Skip to main content

The most recent patch for this version is 5.0.2.  Learn more  

Version: 5.0

Release notes

HTTP Attribute Connector features, bug fixes, and known issues by release date.

Version 5.0.2

Fixed issues

  • Failure to send POST requests with payloads

    Due to a bug, the HTTP Attribute Connector was unable to send POST requests with a payload to the endpoint listed in the Connection section. This is now fixed.

Version 5.0.1

Fixed issues

  • No timeout limit on Token Provider connections

    Previously, connection attempts to unreachable Token Services had no timeout limits, leading to unnecessary server-side resources being allocated. This has been fixed by assigning the same timeout limit as for HTTP connections to Policy Information Points (PIP) which is controlled by the AXIOMATICS_HTTP_AC_HTTP_TIMEOUT_SECONDS property. Click here for details.

Version 5.0.0

What's new

  • New versioning system

    With this release, HTTP Attribute Connector is switching over to a new versioning system that uses the following scheme: <major_version>.<minor_version>.<patch>

  • Support for disabling the verification of server side TLS certificates

    Added a switch insecure to the connection configuration to support disabling the verification of server side TLS certificates when using a secure connection (HTTPS). This switch is intended to be used for development and troubleshooting only. The default behavior is to always verify certificates.

  • OAuth2/OpenID Connect support

    Added support for OAuth2/OpenID Connect authentication, including automatic access token retrieval from an identity provider.

  • Extended authentication settings

    Extended authentication settings to support Bearer token authentication and Basic Authentication without having to manually specify HTTP headers.

  • Easier deployment

    With this release, the HTTP Attribute Connector is offered as a Shadowed JAR which is a single JAR file that contains both the application code and all of its dependencies. This change simplifies and expedites the deployment of the attribute connector.

Fixed issues

  • Log4j dependency removed

    Previously, Log4j was being used internally for logging, instead of SLF4. This has been fixed and the connector does not depend, directly or transitively, on Log4j.


March 2022

Fixed issues

  • Null pointer exception fix

    Fixed null pointer exception when remote HTTP service returned HTTP 204 No content and the body was empty.


November 2021

Fixed issues

  • XXE vulnerabilities

    Fixed XXE vulnerabilities in HTTP and Parser attribute connector.


May 2021

What's new

  • Enriched DEBUG logs

    Adding more information on DEBUG logs. DEBUG logs may include sensitive information, such as passwords.


November 2020

What's new

  • Configuration element improvement

    Ability to add detailedException="true" to the Configuration element, which will print HTTP request and response in exception.


October 2020

What's new

  • Documentation updates

    Documentation updates related to the @escape instruction.


April 2020

What's new

  • Documentation updates

    Various documentation updates.

Fixed issues

  • Bug fixes

    Various bug fixes.


March 2020

What's new

  • Mutual TLS support

    Added support for mutual TLS by specifying custom truststore and keystore.


December 2019

What's new

  • HTTP codes availability

    Ability to provide accepted and ignored HTTP codes in the processing of a response.