Releases: BandwidthOnDemand/nsi-dds
v1.4.0
7d2c92d
hanstrompert
Hans Trompert
What's Changed
- add GitHub workflow to build container
- fix ca-to-truststore init container
- add ca-to-truststore init container to Helm chart
- fix default values.yaml
- extended Helm config support + better cache PVC naming
- add certificate template
- comment out default ingress annotations
- add ingress class name to ingress spec
- modernize chart ingress
- add inline data to configmap
- Added INFO level log to track access to API.
- Fixed mistake in file pattern.
- Cleaning up logging configuration for production deployment.
- Added a command line DEBUG_OPS variable to Dockerfile.
- Removed docker healthcheck.
- Fixed docker compose configuration and some logging.
- Connected OpenNSA test topology.
- Expanded the docker compose test configuration.
- Added health endpoint
- Adding documentation.
- Added additional AKKA agent logging and created a two dds test environment.
- Migrated from Log4J to Slf4J to line up with AKKA implementation.
- Needed to copy over the lib directory holding dependencies.
Full Changelog: v1.3.0...v1.4.0
v1.3.0
What's Changed
- Changed release tags to 1.3.0 and adjusted scipts appropriately.
- Note there are two new log configuration files to configure output of AKKA agents. This runs in parallel to the Log4J output.
- Changed from onejar to a better packaging solution to avoid class conflicts.
- Removed LDAP JNDI configuration after testing.
- Trying to remove JNDI exception that shows up in focker container.
- Merge pull request #19 from BandwidthOnDemand/Fix-illegal-JVM-access
- Fixed VM access issue, GnuParser deprication, and added logback for AKKA debug logging.
- Merge pull request #15 from BandwidthOnDemand/dependabot/maven/org.springframework-spring-beans-5.3.18
- Bump spring-beans from 5.3.6 to 5.3.18
- Fixed junit test invocation in pom.xml that seems to have broken sometime recently.
- Bump spring-beans from 5.3.6 to 5.3.18
- Added /, /ping, and /error URLs to the access control enforcement.
- Fixed a test case needing a unique tmp file name.
Full Changelog: v1.1.2...v1.3.0
New and improved SSL/TLS configuration
This release contains:
- Restructured initialization and handling of the SSL/TLS context within the server.
Important to note that the dds.xml configuration schema has changed. The <secure/> element specifying the key and trust stores is no longer a child of <server/> and <client/> but a stand alone element specifying the single configuration for the SSLContext.
For example:
<server address="example.net" port="8401" packageName="net.es.nsi.dds" secure="true">
<static>
<path>src/test/resources/config/www</path>
<relative>/www</relative>
</static>
</server>
<client maxConnPerRoute="10" maxConnTotal="60" secure="true" />
<!-- Set production="true" if host and certificate validation should be enforced. -->
<secure production="true">
<keyStore type="JKS">
<file>config/keystore.jks</file>
<password>changeit</password>
</keyStore>
<trustStore type="JKS">
<file>config/truststore.jks</file>
<password>changeit</password>
</trustStore>
</secure>
The secure="true" attribute in each of <server/> and <client/> now identify if they should use https or not.
Additional Log4J security fixes.
This release includes:
- pom.xml file changes to update log4j to >= 2.16.0.
Security fixes.
This release contains:
- Security updates to published vulnerabilities;
- The ability to write the process pid to a file specified on the command line (-pidFile) for those doing a double fork on startup.
Enhanced Java and Docker support
This tagged release accumulates a series of care and feeding updates:
1. Support for Java 1.8 through Java 15 including ports from javax to Jakarta framework.
2. Updating of dependencies to more recent versions.
3. Port from the SL4J/Log4j to Log4J2 framework for logging.
4. Expanded capability for the internal authorization mechanism based on X.509 certificate DNs (this is still not 100% complete).
5. Docker & Helm support.
Enjoy!