Release notes
Access Decision Service (ADS) features, bug fixes, and known issues by release.
Version 2.2.0
What's new
Attribute Connector JSON and YAML Schema support
ADS now supports Attribute Connector configurations in both JSON and YAML formats, while maintaining compatibility with existing XML configurations. This update also allows support for attribute definitions in ALFA language when JSON or YAML is used for the configuration.
Cache configuration override
Cache configuration override allows you to override the cache configuration in your domain file, including all attribute connectors and individual cache settings. This feature allows you to move an identical domain configuration across different environments.
Fixed issues
Exception when refreshing an unchanged domain
Due to a bug, ADS would previously throw an error during a domain refresh when retrieving a domain from a remote endpoint (such as ADM inside ASM). This issue has been resolved.
Erroneous
ERRORlevel logs on domain pollingAn
ERRORlevel log entry was incorrectly generated every time ADS checked ADM for a new domain version, even when no updates were available. This issue has been fixed.License expiration warning format support
Previously, due to an issue, ADS 2 didn't support
licenseExpirationWarningvalues that used the ADS 1-compatible format. This compatibility issue is now resolved.Security fixes
Several third-party libraries were updated to address the following security vulnerabilities: CVE-2025-41249, CVE-2025-41248, CVE-2025-41242, CVE-2025-48989, CVE-2025-11226, CVE-2025-48924.
Other
Trailing slash in
/authorizeendpointADS 2 rejects requests to endpoints that include a trailing slash, complying with standard Spring and REST practices, unlike ADS 1. To aid in migrating from ADS 1, you can use the
allowTrailingSlashAuthorizeproperty to configure ADS 2 to accept trailing slashes specifically on the/authorizeendpoint.
Version 2.1.1
What's new
Improved Kubernetes deployment
The Kubernetes (K8s) deployment process has been revamped for quicker and easier deployments.
The ADS image is now pulled directly from the Axiomatics ECR container, and it includes the standard Attribute Connectors (SQL, Table, LDAP, HTTP, and Parser) by default. Alternatively, you can build your own image and push it to any registry you prefer.
New license model
ADS 2.1.1 introduces a new licensing model that requires a new license file named
axiomatics_ADS.license.Migration to Spring Boot
ADS 2.1.1 replaces the Dropwizard framework with Spring Boot, introducing a modern architecture, improved configuration management, richer integration options, and enhanced observability features.
Domain configuration in YAML
Domain configuration is now fully based on YAML. XML-based domain files are no longer supported.
Authentication enhancements
Authentication configuration has been revamped, and ADS now supports JWT, OAuth 2, and Basic authentication options.
Metrics and monitoring updates
ADS 2.1.1 now supports Prometheus (pull model) and InfluxDB (push model) for metrics collection while ASM is no longer used as a metrics backend.
Updated logging
Logging has been redesigned in ADS 2.1.1 to use Spring Boot YAML configurations. The setup now supports custom Logback configurations, removing Dropwizard-specific logging options.
New audit logging format
Audit logs are now generated in JSON format, which offers reduced log size, enhanced readability, and improved overall performance for ADS. XML logs are still supported as an alternative.
Attribute Connector versions
When ADS 2.1.1 is deployed with K8s, it includes the following versions of the standard attribute connectors:
- LDAP Attribute Connector 6.3.2
- SQL Attribute Connector 6.3.1
- Table Attribute Connector 7.1.1
- HTTP Attribute Connector 5.4.2
- Parser Attribute Connectors 1.0.3