Personium Core Versions Save

Warning
This release contains breaking changes.

IMPROVEMENTS:

• Change the hash algorithm of signing XML signature from SHA-1 to SHA-256. (#687)
  • From this version on, tokens issued by the Unit are not compatible with Unit in prior version. For details, refer to personium-lib-common#117.

MISC:

• Implement unit tests of TokenIntrospectEndpointResource. (#686)

Warning
This release contains breaking changes.

IMPROVEMENTS:

• Unify scattered log settings into personium-unit-config. (#677)
  • If you upgrade personium-core from v1.8.1 or under, replace /personium_nfs/personium-core/eventlog/${eventlog_path} with ${eventlog_path} in logback configuration file.
    1. If you use Ansible to deploy Personium the logback.xml can found in this location: /opt/logback/logback.xml in AP server.
    2. Otherwise, you can find in locations specified in classpath.

BUG FIXES:

• Replace Exception 415 with 406 (#675)
• Fix core version in properties (#680)

MISC:

• Update release workflow (#681)

IMPROVEMENTS:

• Supporting elasticsearch 7.17 and rest client (#672)

BUG FIXES:

• PROPFIND Support for __log related resources (#564)
• set MAX_RESOURCE_LENGTH 255 (#664)

MISC:

• Fix warnings.

IMPROVEMENTS:

• Supporting Java 17.(personium/personium-core#647, personium/personium-core#654)

SECURITY FIX:

• Using HTTPS in internal communications via messaging API.(personium/personium-core#45)
• Implement checks for disabling use of control characters in resource name.(personium/personium-core#655)

MISC:

• Fix tests.(personium/personium-core#649)

NEW FEATURES:

• Add sign API, which is function to generate JWS (Json Web Signature) with Cell private key. (personium/personium-core#625)

IMPROVEMENTS:

• Improve stricity about WebDAV ACL with validating XML namespace. (personium/personium-core#629)
  • This improvement may contain some incompatibility. Before version 1.7.25, you could specify personium specific privileges with any namespace. From this release, you must specify Personium namespace (urn:x-personium:xmlns) when you use personium specific WebDAV privileges.

MISC:

• Refactoring codes of test utilities. (personium/personium-core#626)
• Update copyright year to 2022. (personium/personium-core#635)

SECURITY UPDATES:

• Update elasticsearch version to 6.8.22 to address log4j2 vulnerability - CVE-2021-44228, CVE-2021-45046, CVE-2021-45105

IMPROVEMENTS:

• Enhance the official OpenID Connect plugin to reload Jwks from OpenID provider Jwks endpoint (personium/personium-plugins#21)

NEW FEATURES:

• Create AuthPluginLoader interface to load multiple authentication plugins (personium-plugin-base#23)
• Enhance the official OpenID Connect plugin, which is loaded by default (#614 ,personium-plugins#15)
  • Support for all generic OpenID Providers, not just Google, which was already supported
  • AuthPluginLoader support allows multiple OpenID Providers to be configured

IMPROVEMENTS:

• Update dependent software versions

IMPROVEMENTS:

• Implement for relaying request of dynamic path service execution (#593)
• Use java 7+ nio file APIs for more flexible and precise File handling (#579)
• Should respond error when accessed via domain name different from the one configured in Unit Certificate (#535)
• Update elasticsearch version 6.8.15 (#602)

BUG FIXES:

• WebDAV MOVE fails on subdomain-based mode (#553)
• Box metadata falsely returns "ready" at the initial instant of bar installation (#574)
• Unit test case ObjectIoTest.marshal_Acl failed when PathBasedCellUrl is enabled. (#581)
• Modifying error message for unsupported grant type (#595)

MISC:

• Implementing multi-stage Dockerfile (#594)
• Update checkstyle version and check rules
• Updating forkflow scripts for Releasing (#599)
• move properties from pom to src/test/resources (#601)

NOTES:

• Use personium-engine 1.5.28 for this version of personium-core

BREAKING CHANGES:

• Exported bar file now does not use a "personium-localunit:" URL (#512)

  • Base Url in 00_meta/90_rootprops.xml
    • 1.7.17 and before
      https://{cellName}.{domain}/__role/{boxName}
    • 1.7.18-20:
      personium-localunit:{cellName}:/__role/{boxName}
    • 1.7.21 and later:
      https://{cellName}.{domain}/__role/__/
  • Bar file export / import compatibility
    • Bar file exported from 1.7.18-20
      Not importable to any version
    • Bar file exporeted from 1.7.17 and earlier
      Importable to any versions (after 1.6.10)
    • Bar file exporeted from 1.7.21 and later
      Importable to any versions (after 1.6.10)

• Role Url in TranceCellAccessToken/VisitorRefreshToken are now Role Class URL (See)

• personium-core.log (Java Web Application log) format changed

• Default request key (Unique identifier of each request in log files) format changed

BUG FIXES:

• When Unit FQDN is less than 14 letters long, token parsing may possibly fail. (#518)
• Refreshed visitor access token does not have Roles directly assigned from ExtCell. (#516)

IMPROVEMENTS:

• Upgraded personium-lib-common to 1.5.3
• Now Personium unit can also be configured with OS environment variables and system properties.
  • Configuration priority
    1. Java system properties
    2. OS environment variables
    3. Unit config file (personium-unit-config.properties in class path or any file whose location specified with java system propety "io.personium.configurationFile")
    4. Default configuration (personium-unit-config-default.properties bundled in personium-core.war file)

NOTES:

• Use personium-engine 1.5.27 for this version of personium-core

BUG FIXES:

• When grant code is used at token end point to issue an access token, the token subject does not have the association with the roles that should be allocated to it. (#501)
• Presenting grant code with confidentialClient app auth token at token endpoint fails for schema mismatch. (#506)
• Some OData keys in URLs including __id for OData service collection entity sets is not escaped in response payload items such as __metadata.uri. (#486)