Merge branch 'master' into develop

1cb39933 · cdanger · 89493b9f · c42844d2 · 1cb39933 · 1cb39933
Commit 1cb39933 authored Oct 27, 2019 by cdanger
Hide whitespace changes
Inline Side-by-side

Showing with 26 additions and 3 deletions

CHANGELOG.md CHANGELOG.md +20 -2

MIGRATION.md MIGRATION.md +5 -0

pdp-testutils/pom.xml pdp-testutils/pom.xml +1 -1

No files found.
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,9 +3,27 @@ All notable changes to this project are documented in this file following the [K

 ## Issue references
 - Issues reported on [GitHub](https://github.com/authzforce/core/issues) are referenced in the form of `[GH-N]`, where N is the issue number. 
- Issues reported on [OW2's JIRA](https://jira.ow2.org/browse/AUTHZFORCE/) are referenced in the form of `[JIRA-N]`, where N is the issue number.
 - Issues reported on [OW2's GitLab](https://gitlab.ow2.org/authzforce/core/issues) are referenced in the form of `[GL-N]`, where N is the issue number.

+
+## 14.0.0
+### Changed
+- [GH-28]: simplified the PolicyProvider model, i.e. changed the following:
+  - **PDP configuration format** (XML Schema 'pdp.xsd') v7.0.0 (more info in [migration guide](MIGRATION.md) )
+	- Replaced 'refPolicyProvider' and 'rootPolicyProvider' XML elements with 'policyProvider' and 'rootPolicyRef'.
+	- StaticRootPolicyProvider and StaticRefPolicyProvider XML types replaced by one StaticPolicyProvider type.
+  - **PolicyProvider extension API** (interfaces): 
+    - Upgraded core-pdp-api dependency version: 16.0.0 (more info in [core-pdp-api's changelog](https://github.com/authzforce/core-pdp-api/blob/develop/CHANGELOG.md#1600) ):
+      - Replaced CloseableRefPolicyProvider and BaseStaticRefPolicyProvider classes with CloseablePolicyProvider and BaseStaticPolicyProvider
+- pdp-testutils module's dependency 'jackson-databind' upgraded to v2.9.10 (CVE fix)
+
+### Fixed
+- CVE-2019-14439
+
+### Added
+- Support for **Multiple Decision Profile when used with XACML/JSON Profile** (JSON input)
+
+
 ## 13.3.1
 ### Fixed
 - CVE affecting Spring v4.3.18: upgraded dependencies to depend on
@@ -55,7 +73,7 @@ properties and environment variables (enclosed between '${...}') with default va
  - authzforce-ce-xacml-json-model: 2.0.0
   
 ### Fixed
- Fixed #13: changed pdp-testutils module's dependencies: 
+- [GH-13]: changed pdp-testutils module's dependencies: 
  - mongo-java-driver: 2.14.12 -> 3.5.0
  - jongo: 1.3.0 -> 1.4.0


--- a/MIGRATION.md
+++ b/MIGRATION.md
+## Migration from v13.x to v14.x
+- Make sure all your custom PolicyProviders implement the new PolicyProvider interfaces, i.e. BaseStaticPolicyProvider or, as fallback option, CloseableStaticPolicyProvider
+- Modify the PDP configuration (XML):
+  - Merge 'rootPolicyProvider' and 'refPolicyprovider' into one 'policyProvider' using the new 'StaticPolicyProvider' type if you were using 'StaticRefPolicyprovider' or 'StaticRootPolicyProvider', else your new custom PolicyProvider types if you were using custom ones.
+  - Add 'rootPolicyRef' element with policyId of the root policy.
\ No newline at end of file
--- a/pdp-testutils/pom.xml
+++ b/pdp-testutils/pom.xml
@@ -36,7 +36,7 @@
 		<!-- Fix CVE-2018-1000873 on Jongo dependency -->
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-databind</artifactId>
-			<version>2.9.8</version>
+			<version>2.9.10</version>
 		</dependency>
 		<dependency>
 			<groupId>org.jongo</groupId>