forked from jbufu/openid4java
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGELOG
156 lines (110 loc) · 5.09 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
.... OpenID4Java Library - CHANGELOG
========================================================================
This document highlights the major changes in the OpenID4Java library.
Please see the TODO file for outstanding items.
For the detailed logs please see the commit comments at:
- http://code.google.com/p/openid4java
20150208:
Security bug fix for URL identifiers comparison - use custom, proper implementation instead of relying on java.net.URL.
20130513:
Notable changes:
Updated API documentation for private/shared association stores.
Add flag and check that shared associations are not accepted as private in direct verification requests.
Don't mandate that a separate userSetupUrl must be provided to the ServerManager, fall-back to the OP endpoint URL.
Shuffled ServerManager.authResponse processing to only raise (some) errors when they affect the response.
Allow specifying a preferred alias when adding an extension.
20120115:
Notable changes:
Fixed XML external entity injection vulnerability when parsing discovery data.
Fixed maven2 dependency declarations for easy inclusion in maven projects.
HttpClient dependency upgraded to 4.2.2.
Google Guice dependency updated to use the current com.google.inject id.
Configurable consumer nonces.
Default HttpCache limited to 1 minute.
Fixed Attribute Exchange handling of unlimited count request.
Fixed JdbcNonceVerifier database cleanup.
Fixed handling of declared preferred association types.
Fixed handling of PAPE custom auth level.
Plus a few minor bugs.
20110413:
Notable changes since the previous release:
HttpClient upgraded to 4.0.
HttpClient is injectable, making Google AppEngine deployments possible.
HttpCache supports configurable TTL.
Attribute Exchange extension parameters are required to be signed.
Java 1.5 for source and distributed bytecode.
And a handful of bug fixes.
20090614:
A number of related specifications have been finalized since the previous
official release in November 2007, and are supported by OpenID4Java:
* OpenID Authentication 2.0
* Attribute Exchange 1.0
* PAPE 1.0
* Java 1.5 binaries are now released; source still compilable with Java 1.4
Under the hood:
* internal XRDS parsing to ensure correct identity data is discovered
* discovery code has been revised to be more robust
* discovery HTTP requests are transparently cached for increased performance
* a minimal set of library dependencies are packaged with the official release
* alternative packages are released with optional / extra functionality
* proxy XRI resolver delegating to the service provided by XRI.net
* local XRI resolver updated to use the latest openXRI 1.2.0 library
* JDBC implementations for nonces and associations stores
20071113:
- Renamed AuthSuccess.setSignExtension() to AuthSuccess.addSignExtension()
to better reflect the operation performed.
20071025:
- Documented Relying Party Discovery requirements;
see INSTALL : Relying Party Discovery section
20070913:
- Improved error reporting and message validation.
20070907:
- Draft 12 compliant
- Implemented identifier recycling
- Implemented return URL validation against endpoints
discovered from the RP's realm
20070905:
- Updated to OpenID Attribute Exchange draft 7
20070821:
- Added support for OpenID Information Cards 1.0, draft 1
- Added (OpenID-Infocard) DemoRP and InfocardOP sample/demo projects
20070626:
- Implemented OpenID Provider Authentication Policy Extension 1.0, draft 1
http://openid.net/specs/openid-provider-authentication-policy-extension-1_0-01.html
20070530:
- API change in SRegResponse: method public SRegResponse createFetchResponse(SRegRequest req, Map userData) throws MessageException
replaced with factory method public static SRegResponse createSRegResponse(SRegRequest req, Map userData) throws MessageException
20070407:
- Implemented OpenID Simple Registration 1.0 and 1.1
20070403:
- Added deployable JSP-only Relying Party and OpenID Provider
20070321:
- Added forward-proxy support for consumers.
20070304:
- Added logging.
20070212:
- Message.getDestinationUrl() replaces the following:
AuthRequest.getRedirectUrl()
AuthSuccess.getRedirectUrl()
IndirectError.getReturnTo()
20070208:
- supports OpenID Attribute Exchange draft 4
20070115:
- supports OpenID Authentication 2.0 draft 11
20061203: First public release, version 0.9.1.x
- supports OpenID Authentication 2.0, draft 10:
http://openid.net/specs/openid-authentication-2_0-10.html
- supports OpenID Attribute Exhcange 1.0, draft 3
- (few outstanding spec issues remain)
========================================================================
Copyright 2006-2008 Sxip Identity Corporation
Project home page and package distribution:
=> http://code.google.com/p/openid4java
=> http://code.google.com/p/openid4java/downloads/
For support, please visit the wiki and join the Google Groups!
=> http://groups.google.com/group/openid4java/
=> http://code.google.com/p/openid4java/w/
OpenID
=> http://openid.net/
Released under the Apache License 2.0
=> see LICENSE