Releases: Erudika/para
v1.45.0
640c3ba added support for direct webhook triggering of custom payloads with a single request
2326bbe updated Hibernate Validator
8879694 fixed config rendering methods should include tags
e05935a updated Spring Boot
d3256db fixed configuration rendenring methods
2fef785 updated Flexmark
2325581 added support for repeated delivery attempts for webhooks
782a416 fixed JWT token validity period should be 24h by default
da22a56 added methods to Config class for storing and rendering the apps' configuration
f160cb9 refactored the @Documented annotation for describing config getter methods
38206b6 removed unused configuration properties from reference.conf
e6d0e5f added new method to Config class, and optimized it for loading configurations for namespaces other than para.*
5b1d94e updated dependencies
dbbc2f9 updated SSL context library
70a5931 fixed filters using deleted methods for setting access token payload
e1604f7 fixed IDP id and access token payload getter methods in User class
📦 Download JAR
📦 Download WAR
v1.44.0
Breaking: If you are integrating Para directly into your JVM-based project, this version brings some major refactoring around the Config class.
There are no major changes other than that one. Simply replace Config.getConfigParam() with Para.getConfig().getConfigParam().
The goal is to make each Para client app have its own configuration namespace with a configuration properties prefixed with something other than para.xyz.
2a9409c updated JWT library and Guice
4251756 added new Docker tag :latest-base
d47827a updated Lucene and SQL plugins
7b0fcdb fixed root app identifier configuration, reverting a previous commit
96c70ec added @Documented annotation
29c265e added debug info for OAuth2 tokens in GenericOauth2Filter
1ecb6e8 added support for getting child apps' credentials via API
c819592 changed getRootAppIdentifier() method to always return 'para' regardless of para.app_name
d7499c8 minor fix in SecurityUtils.isValidJWToken()
b569e44 bumped year in license headers
fa6d779 added auto-initialization on first startup, keys for root app either written to file or printed out
6c9a624 refactored Config class to be absctract and allow for application-specific configurations
d1e10c9 fixed missing UTF-8 encoding for webhook payloads
eef692c updated sslcontext-kickstart from 7.1.0 to 7.2.0 (#95)
📦 Download JAR
📦 Download WAR
v1.43.4
v1.43.4
98f5e22 [maven-release-plugin] prepare for next development iteration
257ae37 [maven-release-plugin] prepare release v1.43.4
ed93483 updated H2 in the Para SQL plugin, fixing a critical vulnerability
e5d1c5e fixed possible 'Response header too large' error when logging in with a Microsoft account
b780021 updated AWS SDK
2b5642e updated Hibernate Validator, SQL plugin
ee192db updated snakeyaml
8a524e4 [maven-release-plugin] prepare for next development iteration
📦 Download JAR
📦 Download WAR
v1.43.3
04e88e3 javadoc fix
dce4451 updated Spring Security and LDAP
2546146 fixed markdown renderer not suppressing javascript:* in links
8413359 updated AWS SDK
a02e0ff updated Spring Boot to 2.6.2
📦 Download JAR
📦 Download WAR
v1.43.2
⚠️ BREAKING CHANGES (when upgrading from 1.42.x or lower to 1.43.x):
1. H2 DB has been upgraded to 2.x - requires full migration if you use it (used by Para by default).
Use this migration script to migrate from H2 1.4.200 to 2.x before using this version!
2. Lucene has been upgraded to 9.x - requires the search index to be completely rebuilt for each Para app.
3. Para now requires Java 11+ as a baseline.
79dfe10 updated Lucene plugin
dc1e0c3 updated plugins
📦 Download JAR
📦 Download WAR
v1.43.1
⚠️ BREAKING CHANGES:
1. H2 DB has been upgraded to 2.x - requires full migration if you use it (used by Para by default).
Use this migration script to migrate from H2 1.4.200 to 2.x before using this version!
2. Lucene has been upgraded to 9.x - requires the search index to be completely rebuilt for each Para app.
3. Para now requires Java 11+ as a baseline.
ℹ️ Note on the recently found Log4j vulnerabilities:
Para does not use Log4j and only relies on Logback for logging. Logback has been updated to 1.2.9 and is not vulnerable.
Previously, Para contained the package log4j-core which is not vulnerable either, but it has now been removed completely from Para.
219ae41 Release v1.43.1.
bf70df0 updated dependencies and disabled WADL feature in Jersey
ef1a4b5 fixed JAR startup
📦 Download JAR
📦 Download WAR
v1.43.0
v1.42.2
e8c161f [maven-release-plugin] prepare for next development iteration
5aea487 [maven-release-plugin] prepare release v1.42.2
6557279 refactoring - moved classes to the appropriate packages
1e9933e Release v1.43.0.
e0d8968 updated dependencies
f17691b added H2 migration script
44354d3 [maven-release-plugin] prepare for next development iteration
📦 Download JAR
📦 Download WAR
v1.42.1
41b4d49 updated Jackson
fb54839 updated dependencies
4135b92 updated AWS SDK
61e5d59 updated dockerfile and logback
c841b3c fixed typo in log message
46a71d7 fix: upgrade io.github.classgraph:classgraph from 4.8.131 to 4.8.135 (#88)
8cb15d3 fix: upgrade org.springframework.security:spring-security-ldap from 5.5.3 to 5.6.0 (#87)
d210d1b fix: upgrade com.nimbusds:nimbus-jose-jwt from 9.15.1 to 9.15.2 (#86)
4ff8d44 fix: upgrade org.glassfish.jaxb:jaxb-runtime from 2.3.3 to 2.3.5 (#85)
be35b7c fix: upgrade org.apache.httpcomponents.client5:httpclient5 from 5.1 to 5.1.2 (#84)
📦 Download JAR
📦 Download WAR
v1.42.0
b6852f5 Release v1.42.0.
c94ac49 fixed method User#getIdentifiers() should not be public
00c8272 added support for jwt=id parameter in auth requests, enhanced PasswordlessAuthFilter to accept the new id tokens
41d4fc6 fixed the one_session_per_user feature
ac7389e added support for para.security.one_session_per_user and per-app configuration of session_timeout; added support for ?jwt-cookie= parameter in signin_success paths
2e086d9 fixed default queue impl should be LocalQueue instead of AWSQueue
c5e5835 fixed backup method should not use search, but should directly read from DB instead
5c6db67 fixed missing important properties on exported objects which have JsonIgnore annotation
e0baeff updated Spring Boot to 2.6.0, Jackson to 2.13
ec34cb0 fixed connection issues in ParaClient
24863c2 added support for audio and video tags in Markdown
069b2d0 fixed method for deleting global tables with replicas in AWSDynamoUtils
cdbe8c9 fixed CORS filter order, breaking CORS headers completely
c07db0b Fix Flaky MockDAOTest (#83)