Codebase list wss4j / upstream/1.5.8+svntag ChangeLog.txt
upstream/1.5.8+svntag

Tree @upstream/1.5.8+svntag (Download .tar.gz)

ChangeLog.txt @upstream/1.5.8+svntagraw · history · blame 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
This file contains a listing of all Jira tickets that have been closed
for a given release.  

Portions of this report were generated using the ReleaseNotes facility
in Jira.

Release 1.5.8
=============

** Bug

    * [WSS-147] - WCF interop issue: Security header ordering constraint
    * [WSS-176] - Problem with WSSecurityUtil.prependChildElement and JBossWS
    * [WSS-178] - signature verification failure of signed saml token due to The Reference for URI (bst-saml-uri) has no XMLSignatureInput
    * [WSS-182] - Encryption with symmetric key with encryptSymmKey set to false generates invalid xml without xenc defined
    * [WSS-196] - STRTransform not compatible with Sun's SAAJ implementation
    * [WSS-198] - Problem when body is signed and then an XPath is encrypted
    * [WSS-201] - Some of the processors use the wrong Crypto implementation

** Improvement

    * [WSS-131] - no support for extension of SecurityHeader
    * [WSS-158] - Upgrade to BouncyCastle 1.43
    * [WSS-177] - Allow encryption using a symmetric key and EncryptedKeySHA1
    * [WSS-179] - Allow signature using a symmetric key and EncryptedKeySHA1
    * [WSS-195] - More detailed exception thrown from CryptoBase.getPrivateKey()
    * [WSS-199] - Add support for WCF non-standard Username Tokens
    * [WSS-202] - Upgrade to XML Security 1.4.3.

** New Feature

    * [WSS-194] - Support overriding KeyStore alias for signature so that it can be different than user name used for UsernameToken


Release 1.5.7
=============

** Bug

    * [WSS-90] - SamlUtil.java throws XMLSecurityException when SAML SubjectConfirmation element doesn't have KeyInfo child
    * [WSS-99] - JCE provider ordering on solaris
    * [WSS-117] - WSS4J does not supports KeyIdentifiers to reference SAML tokens but this is allowed by the WSS specification. Integration tesitng with owsm failed.
    * [WSS-136] - POM files needed in Maven repository for OpenSAML, WSS4J, and XML Security

** Improvement

    * [WSS-84] - Make the use of the VM-wide keystore (lib/security/cacerts) optional
    * [WSS-169] - Add an EncodingType attribute for a UsernameToken nonce
    * [WSS-170] - SignatureAction does not set DigestAlgorithm on WSSecSignature instance

** Test

    * [WSS-172] - Test encrypted headers


Release 1.5.6
=============

** Bug

    * [WSS-105] - Make WSS4J compliant with X.509 1.1 specification
    * [WSS-162] - With SecureConv tokens, URI reference processing can strip off first char of ID....
    * [WSS-163] - No way to set SC ValueType attribute for references in WSSecEncrypt
    * [WSS-164] - Related to WSS-162, there isn't anyway to create a direct Reference based on identifier
    * [WSS-165] - Problems verifying trusted certs if provider not specified in properties
    * [WSS-168] - Verification/Decryption failure with a DN String from a different provider

** Improvement

    * [WSS-143] - Better management of namespace declarations....
    * [WSS-157] - Remove spurious calls to MessageDigest.reset()
    * [WSS-160] - Add AccessController.doPrivileged blocks to the Loader
    * [WSS-161] - Add JAX-WS handler support
    * [WSS-166] - Refactor unit tests
    * [WSS-167] - Apply PMD to source tree

** New Feature

    * [WSS-156] - Add support for RSAKeyValue tokens/signatures (needed for WS-SecurityPolicy KeyValueToken)


Release 1.5.5
=============

** Bug

    * [WSS-42] - java.lang.NoClassDefFoundError: org/apache/xml/security/encryption/XMLEncryptionException
    * [WSS-60] - Problems when SOAP envelope namespace prefix is null
    * [WSS-62] - the crypto file not being retrieved in the doReceiverAction method for the Saml Signed Token
    * [WSS-86] - CryptoBase.splitAndTrim does not take into account the format of a DN constructed by different providers
    * [WSS-87] - CryptoBase.getAliasForX509Cert(String, BigInteger) fails when issuer string contains OIDs
    * [WSS-94] - Security Breach : The client certificate signature is not verified if the serial number is known in the keystore
    * [WSS-111] - Some work on UsernameToken derived keys
    * [WSS-121] - Bug in default value for SAML issuer class property
    * [WSS-126] - SignatureProcessor:verifyXMLSignature method - Crypto object can have null values in the following scenario but it throws an Exception if the Crypto object is null
    * [WSS-127] - No way of signing with UsernameToken without sending the password
    * [WSS-129] - Couple places where "cause" of WSSecurityException not set
    * [WSS-133] - Method and variable misspellings fixed
    * [WSS-140] - WSSecEncryptedKey produces EncryptedKey element with invalid Id attribute
    * [WSS-141] - handleUsernameToken gives too much information. Can be used to deternine if a username exists or not
    * [WSS-142] - We ship opensaml 1.0.1 even though we use opensaml 1.1 in maven
    * [WSS-149] - AbstractCrypto requires org.apache.ws.security.crypto.merlin.file to be set and point to an existing file
    * [WSS-151] - Password type in UsernameToken not deserialized correctly
    * [WSS-152] - Problem with processing Username Tokens with no password type
    * [WSS-153] - Signature confirmation of multiple signatures doesn't work

** Improvement

    * [WSS-79] - Compatibility issue with weblogic wsse
    * [WSS-85] - Better exception handling in the crypto (e.g. no e.printStackTrace())
    * [WSS-110] - Add OSGi entries to jar manifest.
    * [WSS-118] - Support for SAML 1.1 SecurityTokenReferences in /org/apache/ws/security/processor/DerivedKeyTokenProcessor
    * [WSS-122] - Some fixes for the website
    * [WSS-123] - 1.5.4 requires opensaml jar, older versions did not
    * [WSS-125] - Upgrade BouncyCastle version
    * [WSS-128] - Use xml-sec 1.4.1 version
    * [WSS-135] - Fix for minor checkstyle issues
    * [WSS-137] - "Unexpected number of X509Data: for Signature" error doesn't make sense.
    * [WSS-138] - Add Nabble to site mailing list page
    * [WSS-145] - Problem in upgrading to xml-sec 1.4.2
    * [WSS-150] - Upgrade to XALAN 2.7.1
    * [WSS-154] - Allow WSSConfig injection in WSHandler and improve WSSConfig for injection of Processors instances

** New Feature

    * [WSS-23] - no way to programmatically set crypto.properties

** Task

    * [WSS-124] - Get maven dependencies pushed to central
    * [WSS-132] - TestWSSecurityX509v1 failing
    * [WSS-144] - Remove tab characters from WSS4J files

** Wish

    * [WSS-75] - remove dependency on xalan because it gets in the way of trax resolution
    * [WSS-91] - carriage return/line feed in the security header


Release 1.5.4
=============

** Bug
    * [WSS-51] - Incorrect test for null in WSHandler
    * [WSS-52] - ArrayIndexOutOfBoundsException if certs.length > 1
    * [WSS-54] - UsernameTokenProcessor not processing unhashed UsernameToken
    * [WSS-56] - WSS4j statically inserts Bouncycastle and Juice in list of JCE providers
    * [WSS-66] - Possible security hole when PasswordDigest is used by client.
    * [WSS-68] - No way to create a UsernameToken with absent <Password> element
    * [WSS-70] - WSHandler checkReceiverResults causes security problem
    * [WSS-82] - Add the ability to use a custom-loaded JCE provider instance instead of using the system-provided one
    * [WSS-89] - Error in verifying the signature with encrypted key
    * [WSS-93] - xmlsec NPE on Reference URI and ValueType attributes
    * [WSS-95] - Missing NOTICE file in WSS4J release
    * [WSS-96] - Error when making a signature when containing a WSSecTimestamp
    * [WSS-97] - Merlin passes invalid OID to getExtensionValue
    * [WSS-100] - Bug in wsse11 element creation
    * [WSS-101] - Bug in Encrypted SOAP Header creation
    * [WSS-103] - BinarySecurityToken processor does not allow for custom token types
    * [WSS-105] - Make WSS4J compliant with X.509 1.1 specification
    * [WSS-106] - Certs are expired in wss4j.keystore
    * [WSS-108] - Some work on KeyIdentifiers
    * [WSS-109] - Review of error handling messages
    * [WSS-112] - DerivedKeyProcessor is overwritten if more derivedkeys are present in a Soap Message.
    * [WSS-113] - Bug in WSHandler#getPassword
    * [WSS-114] - Some test reports are deleted by intermediate tasks in the ant build
    * [WSS-116] - EncryptedKeyProcessor fails to record QName of decrypted element
    * [WSS-119] - Error in Singature Processor 

** Improvement
    * [WSS-37] - Make it easier to set key-stores programmatically
    * [WSS-38] - Make it easier to set key-stores programmatically
    * [WSS-74] - Allow Actions and Processors to be customizable
    * [WSS-80] - Doc fixes to main WSS4J page
    * [WSS-88] - SecureRandom.getInstance("SHA1PRNG") is slow on IBM JDK 1.4.2 (And perhaps others)
    * [WSS-92] - Support for Encrypted Header 
    * [WSS-104] - Reference List processor should provide more information
    * [WSS-107] - X509NameTokenizer.java contains Bouncy Castle JCE copyright code


Version prior to 1.5.4
======================

no record