All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
- Update configs and documentation for the introduction of OTLP in Candlelight #137
- Correct Bad Usage of LoggerIn that broke Themis #136
- Disable TLS 1.0 and 1.1 by default. Configuration can reenable.
- Disable ciphers vulnerable to SWEET32.
- Fix Deprecated FX Logger, Add Zap Logging #107
- Replace package xlog with sallust #123
- Replace go-kit/log with uber zap #121
- CVE-2022-32149 (High) detected in golang.org/x/text-v0.3.7 #117
- Remove several unused build files and update the docker images to work. #122
- Update dependencies.
- Fix the docker container so it has configuration in the right place.
- Patch failing docker image, fix linter issues, fix breaking unit tests & changes #104
- Migrated to github.com/golang-jwt/jwt to address a security vulnerability. #78
- Updated spec file and rpkg version macro to be able to choose when the 'v' is included in the version. #80
- Updated transport.go to send a 400 error if there is an issue parsing the URL. #47
- Allow any peer certificate to pass validation, instead of requiring all of them to pass. #91
- Migrate to github actions, normalize analysis tools, Dockerfiles and Makefiles. #67
- Add optional OpenTelemetry tracing feature. #75
- Update RPM .spec file so copr builds succeed. #65
- Refactor configuration to preserve case in claims. #63
- Update mentions of the default branch from 'master' to 'main'. #58
- remove extra rpm config files #43
- add JWK support #48
- add pprof support #50
- add content negotation for /keys #53
- fix rpm spec file for epel 8 #42
- fix rpm spec file, fix changelog formatting #41
- added docker automation
- updated release pipeline to use travis
- added specialized partner id logic #40
- Removed the required option for claims and metadata obtained from HTTP requests
- Add versioning to themis binaries
- Added a custom xhttpserver.Listener type
- Added MaxConcurrentRequests enforcement driven by configuration
- ConstantHandler for static HTTP transaction responses
- Busy decorator for enforcing MaxConcurrentRequests
- Allow metrics and health servers to be disabled
- Allow only a claims server to be configured
- Require an issuer server if a keys server is configured, and vice versa
- Use metrics namespace from config
- added configurable and application-injectable peer verification for MTLS
- Use new paths for systemd start
- Added logic to create RPMs per themis running mode
- updated Makefile
- updated conf directory
- Refactored config and xlog packages to remove some magic and makes things more obvious
- Allow named HTTP client components
- Simplify HTTP client/server component providers
- Fixed issues with building themis as a module
- Rename from xmidt-issuer to themis to follow the naming convention
- Dev mode
- Uber/fx style provders
- MTLS support
- Remote claims support
- Request logging
- Integrated server logging
- Full support for claims specified in requests
- Optional claims server that simply returns a JSON payload of the claims
- Time-based claims can be disabled
- Both the issue and claims servers can be disabled
- Integrated health via InvisionApp/go-health
- Converted to a go module: github.com/xmidt-org/themis