Skip to main content
Version: 5.3

Release notes

HTTP Attribute Connector features, bug fixes, and known issues by release date.

Version 5.3.0

What's new

  • Retry handler introduction

    A retry handler has been implemented that prompts the HTTP Attribute Connector to retry establishing a connection if the response contains one of the status codes or exceptions specified in the configuration using the <retryableHttpCode> and <retryableException> elements. For details, see the Connection section.

  • Proactive token refresh

    In this version, the HTTP Attribute Connector has gained the ability to schedule a thread to proactively replace the access token before it expires, if the previous access token response contained the expires_in parameter. For more information, see the Connection section.

  • Token eager fetching option

    By default, access tokens are retrieved only after a request is rejected with a 401 Unauthorized response status code. However, the new fetchAuthTokenEagerly attribute provides the option to fetch the access token in advance, upon startup of the HTTP Attribute Connector. Refer to the Connection section for details.

Fixed issues

  • Potential server overload due to token request flooding

    A new mechanism to regulate token retrieval has been implemented to address the issue of concurrent token requests overwhelming the server when using the OAuth/OIDC client credentials flow.

Version 5.2.0

What's new

  • NTLM authentication method deprecated

    Use of the legacy NTLM authentication protocol is no longer supported by the HTTP Attribute Connector.

Fixed issues

  • Metrics collection failure

    Due to an issue related to the naming of the packages of the dependencies bundled in the Shadowed JAR, metrics collection was being blocked when the Apache HttpClient wasn't under its original namespace. This was resolved by removing the HttpClient from the provided Shadowed JAR.

  • HTTP connection state tracking

    In mTLS configurations, HTTP connection pooling was ineffective resulting in fresh SSL handshakes for each HTTP request made by the attribute connector. This was resolved by introducing HTTP connection state tracking. Read more details in the HTTP connection pooling section.

Version 5.1.1

Fixed issues

  • Default TLS configuration not used

    Due to a bug, the HTTP Attribute Connector wasn't using the default TLS configuration of the system when the AXIOMATICS_HTTP_PIP_USE_SYSTEM_DEFAULT_TLS parameter was set to true. This is now fixed.

Version 5.1.0

What's new

  • HTTP connection pooling

    With this release, the HTTP Attribute Connector introduces connection pooling. Connection pooling provides performance benefits by keeping connections open for a predefined period of time and allowing their reusage. For details, see HTTP connection pooling.

Version 5.0.2

Fixed issues

  • Failure to send POST requests with payloads

    Due to a bug, the HTTP Attribute Connector was unable to send POST requests with a payload to the endpoint listed in the Connection section. This is now fixed.

Version 5.0.1

Fixed issues

  • No timeout limit on Token Provider connections

    Previously, connection attempts to unreachable Token Services had no timeout limits, leading to unnecessary server-side resources being allocated. This has been fixed by assigning the same timeout limit as for HTTP connections to Policy Information Points (PIP) which is controlled by the AXIOMATICS_HTTP_AC_HTTP_TIMEOUT_SECONDS property. Click here for details.

Version 5.0.0

What's new

  • New versioning system

    With this release, HTTP Attribute Connector is switching over to a new versioning system that uses the following scheme: <major_version>.<minor_version>.<patch>

  • Support for disabling the verification of server side TLS certificates

    Added a switch insecure to the connection configuration to support disabling the verification of server side TLS certificates when using a secure connection (HTTPS). This switch is intended to be used for development and troubleshooting only. The default behavior is to always verify certificates.

  • OAuth2/OpenID Connect support

    Added support for OAuth2/OpenID Connect authentication, including automatic access token retrieval from an identity provider.

  • Extended authentication settings

    Extended authentication settings to support Bearer token authentication and Basic Authentication without having to manually specify HTTP headers.

  • Easier deployment

    With this release, the HTTP Attribute Connector is offered as a Shadowed JAR which is a single JAR file that contains both the application code and all of its dependencies. This change simplifies and expedites the deployment of the attribute connector.

Fixed issues

  • Log4j dependency removed

    Previously, Log4j was being used internally for logging, instead of SLF4. This has been fixed and the connector does not depend, directly or transitively, on Log4j.


March 2022

Fixed issues

  • Null pointer exception fix

    Fixed null pointer exception when remote HTTP service returned HTTP 204 No content and the body was empty.


November 2021

Fixed issues

  • XXE vulnerabilities

    Fixed XXE vulnerabilities in HTTP and Parser attribute connector.


May 2021

What's new

  • Enriched DEBUG logs

    Adding more information on DEBUG logs. DEBUG logs may include sensitive information, such as passwords.


November 2020

What's new

  • Configuration element improvement

    Ability to add detailedException="true" to the Configuration element, which will print HTTP request and response in exception.


October 2020

What's new

  • Documentation updates

    Documentation updates related to the @escape instruction.


April 2020

What's new

  • Documentation updates

    Various documentation updates.

Fixed issues

  • Bug fixes

    Various bug fixes.


March 2020

What's new

  • Mutual TLS support

    Added support for mutual TLS by specifying custom truststore and keystore.


December 2019

What's new

  • HTTP codes availability

    Ability to provide accepted and ignored HTTP codes in the processing of a response.