changes.xml

<?xml version="1.0" encoding="UTF-8"?>
<!--
  #%L
  wcm.io
  %%
  Copyright (C) 2015 wcm.io
  %%
  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.
  You may obtain a copy of the License at

       http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
  #L%
  -->

<document xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/changes/1.0.0"
    xsi:schemaLocation="http://maven.apache.org/changes/1.0.0 http://maven.apache.org/plugins/maven-changes-plugin/xsd/changes-1.0.0.xsd">
  <body>

    <release version="1.6.2" date="not-released">
      <action type="update" dev="mrozati">
        Dispatcher Flush Agent: support "aliasUpdate" flag, which is needed when using sling:alias or vanity URLs
      </action>
    </release>

    <release version="1.6.0" date="2019-11-22">
      <action type="add" dev="nbellack">
        Role aem-dispatcher: Add http2 variant which provides HTTP/2 support.
      </action>
      <action type="remove" dev="sseifert">
        Role aem-cms: Remove Minimal "DAM Update Asset" Workflow - it was already discouraged to be used in AEM 6.3, and no longer compatible with AEM 6.4 and up.
      </action>
      <action type="remove" dev="trichter"><![CDATA[
        Role aem-cms: Remove stop script. Synchronous stop mode is now implemented in the Ansible role <a href="https://github.com/wcm-io-devops/ansible-aem-cms">wcm_io_devops.aem_cms</a> (see 'templates/stop-sync.sh.j2').
      ]]></action>
    </release>

    <release version="1.5.4" date="2019-05-23">
      <action type="update" dev="sseifert">
        Role aem-dispatcher: Enable TTL support and caching of cache control headers by default.
      </action>
      <action type="fix" dev="sseifert">
        Role aem-dispatcher: Avoid potential exploit allowing accessing any URLs that ends with css, js and other file extensions.
        Allow unrestricted access only to client libraries at /etc/clientlibs, /etc.clientlibs and /etc/designs/*/clientlibs.
      </action>
    </release>

    <release version="1.5.2" date="2019-05-09">
      <action type="update" dev="trichter">
        Role aem-dispatcher: Introduce dispatcher.configPath to allow customizing of DispatcherConfig location.
      </action>
    </release>

    <release version="1.5.0" date="2019-03-19">
      <action type="add" dev="trichter">
        Role aem-cms: Introduce sling.mapping.generatePackage to allow disabling of the sling mapping package.
      </action>
      <action type="update" dev="trichter">
        Role aem-dispatcher: use httpd.ssl.offloading.enabled and httpd.ssl.offloading.rewriteCondition for variant aem-author.
      </action>
      <action type="update" dev="trichter" >
        Role aem-cms: Increase default quickstart.stopTimeout to 1200 seconds.
      </action>
    </release>

    <release version="1.4.4" date="2019-01-15">
      <action type="fix" dev="trichter">
        Role aem-dispatcher: Disable dispatcher caching for author instance.
      </action>
    </release>

    <release version="1.4.2" date="2018-08-17">
      <action type="update" dev="trichter">
        Role aem-cms: Sanitize replication agent names by replacing dots with underscores.
      </action>
      <action type="update" dev="trichter">
        Role aem-cms: Add custom httpd port support for publish sling mapping.
      </action>
    </release>

    <release version="1.4.0" date="2018-07-02">
      <action type="update" dev="sseifert">
        Role aem-cms: Set workflow.useMinimalDamUpdateAssetWorkflow to false by default because DAM update asset workflow definitions differ between AEM versions.
      </action>
      <action type="update" dev="sseifert">
        Role aem-cms: Add workflow.minimalDamUpdateAssetWorkflowAEM63 to support additional required DAM update asset workflow steps for AEM 6.3.
      </action>
      <action type="update" dev="trichter">
        Role aem-dispatcher: Adjusted logging.accessLogFormat to log with a dummy ip address in order to make access logs better parsable by standard tools.
      </action>
    </release>

    <release version="1.3.0" date="2018-05-04">
      <action type="add" dev="trichter">
        Role aem-dispatcher: Introduce httpd.ssl.offloading.enabled and httpd.ssl.offloading.rewriteCondition in order to support SSL offloading.
      </action>
      <action type="update" dev="trichter">
        Role aem-dispatcher: Update rewriteHomepageRedirect to use https and httpd.serverNameSsl when SSL is enforced (used in SSL offloading setup).
      </action>
      <action type="update" dev="trichter">
        Role aem-dispatcher: Always set Strict-Transport-Security header when SSL is enforced (used in SSL offloading setup).
      </action>
      <action type="add" dev="trichter">
        Role aem-dispatcher: Introduce httpd.remoteIPInternalProxies to allow configuration of addresses (or address blocks) to trust as presenting a valid RemoteIPHeader value of the useragent IP.
      </action>
      <action type="add" dev="trichter">
        Role aem-dispatcher: Introduce (optional) headers.contentSecurityPolicy to allow configuration of the Content-Security-Policy header.
      </action>
      <action type="add" dev="trichter">
        Role aem-dispatcher: Introduce headers.referrerPolicy to allow configuration of the Referrer-Policy header.
      </action>
      <action type="add" dev="trichter">
        Role aem-dispatcher: Introduce (optional) headers.xssProtection to allow configuration of the X-XSS-Protection.
      </action>
      <action type="fix" dev="trichter">
        Role aem-dispatcher: Fixed 304 NOT MODIFIED responses for gzipped resources when working with entity tags, see https://bz.apache.org/bugzilla/show_bug.cgi?id=45023#c22.
      </action>
      <action type="add" dev="trichter">
        Role aem-dispatcher: Introduce dispatcher.cache.ignoreUrlParams to allow configuration of query params that are ignored during evaluation of a request is cached/served from cache.
      </action>
      <action type="add" dev="trichter">
        Role aem-dispatcher: Introduce dispatcher.logging.level to allow configuration of DispatcherLogLevel.
      </action>
      <action type="add" dev="trichter">
        Role aem-cms: Introduce stop script with optional synchronous stop behavior, to ensure AEM is either stopped within timeout (quickstart.stopTimeout) or killed when not.
      </action>
      <action type="add" dev="trichter">
        Role aem-cms: Introduce quickstart.adminUser.username|password|passwordOld to provide a central configuration place, change the Apache Felix Webconsole password and the AEM admin password during conga-ansible automation.
      </action>
      <action type="fix" dev="trichter">
        Role aem-dispatcher: Fixed conditional statement for httpd.accessRestriction.dispatcherFlushFromHost in accessRestrictionsDispatcherFlush block.
      </action>
      <action type="update" dev="sseifert">
        Role aem-dispatcher: Prefix publish vhost files with index numbers to enforce same order as tenants in environments.
      </action>
      <action type="add" dev="trichter">
        Role aem-cms, aem-dispatcher: Allow to configure custom ports for HTTPd by introducing httpd.serverPort|serverPortSsl.
      </action>
      <action type="update" dev="sseifert">
        Role aem-cms: Mark configuration parameters that contain sensitive data so they get encrypted in model export YAML files.
      </action>
    </release>

    <release version="1.2.0" date="2018-02-05">
      <action type="add" dev="sseifert">
        Role aem-cms: Add (optional) support for deploying AEM crypto keys.
      </action>
      <action type="update" dev="sseifert">
        Role aem-cms: Use aemCryptoEncrypt to encrypt transport user password for replication agents.
      </action>
      <action type="add" dev="trichter">
        Role aem-cms: Introduce replication.author.generatePackage and replication.publish.generatePackage to allow disabling of the replicationagent packages.
      </action>
      <action type="update" dev="sseifert">
        Role aem-cms: Generate static CONGA file header for start script to avoid unnecessary restarts when dependencies are updated.
      </action>
      <action type="update" dev="sseifert">
        Role aem-dispatcher: Remove 'DispatcherNoServerHeader' from dispatcher.conf - it's deprecated and has no longer any effect.
      </action>
      <action type="update" dev="sseifert">
        Role aem-dispatcher: Add additional selectors to block pointing to AEM-builtin servlets which should normally not accessible on publish instances.
      </action>
    </release>

    <release version="1.1.0" date="2017-11-22">
      <action type="add" dev="trichter">
        Role aem-dispatcher: Introduce httpd.logging.errorLogLevel and httpd.logging.accessLogFormat to allow configuration of LogLevel and access log format.
      </action>
      <action type="update" dev="trichter">
        Role aem-dispatcher: No client ip logging by default (privacy protection).
      </action>
      <action type="fix" dev="trichter">
        Role aem-dispatcher: Fix httpd.ssl.enforce to use mod-rewrite in rewriteEnforcePrimaryHostname, because redirect permanent had no effect.
      </action>
    </release>

    <release version="1.0.2" date="2017-10-19">
      <action type="fix" dev="sseifert">
        Role aem-dispatcher: Fix primary hostname redirect for Author SSL vhost.
      </action>
    </release>

    <release version="1.0.0" date="2017-10-17">
      <action type="update" dev="sseifert" issue="WDCONGA-14">
        Role aem-dispatcher: Combine aem-dispatcher-* roles into a single role with multiple variants (that can be combined).
      </action>
      <action type="update" dev="sseifert" issue="WDCONGA-12">
        Role aem-dispatcher: Add httpd.accessRestriction.locationFilter and dispatcher.filter properties to allow to customize filtering rules.
      </action>
      <action type="update" dev="sseifert">
        Role aem-cms, aem-dispatcher: Introduce sling.mapping.*, remove "slingMapping*" properties.
      </action>
      <action type="update" dev="sseifert">
        Role aem-cms, aem-dispatcher: Introduce httpd.serverName|serverNameSsl|serverAliasNames|serverAliasNamesSsl, remove "server*" properties.
      </action>
      <action type="update" dev="sseifert">
        Role aem-dispatcher: Introduce httpd.accessRestriction.adminAccessFromIp|adminAccessFromHost|dispatcherFlushFromIp|dispatcherFlushFromHost, remove "dispatcher.allow*" properties.
      </action>
      <action type="update" dev="sseifert">
        Role aem-dispatcher: Introduce httpd.redirectRoot.url|httpStatus, remove "dispatcher.rootRedirect*" properties.
      </action>
      <action type="update" dev="sseifert">
        Role aem-dispatcher: Introduce httpd.corsHeader.*, remove "dispatcher.corsHeader.*" properties.
      </action>
      <action type="update" dev="sseifert">
        Role aem-dispatcher: Introduce httpd.ssl.*, remove "dispatcher.ssl*" and "dispatcher.enforceSsl" properties.
      </action>
      <action type="update" dev="sseifert">
        Role aem-dispatcher: Introduce httpd.customVHostConfig.*, remove "dispatcher.tenantSpecificVHostConfig" property.
      </action>
      <action type="update" dev="sseifert">
        Role aem-dispatcher: Introduce httpd.cache.*, remove "dispatcher.cacheRootPath" and "dispatcher.statFilesLevel" properties.
      </action>
      <action type="update" dev="sseifert">
        Role aem-dispatcher: Remove "dispatcher.moduleFile" and the generated dispatcher.load file.
      </action>
      <action type="update" dev="sseifert" issue="WDCONGA-18">
        Role aem-dispatcher: Use distro-agnostic file for generated httpd and dispatcher config files.
      </action>
      <action type="update" dev="sseifert">
        Role aem-cms: Introduce sling.caconfig.override to generate overrides for Sling Context-Aware Configuration.
      </action>
    </release>

    <release version="0.9.6" date="2017-10-17">
      <action type="update" dev="amuthmann">
        Role aem-cms: Add option to make the minimal DAM Update Asset transient (default: true).
      </action>
      <action type="update" dev="twolfart">
        Role aem-cms: Sling Mapping - ease handling for resolution of non-matching requests.
      </action>
      <action type="update" dev="sseifert">
        Role aem-cms: Add jvm.argsList parameter to define a list of custom JVM arguments for AEM start script.
      </action>
      <action type="update" dev="sseifert">
        Role aem-dispatcher: Set "noindex, nofollow" header for all requests with ?frontend-debug
      </action>
      <action type="update" dev="sseifert">
        Role aem-dispatcher: Do not allow access to un-shortened paths when sling mapping is active, unless explicitely configured.
      </action>
    </release>

    <release version="0.9.4" date="2017-09-12">
      <action type="fix" dev="sseifert">
        Role aem-cms: Apply quickstart.enableDavEx parameter also on publish.
      </action>
      <action type="fix" dev="sseifert">
        Role aem-dispatcher: Add /system and /services (required for AEM Communities) to exclude list for short url mapping.
      </action>
      <action type="fix" dev="sseifert">
        Role aem-dispatcher: Allow access to /etc/designs by default.
      </action>
    </release>

    <release version="0.9.2" date="2017-07-21">
      <action type="update" dev="sseifert">
        Role aem-dispatcher: Cache AEM Clientlibs with long cache key for 1 year (CSS/JS files with '.lc-*-lc.min.' in the file name).
      </action>
      <action type="fix" dev="sseifert">
        Role aem-dispatcher: Always use LocationMatch instead of FilesMatch to better play together with dispatcher.
      </action>
      <action type="update" dev="sseifert">
        Role aem-cms: Remove 'Create web enabled video formats' step from minimal DAM Update Asset workflow.
      </action>
      <action type="fix" dev="mwehner">
        Role aem-dispatcher: Exclude the dispatcher invalidation URL from rewriting.
      </action>
    </release>

    <release version="0.9.0" date="2017-04-07">
      <action type="update" dev="mwehner">
        Role aem-cms: Start AEM with -nofork option.
      </action>
      <action type="update" dev="mwehner">
        Role aem-dispatcher-*: Make each role explicitly activate all httpd modules it depends on.
      </action>
      <action type="fix" dev="sseifert">
        Role aem-cms: Fix PID of Sling DavEx servlet.
      </action>
      <action type="update" dev="sseifert">
        Role aem-cms: Add parameter quickstart.rootPath that defines the AEM home directory.
      </action>
      <action type="update" dev="sseifert">
        Role aem-dispatcher-common: Add parameter httpd.modules that lists apache modules.
      </action>
    </release>

    <release version="0.8.0" date="2017-02-09">
      <action type="add" dev="sseifert">
        HSTS support in dispatcher: Increase timeout to 31536000 seconds (one year).
      </action>
      <action type="update" dev="twolfart">
        VHost templates: Switch from filesystem to webspace directives.
      </action>
      <action type="update" dev="twolfart">
        VHost templates: Remove document root, not required because dispatcher handles all requests.
      </action>
      <action type="add" dev="trichter">
        Apache 2.4 compatibility: Add conditional statements for access control to enable Apache 2.4 compatibility without access_compat module.
      </action>
      <action type="add" dev="trichter">
        Apache 2.4 compatibility: Add dispatcher.allowAdminAccessFromHost option for host based access control
      </action>
      <action type="add" dev="trichter">
        Apache 2.4 compatibility: Add dispatcher.allowFlushFromHost option for host based access control
      </action>
      <action type="update" dev="trichter">
        Apache 2.4 compatibility: Change dispatcher.allowFlushFrom and dispatcher.allowAdminAccessFrom based rules to handle ip addresses only
      </action>
      <action type="update" dev="trichter">
        Apache 2.4 compatibility: Updated roles and examples to reflect new options dispatcher.allowFlushFromHost and dispatcher.allowAdminAccessFromHost
      </action>
      <action type="add" dev="sseifert">
        Role aem-cms: Add new property quickstart.hideConfigWizard (default: true).
      </action>
      <action type="add" dev="sseifert">
        Role aem-cms: Add new property quickstart.enableDavEx to enable CRX DE Usage (default: false).
      </action>
    </release>

    <release version="0.7.0" date="2016-09-21">
      <action type="add" dev="sseifert">
        Add dispatcher.enforceSsl flag to enforce redirect to HTTPS, and enable HSTS.
      </action>
      <action type="update" dev="sseifert">
        Add default cache-control header and set noindex for some non-html files.
      </action>
      <action type="fix" dev="sseifert">
        Disable .form, .feed and .feedentry extensions in dispatcher.
      </action>
    </release>

    <release version="0.6.8" date="2016-06-15">
      <action type="update" dev="mrozati" issue="WDCONGA-3">
        Use optimistic auto-invlaidation rules in publish dispatcher.any instead of pessimistic ones.
      </action>
      <action type="update" dev="sseifert" issue="WDCONGA-4">
        Add dispatcher.forwardClientHeaders option for author and publish dispatcher configurations. Defaults to "*".
      </action>
      <action type="update" dev="sseifert">
        Deny access to /bin on publish dispatcher.
      </action>
      <action type="update" dev="sseifert">
        Add "jvm.args" optional parameter for AEM start script.
      </action>
    </release>

    <release version="0.6.6" date="2015-10-16">
      <action type="fix" dev="twolfart">
        Fix typo in dispatcher transportPassword.
      </action>
      <action type="fix" dev="sseifert">
        Fix sling mapping configuration for publish instances if multiple hostnames are defined.
      </action>
    </release>

    <release version="0.6.4" date="2015-09-26">
      <action type="update" dev="dbendlin">
        Allow sslCACertificateFile and sslCACertificatePath to be optional for author and publish vhosts.
      </action>
      <action type="fix" dev="sseifert">
        Fix deny patterns for author/publish vhost to make sure they are only applied at the beginning of the URL.
      </action>
    </release>

    <release version="0.6.2" date="2015-09-03">
      <action type="fix" dev="sseifert">
        Set default port for publish instances to 4503.
      </action>
      <action type="fix" dev="sseifert">
        Make sure optional serverNameSsl is included in dispatcher_publish.any.
      </action>
    </release>

    <release version="0.6.0" date="2015-07-24">
      <action type="add" dev="sseifert">
        aem-dispatcher-publish: Add support for CORS header in dispatcher vhost config.
      </action>
    </release>

    <release version="0.5.0" date="2015-07-08">
      <action type="add" dev="sseifert">
        Initial release.
      </action>
    </release>

  </body>
</document>