...
 
Commits (41)
language: java language: java
jdk: jdk:
- openjdk7 - openjdk8
- oraclejdk7 - oraclejdk8
# Change log # Change log
All notable changes to this project are documented in this file following the [Keep a CHANGELOG](http://keepachangelog.com) conventions. All notable changes to this project are documented in this file following the [Keep a CHANGELOG](http://keepachangelog.com) conventions.
## 7.5.1
### Fixed
- CVE affecting **Spring Boot** 4.3.18: upgraded to: **4.3.20**
## 7.5.0
### Changed
- Upgraded managed dependency versions:
- Spring: 4.3.18
- guava: 24.1.1-jre
- jaxb2-basics: 1.11.1
- Upgraded managed build plugin versions:
- jaxb2-rich-contact-plugin version: 2.0.1
- Replaced maven-jaxb2-plugin with maven-jaxb22-plugin v0.14.0 for Java 1.8 compatibility
- Changed company name to Thales in copyright
## 7.4.0
### Changed
- Dependency versions:
- CXF: 3.2.5 (fix CVE-2018-1305, CVE-2018-1304)
## 7.3.0
### Changed
- Dependency versions:
- logback-classic: 1.2.3
- logback-ext-spring: 0.1.5
- Spring: 4.3.14.RELEASE
- CXF: 3.2.4
- Saxon-HE: 9.8.0-12
- Plugin versions:
- OWASP dependency-check-maven: 3.2.1
## 7.2.0
### Changed
- Managed dependency versions:
- logback-classic: 1.1.9 -> 1.2.2 (to fix CVE affecting versions < 1.2.0)
- slf4j: 1.7.22 --> 1.7.25 (to match logback-classic version upgrade above)
- Managed plugin versions:
- OWASP dependency-check plugin 3.0.1 -> 3.0.2 (fix blocking bug #978 on their github)
## 7.1.0 ## 7.1.0
### Changed ### Changed
......
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
<parent> <parent>
<groupId>org.ow2.authzforce</groupId> <groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-parent</artifactId> <artifactId>authzforce-ce-parent</artifactId>
<version>7.2.0</version> <version>7.5.1</version>
</parent> </parent>
<artifactId>authzforce-ce-atom-model</artifactId> <artifactId>authzforce-ce-atom-model</artifactId>
<packaging>jar</packaging> <packaging>jar</packaging>
......
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
<parent> <parent>
<groupId>org.ow2.authzforce</groupId> <groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-parent</artifactId> <artifactId>authzforce-ce-parent</artifactId>
<version>7.2.0</version> <version>7.5.1</version>
</parent> </parent>
<artifactId>authzforce-ce-pdp-ext-model</artifactId> <artifactId>authzforce-ce-pdp-ext-model</artifactId>
<name>${project.groupId}:${project.artifactId}</name> <name>${project.groupId}:${project.artifactId}</name>
......
...@@ -2,10 +2,10 @@ ...@@ -2,10 +2,10 @@
<modelVersion>4.0.0</modelVersion> <modelVersion>4.0.0</modelVersion>
<groupId>org.ow2.authzforce</groupId> <groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-parent</artifactId> <artifactId>authzforce-ce-parent</artifactId>
<version>7.2.0</version> <version>7.5.1</version>
<packaging>pom</packaging> <packaging>pom</packaging>
<name>${project.groupId}:${project.artifactId}</name> <name>${project.groupId}:${project.artifactId}</name>
<description>Authzforce - Parent of all AuthzForce components</description> <description>AuthzForce - Parent of all AuthzForce components</description>
<properties> <properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<!-- Controls maven compiler plugin -source --> <!-- Controls maven compiler plugin -source -->
...@@ -16,15 +16,15 @@ ...@@ -16,15 +16,15 @@
<maven.build.timestamp.format>yyyy</maven.build.timestamp.format> <maven.build.timestamp.format>yyyy</maven.build.timestamp.format>
<currentYear>${maven.build.timestamp}</currentYear> <currentYear>${maven.build.timestamp}</currentYear>
<artifactId.prefix>authzforce-ce</artifactId.prefix> <artifactId.prefix>authzforce-ce</artifactId.prefix>
<!-- Fix the project URL for all Authzforce project --> <!-- Fix the project URL for all AuthzForce project -->
<project.url>https://authzforce.ow2.org</project.url> <project.url>https://authzforce.ow2.org</project.url>
<git.url.base>https://gitlab.ow2.org/authzforce</git.url.base> <git.url.base>https://gitlab.ow2.org/authzforce</git.url.base>
<jaxb2-basics.version>0.11.1</jaxb2-basics.version> <jaxb2-basics.version>1.11.1</jaxb2-basics.version>
<jaxb2-value-constructor.version>3.0</jaxb2-value-constructor.version> <jaxb2-value-constructor.version>3.0</jaxb2-value-constructor.version>
<slf4j.version>1.7.25</slf4j.version> <slf4j.version>1.7.25</slf4j.version>
<!-- This version must match the Spring version used by 'logback-ext-spring' in dependencyManagement. --> <!-- This version must match the Spring version's MAJOR.MINOR used by 'logback-ext-spring' and cxf-spring-boot-* in dependencyManagement. (All 4.3.x versions up to 4.3.16 are affected by CVEs.) -->
<spring.version>4.3.12.RELEASE</spring.version> <spring.version>4.3.20.RELEASE</spring.version>
<cxf.version>3.2.1</cxf.version> <cxf.version>3.2.5</cxf.version>
</properties> </properties>
<url>${project.url}</url> <url>${project.url}</url>
<inceptionYear>2012</inceptionYear> <inceptionYear>2012</inceptionYear>
...@@ -36,9 +36,9 @@ ...@@ -36,9 +36,9 @@
</licenses> </licenses>
<developers> <developers>
<developer> <developer>
<name>The AuthZForce Team</name> <name>The AuthzForce Team</name>
<email>http://scr.im/azteam</email> <email>http://scr.im/azteam</email>
<organization>Thales Services</organization> <organization>THALES</organization>
<organizationUrl>http://thalesgroup.com</organizationUrl> <organizationUrl>http://thalesgroup.com</organizationUrl>
</developer> </developer>
</developers> </developers>
...@@ -48,9 +48,8 @@ ...@@ -48,9 +48,8 @@
<tag>HEAD</tag> <tag>HEAD</tag>
<url>${git.url.base}/parent</url> <url>${git.url.base}/parent</url>
</scm> </scm>
<!-- distributionManagement defined in oss-parent POM already -->
<modules> <modules>
<!-- Only common modules here, i.e. (in)direct dependencies of all other AuthZForce CE projects --> <!-- Only common modules here, i.e. (in)direct dependencies of all other AuthzForce CE projects -->
<module>xmlns-model</module> <module>xmlns-model</module>
<module>atom-model</module> <module>atom-model</module>
<module>xacml-model</module> <module>xacml-model</module>
...@@ -89,18 +88,18 @@ ...@@ -89,18 +88,18 @@
</dependency> </dependency>
<dependency> <dependency>
<!-- https://github.com/qos-ch/logback-extensions/wiki/Spring. Used by authzforce webapp for configuring logback with Spring. Declared here to make sure version matches with other logback/spring <!-- https://github.com/qos-ch/logback-extensions/wiki/Spring. Used by authzforce webapp for configuring logback with Spring. Declared here to make sure version matches with other logback/spring
dependencies used by other Authzforce projects. --> dependencies used by other AuthzForce projects. -->
<groupId>org.logback-extensions</groupId> <groupId>org.logback-extensions</groupId>
<artifactId>logback-ext-spring</artifactId> <artifactId>logback-ext-spring</artifactId>
<!-- TODO: upgrade so that logback-classic dependency version matches below --> <!-- TODO: upgrade so that logback-classic dependency version matches below -->
<version>0.1.4</version> <version>0.1.5</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>ch.qos.logback</groupId> <groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId> <artifactId>logback-classic</artifactId>
<!-- This version must match the version used by the one of 'logback-ext-spring' above. --> <!-- This version must match the version used by the one of 'logback-ext-spring' above. -->
<!-- Versions before 1.2.0 (excluded) affected by CVE-2017-5929 --> <!-- Versions before 1.2.0 (excluded) affected by CVE-2017-5929 -->
<version>1.2.2</version> <version>1.2.3</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.springframework</groupId> <groupId>org.springframework</groupId>
...@@ -155,12 +154,12 @@ ...@@ -155,12 +154,12 @@
<dependency> <dependency>
<groupId>net.sf.saxon</groupId> <groupId>net.sf.saxon</groupId>
<artifactId>Saxon-HE</artifactId> <artifactId>Saxon-HE</artifactId>
<version>9.7.0-14</version> <version>9.8.0-12</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>com.google.guava</groupId> <groupId>com.google.guava</groupId>
<artifactId>guava</artifactId> <artifactId>guava</artifactId>
<version>22.0</version> <version>24.1.1-jre</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.json</groupId> <groupId>org.json</groupId>
...@@ -174,32 +173,32 @@ ...@@ -174,32 +173,32 @@
<version>1.6.1</version> <version>1.6.1</version>
</dependency> </dependency>
<!-- /Third party dependencies --> <!-- /Third party dependencies -->
<!-- Common AuthZForce CE dependencies. Only child modules here (see <modules>). --> <!-- Common AuthzForce CE dependencies. Only child modules here (see <modules>). -->
<dependency> <dependency>
<groupId>${project.groupId}</groupId> <groupId>${project.groupId}</groupId>
<artifactId>${artifactId.prefix}-xmlns-model</artifactId> <artifactId>${artifactId.prefix}-xmlns-model</artifactId>
<!-- Version updated automatically by maven jgitflow:release-start --> <!-- Version updated automatically by maven jgitflow:release-start -->
<version>7.2.0</version> <version>7.5.1</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>${project.groupId}</groupId> <groupId>${project.groupId}</groupId>
<artifactId>${artifactId.prefix}-atom-model</artifactId> <artifactId>${artifactId.prefix}-atom-model</artifactId>
<!-- Version updated automatically by maven jgitflow:release-start --> <!-- Version updated automatically by maven jgitflow:release-start -->
<version>7.2.0</version> <version>7.5.1</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>${project.groupId}</groupId> <groupId>${project.groupId}</groupId>
<artifactId>${artifactId.prefix}-xacml-model</artifactId> <artifactId>${artifactId.prefix}-xacml-model</artifactId>
<!-- Version updated automatically by maven jgitflow:release-start --> <!-- Version updated automatically by maven jgitflow:release-start -->
<version>7.2.0</version> <version>7.5.1</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>${project.groupId}</groupId> <groupId>${project.groupId}</groupId>
<artifactId>${artifactId.prefix}-pdp-ext-model</artifactId> <artifactId>${artifactId.prefix}-pdp-ext-model</artifactId>
<!-- Version updated automatically by maven jgitflow:release-start --> <!-- Version updated automatically by maven jgitflow:release-start -->
<version>7.2.0</version> <version>7.5.1</version>
</dependency> </dependency>
<!-- /Common AuthZForce CE dependencies --> <!-- /Common AuthzForce CE dependencies -->
</dependencies> </dependencies>
</dependencyManagement> </dependencyManagement>
<build> <build>
...@@ -214,7 +213,7 @@ ...@@ -214,7 +213,7 @@
<!-- Values to be substituted in template --> <!-- Values to be substituted in template -->
<inceptionYear>${project.inceptionYear}</inceptionYear> <inceptionYear>${project.inceptionYear}</inceptionYear>
<currentYear>${currentYear}</currentYear> <currentYear>${currentYear}</currentYear>
<copyrightOwner>Thales Services SAS</copyrightOwner> <copyrightOwner>THALES</copyrightOwner>
<projectName>AuthzForce CE</projectName> <projectName>AuthzForce CE</projectName>
</properties> </properties>
<!-- <header>com/mycila/maven/plugin/license/templates/GPL-3.txt</header> --> <!-- <header>com/mycila/maven/plugin/license/templates/GPL-3.txt</header> -->
...@@ -251,12 +250,23 @@ ...@@ -251,12 +250,23 @@
<!-- Consider combining with Red Hat Victims and OSS Index. More info on Victims vs. Dependency-check: https://bugzilla.redhat.com/show_bug.cgi?id=1388712 --> <!-- Consider combining with Red Hat Victims and OSS Index. More info on Victims vs. Dependency-check: https://bugzilla.redhat.com/show_bug.cgi?id=1388712 -->
<groupId>org.owasp</groupId> <groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId> <artifactId>dependency-check-maven</artifactId>
<version>3.0.2</version> <version>4.0.2</version>
</plugin>
<plugin>
<groupId>org.jvnet.jaxb2.maven2</groupId>
<artifactId>maven-jaxb22-plugin</artifactId>
<version>0.14.0</version>
<configuration>
<debug>false</debug>
<strict>false</strict>
<verbose>false</verbose>
<removeOldOutput>true</removeOldOutput>
</configuration>
</plugin> </plugin>
<plugin> <plugin>
<groupId>org.jvnet.jaxb2.maven2</groupId> <groupId>org.jvnet.jaxb2.maven2</groupId>
<artifactId>maven-jaxb2-plugin</artifactId> <artifactId>maven-jaxb2-plugin</artifactId>
<version>0.13.0</version> <version>0.14.0</version>
<configuration> <configuration>
<debug>false</debug> <debug>false</debug>
<strict>false</strict> <strict>false</strict>
......
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
<parent> <parent>
<groupId>org.ow2.authzforce</groupId> <groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-parent</artifactId> <artifactId>authzforce-ce-parent</artifactId>
<version>7.2.0</version> <version>7.5.1</version>
</parent> </parent>
<artifactId>authzforce-ce-xacml-model</artifactId> <artifactId>authzforce-ce-xacml-model</artifactId>
<name>${project.groupId}:${project.artifactId}</name> <name>${project.groupId}:${project.artifactId}</name>
...@@ -57,7 +57,7 @@ ...@@ -57,7 +57,7 @@
</plugin> </plugin>
<plugin> <plugin>
<groupId>org.jvnet.jaxb2.maven2</groupId> <groupId>org.jvnet.jaxb2.maven2</groupId>
<artifactId>maven-jaxb2-plugin</artifactId> <artifactId>maven-jaxb22-plugin</artifactId>
<configuration> <configuration>
<verbose>false</verbose> <verbose>false</verbose>
<extension>true</extension> <extension>true</extension>
...@@ -85,7 +85,7 @@ ...@@ -85,7 +85,7 @@
<plugin> <plugin>
<groupId>net.codesup.util</groupId> <groupId>net.codesup.util</groupId>
<artifactId>jaxb2-rich-contract-plugin</artifactId> <artifactId>jaxb2-rich-contract-plugin</artifactId>
<version>1.15.0</version> <version>2.0.1</version>
</plugin> </plugin>
</plugins> </plugins>
<bindingDirectory>src/main/jaxb</bindingDirectory> <bindingDirectory>src/main/jaxb</bindingDirectory>
......
/** /**
* Copyright 2012-2018 Thales Services SAS. * Copyright 2012-2019 THALES.
* *
* This file is part of AuthzForce CE. * This file is part of AuthzForce CE.
* *
......
/** /**
* Copyright 2012-2018 Thales Services SAS. * Copyright 2012-2019 THALES.
* *
* This file is part of AuthzForce CE. * This file is part of AuthzForce CE.
* *
......
/** /**
* Copyright 2012-2018 Thales Services SAS. * Copyright 2012-2019 THALES.
* *
* This file is part of AuthzForce CE. * This file is part of AuthzForce CE.
* *
......
/** /**
* Copyright 2012-2018 Thales Services SAS. * Copyright 2012-2019 THALES.
* *
* This file is part of AuthzForce CE. * This file is part of AuthzForce CE.
* *
......
/** /**
* Copyright 2012-2018 Thales Services SAS. * Copyright 2012-2019 THALES.
* *
* This file is part of AuthzForce CE. * This file is part of AuthzForce CE.
* *
......
/** /**
* Copyright 2012-2018 Thales Services SAS. * Copyright 2012-2019 THALES.
* *
* This file is part of AuthzForce CE. * This file is part of AuthzForce CE.
* *
......
/** /**
* Copyright 2012-2018 Thales Services SAS. * Copyright 2012-2019 THALES.
* *
* This file is part of AuthzForce CE. * This file is part of AuthzForce CE.
* *
......
/** /**
* Copyright 2012-2018 Thales Services SAS. * Copyright 2012-2019 THALES.
* *
* This file is part of AuthzForce CE. * This file is part of AuthzForce CE.
* *
......
/** /**
* Copyright 2012-2018 Thales Services SAS. * Copyright 2012-2019 THALES.
* *
* This file is part of AuthzForce CE. * This file is part of AuthzForce CE.
* *
......
/** /**
* Copyright 2012-2018 Thales Services SAS. * Copyright 2012-2019 THALES.
* *
* This file is part of AuthzForce CE. * This file is part of AuthzForce CE.
* *
......
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
<parent> <parent>
<groupId>org.ow2.authzforce</groupId> <groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-parent</artifactId> <artifactId>authzforce-ce-parent</artifactId>
<version>7.2.0</version> <version>7.5.1</version>
</parent> </parent>
<artifactId>authzforce-ce-xmlns-model</artifactId> <artifactId>authzforce-ce-xmlns-model</artifactId>
<name>${project.groupId}:${project.artifactId}</name> <name>${project.groupId}:${project.artifactId}</name>
......