignatureException
• MODAT-126 Implement OpenAPI
• MODAT-123 Report "no token" when permission required and token missing
• MODAT-125 Update dependencies (CVE-2021-27568, CVE-2021-31684)
• MODAT-112 Implement access token expiration and refresh token rotation
• MODAT-110 Implement token persistent store

v2.10.0

Fixes:

• MODAT-122 Vert.x 4.2.4, Log4j 2.17.1
• MODAT-108 Bad error message: out of bounds exception

Improvements:

• MODAT-120 Define permissions auth.signtoken, auth.signrefreshtoken
• MODAT-118 Clear permission cache when user logs in
• MODAT-117 Redundant web service request
• MODAT-109 Implement new token types