Commit bdf95806 authored by cdanger's avatar cdanger

Merge branch 'master' into develop

parents cd56c2ca f9b1aa44
......@@ -2,7 +2,7 @@
All notable changes to this project are documented in this file following the [Keep a CHANGELOG](http://keepachangelog.com) conventions.
## Unreleased
## 3.9.0
### Added
- New PdpExtensionLoader method providing the list of available extensions of a given type: datatype, function, combining algorithm, etc.
......@@ -16,15 +16,18 @@ All notable changes to this project are documented in this file following the [K
### Tests
- New tests for custom extensions: result filter (implements CombinedDecision from XACML Multiple Decision Profile), simple datatype (dnsname-value from XACML DLP/NAC Profile), complex datatype (XACML Policy), function (dnsname-value-equal from XACML DLP/NAC Profile), combining algorithm (on-permit-apply-second from XACML Additional Combining Algorithms Profile)
## 3.8.3
### Fixed
- Removing Javadoc @author tag added automatically by maven Javadoc plugin without us knowing
- PDP schema: removed limits (100) for maxVarRefDepth and maxPolicyRefDepth attributes. Hard arbitrary limits should not be in the XML schema.
## 3.8.2
### Fixed
- Javadoc comments
## 3.8.1
### Fixed
- Removed use of SAXON StandardURIChecker for validating anyURI XACML AttributeValues causing "possible memory leak" errors in Tomcat, as confirmed by: https://sourceforge.net/p/saxon/mailman/message/27043134 and https://sourceforge.net/p/saxon/mailman/saxon-help/thread/4F9E683E.8060001@saxonica.com/. Although XACML 3.0 still refers to XSD 1.0 which has a stricter definition of anyURI than XSD 1.1, the fix consisted to use XSD 1.1 anyURI definition for XACML anyURI AttributeValues. In this definition, anyURI and string datatypes have same value space (refer to XSD 1.1 Datatypes document or SAXON note http://www.saxonica.com/html/documentation9.4/changes/intro93/xsd11-93.html or mailing list: https://sourceforge.net/p/saxon/mailman/saxon-help/thread/4F9E683E.8060001@saxonica.com/) , therefore anyURI-specific validation is removed and anyURI values are accepted like string values by the program. However, this does not affect XML schema validation of Policy/PolicySet/Request documents against OASIS XACML 3.0 schema, where the XSD 1.0 definition of anyURI still applies.
......@@ -98,6 +101,7 @@ All notable changes to this project are documented in this file following the [K
- Misleading IllegalArgumentException error for XML-schema-valid anyURI but not valid for `java.net.URI` class. Fixed by using `java.lang.String` instead and validating strings according to anyURI definition with Saxon library
- RuntimeException when no subject and no resource and no action attributes in the XACML request
## 3.5.8 - 2015-04-01
### Added
- New XACML 3.0 versions of (ordered-)deny-overrides and (ordered-)permit-overrides combining algorithms (ALGORITHM IS NOT THE SAME as in XACML 2.0)
......@@ -108,10 +112,12 @@ All notable changes to this project are documented in this file following the [K
### Fixed
- Empty StatusDetail tag in Response when no StatusDetail (which is always the case as of now). Fix: remove the tag completely.
## 3.5.7 - 2015-03-13
### Changed
- Upraded version of maven-jaxb2-plugin to 0.12.3 for JAXB-annotated java class generation from OASIS XACML model
## 3.5.6 - 2015-02-27
### Added
- Generic test class for non-regression tests
......@@ -127,6 +133,7 @@ All notable changes to this project are documented in this file following the [K
- NullPointerException when no resource-id attribute in XACML Request:
- XACML Apply element marshalling (some elements were lost)
## 3.5.5 - 2015-01-26
### Added
- PDP configuration XML schema for configuration loading with JAXB and schema validation
......@@ -142,6 +149,7 @@ All notable changes to this project are documented in this file following the [K
- Thread-local memory leak
- Empty Obligations/Associated Advice with permit|deny-unless-deny|permit combining algorithms
## 3.5.4 - 2014-12-23
### Added
- Unit tests for various match functions introduced in XACML 2.0 on strings, x509Names, rfc822Names, date/time, IP address
......@@ -155,20 +163,24 @@ All notable changes to this project are documented in this file following the [K
### Changed
- Log formats
## 3.5.3 - 2013-12-16
### Added
- Support of Policy(Set)IdReference with StaticRefPolicyFinder class
- Support of dynamic obligations/advices containing AttributeDesignators or other expressions evaluated in the request context
- Enhanced debug logs in evaluation of Target, Policy(Set), Rule
## 3.5.2 - 2013-11-29
### Fixed
- Fixed bug when there were more than one AnyOf and AllOf: only the Match element was evaluated with the "match(context)" function
## 3.4.2 - 2013-07-03
### Fixed
- Fixing bugs on deny-unless-permit and permit-unless-deny rule combining algorithms (misplaced cast)
## 3.4.0 - 2013-05-30
### Added
- Implementation working with XACML 3.0 requests and policies compliant with OASIS XACML model (xsd)
......@@ -181,20 +193,24 @@ All notable changes to this project are documented in this file following the [K
- First implementation of XACML 3.0 Combining algorithms: deny-unless-permit, deny-unless-permit, permit-unless-deny, permit-unless-deny
- First implementation of XACML 3.0 Functions: string-starts-with, string-ends-with, string-contains, string-substring
## 3.3.1 - 2013-05-14
### Added
- New license headers and file for Apache 2 license
## 3.2.0 - 2013-05-13
### Added
- Support of XACML 3.0 Obligations/Advices in Rules
- Compliance with new conformance tests for 3.0 (converted from XACML 2.0 official category III.A)
## 3.1.0 - 2013-05-13
### Added
- Beta support of Multiple Decision profile, on repeated attribute categories only
- Beta support of XACML 3.0 Policy(Set)s and Obligations/Advices in Policy(Set)s
## 3.0.0 - 2013-04-05
### Added
- Preliminary support of XACML 3.0
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment