2.1.38

2.1.38 (2024-11-30)

Merged pull requests:

2.1.37

2.1.37 (2024-09-20)

Merged pull requests:

• fixes #2345 Fix the transformer matching with encoding #2346 (stevehu)
• fixes #2343 Trim the encoding for req res tranformer interceptors #2344 (stevehu)
• fixes #2341 Dynamic loading jwk with kid is not working if multiple s… #2342 (stevehu)
• fixes #2339 allow the req or res body encoding to be customized per p… #2340 (stevehu)
• fixes #2337 update req/res transformer interceptor to handle the erro… #2338 (stevehu)
• fixes #2334 make convertEnvVars configurable to work with lower case … #2335 (stevehu)

Upgrade Guide

For this release, we have deprecated openapi-security.yml, graphql-security.yml, and hybrid-security.yml. Going forward, all JWT and SWT-related configurations should be centralized in a single security.yml file.

Important Changes for Users with Framework-Specific Security Configurations

If you have framework-specific security properties defined in values.yml, you’ll need to update these properties by removing the framework prefix (openapi-, graphql-, or hybrid-) and using only security as the prefix.

For example, if you previously had the following property in your values.yml file:

openapi-security.enableVerifyJwt: false

You should update it to:

security.enableVerifyJwt: false

This update simplifies configuration management by unifying security settings under a single security.yml file.

---

2.1.36

2.1.36 (2024-08-27)

Merged pull requests:

• fixes #2330 update response tranformer interceptor to use explicit UT… #2331 (stevehu)
• fixes #2328 refactor the security handlers to return status or null #2329 (stevehu)
• fixes #2325 security-config/src/main/resources/config/security.yml #2326 (stevehu)
• fixes #2323 Make status code 401 if the token kid cannot find jwk #2324 (stevehu)
• fixes #2321 2.1.35 introduced a new issue in the jwt verification #2322 (stevehu)

2.1.35

2.1.35 (2024-08-17)

Merged pull requests:

• fixes #2317 update transformer interceptor to avoid NPEfor logging #2318 (stevehu)
• fixes #2315 make the request response transformer body encoding confi… #2316 (stevehu)
• fixes #2313 Adding trace logging for response interceptor injection h… #2314 (stevehu)
• fixes #2311 resolve client, user, address rate limit without prefix d… #2312 (stevehu)
• fixes #2308 resolve a memory leak issue in the rate-limit handler #2309 (stevehu)
• fixes #2306 refactor security config to use only security.yml #2307 (stevehu)
• fixes #2304 Add constants for light-hybrid-4j #2305 (stevehu)
• fixes #2302 move the unified-config and unified-security from light-r… #2303 (stevehu)
• fixes #2300 handler needs to escape the double quotes in the status d… #2301 (stevehu)
• Add unsupported content-type status code #2299 (david0)
• fixes #2297 Deprecate MrasHandler and SalesforceHandler #2298 (stevehu)
• fixes #2295 Need to filter the jwks with use=sig for getJsonWebKeyMap #2296 (stevehu)
• fixes #2293 retrieve jwk will work with or without use sig in the res… #2294 (stevehu)
• fixes #2291 only the use=sig jwk will return from the retrieveJwk #2292 (stevehu)
• fixes #2289 Add a method to check if the jwt token has scopes in Jwt… #2290 (stevehu)
• fixes #2287 -Dlight-4j-config-password is not working for AutoAESSalt… #2288 (stevehu)
• fixes #2284 change the jwk cache object to single JsonWebKey #2285 (stevehu)
• fixes #2282 update dependences for some modules that depending on htt… #2283 (stevehu)
• fixes #2280 rollback the jwt issuer and verifier with local jks files #2281 (stevehu)
• fixes #2277 move MapUtil to light-4j utility module #2278 (stevehu)
• Merged Traceability & Correlation Handler #2273 (KalevGonvick)
• fixes #2270 remove dependency of json-schema-validator #2271 (stevehu)
• fixes #2267 return 413 response code if request body is too big #2268 (stevehu)
• fixes #2265 SidecarPathPrefixServiceHandler never calls put attachment #2266 (stevehu)

2.1.34

2.1.34 (2024-06-22)

Merged pull requests:

• fixes #2262 implement an admin endpoint to explore the cache manager #2263 (stevehu)
• fixes #2260 Update tlsVersion to TLSv1.3 by default in client.yml fro… #2261 (stevehu)
• fixes #2256 Move JwtVerifier and SwtVerifier to security-config #2257 (stevehu)
• fixes #2253 add a new error code to status.yml to indicate Lambda to … #2254 (stevehu)
• fixes #2251 make CONFIG_NAME public in RouterConfig and move the toke… #2252 (stevehu)
• fixes #2249 merge token-config to router-config #2250 (stevehu)
• fixes #2247 create router-config module to share with light-lambda-na… #2248 (stevehu)
• fixes #2244 add request and response to the keysToNotSort in info.yml #2245 (stevehu)
• fixes #2242 Move the PathTemplateMatcher to utility #2243 (stevehu)
• fixes #2240 double check the metrics handler instance in the injectio… #2241 (stevehu)
• Issue2236 #2239 (stevehu)
• fixes #2236 update basic-auth.yml to disable the handler by default #2237 (stevehu)
• fixes #2233 rollback the method overwritten rule to pattern matching … #2234 (stevehu)
• fixes #2231 Router rewriteMethod property does not work with path prefix #2232 (stevehu)
• fixes #2229 Add httpClient to PathPrefixAuth to cache the client inst… #2230 (stevehu)
• fixes #2227 move PathPrefixAuth to config module to share with Lambda #2228 (stevehu)
• fixes #2225 update request and response transformer to remove underto… #2226 (stevehu)
• fixes #2223 remove the cache.yml from the src resource of caffeine-cache #2224 (stevehu)
• fixes #2221 update MrasHandler to create a new client instance per re… #2222 (stevehu)
• fixes #2219 upgrade to http-client 1.0.10 with Jwt class change #2220 (stevehu)
• fixes #2217 split to token-config and sidecar-config modules to share… #2218 (stevehu)
• fixes #2215 Fix a bug in the request transformer interceptor #2216 (stevehu)
• fixes #2213 split rule-loader config from rule-loader module #2214 (stevehu)
• fixes #2211 split request response transformer config to separate mod… #2212 (stevehu)
• fixes #2209 update MrasHandler to set keepalive timeout to 10 seconds #2210 (stevehu)
• fixes #2207 replace light-4j client to http-client for ldap-util #2208 (stevehu)
• fixes #2205 remove ldap dependency from basic-config #2206 (stevehu)
• fixes #2203 Split basic-config module for basic-auth to share with la… #2204 (stevehu)
• fixes #2201 split apikey-config into a separate module to share with … #2202 (stevehu)
• [pre-commit.ci] pre-commit autoupdate #2200 (pre-commit-ci)
• fixes #2198 log the error response from downstream API in external se… #2199 (stevehu)
• fixes #2196 split common code to metrics-config to share with light-l… #2197 (stevehu)

2.1.33

2.1.33 (2024-03-31)

Merged pull requests:

• fixes #2194 remove the jboss-threads dependency from parent pom.xml #2195 (stevehu)
• fixes #2192 Add a status code for the rate limit in status.yml #2193 (stevehu)
• fixes #2190 fix the JwtHeaderClientIdKeyResolver to use request header #2191 (stevehu)
• fixes #2187 move EncoderWrapper to sanitizer-config module #2188 (stevehu)
• fixes #2185 split sanitizer-config module to share with light-aws-lambda #2186 (stevehu)
• fixes #2183 split logger-config and logger-handler to share with ligh… #2184 (stevehu)
• fixes #2181 fallback to cached config to start server for ConnectExec… #2182 (stevehu)
• fixes #2179 DefaultConfigLoader handles lightEnv in one place in the … #2180 (stevehu)
• fixes #2176 Add aws lambda error codes #2177 (stevehu)
• fixes #2173 remove unused imports #2174 (stevehu)
• Add validation to matchPathToPattern method #2171 (syntheshad)
• fixes #2169 resolve the config reload registry issue #2170 (stevehu)
• fixes #2167 remove the token from portal-registry.yml #2168 (stevehu)
• fixes #2165 refactor limit-config to remove dependency for undertow #2166 (stevehu)
• fixes #2163 split handler-config from handler module #2164 (stevehu)
• fixes #2161 remove jaeger-tracer module as it is replaced by OpenTele… #2162 (stevehu)

2.1.32

2.1.32 (2024-02-27)

Merged pull requests:

• fixes #2159 HandlerConfig supports additionalHandlers, additionalChai… #2160 (stevehu)
• fixes #2157 stop server or use the backup to start the server on conf… #2158 (stevehu)
• fixes #2154 we need to load both decryped yaml and undecryped yaml fr… #2156 (stevehu)
• fixes #2153 return 415 error if config server not return yaml and jso… #2155 (stevehu)
• rollback to application/yaml #2152 (stevehu)
• fixes #2149 change the content type to application/x-yaml for yaml #2150 (stevehu)
• fixes #2147 update DefaultConfigLoader to support YAML response from … #2148 (stevehu)
• fixes #2145 update ContentType to add application/yaml #2146 (stevehu)
• fixes #2142 Update GenericDataSource to handle integer environment va… #2144 (stevehu)
• fixes #2124 use the client.timeout for the config server timeout #2143 (stevehu)
• fixes #2140 update mras, salesforce and external service config to su… #2141 (stevehu)
• fixes #2138 Handle empty string when loading typed value in Config #2139 (stevehu)
• fixes #2136 update pathPrefixAuth to support JSON string in ApiKeyConfig #2137 (stevehu)
• fixes #2134 change the config server timeout to startup.yml and defau… #2135 (stevehu)
• fixes #2132 support JSON string for serviceIdAuthServers for ClientCo… #2133 (stevehu)
• fixes #2130 update ExternalServiceConfig to support JSON string for u… #2131 (stevehu)
• fixes #2128 update RouterConfig to support stringified JSON values #2129 (stevehu)
• fixes #2126 remove the values.yml from config module #2127 (stevehu)
• fixes #2124 use the client.timeout for the config server timeout #2125 (stevehu)
• fixes #2122 limit.yml does not support JSON string for address, clien… #2123 (stevehu)
• [pre-commit.ci] pre-commit autoupdate #2119 (pre-commit-ci)
• fixes #2120 add acceptHeader to support YAML properties from config s… #2121 (stevehu)
• fixes #2117 skip quoteReplacement only for backslash and dollar compb… #2118 (stevehu)
• fixes #2115 Add ServerInfoUtil to be shared with light-aws-lambda #2116 (stevehu)
• fixes #2113 split the ServerInfoConfig to a info-config module #2114 (stevehu)
• fixes #2111 split the HealthConfig to a health-config module #2112 (stevehu)
• fixes #2109 update basic, apikey and simple web token security handle… #2110 (stevehu)
• fixes #2107 update a cient test case that fails on a slow computer #2108 (stevehu)
• fixes #2104 cache the undecryped and decrypted values.yml maps in Con… #2105 (stevehu)
• fixes #2102 support decrypt or not for values.yml and env injection #2103 (stevehu)
• fixes #2099 Update ModuleRegistry to add back isMaskConfigProperties #2100 (stevehu)
• fixes #2097 need a new way to load config file without decryption for… #2098 (stevehu)
• fixes #2095 use the environment from the startup.yml if light-env env… #2096 (stevehu)
• fixes #2087 AuditHandler Not Writing Entries at the End of the Exchan… #2088 (stevehu)
• fixes #2085 Add keysToNotSort in info.yml to skip the string array so… #2086 (stevehu)
• Audit Logging - Replace over putIfAbsent #2084 (KalevGonvick)
• fixes #2082 update HandleUtils and refactor ServiceDictHandler #2083 (stevehu)
• ExternalServiceHandler logging fix #2080 (KalevGonvick)

1.6.47

1.6.47 (2024-01-18)

Merged pull requests:

2.1.31

2.1.31 (2024-01-16)

Merged pull requests:

• fixes #2077 update the ModifiableContentSinkConduit to log the error … #2078 (stevehu)
• fixes #2074 Update ModuleRegistry to remove isMaskConfigProperties #2075 (stevehu)
• fixes #2072 update the rule-loader.yml to fix a typo #2073 (stevehu)
• fixes #2070 update claim version to ver #2071 (stevehu)
• fixes #2067 refactor security module for jwt issuer #2068 (stevehu)
• fixes #2065 change the mapping missing to warn in DirectRegistryConfig #2066 (stevehu)
• fixes #2063 update the module registry config for metrics handler #2064 (stevehu)
• fixes #2055 add plugin configuration as part of the module reload #2060 (stevehu)
• fixes #2058 make the RuleEngine singleton in the RuleLoaderStartupHoo… #2059 (stevehu)
• fixes #2056 add KeyUtil and test cases for JWT and JWK #2057 (stevehu)
• fixes #2051 Update RuleLoaderStartupHook to load plugin classes #2052 (stevehu)
• fixes #2049 change the registerPlugin parameter sequence as some of t… #2050 (stevehu)
• fixes #2047 update ModuleRegistry to add plugin config and a list of … #2048 (stevehu)
• fixes #2045 normalize the server info response for comparison with th… #2046 (stevehu)
• fixes #2043 Add an indicator ready for the server #2044 (stevehu)
• fixes #2040 Allow router and proxy to bypass the TLS hostname verific… #2041 (stevehu)
• Revert "fixes #2037 Move verifyHostname check into createSSLContext f… #2039 (stevehu)
• fixes #2037 Move verifyHostname check into createSSLContext from the … #2038 (stevehu)
• fixes #2035 handle the empty response body in the ResponseBodyInterce… #2036 (stevehu)
• Added logic to end exchange on errors for all scenarios + Changed toB… #2032 (stevehu)
• fixes #2033 update keystore loader to support both jks and pkcs12 #2034 (stevehu)
• fixes #2029 update TraceabilityHandler registry with the correct config #2030 (stevehu)
• fixes #2026 separate config into modules from some of the middleware … #2027 (stevehu)
• Add maven wrapper. #2022 (HappyHacker123)
• Fixes #2012 order dependent tests in CorrelationTest #2013 (SaaiVenkat)
• fixes #2019 do not overwrite the values.yml if config server is not a… #2020 (stevehu)
• fixes #2017 Update module config class to support the conversion of s… #2018 (stevehu)
• fixes #2014 save the values.yml for getConfigs in the default config … #2015 (stevehu)

Upgrade Guide

For this release, we have combined all caches together so that they can be managed centrally through the admin endpoints from the Light Portal. With this change, the default cache for jwk and jwt won't work anymore, and you need to add the following section to your values.yml file. Please adjust the expiry and size according to your API and OAuth 2.0 provider.

# cache.yml
cache.caches:
  - cacheName: jwt
    expiryInMinutes: 15
    maxSize: 100
  - cacheName: jwk
    expiryInMinutes: 129600
    maxSize: 100

Also, you need to add the following implementation mapping in the service.yml section.

  - com.networknt.cache.CacheManager:
      - com.networknt.cache.CaffeineCacheManager

1.6.46

1.6.46 (2023-12-30)

Merged pull requests:

• Ensure leaked connections are closed in SimpleURIConnectionPool.restore() (SimplePool v2) (1.6.x) #2042 (miklish)
• Ensure XnioSSL and XnioWorker resources are created only once in multithreaded environment (SimplePool v2) (1.6.x) #2054 (miklish)
• remove unused code in SimpleUndertowConnectionMaker #2024 (miklish)
• Issue1897 #1980 (miklish)
• SimplePool v2 #1963 (miklish)
• Update variable names for Token Connection and Request Timeout #1957 (jaydeepparekh1311)
• revert upgrades of snakeyaml and jackson until compatibility updates made (1.6.x) #1959 (miklish)
• fixes #1954 Upgrade snakeyaml to 2.2 from 1.33 to resolve security vu… #1955 (stevehu)
• Update client module unit tests to allows sub-1ms response times (Issue 1950) #1951 (miklish)
• fix NPE in SimpleConnectionPool.restore() and optimize borrow() with computeIfAbsent() #1938 (miklish)
• Use Simple Pool for Token verification call #1933 (jaydeepparekh1311)
• Backwards compatibility for Consul blocking queries time #1932 (jaydeepparekh1311)
• Fix test for windows environment. Reset light config property at the end of test #1941 (zabooma)
• Fix flaky test: com.networknt.audit.AuditHandlerTest.testAuditWithErrorStatus #1919 (KiruthikaJanakiraman)
• fixes #1893 verifyHostname stop working with 1.6.x client after upgra… #1894 (stevehu)