2.1.3

2.1.3 (2022-11-10)

Merged pull requests:

• fixes #1466 recreate RateLimiter object after the config reload #1467 (stevehu)
• fixes #1464 update path handlers to allow the mapping to be empty #1465 (stevehu)
• fixes #1460 do not skip PathPrefixServiceHandler if server_url is in … #1463 (stevehu)
• fixes #1461 mask bootstrapStorePass in the server config during regis… #1462 (stevehu)
• fixes #1458 implement the password grant_type for salesforce handler #1459 (stevehu)
• fixes #1454 standardize the built-in config files for some modules #1455 (stevehu)
• fixes #1451 add api-key module and dummy OAuth server #1452 (stevehu)
• fixes #1449 udpate the BasicAuthHandler to make the config an instanc… #1450 (stevehu)
• Added shutdownApp method #1447 (fortunadoralph)
• fixes #1445 support multiple rules in the response transformer interc… #1446 (stevehu)
• Fixed Chunked Encoding When writing transformed Payload to SinkConduit (+ some refactor) #1444 (KalevGonvick)
• fixes #1442 resolve NPE in TokenHandler is appliedPathPrefixes missin… #1443 (stevehu)
• fixes #1439 request and response transform interceptors though NPE if… #1440 (stevehu)
• ResponseBodyInterceptor Update #1437 (KalevGonvick)
• fixes #1435 checked content encoding in the response interceptor inje… #1436 (stevehu)
• fixes #1433 update the ModifiableContentSinkConduit to add some trace… #1434 (stevehu)
• fixes #1431 add debug and trace to the ProxyHandler to confirm retry #1432 (stevehu)
• fixes #1429 check the response headers to identify if the response co… #1430 (stevehu)
• fixes #1426 call the interceptors directly if there is no request body #1427 (stevehu)
• fixes #1424 add requestHeaders and responseHeaders to the request res… #1425 (stevehu)

1.6.43

1.6.43 (2022-11-09)

Merged pull requests:

• do not clear the local service registry cache when a consul connection fails #1457 (miklish)
• Changes made to the code as required. Mentioned in issue #1274 & #1287 #1357 (AkashWorkGit)

2.1.2

2.1.2 (2022-10-22)

Merged pull requests:

• Fix flaky test in URLNormalizerTest.java #1419 (yannizhou05)
• fixes #1418 enhance the token handler to add applied path prefixes #1422 (stevehu)
• fixes #1420 check the appliedPathPrefixes for the RequestTransformInt… #1421 (stevehu)
• fixes #1415 add a new external handler for conquest planning API access #1416 (stevehu)
• Updated ModifiableSinkConduit + RequestInterceptInjectionHandler #1414 (KalevGonvick)
• fixes #1412 move the rewrite rules to inside the match condition for … #1413 (stevehu)
• fixes #1407 Add a new config property to control the size of the requ… #1410 (stevehu)
• Update RequestInterceptorInjectionHandler.java #1409 (KalevGonvick)
• fixes #1406 adding config reload for router.yml and others used by th… #1408 (stevehu)
• fixes #1402 add skip list for the security.yml to allow some prefix t… #1404 (stevehu)
• fixes #1401 add url rewrite rules for the salesforce handler for exte… #1403 (stevehu)
• Issue1399 #1400 (stevehu)
• fixes #1396 remove the stream body get as start blocking is remove #1397 (stevehu)
• fixes #1394 add properties to allow connect and host update in header #1395 (stevehu)
• fixes #1392 remove blocking as it causes the ModifiableContentSinkCon… #1393 (stevehu)
• fixes #1390 update response headers for external service handler to r… #1391 (stevehu)
• fix for RequestTransformer plus debug logging for ResponseTransformer #1389 (DiogoFKT)
• Update RequestInterceptorInjectionHandler.java #1387 (KalevGonvick)
• fixes #1384 fix a bug in the AuditConfig for the enabled flag #1385 (stevehu)
• fixes #1382 stop calling next middleware handler in request andd resp… #1383 (stevehu)
• fixes #1380 external salesforce and mras reponse header missing #1381 (stevehu)
• fixes #1378 add a config property to pre-resolve the host in egress-r… #1379 (stevehu)
• fixes #1376 allow the empty body for RequestBodyInterceptor and all e… #1377 (stevehu)
• Feature/body handler trace enhancement #1374 (KalevGonvick)
• fixes #1372 ExternalService handler cannot handle empty body #1375 (stevehu)
• fixes #1371 add url rewrite to the external service handler in egress… #1373 (stevehu)
• fixes #1369 update header handler to support header manipulation per … #1370 (stevehu)
• Changes made to the code as required. Mentioned in issue #1274 & #1287 #1357 (AkashWorkGit)
• fixes #1367 handle the null content type for the mras request #1368 (stevehu)
• fixes #1363 add url rewrite rules in the mras handler #1366 (stevehu)
• fixes #1364 update the logic to copy the same hosts configuration to … #1365 (stevehu)
• Issue1361 #1362 (stevehu)
• fixes #1359 update MRAS handler to load the certificate from the keys… #1360 (stevehu)
• h2c config option #1358 (KalevGonvick)
• fixes #1355 Donot run response body interceptor if the response is st… #1356 (stevehu)
• fixes #1352 disable all test cases for the request body interceptor #1353 (stevehu)
• fixes #1350 do not call the next handler in the chain from request bo… #1351 (stevehu)
• fixes #1348 A typo in the proxy.yml in ingress-proxy resources/config #1349 (stevehu)
• fixes #1346 fix typos in the Salesforce and MRAS handlers to set the … #1347 (stevehu)
• fixes #1344 update salesforce handler to support multiple APIs with d… #1345 (stevehu)
• fix typo for ExternalService response headers #1343 (DiogoFKT)
• Fix for 1339 #1340 (KalevGonvick)
• fixes #1337 disable several test cases in client module that only wor… #1338 (stevehu)
• fixes #1335 check the request path with the key set in MRAS and Sales… #1336 (stevehu)
• fixes #1332 refactor salesforce handle to support multiple configurat… #1333 (stevehu)
• fixes #1330 update MRAS config to add resource to the Microsoft token… #1331 (stevehu)
• fixes #1328 Handle non-JSON request body in the AuditHandler #1329 (stevehu)
• fixes #1326 refactor the MRAS handler to resolve multiple use cases w… #1327 (stevehu)
• fixes #1324 support xml request body parsing in the RequestBodyInterc… #1325 (stevehu)
• Bump postgresql from 42.3.3 to 42.4.1 #1321 (dependabot)
• fixes #1319 remove the status from the audit list #1320 (stevehu)
• fixes #1317 convert the audit handler to interceptor for logging requ… #1318 (stevehu)
• fixes #1314 upgrade yaml-rule to 1.0.1 in pom.xml #1315 (stevehu)
• Issue1308 #1312 (stevehu)
• fixes #1302 Do an iteration to get the serviceId from the request path #1303 (stevehu)
• fixes #1300 update ServiceConfig to allow the singletons to be null #1301 (stevehu)
• fixes #1298 cache the jwk with all kids in the jwk result #1299 (stevehu)
• fixes #1294 update BasicAuthConfig to support JSON string for the users #1295 (stevehu)
• fixes #1292 upload ServiceConfig to support load singletons as JSON s… #1293 (stevehu)
• fixes #1290 update GatewayRouterHandler to add the caller_id to the r… #1291 (stevehu)
• fixes #1288 change the ProxyConfig to remove httpsEnabled [#1289](https://github.com/net...

1.6.42

1.6.42 (2022-08-23)

Merged pull requests:

1.6.41

1.6.41 (2022-08-11)

Merged pull requests:

• Fix confusing service discovery result message #1334 (jsu216)
• Add a time buffer before terminate the blocking query connection to C… #1323 (jsu216)

1.6.40

1.6.40 (2022-08-05)

Merged pull requests:

• Update log messages to make it easier for monitoring #1316 (jsu216)
• Issue1304 - Add more debug and info messages #1309 (jsu216)
• fixes #1304 Consul ServiceLookupThread connect to consul server get s… #1305 (stevehu)

2.1.1

2.1.1 (2022-04-26)

Merged pull requests:

• fix for NPE if input is null for Mask methods (issue 1208) #1222 (miklish)
• fixes #1220 update the rate-limit config to ensure backward compatibi… #1221 (stevehu)
• fixes #1216 add query parameter and header rewrite in the ProxyHandler #1217 (stevehu)
• fixes #1218 handle the case that clientId and userId resolver failed … #1219 (stevehu)
• Issue1211 #1212 (stevehu)
• fixes #1213 move the tableau authentication handler to the light-4j i… #1214 (stevehu)
• fixes #1209 NPE is thrown when the server is selected as key without … #1210 (stevehu)
• fixes #1206 update the default rate limit handle configuration after … #1207 (stevehu)
• fixes #1204 update rate-limit to add an overloaded constructor with c… #1205 (stevehu)
• fixes #1202 remove the 500 sleep and enable multiple requests test #1203 (stevehu)
• Rate limit handler fix #1201 (GavinChenYan)
• Issue1178 #1200 (stevehu)
• fixes #1198 return an status object for generic exception from the Pr… #1199 (stevehu)
• Feature/content length error message #1197 (KalevGonvick)
• ProxyBodyHandler Rework #1196 (KalevGonvick)
• add DefaultConfigLoaderTest.java #1192 (wswjwjccjlu)
• fixes #1191 We have ProxyHandler in both egress-router and ingress-pr… #1194 (stevehu)
• Issue1188 #1189 (stevehu)
• ProxyBodyHandler rework #1187 (KalevGonvick)
• fixes #1183 add the Transfer-Encoding of http header into the client.yml #1185 (stevehu)
• fixes #1181 Update the config class to output the config file name wh… #1182 (stevehu)
• fixes #1179 remove a trace statement that can cause NPE #1180 (stevehu)
• fixes #1176 add a status code for OBJECT_NOT_UNIQUE #1177 (stevehu)
• fixes #1174 #1175 (GavinChenYan)
• fixes #1172 output the status in log if get service from portal fails #1173 (stevehu)
• fixes #1170 add enabled flag to the rule-loader.yml to bypass the rul… #1171 (stevehu)
• Update on config loader for nested values.yml #1168 (wswjwjccjlu)
• fixes #1166 Handle the LoadBalancingRouterProxyClient has empty host … #1167 (stevehu)
• fixes #1126 update the config.yml and router.yml with templates #1165 (stevehu)
• fixes #1162 Add a new error code for Startup Hook not loaded correctly #1163 (stevehu)
• fixes #1160 Update a typo in a test case comment #1161 (stevehu)
• fixes #1158 update default client.yml to enable the token serverUrl a… #1159 (stevehu)
• fixes #1156 add more tracing statements in OauthHelper #1157 (stevehu)
• fixes #1154 adding logging statements in AbstractRegistry #1155 (stevehu)
• fix the empty body issue for config reload handler #1153 (GavinChenYan)
• fixes #1151 add a default constructor for ClientCredentialsRequest #1152 (stevehu)
• fixes #1149 make the sanitizer.yml backward compatible #1150 (stevehu)
• fixes #1147 remove the serviceId from the header in the router client #1148 (stevehu)
• fixes #1140 Update client module to verify JWT tokens from many OAuth… #1146 (stevehu)
• Issue1139 #1145 (stevehu)
• Issue1143 #1144 (GavinChenYan)
• fixes #1141 update logging statements in OauthHelper and ProxyHandler #1142 (stevehu)
• fixes #1137 update the rule-loader startup to avoid loading the same … #1138 (stevehu)
• fixes #1135 add a new status code to indicate the access control rule… #1136 (stevehu)
• fixes #1133 Add method rewrite in the gateway use case to support leg… #1134 (stevehu)
• fixes #1131 update sanitizer handler to support all owasp encoders #1132 (stevehu)
• fixes #1129 update RuleLoaderStartupHook to only get the ruleId and i… #1130 (stevehu)
• fixes #1127 upgrade jaeger-client to 1.8.0 from 1.6.0 to resolve depe… #1128 (stevehu)

Upgrade Guidelines:

This is a release with some bug fixes and enhancements. It is backward compatible with the 2.1.0 release.

1.6.39

1.6.39 (2022-04-26)

Merged pull requests:

• fix for NPE if input is null for Mask methods (issue 1208) #1222 (miklish)

2.1.0

2.1.0 (2022-02-27)

Merged pull requests:

• fixes #1124 enhance the sanitizer to make the configuration separated… #1125 (stevehu)
• fixes #1122 log the stacktrace if a middleware handler is not loaded … #1123 (stevehu)
• Issue1120 #1121 (stevehu)
• fixes #1118 allow router to support serviceId from query parameters a… #1119 (stevehu)
• fixes #1116 Update the rate-limit to allow customzied the error code … #1117 (stevehu)
• fixes #1112 add Jdk8Module to the ObjectMappers in config module to h… #1113 (stevehu)
• fixes #1108 update the rule-loader to add another rule action to tran… #1109 (stevehu)
• Bump postgresql from 42.2.25 to 42.3.3 #1107 (dependabot)
• fixes #1105 disable a test case in the body handler as it is not stable #1106 (stevehu)
• Truncated Exception Fix #1104 (KalevGonvick)
• fixes #1102 update the LoggerGetLogContentHandler to return map and h… #1103 (stevehu)
• fixes #1100 remove a logging statement in the DefaultConfigLoader as … #1101 (stevehu)
• fixes #1097 add isNumeric to StringUtils in the utility #1098 (stevehu)
• Bump postgresql from 9.4.1211 to 42.2.25 #1095 (dependabot)
• Issue1093 #1094 (stevehu)
• fixes #1091 update the default rate limit concurrent requests to 2 fr… #1092 (stevehu)
• fixes #1089 update audit status key from Status to status #1090 (stevehu)
• fixes #1087 externalize rate-limit, header and whitelist-ip config files #1088 (stevehu)
• Bump h2 from 2.0.206 to 2.1.210 #1086 (dependabot)
• fixes #1084 update the DefaultConfigLoader to get the values.yml from… #1085 (stevehu)
• Bump httpclient from 4.5.6 to 4.5.13 #1077 (dependabot)
• Bump h2 from 1.4.196 to 2.0.206 #1083 (dependabot)
• fixes #1081 update the ClaimsUtil to name the service id claim with s… #1082 (stevehu)
• fixes #1079 add method and path to the method not found error message #1080 (stevehu)
• fixes #1075 Add rule-loader module to support fine-grained access con… #1076 (stevehu)
• fixes #1073 update the sanitizer.yml to externalize properties for va… #1074 (stevehu)
• fixes #1071 externalize jaeger-tracing configuration properties #1072 (stevehu)
• fixes #1069 update server.yml to externalize server.ip #1070 (stevehu)
• fixes #1067 update the SignKeyRequest to get the proxy info from the … #1068 (stevehu)
• fixes #1065 Turn off hostname verification for OAuthHelper based on t… #1066 (stevehu)
• change promethus config to be extendable #1064 (GavinChenYan)
• fixes #1061 #1062 (GavinChenYan)
• Issue1059 #1060 (stevehu)
• fixes #1057 add ProxyHealthGetHandler in ingress-proxy for the http-s… #1058 (stevehu)
• fixes #1053 update the pom.xml and jaeger-client dependency to avoid … #1054 (stevehu)
• Issue 1048 #1051 (stevehu)
• max json payload for proxy which using buffer stream #1050 (GavinChenYan)
• fixes #1048 update ProxyBodyHandler to handle the data form and add t… #1049 (stevehu)
• add other contentType for proxy body handler #1047 (GavinChenYan)

Upgrade Guidelines:

The following middleware handlers have been changed in this release and the config file needs to be updated to leverage the new features.

• config.yml

For this release, we have set the default value to true for allowDefaultValueEmpty so that an empty value can be used in the template for other config files.

# For some configuration files, we have left some properties without default values as there
# would be a negative impact on the application security. The following config will ensure that
# null will be used when the default value is empty without stopping the server during the start.
allowDefaultValueEmpty: true

• limit.yml

The errorCode is newly added to allow the users to customize the error response if the request is dropped. By default, code 503 is returned.

# If the rate limit is exposed to the Internet to prevent DDoS attacks, it will return 503
# error code to trick the DDoS client/tool to stop the attacks as it considers the server
# is down. However, if the rate limit is used internally to throttle the client requests to
# protect a slow backend API, it will return 429 error code to indicate too many requests
# for the client to wait a grace period to resent the request. By default, 503 is returned.
errorCode: ${limit.errorCode:503}

• sanitizer.yml

This file is changed a lot so that we can set up the encoders for both body and header separately.

---
# Sanitize request for cross-site scripting during runtime

# indicate if sanitizer is enabled or not
enabled: ${sanitizer.enabled:false}

# if it is enabled, the body needs to be sanitized
bodyEnabled: ${sanitizer.bodyEnabled:true}
# the encoder for the body. javascript, javascript-attribute, javascript-block or javascript-source
# There are other encoders that you can choose depending on your requirement. Please refer to site
# https://github.com/OWASP/owasp-java-encoder/blob/main/core/src/main/java/org/owasp/encoder/Encoders.java
bodyEncoder: ${sanitizer.bodyEncoder:javascript-source}
# pick up a list of keys to encode the values to limit the scope to only selected keys. You can
# choose this option if you want to only encode certain fields in the body. When this option is
# selected, you can not use the bodyAttributesToIgnore list.
bodyAttributesToEncode: ${sanitizer.bodyAttributesToEncode:}
# pick up a list of keys to ignore the values encoding to skip some of the values so that these
# values won't be encoded. You can choose this option if you want to encode everything except
# several values with a list of the keys. When this option is selected, you can not use the
# bodyAttributesToEncode list.
bodyAttributesToIgnore: ${sanitizer.bodyAttributesToIgnore:}

# if it is enabled, the header needs to be sanitized
headerEnabled: ${sanitizer.headerEnabled:true}
# the encoder for the header. javascript, javascript-attribute, javascript-block or javascript-source
# There are other encoders that you can choose depending on your requirement. Please refer to site
# https://github.com/OWASP/owasp-java-encoder/blob/main/core/src/main/java/org/owasp/encoder/Encoders.java
headerEncoder: ${sanitizer.headerEncoder:javascript-attribute}
# pick up a list of keys to encode the values to limit the scope to only selected keys. You can
# choose this option if you want to only encode certain fields in the body. When this option is
# selected, you can not use the headerAttributesToIgnore list.
headerAttributesToEncode: ${sanitizer.headerAttributesToEncode:}
# pick up a list of keys to ignore the values encoding to skip some of the values so that these
# values w...

1.6.38

1.6.38 (2022-02-19)

Merged pull requests:

• fixes #1110 add Suppression annotation for TypeParameterUnusedInFormals #1111 (stevehu)