Commit 1cb39933 authored by cdanger's avatar cdanger

Merge branch 'master' into develop

parents 89493b9f c42844d2
......@@ -3,9 +3,27 @@ All notable changes to this project are documented in this file following the [K
## Issue references
- Issues reported on [GitHub](https://github.com/authzforce/core/issues) are referenced in the form of `[GH-N]`, where N is the issue number.
- Issues reported on [OW2's JIRA](https://jira.ow2.org/browse/AUTHZFORCE/) are referenced in the form of `[JIRA-N]`, where N is the issue number.
- Issues reported on [OW2's GitLab](https://gitlab.ow2.org/authzforce/core/issues) are referenced in the form of `[GL-N]`, where N is the issue number.
## 14.0.0
### Changed
- [GH-28]: simplified the PolicyProvider model, i.e. changed the following:
- **PDP configuration format** (XML Schema 'pdp.xsd') v7.0.0 (more info in [migration guide](MIGRATION.md) )
- Replaced 'refPolicyProvider' and 'rootPolicyProvider' XML elements with 'policyProvider' and 'rootPolicyRef'.
- StaticRootPolicyProvider and StaticRefPolicyProvider XML types replaced by one StaticPolicyProvider type.
- **PolicyProvider extension API** (interfaces):
- Upgraded core-pdp-api dependency version: 16.0.0 (more info in [core-pdp-api's changelog](https://github.com/authzforce/core-pdp-api/blob/develop/CHANGELOG.md#1600) ):
- Replaced CloseableRefPolicyProvider and BaseStaticRefPolicyProvider classes with CloseablePolicyProvider and BaseStaticPolicyProvider
- pdp-testutils module's dependency 'jackson-databind' upgraded to v2.9.10 (CVE fix)
### Fixed
- CVE-2019-14439
### Added
- Support for **Multiple Decision Profile when used with XACML/JSON Profile** (JSON input)
## 13.3.1
### Fixed
- CVE affecting Spring v4.3.18: upgraded dependencies to depend on
......@@ -55,7 +73,7 @@ properties and environment variables (enclosed between '${...}') with default va
- authzforce-ce-xacml-json-model: 2.0.0
### Fixed
- Fixed #13: changed pdp-testutils module's dependencies:
- [GH-13]: changed pdp-testutils module's dependencies:
- mongo-java-driver: 2.14.12 -> 3.5.0
- jongo: 1.3.0 -> 1.4.0
......
## Migration from v13.x to v14.x
- Make sure all your custom PolicyProviders implement the new PolicyProvider interfaces, i.e. BaseStaticPolicyProvider or, as fallback option, CloseableStaticPolicyProvider
- Modify the PDP configuration (XML):
- Merge 'rootPolicyProvider' and 'refPolicyprovider' into one 'policyProvider' using the new 'StaticPolicyProvider' type if you were using 'StaticRefPolicyprovider' or 'StaticRootPolicyProvider', else your new custom PolicyProvider types if you were using custom ones.
- Add 'rootPolicyRef' element with policyId of the root policy.
\ No newline at end of file
......@@ -36,7 +36,7 @@
<!-- Fix CVE-2018-1000873 on Jongo dependency -->
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.9.8</version>
<version>2.9.10</version>
</dependency>
<dependency>
<groupId>org.jongo</groupId>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment