Skip to content

Releases: membrane/api-gateway

v5.8.8

07 May 16:10
@rrayst rrayst
v5.8.8
e6559c8
Compare
Choose a tag to compare
v5.8.8

Change:

  • <oauth2Resource2>: In case of 'CSRF token mismatch.', log both tokens being compared to aid in analysis of root cause
  • <oauth2Resource2>: Log if stored token gets overwritten after successful login
Loading

v5.5.14

07 May 16:10
@rrayst rrayst
v5.5.14
7d41517
Compare
Choose a tag to compare
v5.5.14

Change:

  • <oauth2Resource2>: In case of 'CSRF token mismatch.', log both tokens being compared to aid in analysis of root cause
  • <oauth2Resource2>: Log if stored token gets overwritten after successful login
Loading

v5.8.6

06 May 08:05
@rrayst rrayst
v5.8.6
063e502
Compare
Choose a tag to compare
v5.8.6

Change:

  • <oauth2Resource2>: Split 'CSRF token mismatch.' into 3 separate error cases. Enable usage of afterErrorUrl also for these 3 error cases.
Loading

v5.5.13

06 May 08:46
@rrayst rrayst
v5.5.13
c9a633a
Compare
Choose a tag to compare
v5.5.13

Change:

  • <oauth2Resource2>: Split 'CSRF token mismatch.' into 3 separate error cases. Enable usage of afterErrorUrl also for these 3 error cases.
Loading

v6.0.5

21 Mar 08:15
@rrayst rrayst
v6.0.5
3916180
Compare
Choose a tag to compare
v6.0.5 Latest
Latest

Fixes:

  • ACME: fixed fileStorage lock management
  • Remove headers wanting to upgrade HTTP/1.1 to HTTP/2 (RFC7540), as they have been removed in the superseeding RFC9113. This allows medium aged HTTP clients (like the Java built in one) to work.

A few breaking changes were introduced starting with version 6.0.0; please refer to the Migration Guide for required updates.

Please let us know, if you have any suggestions for improvement.

Assets 4
Loading

v5.8.5

15 Mar 17:20
@rrayst rrayst
v5.8.5
8dbdf94
Compare
Choose a tag to compare
v5.8.5

Fixes:

  • ACME: fixed fileStorage lock management
Loading

v5.8.4

14 Mar 19:00
@rrayst rrayst
v5.8.4
3d0b2d4
Compare
Choose a tag to compare
v5.8.4

Fixes:

  • upgrade json-smart library to avoid CVE-2024-57699, a Denial of Service affecting everyone using JSONPath (see #1725 for details) (@precoder)

Improvements:

  • ACME: more DEBUG logging (@rrayst)

Contributors

rrayst and precoder
Loading

v5.8.3

13 Mar 10:46
@rrayst rrayst
v5.8.3
eb93b0d
Compare
Choose a tag to compare
v5.8.3

Fixes:

  • backport of workaround for "finalizing ACME orders returns 'already finalized'", even on first finalization call
Loading

v6.0.4

12 Mar 12:22
@rrayst rrayst
v6.0.4
a06acb2
Compare
Choose a tag to compare
v6.0.4

Fixes:

  • SPeL support for ${body}
  • upgraded dependencies
  • <log body="true"/>: also log non-text/non-JSON/non-XML body
  • improved error message on <oauth2Resource2> misconfiguration

Features:

  • <adminApi/>

A few breaking changes were introduced in version 6.0.0; please refer to the Migration Guide for required updates.

Loading

v6.0.3

06 Mar 12:53
@rrayst rrayst
v6.0.3
7e43774
Compare
Choose a tag to compare
v6.0.3

Fixes

  • reenabled full body logging of internal OAuth2 communication (when logging for com.predic8.membrane.core.interceptor.oauth2client.rf.LogHelper is set to DEBUG)

A few breaking changes were introduced in version 6.0.0; please refer to the Migration Guide for required updates.

Loading