Multitenant backend server for building web and mobile apps rapidly. The backend for busy developers. (self-hosted or hosted)
44656f5d fixed LDAP auth filter group assignment from LDAP attributes not working with memberOf authorities/groups, fixes Erudika/scoold#351 bb032c9f fixed error caused by using ?appid={appid} params in OAuth2 requests, as alternative to ?state={appid} e3d92dbc updated Jose JWT d5c3b310 Merge pull request #180 from Erudika/snyk-fix-5509f06781021ec78eef6ffec512a65f e06847bc fix: para-server/pom.xml to reduce vulnerabilities a48f3dfc fixed bug preventing admin/mod groups auto assignment for LDAP requests 1e6bb6b4 added plugin profiles to para-jar/pom.xml ed2a1c7c fixed crash on startup when JavaMail implementation is selected
e98473e3 Release v1.47.1. e05442e8 fixed tests 8f53755d updated Jackson 59796b26 Merge pull request #177 from Erudika/dependabot/maven/para-server/com.fasterxml.woodstox-woodstox-core-6.4.0 5f0a44f1 updated Spring Boot cf95d87e Bump woodstox-core from 6.3.1 to 6.4.0 in /para-server e1823306 updated dependency c23d99b2 updated SnakeYAML 18a1103b added support for a few special chars in tags a6f876c2 updated Spring Security
b2febf0b Release v1.47.0.
a456b878 fixed flaky test
714f6315 fixed para.security.protected.*
resources should be optional and not crash the server when omitted
18bb5369 added method overload for setting HttpOnly
and SameSite
cookie flags
316cd8d2 removed commons-text dependency and the deprecated RememberMe
services
ff8fda61 Release v1.46.3.
4e682677 added a new RateLimiter
class for simple rate limiting
f2176b75 updated dependencies
ea37a043 updated Spring Boot to 2.7.4
1cc568c3 updated SnakeYAML
d123b49c updated AWS SDK
d7cd7c6d updated AWS SDK
171f8278 updated ClassGraph
886f944b updated Jackson
c9d084ba added support for SAML option for turning off NameID requirement 67173684 updated JSoup 0905ccf2 Merge pull request #142 from kobus-v-schoor/master 7d2a2c5e don't strip username domain if ad domain is not provided 02ee9e4d fixed auth cookie missing secure flag b8d78a91 moved logback configuration to para-server; updated dependencies 020d3e31 minor formatting fix and changed description for the new markdown option 6ddd1299 Ignore domains for nofollow (#137) 32796458 [maven-release-plugin] prepare for next development iteration
f1c4b7e9 added rate limiting for password matching attempts, 20 attempts per hour default 893f1609 updated dependencies f8ad4bb6 updated dependencies ee8f4e0c updated Caffeine to 3.1.1 e3b85157 updated Dockerfile to set 'loader.path=lib' as a system property on startup 1743e3cc updated Caffeine cache to 3.1.0 037d7ebd updated SSLContext library
0c88c5e4 disabled UserDetailsServiceAutoConfiguration
88e88563 updated Spring Security to 5.7.1, Spring Boot to 2.7.0
fa677c62 fixed password length issues
ffde022f fixed max password length should be longer than 500 chars
3dffedca updated Nimbus JOSE lib
735f6964 added max length for user passwords
9d844f31 added option to escape HTML when compiling Mustache templates
b7c530e4 Release v1.45.10.
b0f01a0b updated dependencies
a259574e added option to configure log file name prefix, para.logs_name
8ca5194d added rel='nofollow noreferrer'
to all links in Markdown, closes Erudika/scoold#298
5096f5f1 fixed local config file should be ignored if config.url
is set
7a39f98d fixed bug where app-to-JSON serialization can break if user supplies bad resource permissions data; restricted the updating of the field e9b09ff7 fixed checkstyle errors b56e5653 fixed delegated OAuth2 tokens should be cleared if token delegation is disabled 96b04ef1 fixed a bug preventing downvotes f9139ecb added API endpoint for listing all available config properties 6bc44ec4 updated ClassGraph 1cf2cf95 updated ParaConfig class with all configuration properties and documentation 4f18cdea updated Spring d875994d updated plugins
54375e20 fixed IDP tokens not actually delegated to clients because of misconfigured @JsonIgnore
annotation