Commit eeb806b2 authored by cdanger's avatar cdanger

- prepared changelog

- Fixed CVE-2019-14439 (upgrade jackson-databind version for
pdp-testutils)
Simplified PDP configuration schema (XSD):
- v6.0.0 -> v7.0.0.0
- refPolicyProvider and rootPolicyProvider elements replaced by simpler
'policyProvider' 'rootPolicyRef' elements (new type
TopLevelPolicyElementRef)
- StaticRootPolicyProvider and StaticRefPolicyProvider replaced by one
StaticPolicyProvider type
parent f961b9ec
......@@ -3,9 +3,27 @@ All notable changes to this project are documented in this file following the [K
## Issue references
- Issues reported on [GitHub](https://github.com/authzforce/core/issues) are referenced in the form of `[GH-N]`, where N is the issue number.
- Issues reported on [OW2's JIRA](https://jira.ow2.org/browse/AUTHZFORCE/) are referenced in the form of `[JIRA-N]`, where N is the issue number.
- Issues reported on [OW2's GitLab](https://gitlab.ow2.org/authzforce/core/issues) are referenced in the form of `[GL-N]`, where N is the issue number.
## 14.0.0
### Changed
- [GH-28]: simplified the PolicyProvider model, i.e. changed the following:
- **PDP configuration format** (XML Schema 'pdp.xsd') v7.0.0 (more info in [migration guide](MIGRATION.md) )
- Replaced 'refPolicyProvider' and 'rootPolicyProvider' XML elements with 'policyProvider' and 'rootPolicyRef'.
- StaticRootPolicyProvider and StaticRefPolicyProvider XML types replaced by one StaticPolicyProvider type.
- **PolicyProvider extension API** (interfaces):
- Upgraded core-pdp-api dependency version: 16.0.0 (more info in [core-pdp-api's changelog](https://github.com/authzforce/core-pdp-api/blob/develop/CHANGELOG.md#1600) ):
- Replaced CloseableRefPolicyProvider and BaseStaticRefPolicyProvider classes with CloseablePolicyProvider and BaseStaticPolicyProvider
- pdp-testutils module's dependency 'jackson-databind' upgraded to v2.9.10 (CVE fix)
### Fixed
- CVE-2019-14439
### Added
- Support for **Multiple Decision Profile when used with XACML/JSON Profile** (JSON input)
## 13.3.1
### Fixed
- CVE affecting Spring v4.3.18: upgraded dependencies to depend on
......@@ -55,7 +73,7 @@ properties and environment variables (enclosed between '${...}') with default va
- authzforce-ce-xacml-json-model: 2.0.0
### Fixed
- Fixed #13: changed pdp-testutils module's dependencies:
- [GH-13]: changed pdp-testutils module's dependencies:
- mongo-java-driver: 2.14.12 -> 3.5.0
- jongo: 1.3.0 -> 1.4.0
......
......@@ -36,7 +36,7 @@
<!-- Fix CVE-2018-1000873 on Jongo dependency -->
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.9.8</version>
<version>2.9.10</version>
</dependency>
<dependency>
<groupId>org.jongo</groupId>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment