Commit d3c27bc4 authored by cdanger's avatar cdanger
Browse files

- Removed SNAPSHOT versions from POM

- Updated CHANGELOG with latest changes
parent 6f71bb0d
......@@ -2,10 +2,36 @@
All notable changes to this project are documented in this file following the [Keep a CHANGELOG]( conventions.
## Unreleased
### Added
- Extension mechanism to switch HashMap/HashSet implementation; default implementation is based on native JRE and Guava.
- Validation of 'n' argument (minimum of *true* arguments) of XACML 'n-of' function if this is constant (must be a positive integer not greater than the number of remaining arguments)
- Validation of second and third arguments of XACML substring function if these are constants (arg1 >= 0 && (arg2 == -1 || arg2 >= arg1))
- Maven plugin owasp-dependency-check to check vulnerabilities in dependencies
### Changed
- Maven parent project version: 3.4.0 -> 4.0.0:
- **Java version: 1.7 -> 1.8** (fixes GitHub issue #4)
- Guava dependency version: 18.0 -> 20.0
- Saxon-HE dependency version: 9.6.0-5 -> 9.7.0-11
- com.sun.mail:javax.mail v1.5.4 changed to com.sun.mail:mailapi v1.5.6
- Dependency authzforce-ce-core-pdp-api 7.1.1 -> 8.0.0
- Behavior of "unordered" rule combining algorithms (deny-overrides, permit-overrides, deny-unless-permit and permit-unless deny), i.e. for which the order of evaluation may be different from the order of declaration: child elements are re-ordered for more efficiency (e.g. Deny rules evaluated first in case of deny-overrides algorithm), therefore the algorithm implementation, the order of evaluation in particular, now differs from ordered-* variants.
### Removed
- Dependency on Koloboke, replaced by extension mechanism mentioned in *Added* section that would allow to switch from the default HashMap/HashSet implementation to Koloboke-based.
### Fixed
- OW2 #AUTHZFORCE-23: enforcement of RuleId/PolicyId/PolicySetId uniqueness:
- PolicyId (resp. PolicySetId) should be unique across all policies loaded by PDP so that PolicyIdReferences (resp. PolicySetIdReferences) in Responses' PolicyIdentifierList are absolute references to applicable policies (no ambiguity).
- [RuleId should be unique within a policy]( -> A rule is globally uniquely identified by the parent PolicyId and the RuleId.
## 5.0.2
### Changed
- Dependency version: authzforce-core-pdp-api: 7.1.1 (was: 7.1.0)
## 5.0.1
### Fixed
- #22 (OW2): When handling the same XACML Request twice in the same JVM with the root PolicySet using deny-unless-permit algorithm over a Policy returning simple Deny (no status/obligation/advice) and a Policy returning Permit/Deny with obligations/advice, the obligation is duplicated in the final result at the second time this situation occurs.
......@@ -3,7 +3,7 @@
......@@ -42,7 +42,7 @@
<!-- /Authzforce dependencies -->
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment