Release notes
HTTP Attribute Connector features, bug fixes, and known issues by release date.
Version 5.3.0
What's new
Retry handler introduction
A retry handler has been implemented that prompts the HTTP Attribute Connector to retry establishing a connection if the response contains one of the status codes or exceptions specified in the configuration using the
<retryableHttpCode>and<retryableException>elements. For details, see the Connection section.Proactive token refresh
In this version, the HTTP Attribute Connector has gained the ability to schedule a thread to proactively replace the access token before it expires, if the previous access token response contained the
expires_inparameter. For more information, see the Connection section.Token eager fetching option
By default, access tokens are retrieved only after a request is rejected with a
401 Unauthorizedresponse status code. However, the newfetchAuthTokenEagerlyattribute provides the option to fetch the access token in advance, upon startup of the HTTP Attribute Connector. Refer to the Connection section for details.
Fixed issues
Potential server overload due to token request flooding
A new mechanism to regulate token retrieval has been implemented to address the issue of concurrent token requests overwhelming the server when using the OAuth/OIDC client credentials flow.
Version 5.2.0
What's new
NTLM authentication method deprecated
Use of the legacy NTLM authentication protocol is no longer supported by the HTTP Attribute Connector.
Fixed issues
Metrics collection failure
Due to an issue related to the naming of the packages of the dependencies bundled in the Shadowed JAR, metrics collection was being blocked when the Apache HttpClient wasn't under its original namespace. This was resolved by removing the HttpClient from the provided Shadowed JAR.
HTTP connection state tracking
In mTLS configurations, HTTP connection pooling was ineffective resulting in fresh SSL handshakes for each HTTP request made by the attribute connector. This was resolved by introducing HTTP connection state tracking. Read more details in the HTTP connection pooling section.
Version 5.1.1
Fixed issues
Default TLS configuration not used
Due to a bug, the HTTP Attribute Connector wasn't using the default TLS configuration of the system when the
AXIOMATICS_HTTP_PIP_USE_SYSTEM_DEFAULT_TLSparameter was set totrue. This is now fixed.
Version 5.1.0
What's new
HTTP connection pooling
With this release, the HTTP Attribute Connector introduces connection pooling. Connection pooling provides performance benefits by keeping connections open for a predefined period of time and allowing their reusage. For details, see HTTP connection pooling.
Version 5.0.2
Fixed issues
Failure to send POST requests with payloads
Due to a bug, the HTTP Attribute Connector was unable to send POST requests with a payload to the endpoint listed in the Connection section. This is now fixed.
Version 5.0.1
Fixed issues
No timeout limit on Token Provider connections
Previously, connection attempts to unreachable Token Services had no timeout limits, leading to unnecessary server-side resources being allocated. This has been fixed by assigning the same timeout limit as for HTTP connections to Policy Information Points (PIP) which is controlled by the
AXIOMATICS_HTTP_AC_HTTP_TIMEOUT_SECONDSproperty. Click here for details.
Version 5.0.0
What's new
New versioning system
With this release, HTTP Attribute Connector is switching over to a new versioning system that uses the following scheme:
<major_version>.<minor_version>.<patch>Support for disabling the verification of server side TLS certificates
Added a switch
insecureto the connection configuration to support disabling the verification of server side TLS certificates when using a secure connection (HTTPS). This switch is intended to be used for development and troubleshooting only. The default behavior is to always verify certificates.OAuth2/OpenID Connect support
Added support for OAuth2/OpenID Connect authentication, including automatic access token retrieval from an identity provider.
Extended authentication settings
Extended authentication settings to support Bearer token authentication and Basic Authentication without having to manually specify HTTP headers.
Easier deployment
With this release, the HTTP Attribute Connector is offered as a Shadowed JAR which is a single JAR file that contains both the application code and all of its dependencies. This change simplifies and expedites the deployment of the attribute connector.
Fixed issues
Log4j dependency removed
Previously, Log4j was being used internally for logging, instead of SLF4. This has been fixed and the connector does not depend, directly or transitively, on Log4j.
March 2022
Fixed issues
Null pointer exception fix
Fixed null pointer exception when remote HTTP service returned
HTTP 204 No contentand the body was empty.
November 2021
Fixed issues
XXE vulnerabilities
Fixed XXE vulnerabilities in HTTP and Parser attribute connector.
May 2021
What's new
Enriched DEBUG logs
Adding more information on DEBUG logs. DEBUG logs may include sensitive information, such as passwords.
November 2020
What's new
Configuration element improvement
Ability to add
detailedException="true"to the Configuration element, which will print HTTP request and response in exception.
October 2020
What's new
Documentation updates
Documentation updates related to the
@escapeinstruction.
April 2020
What's new
Documentation updates
Various documentation updates.
Fixed issues
Bug fixes
Various bug fixes.
March 2020
What's new
Mutual TLS support
Added support for mutual TLS by specifying custom truststore and keystore.
December 2019
What's new
HTTP codes availability
Ability to provide accepted and ignored HTTP codes in the processing of a response.