Release notes
Axiomatics Policy DevOps (APD) features, bug fixes, and known issues by release.
Version 26.1.6
What's new
Dictionary generation tasks
In ADS 26.x, the ADS and CAQ services are merged into one single service. Consequently, both the YAML and the ALFA dictionary must contain all attributes. To facilitate this, dictionary generation tasks have been added to convert and generate the different dictionaries:
Task Description generateAlfaDictionaryFromYamlGenerates the ALFA attribute dictionary (.alfa) from the YAML attribute definition file. generateJavaDictionaryFromYamlGenerates the Java attribute Dictionary class from the YAML attribute definition file. generateYamlDictionaryFromAlfaGenerates the YAML attribute dictionary from the ALFA attribute specification file. Updated dependencies
Name New version Axiomatics Decision Service 26.1.4 Axiomatics Attribute Connectors 1.0.2
Improvements
Environment variable consolidation with
createEnvFileAPD projects contain multiple environment variables spread across various files within the project. To simplify variable tracking for a deployment, a new Gradle task called
createEnvFilecollects all environment variables and writes them tobuild/.env.generated(with additional information provided inbuild/.evn.generated.info). These two environment files are also written to thebuild/install/deploymentdirectory when running thestageDeploymenttask.HTTP Attribute connector update The HTTP Attribute Connector now includes a
msGraphApiEscapeconfiguration property to better support the Microsoft Graph API. Read more here.
Fixed issues
Environment variable substitution in JSON configuration for Attribute connectors
Resolved an issue where environment variables were not correctly substituted within the JSON configuration for Attribute connectors.
ADS startup failures with remote domains
Fixed an issue where an incomplete
deployment.yamlfile was generated when a remote domain was defined in therepositories { }section, causing ADS to fail to start.
Version 26.1.4
What's new
Access Decision Service (ADS) 26.1.1 upgrade
This update provides the latest version of ADS, including its bundled standard attribute connectors. For more information, read the ADS Release notes section.
Version 26.1.2
APD 1.x has been renamed to APD 26.1 to align with our new versioning strategy, which introduces annual major releases for our products. APD 26.1 is a fully backwards-compatible continuation of APD 1.1, incorporating bug fixes and new features. Upgrading from APD 1.1 is straightforward: upgrade effort is minimal and no migration effort is required.
Improvements
YAML support for default attribute connectors
APD now supports configuring Axiomatics' default attribute connectors with YAML instead of XML. While the legacy XML format remains supported, we recommend switching to YAML for easier configuration. This update aligns APD with Authorization Domain format version 2.1. Read the Attribute Connectors documentation for details.
Fixed issues
Visual tracing: resolved rendering bug for policy references
Previously, the Visual tracing output rendered incorrectly when policy references were combined with the
onPermitApplySecondcombining algorithm. This issue has been resolved.
Deprecations
ADS 1 tasks: Tasks related to ADS 1 are deprecated and will be removed in a future release. We recommend upgrading your deployment to ADS 26 or later.
JUnit 4 support: Support for JUnit 4 tests is deprecated and will be removed in a future release. Please update your tests to JUnit 5.
Version 1.1.1
Improvements
- Improved graph hash algorithm The internal graph hash algorithm has been improved to minimize hash collisions when generating evaluation trace graph.
Fixed issues
APD is now conforming to XACML JSON 1.1 Request specification
Previously, APD was serializing attribute values as a single object instead of an array of objects when processing JSON requests. This was fixed to comply with the XACML JSON 1.1 Request specification, improving interoperability with compliant clients.
Missing IDs in obligation and advice assertions
Due to a bug, obligation and advice assertions weren't able to target specific advice and obligation identifiers. This is fixed and the results now include the appropriate IDs, enabling accurate validation and troubleshooting of policy decisions.
Version 1.1.0
What's new
New product name: Axiomatics Policy DevOps (APD)
The Policy Testing Framework (PTF) has been renamed to Axiomatics Policy DevOps (APD). This change reflects the product’s expanded scope, which includes policy authoring, validation, tracing, and integration into DevOps workflows. The same core functionality is offered, along with several additional features introduced in this new release.
Access Decision Service (ADS) 2 support
APD now supports running ADS 2 locally, while ADS 1 is still supported. For details, read the Gradle tasks and dependency configurations section.
Visual tracing feature
Visual tracing is out of beta and now generally available. Learn more about this feature in the Visual tracing section.
Tracing supports Extended Indeterminate
APD traces now display the potential effect values that would have resulted if an error had not caused an
Indeterminaterule value, aligning with the XACML 3.0 specification.Constant attribute connector decommission
The Constant attribute connector (Constant PIP) has been decommissioned and is now replaced by the Parser attribute connector (Parser PIP).
Updated dependencies
Name New version Access Decision Service (ADS) 2.2.0 Table attribute connector 7.2.0 SQL attribute connector 6.4.0 LDAP attribute connector 6.4.0 HTTP attribute connector 5.5.0
Improvements
Documentation rework
The Axiomatics Policy DevOps (APD) documentation has been reworked to provide better structure, searchability, and readability for an improved user experience.
Performance improvements
This release speeds up build and testing times. The system now runs independent tasks, like ALFA compilation and PDP setup, concurrently. ALFA compilation is faster, utilizing in-memory processing to reduce I/O and better leveraging Gradle's caching to eliminate redundant work.
Seamless offline installation APD is now distributed as a self-contained fat JAR, enabling seamless offline installation without external dependencies.
Fixed issues
Security fixes
Several third-party libraries were updated to address the following security vulnerabilities: CVE-2025-48924, CVE-2020-29582.
pushToAdmtask failureWe have increased the limit for the YAML object mapper to prevent the
pushToAdmtask from failing when processing large domain files.
Known issues
New domain format limitations
APD does not yet support the following new domain features:
JSON configuration for Axiomatics attribute connectors:
Workaround - Continue using the XML configuration format for these connectors.
ALFA names in attribute connector metadata:
Workaround - Use the attribute ID instead of ALFA names in the attribute connector metadata.
Cache override in attribute connector metadata:
Workaround - Don't utilize the cache override feature in the connector metadata.
Version 1.0.42
Fixed issues
Detailed "Duplicate key" exception logs
Added debug information to logs when an internal "Duplicate key" exception occurs.
Version 1.0.41
Fixed issues
Visual tracing fix
Corrected handling of the
mapfunction in Visual tracing.
Version 1.0.40
What's new
Visual tracing
Introduced beta preview of the new feature Visual tracing.
Version 1.0.33
What's new
Updated dependencies
Name Old version New version Table attribute connector 7.0.1 7.1.0 SQL attribute connector 6.2.3 6.3.0 JUnit 5 5.11.0-M 5.11.2 com.fasterxml.jackson.core2.15.3 2.17.1
Version 1.0.31
What's new
Updated dependencies
Name Old version New version io-commons2.11.0 2.17.0
Version 1.0.30
What's new
Test execution trace logging
After test execution, the resulting JSON request and response is stored in the
build/trace/directory.
Version 1.0.29
Improvements
Error message improvements
Improved error messages when tests not run using Gradle.
Version 1.0.28
What's new
Updated dependencies
Name Old version New version Access Decision Service (ADS) 1.15.1 1.16.0
Improvements
Fixes for attribute connector unit tests
Attribute connector unit tests no longer fail if non-relevant configuration is incomplete.
Version 1.0.27
What's new
Updated dependencies
Name Old version New version Access Decision Service (ADS) 1.15.0 1.15.1 Table attribute connector 6.2.2 6.2.3 SQL attribute connector 7.0.0 7.0.1 LDAP attribute connector 6.3.0 6.3.1 HTTP attribute connector 5.2.0 5.3.0 Parser attribute connector 1.0.1 1.0.2
Fixed issues
Correct handling of JUnit5 methods
Fixed a bug where JUnit4 aborted tests using JUnit5 methods instead of ignoring them.
Version 1.0.26
What's new
JUnit upgrade
Upgraded to JUnit 5. The JUnit4 class rule
AlfaTestRuleis deprecated. Update all tests to use the JUnit 5 extensioncom.axiomatics.cr.alfa.test.junitAlfaExtension. JUnit 4 (Vintage Engine) is still available, and existing JUnit 4 tests will remain functional.If you upgrade by pulling from Axiomatics' origin on GitHub, you may encounter conflicts in the
src/testdirectory. Keep your local changes and discard the remote changes.To migrate tests from JUnit4 to JUnit5, change your test files as follows:
"diff+import org.junit.jupiter.api.Test;
-import org.junit.Test;
-import org.junit.Rule;
+import org.junit.jupiter.api.extension.RegisterExtension;
- @Rule
- public AlfaTestRule rule = new AlfaTestRule().withMainPolicy("acme.Main");
+ @RegisterExtension
+ public AlfaExtension rule = new AlfaExtension();
New Java requirement
Java 17 is now required. It will be automatically downloaded using the toolchain plugin. For air-gapped installations, ensure you have a Java 17 installation that Gradle can detect. Verify your Java installation by running:
gradlew -q javaToolchains