Release notes
HTTP Attribute Connector features, bug fixes, and known issues by release date.
Version 5.1.1
Fixed issues
- Default TLS configuration not used
Due to a bug, the HTTP Attribute Connector wasn't using the default TLS configuration of the system when the
AXIOMATICS_HTTP_PIP_USE_SYSTEM_DEFAULT_TLS
parameter was set totrue
. This is now fixed.
Version 5.1.0
What's new
HTTP connection pooling
With this release, the HTTP Attribute Connector introduces connection pooling. Connection pooling provides performance benefits by keeping connections open for a predefined period of time and allowing their reusage. For details, see HTTP connection pooling.
Version 5.0.2
Fixed issues
Failure to send POST requests with payloads
Due to a bug, the HTTP Attribute Connector was unable to send POST requests with a payload to the endpoint listed in the Connection section. This is now fixed.
Version 5.0.1
Fixed issues
No timeout limit on Token Provider connections
Previously, connection attempts to unreachable Token Services had no timeout limits, leading to unnecessary server-side resources being allocated. This has been fixed by assigning the same timeout limit as for HTTP connections to Policy Information Points (PIP) which is controlled by the
AXIOMATICS_HTTP_AC_HTTP_TIMEOUT_SECONDS
property. Click here for details.
Version 5.0.0
What's new
New versioning system
With this release, HTTP Attribute Connector is switching over to a new versioning system that uses the following scheme:
<major_version>.<minor_version>.<patch>
Support for disabling the verification of server side TLS certificates
Added a switch
insecure
to the connection configuration to support disabling the verification of server side TLS certificates when using a secure connection (HTTPS). This switch is intended to be used for development and troubleshooting only. The default behavior is to always verify certificates.OAuth2/OpenID Connect support
Added support for OAuth2/OpenID Connect authentication, including automatic access token retrieval from an identity provider.
Extended authentication settings
Extended authentication settings to support Bearer token authentication and Basic Authentication without having to manually specify HTTP headers.
Easier deployment
With this release, the HTTP Attribute Connector is offered as a Shadowed JAR which is a single JAR file that contains both the application code and all of its dependencies. This change simplifies and expedites the deployment of the attribute connector.
Fixed issues
Log4j dependency removed
Previously, Log4j was being used internally for logging, instead of SLF4. This has been fixed and the connector does not depend, directly or transitively, on Log4j.
March 2022
Fixed issues
Null pointer exception fix
Fixed null pointer exception when remote HTTP service returned
HTTP 204 No content
and the body was empty.
November 2021
Fixed issues
XXE vulnerabilities
Fixed XXE vulnerabilities in HTTP and Parser attribute connector.
May 2021
What's new
Enriched DEBUG logs
Adding more information on DEBUG logs. DEBUG logs may include sensitive information, such as passwords.
November 2020
What's new
Configuration element improvement
Ability to add
detailedException="true"
to the Configuration element, which will print HTTP request and response in exception.
October 2020
What's new
Documentation updates
Documentation updates related to the
@escape
instruction.
April 2020
What's new
Documentation updates
Various documentation updates.
Fixed issues
Bug fixes
Various bug fixes.
March 2020
What's new
Mutual TLS support
Added support for mutual TLS by specifying custom truststore and keystore.
December 2019
What's new
HTTP codes availability
Ability to provide accepted and ignored HTTP codes in the processing of a response.