Releases: networknt/light-4j
Releases · networknt/light-4j
1.6.40
2.1.1
2.1.1 (2022-04-26)
Merged pull requests:
- fix for NPE if input is null for Mask methods (issue 1208) #1222 (miklish)
- fixes #1220 update the rate-limit config to ensure backward compatibi… #1221 (stevehu)
- fixes #1216 add query parameter and header rewrite in the ProxyHandler #1217 (stevehu)
- fixes #1218 handle the case that clientId and userId resolver failed … #1219 (stevehu)
- Issue1211 #1212 (stevehu)
- fixes #1213 move the tableau authentication handler to the light-4j i… #1214 (stevehu)
- fixes #1209 NPE is thrown when the server is selected as key without … #1210 (stevehu)
- fixes #1206 update the default rate limit handle configuration after … #1207 (stevehu)
- fixes #1204 update rate-limit to add an overloaded constructor with c… #1205 (stevehu)
- fixes #1202 remove the 500 sleep and enable multiple requests test #1203 (stevehu)
- Rate limit handler fix #1201 (GavinChenYan)
- Issue1178 #1200 (stevehu)
- fixes #1198 return an status object for generic exception from the Pr… #1199 (stevehu)
- Feature/content length error message #1197 (KalevGonvick)
- ProxyBodyHandler Rework #1196 (KalevGonvick)
- add DefaultConfigLoaderTest.java #1192 (wswjwjccjlu)
- fixes #1191 We have ProxyHandler in both egress-router and ingress-pr… #1194 (stevehu)
- Issue1188 #1189 (stevehu)
- ProxyBodyHandler rework #1187 (KalevGonvick)
- fixes #1183 add the Transfer-Encoding of http header into the client.yml #1185 (stevehu)
- fixes #1181 Update the config class to output the config file name wh… #1182 (stevehu)
- fixes #1179 remove a trace statement that can cause NPE #1180 (stevehu)
- fixes #1176 add a status code for OBJECT_NOT_UNIQUE #1177 (stevehu)
- fixes #1174 #1175 (GavinChenYan)
- fixes #1172 output the status in log if get service from portal fails #1173 (stevehu)
- fixes #1170 add enabled flag to the rule-loader.yml to bypass the rul… #1171 (stevehu)
- Update on config loader for nested values.yml #1168 (wswjwjccjlu)
- fixes #1166 Handle the LoadBalancingRouterProxyClient has empty host … #1167 (stevehu)
- fixes #1126 update the config.yml and router.yml with templates #1165 (stevehu)
- fixes #1162 Add a new error code for Startup Hook not loaded correctly #1163 (stevehu)
- fixes #1160 Update a typo in a test case comment #1161 (stevehu)
- fixes #1158 update default client.yml to enable the token serverUrl a… #1159 (stevehu)
- fixes #1156 add more tracing statements in OauthHelper #1157 (stevehu)
- fixes #1154 adding logging statements in AbstractRegistry #1155 (stevehu)
- fix the empty body issue for config reload handler #1153 (GavinChenYan)
- fixes #1151 add a default constructor for ClientCredentialsRequest #1152 (stevehu)
- fixes #1149 make the sanitizer.yml backward compatible #1150 (stevehu)
- fixes #1147 remove the serviceId from the header in the router client #1148 (stevehu)
- fixes #1140 Update client module to verify JWT tokens from many OAuth… #1146 (stevehu)
- Issue1139 #1145 (stevehu)
- Issue1143 #1144 (GavinChenYan)
- fixes #1141 update logging statements in OauthHelper and ProxyHandler #1142 (stevehu)
- fixes #1137 update the rule-loader startup to avoid loading the same … #1138 (stevehu)
- fixes #1135 add a new status code to indicate the access control rule… #1136 (stevehu)
- fixes #1133 Add method rewrite in the gateway use case to support leg… #1134 (stevehu)
- fixes #1131 update sanitizer handler to support all owasp encoders #1132 (stevehu)
- fixes #1129 update RuleLoaderStartupHook to only get the ruleId and i… #1130 (stevehu)
- fixes #1127 upgrade jaeger-client to 1.8.0 from 1.6.0 to resolve depe… #1128 (stevehu)
Upgrade Guidelines:
This is a release with some bug fixes and enhancements. It is backward compatible with the 2.1.0 release.
1.6.39
2.1.0
2.1.0 (2022-02-27)
Merged pull requests:
- fixes #1124 enhance the sanitizer to make the configuration separated… #1125 (stevehu)
- fixes #1122 log the stacktrace if a middleware handler is not loaded … #1123 (stevehu)
- Issue1120 #1121 (stevehu)
- fixes #1118 allow router to support serviceId from query parameters a… #1119 (stevehu)
- fixes #1116 Update the rate-limit to allow customzied the error code … #1117 (stevehu)
- fixes #1112 add Jdk8Module to the ObjectMappers in config module to h… #1113 (stevehu)
- fixes #1108 update the rule-loader to add another rule action to tran… #1109 (stevehu)
- Bump postgresql from 42.2.25 to 42.3.3 #1107 (dependabot)
- fixes #1105 disable a test case in the body handler as it is not stable #1106 (stevehu)
- Truncated Exception Fix #1104 (KalevGonvick)
- fixes #1102 update the LoggerGetLogContentHandler to return map and h… #1103 (stevehu)
- fixes #1100 remove a logging statement in the DefaultConfigLoader as … #1101 (stevehu)
- fixes #1097 add isNumeric to StringUtils in the utility #1098 (stevehu)
- Bump postgresql from 9.4.1211 to 42.2.25 #1095 (dependabot)
- Issue1093 #1094 (stevehu)
- fixes #1091 update the default rate limit concurrent requests to 2 fr… #1092 (stevehu)
- fixes #1089 update audit status key from Status to status #1090 (stevehu)
- fixes #1087 externalize rate-limit, header and whitelist-ip config files #1088 (stevehu)
- Bump h2 from 2.0.206 to 2.1.210 #1086 (dependabot)
- fixes #1084 update the DefaultConfigLoader to get the values.yml from… #1085 (stevehu)
- Bump httpclient from 4.5.6 to 4.5.13 #1077 (dependabot)
- Bump h2 from 1.4.196 to 2.0.206 #1083 (dependabot)
- fixes #1081 update the ClaimsUtil to name the service id claim with s… #1082 (stevehu)
- fixes #1079 add method and path to the method not found error message #1080 (stevehu)
- fixes #1075 Add rule-loader module to support fine-grained access con… #1076 (stevehu)
- fixes #1073 update the sanitizer.yml to externalize properties for va… #1074 (stevehu)
- fixes #1071 externalize jaeger-tracing configuration properties #1072 (stevehu)
- fixes #1069 update server.yml to externalize server.ip #1070 (stevehu)
- fixes #1067 update the SignKeyRequest to get the proxy info from the … #1068 (stevehu)
- fixes #1065 Turn off hostname verification for OAuthHelper based on t… #1066 (stevehu)
- change promethus config to be extendable #1064 (GavinChenYan)
- fixes #1061 #1062 (GavinChenYan)
- Issue1059 #1060 (stevehu)
- fixes #1057 add ProxyHealthGetHandler in ingress-proxy for the http-s… #1058 (stevehu)
- fixes #1053 update the pom.xml and jaeger-client dependency to avoid … #1054 (stevehu)
- Issue 1048 #1051 (stevehu)
- max json payload for proxy which using buffer stream #1050 (GavinChenYan)
- fixes #1048 update ProxyBodyHandler to handle the data form and add t… #1049 (stevehu)
- add other contentType for proxy body handler #1047 (GavinChenYan)
Upgrade Guidelines:
The following middleware handlers have been changed in this release and the config file needs to be updated to leverage the new features.
- config.yml
For this release, we have set the default value to true for allowDefaultValueEmpty so that an empty value can be used in the template for other config files.
# For some configuration files, we have left some properties without default values as there
# would be a negative impact on the application security. The following config will ensure that
# null will be used when the default value is empty without stopping the server during the start.
allowDefaultValueEmpty: true
- limit.yml
The errorCode is newly added to allow the users to customize the error response if the request is dropped. By default, code 503 is returned.
# If the rate limit is exposed to the Internet to prevent DDoS attacks, it will return 503
# error code to trick the DDoS client/tool to stop the attacks as it considers the server
# is down. However, if the rate limit is used internally to throttle the client requests to
# protect a slow backend API, it will return 429 error code to indicate too many requests
# for the client to wait a grace period to resent the request. By default, 503 is returned.
errorCode: ${limit.errorCode:503}
- sanitizer.yml
This file is changed a lot so that we can set up the encoders for both body and header separately.
---
# Sanitize request for cross-site scripting during runtime
# indicate if sanitizer is enabled or not
enabled: ${sanitizer.enabled:false}
# if it is enabled, the body needs to be sanitized
bodyEnabled: ${sanitizer.bodyEnabled:true}
# the encoder for the body. javascript, javascript-attribute, javascript-block or javascript-source
# There are other encoders that you can choose depending on your requirement. Please refer to site
# https://github.com/OWASP/owasp-java-encoder/blob/main/core/src/main/java/org/owasp/encoder/Encoders.java
bodyEncoder: ${sanitizer.bodyEncoder:javascript-source}
# pick up a list of keys to encode the values to limit the scope to only selected keys. You can
# choose this option if you want to only encode certain fields in the body. When this option is
# selected, you can not use the bodyAttributesToIgnore list.
bodyAttributesToEncode: ${sanitizer.bodyAttributesToEncode:}
# pick up a list of keys to ignore the values encoding to skip some of the values so that these
# values won't be encoded. You can choose this option if you want to encode everything except
# several values with a list of the keys. When this option is selected, you can not use the
# bodyAttributesToEncode list.
bodyAttributesToIgnore: ${sanitizer.bodyAttributesToIgnore:}
# if it is enabled, the header needs to be sanitized
headerEnabled: ${sanitizer.headerEnabled:true}
# the encoder for the header. javascript, javascript-attribute, javascript-block or javascript-source
# There are other encoders that you can choose depending on your requirement. Please refer to site
# https://github.com/OWASP/owasp-java-encoder/blob/main/core/src/main/java/org/owasp/encoder/Encoders.java
headerEncoder: ${sanitizer.headerEncoder:javascript-attribute}
# pick up a list of keys to encode the values to limit the scope to only selected keys. You can
# choose this option if you want to only encode certain fields in the body. When this option is
# selected, you can not use the headerAttributesToIgnore list.
headerAttributesToEncode: ${sanitizer.headerAttributesToEncode:}
# pick up a list of keys to ignore the values encoding to skip some of the values so that these
# values w...
1.6.38
1.6.37
1.6.37 (2021-11-10)
Merged pull requests:
- Issue1055 #1063 (jaydeepparekh1311)
- Issue1055 - ClassCastException in maskList method #1056 (jaydeepparekh1311)
- fixes #970 #976 (GavinChenYan)
Upgrade Guidelines:
This is a release with some bug fixes and enhancements. It is backward compatible with the 1.6.36 release. For all the changes for the entire platform, please refer to https://trello.com/b/189msq9S/release-schedule
2.0.32
2.0.32 (2021-10-19)
Merged pull requests:
- fixes #1045 add checkInterval to the TTL check body to find the right #1046 (stevehu)
- Feature/get log contents #1044 (KalevGonvick)
- fixes #1042 create a TimeUtil in the utility module for scheduler and… #1043 (stevehu)
- java.lang.IllegalArgumentException: Label cannot be null. #1039 #1040 (helloalbin)
- Added handler for grabbing log contents #1041 (KalevGonvick)
- fixes #1037 A typo in the deregister url for the protal registry #1038 (stevehu)
- fixes #1035 #1036 (GavinChenYan)
Upgrade Guidelines:
This is a release with some bug fixes and enhancements. It is backward compatible with the 2.0.31 release. For all the changes for the entire platform, please refer to https://trello.com/b/189msq9S/release-schedule
2.0.31
2.0.31 (2021-09-22)
Merged pull requests:
- fixes #1033 #1034 (GavinChenYan)
- add default header when client request missed the setting #1032 (GavinChenYan)
- fixes #1030 update the portal de-registry to add checkInterval to the… #1031 (stevehu)
- fixes #1026 #1027 (GavinChenYan)
- add caller id header to audit map which will be used metrics #1025 (GavinChenYan)
2.0.30
2.0.30 (2021-08-23)
Merged pull requests:
- fixes #1023 #1024 (GavinChenYan)
- add status change and new method for Result object #1022 (GavinChenYan)
- Add new error code #1021 (wswjwjccjlu)
- fixes #1019 #1020 (GavinChenYan)
- issue#1017 add new error codes #1018 (wswjwjccjlu)
- fixes #1015 #1016 (GavinChenYan)
- Issue1011 #1014 (stevehu)
- change egress router to allow user to extend the router handler #1013 (GavinChenYan)
- fixes #1011 update the health.yml to enable downstream health check w… #1012 (stevehu)
- fixes #1009 update config server path with config-server base path #1010 (stevehu)
Upgrade Guidelines:
This is a release with some bug fixes and enhancements. It is backward compatible with the 2.0.29 release. For all the changes for the entire platform, please refer to https://trello.com/b/189msq9S/release-schedule
2.0.29
2.0.29 (2021-07-25)
Merged pull requests:
- add two constants for http-sidecar usage #1008 (chenyan71)
- Issue1006 #1007 (chenyan71)
- build error fix, change egress_router value scope #1005 (chenyan71)
- fixes #1003 audit request body serialize to JSON if possible and fall… #1004 (stevehu)
- fix an issue on jwt.yml config file #1002 (chenyan71)
- fixes #1000 support both X509Certificate and JsonWebKeySet at the sam… #1001 (stevehu)
- fixes #998 add portalToken to the portal-registry.yml and use the tok… #999 (stevehu)
- fixes #995 #996 (chenyan71)
- fixes #993 add a test case to generate a bootstrap token for service … #994 (stevehu)
- fixes #991 add a status code for the service claim mismatch to the path #992 (stevehu)
- fixes #989 trim the environment variable for config server uri and co… #990 (stevehu)
- Fix the NPEs in Issues 962 and 981 #988 (containerAnalyzer)
- fixes #986 add a new error code for oauth to indicate that the author… #987 (stevehu)
- fixes #984 #985 (chenyan71)
- fixes #982 disable loadConfigs from DefaultConfigLoader #983 (stevehu)
- fixes #979 lazy creation of the jdk11 http client to connect to confi… #980 (stevehu)
- fixes #970 #975 (chenyan71)
- fixes #977 output content of the config files from config server in log #978 (stevehu)
- fixes #973 switch to jdk 11 http client to connect to the config server #974 (stevehu)
- fixes #971 remove the server.config and switch to getServerConfig method #972 (stevehu)
Upgrade Guidelines:
This is a release with some bug fixes and enhancements. It is backward compatible with the 2.0.28 release. For all the changes for the entire platform, please refer to https://trello.com/b/189msq9S/release-schedule