Commit de2b80ff authored by cdanger's avatar cdanger

Merge branch 'release/8.1.0' into develop

# Conflicts:
#	dist/pom.xml
#	pom.xml
#	rest-service/pom.xml
#	upgrader/pom.xml
#	webapp/pom.xml
parents d44b0f20 c56c774b
Pipeline #4452 failed with stages
in 25 seconds
......@@ -4,6 +4,35 @@ All notable changes to this project are documented in this file following the [K
Issues reported on [GitHub](https://github.com/authzforce/server/issues) are referenced in the form of `[GH-N]`, where N is the issue number. Issues reported on [OW2](https://jira.ow2.org/browse/AUTHZFORCE/) are mentioned in the form of `[OW2-N]`, where N is the issue number.
## 8.1.0
### Added
- [GH-29] Systematic input policy validation on API - HTTP POST `/domains/{domain-id}/pap/policies` - even if the policy is not currently in use by the PDP (it is potentially used later on after changing PDP configuration), in order to improve safety and troubleshooting. Policies are validated by attempting to load a temporary PDP configuration with the input policy as root policy.
- PDP extensions such as Attribute and Policy Providers can accept placeholders for system properties and environment variables in their string configuration parameters (as part of PDP configuration) and perform placeholder replacements with their factory method's input `EnvironmentProperties`. In particular, `policyLocation` elements in PDP's Policy Providers configuration now supports (not only `PARENT_DIR` property but also) system properties and environment variables (enclosed between `${...}`) with default value (separated from the property name by '!') if property/variable undefined.
### Changed
- Parent project version: authzforce-ce-parent: 7.5.1
- Dependency versions:
- authzforce-ce-pap-dao-flat-file: 11.0.0
- authzforce-ce-core-pap-api: 10.0.0
- authzforce-ce-core: 13.3.1
- authzforce-ce-core-pdp-api: 15.3.0
- authzforce-ce-jaxrs-utils: 1.3.1
- authzforce-ce-xacml-json-model: 2.1.1
- json: 20171018
- guava: 24.1.1-jre
- slf4j-api: 1.7.2
- Spring: 4.3.20
- logback-classic: 1.2.3
- logback-ext-spring: 0.1.5
- Apache CXF: 3.2.55
- Saxon-HE: 9.8.0-12
- javax.mail-api (replaces mailapi): 1.6.0
- jaxb2-basics: 1.11.1
### Fixed
- [GH-26] CVEs reported by OWASP dependency-check, esp. on Spring v4.3.14, and 4.3.18, upgraded to 4.3.20
## 8.0.1
### Fixed
- Typo in Debian package's Description field.
......
......@@ -3,7 +3,11 @@
<parent>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-server</artifactId>
<<<<<<< HEAD
<version>8.1.1-SNAPSHOT</version>
=======
<version>8.1.0</version>
>>>>>>> release/8.1.0
<relativePath>..</relativePath>
</parent>
<artifactId>authzforce-ce-server-dist</artifactId>
......
# Copyright (C) 2012-2017 Thales Services SAS.
#
# This file is part of AuthZForce CE.
#
# AuthZForce CE is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# AuthZForce CE is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with AuthZForce CE. If not, see <http://www.gnu.org/licenses/>.
# Best practices for writing Dockerfiles:
# https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/
# Tips to do an unattended installation on Debian/Ubuntu:
# http://www.microhowto.info/howto/perform_an_unattended_installation_of_a_debian_package.html
# The alternative is to use FROM ubuntu:* then install tomcat ubuntu package and use upstart/sysctl init script but this is not the way to go:
# https://github.com/docker/docker/issues/6800
FROM tomcat:8-jre8
MAINTAINER AuthzForce Team (contact mailing list: http://scr.im/azteam)
ENV DEBIAN_FRONTEND noninteractive
# Proxy configuration (if you are building from behind a proxy)
# Next release of docker 1.9.0 should allow you to configure these by passing build-time arguments
# More info: https://github.com/docker/docker/issues/14634
#ENV http_proxy 'http://user:password@proxy-host:proxy-port'
#ENV https_proxy 'http://user:password@proxy-host:proxy-port'
#ENV HTTP_PROXY 'http://user:password@proxy-host:proxy-port'
#ENV HTTPS_PROXY 'http://user:password@proxy-host:proxy-port'
ENV JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom -Djava.awt.headless=true -Djavax.xml.accessExternalSchema=http -Xms1024m -Xmx1024m -XX:+UseConcMarkSweepGC -server"
ENV AUTHZFORCE_SERVER_VERSION="8.1.0-SNAPSHOT"
ENV AUTHZFORCE_SERVER_DOWNLOAD_URL="http://repo1.maven.org/maven2/org/ow2/authzforce/authzforce-ce-server-dist/$AUTHZFORCE_SERVER_VERSION/authzforce-ce-server-dist-$AUTHZFORCE_SERVER_VERSION.deb"
# Download and install Authzforce Server (service starts automatically)
# Where there is a command with a pipe, we need to put in between quotes and make it an argument to bash -c command
RUN apt-get update --assume-yes -qq && \
apt-get install --assume-yes -qq \
locales-all \
locales \
less \
apt-utils \
debconf-utils \
gdebi \
curl && \
rm -rf /var/lib/apt/lists/*
RUN locale-gen en_US en_US.UTF-8
RUN dpkg-reconfigure locales
ENV LANG en_US.UTF-8
ENV LANGUAGE en_US:en
ENV LC_ALL en_US.UTF-8
RUN curl --silent --output authzforce-ce-server.deb --location $AUTHZFORCE_SERVER_DOWNLOAD_URL && \
dpkg --extract authzforce-ce-server.deb /root/authzforce/ && \
mv /root/authzforce/etc/tomcat8/Catalina /usr/local/tomcat/conf/ && \
mv /root/authzforce/opt/* /opt/ && \
rm -rf /opt/authzforce-ce-server/data/domains/* && \
rm -rf /root/authzforce && \
rm -f authzforce-ce-server.deb
CMD ["catalina.sh", "run"]
### Exposed ports
# - App server
EXPOSE 8080
......@@ -8,7 +8,11 @@
</parent>
<artifactId>authzforce-ce-server</artifactId>
<!-- FIWARE Versioning + Version must be equal or higher than 'authzforce-ce-rest-api-model' dependency in 'rest-service' module -->
<<<<<<< HEAD
<version>8.1.1-SNAPSHOT</version>
=======
<version>8.1.0</version>
>>>>>>> release/8.1.0
<packaging>pom</packaging>
<name>${project.groupId}:${project.artifactId}</name>
<description>AuthzForce CE Server</description>
......
......@@ -4,7 +4,11 @@
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-server</artifactId>
<!-- Version must be equal or higher than authzforce-ce-rest-api-model dependency -->
<<<<<<< HEAD
<version>8.1.1-SNAPSHOT</version>
=======
<version>8.1.0</version>
>>>>>>> release/8.1.0
<relativePath>..</relativePath>
</parent>
<artifactId>authzforce-ce-server-rest-service</artifactId>
......
......@@ -3,7 +3,11 @@
<parent>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-server</artifactId>
<<<<<<< HEAD
<version>8.1.1-SNAPSHOT</version>
=======
<version>8.1.0</version>
>>>>>>> release/8.1.0
<relativePath>..</relativePath>
</parent>
<artifactId>authzforce-ce-server-upgrader</artifactId>
......
......@@ -3,7 +3,11 @@
<parent>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-server</artifactId>
<<<<<<< HEAD
<version>8.1.1-SNAPSHOT</version>
=======
<version>8.1.0</version>
>>>>>>> release/8.1.0
<relativePath>..</relativePath>
</parent>
<artifactId>authzforce-ce-server-webapp</artifactId>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment