2.2.1

2.2.1 (2025-03-22)

Merged pull requests:

• JSON Schema & YAML Config Generation Enhancement #2482 (KalevGonvick)
• fixes #2478 update dependency of mysql #2479 (stevehu)
• fixes #2476 update email dependency from javax to jakarta #2477 (stevehu)
• Sync #2475 (stevehu)
• 2473 remaining config conversion #2474 (KalevGonvick)
• 2469 client config module refactor #2472 (KalevGonvick)
• 2467 multi module schema generation #2468 (KalevGonvick)
• 2463 add configuration schema generation to basic config #2466 (KalevGonvick)
• 2459 mirroredtypeexceptions occur when using config generator annotations #2465 (stevehu)
• 2459 mirroredtypeexceptions occur when using config generator annotations #2461 (stevehu)
• MirroredTypeException Fix #2460 (KalevGonvick)
• 2452 create config file generator so configurations are always in sync with the pojo #2458 (stevehu)
• Added metrics attachment for handler execution. #2454 (KalevGonvick)

2.2.0

2.2.0 (2025-02-12)

Merged pull requests:

• Sync #2455 (stevehu)
• fixes #2450 update cache manager to make sure it only initialized once #2451 (stevehu)
• fixes #2448 move the cache manager creation to the instance variable … #2449 (stevehu)
• fixes #2446 refactor the key logic in the token-limit handler #2447 (stevehu)
• Sync #2445 (stevehu)
• sync to master PR #2444 (stevehu)
• fixes #2442 Add date conversion in DateUtil #2443 (stevehu)
• fixes #2440 update the email to eml to extract the email from the token #2441 (stevehu)
• fixes #2438 add email and host into the auditInfo in jwt verifier #2439 (stevehu)
• including header for application/json responses #2435 (DiogoFKT)
• Token limit cache implementation #2429 (stevehu)
• fixes #2419 update rule loader and implement rule actions for FGA #2420 (stevehu)
• fixes #2417 add eid entity id to the constants and shorten some const… #2418 (stevehu)
• fixes #2415 add an abstract isSkipAuth abstract method #2416 (stevehu)
• fixes #2413 update rule actions with new IAction interface #2414 (stevehu)
• fixes #2411 add email and elm constants #2412 (stevehu)
• fixes #2409 add several constants for token creation in oauth-kafka #2410 (stevehu)
• fixes #2407 Add a method in Util to parse the attributes in jwt token #2408 (stevehu)
• fixes #2004 update CorsHandler to add some trace statements #2405 (stevehu)
• fixes #2402 Do not put the cert into the certMap and check the finger… #2403 (stevehu)

2.1.38

2.1.38 (2024-11-30)

Merged pull requests:

2.1.37

2.1.37 (2024-09-20)

Merged pull requests:

• fixes #2345 Fix the transformer matching with encoding #2346 (stevehu)
• fixes #2343 Trim the encoding for req res tranformer interceptors #2344 (stevehu)
• fixes #2341 Dynamic loading jwk with kid is not working if multiple s… #2342 (stevehu)
• fixes #2339 allow the req or res body encoding to be customized per p… #2340 (stevehu)
• fixes #2337 update req/res transformer interceptor to handle the erro… #2338 (stevehu)
• fixes #2334 make convertEnvVars configurable to work with lower case … #2335 (stevehu)

Upgrade Guide

For this release, we have deprecated openapi-security.yml, graphql-security.yml, and hybrid-security.yml. Going forward, all JWT and SWT-related configurations should be centralized in a single security.yml file.

Important Changes for Users with Framework-Specific Security Configurations

If you have framework-specific security properties defined in values.yml, you’ll need to update these properties by removing the framework prefix (openapi-, graphql-, or hybrid-) and using only security as the prefix.

For example, if you previously had the following property in your values.yml file:

openapi-security.enableVerifyJwt: false

You should update it to:

security.enableVerifyJwt: false

This update simplifies configuration management by unifying security settings under a single security.yml file.

---

2.1.36

2.1.36 (2024-08-27)

Merged pull requests:

• fixes #2330 update response tranformer interceptor to use explicit UT… #2331 (stevehu)
• fixes #2328 refactor the security handlers to return status or null #2329 (stevehu)
• fixes #2325 security-config/src/main/resources/config/security.yml #2326 (stevehu)
• fixes #2323 Make status code 401 if the token kid cannot find jwk #2324 (stevehu)
• fixes #2321 2.1.35 introduced a new issue in the jwt verification #2322 (stevehu)

2.1.35

2.1.35 (2024-08-17)

Merged pull requests:

• fixes #2317 update transformer interceptor to avoid NPEfor logging #2318 (stevehu)
• fixes #2315 make the request response transformer body encoding confi… #2316 (stevehu)
• fixes #2313 Adding trace logging for response interceptor injection h… #2314 (stevehu)
• fixes #2311 resolve client, user, address rate limit without prefix d… #2312 (stevehu)
• fixes #2308 resolve a memory leak issue in the rate-limit handler #2309 (stevehu)
• fixes #2306 refactor security config to use only security.yml #2307 (stevehu)
• fixes #2304 Add constants for light-hybrid-4j #2305 (stevehu)
• fixes #2302 move the unified-config and unified-security from light-r… #2303 (stevehu)
• fixes #2300 handler needs to escape the double quotes in the status d… #2301 (stevehu)
• Add unsupported content-type status code #2299 (david0)
• fixes #2297 Deprecate MrasHandler and SalesforceHandler #2298 (stevehu)
• fixes #2295 Need to filter the jwks with use=sig for getJsonWebKeyMap #2296 (stevehu)
• fixes #2293 retrieve jwk will work with or without use sig in the res… #2294 (stevehu)
• fixes #2291 only the use=sig jwk will return from the retrieveJwk #2292 (stevehu)
• fixes #2289 Add a method to check if the jwt token has scopes in Jwt… #2290 (stevehu)
• fixes #2287 -Dlight-4j-config-password is not working for AutoAESSalt… #2288 (stevehu)
• fixes #2284 change the jwk cache object to single JsonWebKey #2285 (stevehu)
• fixes #2282 update dependences for some modules that depending on htt… #2283 (stevehu)
• fixes #2280 rollback the jwt issuer and verifier with local jks files #2281 (stevehu)
• fixes #2277 move MapUtil to light-4j utility module #2278 (stevehu)
• Merged Traceability & Correlation Handler #2273 (KalevGonvick)
• fixes #2270 remove dependency of json-schema-validator #2271 (stevehu)
• fixes #2267 return 413 response code if request body is too big #2268 (stevehu)
• fixes #2265 SidecarPathPrefixServiceHandler never calls put attachment #2266 (stevehu)

2.1.34

2.1.34 (2024-06-22)

Merged pull requests:

• fixes #2262 implement an admin endpoint to explore the cache manager #2263 (stevehu)
• fixes #2260 Update tlsVersion to TLSv1.3 by default in client.yml fro… #2261 (stevehu)
• fixes #2256 Move JwtVerifier and SwtVerifier to security-config #2257 (stevehu)
• fixes #2253 add a new error code to status.yml to indicate Lambda to … #2254 (stevehu)
• fixes #2251 make CONFIG_NAME public in RouterConfig and move the toke… #2252 (stevehu)
• fixes #2249 merge token-config to router-config #2250 (stevehu)
• fixes #2247 create router-config module to share with light-lambda-na… #2248 (stevehu)
• fixes #2244 add request and response to the keysToNotSort in info.yml #2245 (stevehu)
• fixes #2242 Move the PathTemplateMatcher to utility #2243 (stevehu)
• fixes #2240 double check the metrics handler instance in the injectio… #2241 (stevehu)
• Issue2236 #2239 (stevehu)
• fixes #2236 update basic-auth.yml to disable the handler by default #2237 (stevehu)
• fixes #2233 rollback the method overwritten rule to pattern matching … #2234 (stevehu)
• fixes #2231 Router rewriteMethod property does not work with path prefix #2232 (stevehu)
• fixes #2229 Add httpClient to PathPrefixAuth to cache the client inst… #2230 (stevehu)
• fixes #2227 move PathPrefixAuth to config module to share with Lambda #2228 (stevehu)
• fixes #2225 update request and response transformer to remove underto… #2226 (stevehu)
• fixes #2223 remove the cache.yml from the src resource of caffeine-cache #2224 (stevehu)
• fixes #2221 update MrasHandler to create a new client instance per re… #2222 (stevehu)
• fixes #2219 upgrade to http-client 1.0.10 with Jwt class change #2220 (stevehu)
• fixes #2217 split to token-config and sidecar-config modules to share… #2218 (stevehu)
• fixes #2215 Fix a bug in the request transformer interceptor #2216 (stevehu)
• fixes #2213 split rule-loader config from rule-loader module #2214 (stevehu)
• fixes #2211 split request response transformer config to separate mod… #2212 (stevehu)
• fixes #2209 update MrasHandler to set keepalive timeout to 10 seconds #2210 (stevehu)
• fixes #2207 replace light-4j client to http-client for ldap-util #2208 (stevehu)
• fixes #2205 remove ldap dependency from basic-config #2206 (stevehu)
• fixes #2203 Split basic-config module for basic-auth to share with la… #2204 (stevehu)
• fixes #2201 split apikey-config into a separate module to share with … #2202 (stevehu)
• [pre-commit.ci] pre-commit autoupdate #2200 (pre-commit-ci)
• fixes #2198 log the error response from downstream API in external se… #2199 (stevehu)
• fixes #2196 split common code to metrics-config to share with light-l… #2197 (stevehu)

2.1.33

2.1.33 (2024-03-31)

Merged pull requests:

• fixes #2194 remove the jboss-threads dependency from parent pom.xml #2195 (stevehu)
• fixes #2192 Add a status code for the rate limit in status.yml #2193 (stevehu)
• fixes #2190 fix the JwtHeaderClientIdKeyResolver to use request header #2191 (stevehu)
• fixes #2187 move EncoderWrapper to sanitizer-config module #2188 (stevehu)
• fixes #2185 split sanitizer-config module to share with light-aws-lambda #2186 (stevehu)
• fixes #2183 split logger-config and logger-handler to share with ligh… #2184 (stevehu)
• fixes #2181 fallback to cached config to start server for ConnectExec… #2182 (stevehu)
• fixes #2179 DefaultConfigLoader handles lightEnv in one place in the … #2180 (stevehu)
• fixes #2176 Add aws lambda error codes #2177 (stevehu)
• fixes #2173 remove unused imports #2174 (stevehu)
• Add validation to matchPathToPattern method #2171 (syntheshad)
• fixes #2169 resolve the config reload registry issue #2170 (stevehu)
• fixes #2167 remove the token from portal-registry.yml #2168 (stevehu)
• fixes #2165 refactor limit-config to remove dependency for undertow #2166 (stevehu)
• fixes #2163 split handler-config from handler module #2164 (stevehu)
• fixes #2161 remove jaeger-tracer module as it is replaced by OpenTele… #2162 (stevehu)

2.1.32

2.1.32 (2024-02-27)

Merged pull requests:

• fixes #2159 HandlerConfig supports additionalHandlers, additionalChai… #2160 (stevehu)
• fixes #2157 stop server or use the backup to start the server on conf… #2158 (stevehu)
• fixes #2154 we need to load both decryped yaml and undecryped yaml fr… #2156 (stevehu)
• fixes #2153 return 415 error if config server not return yaml and jso… #2155 (stevehu)
• rollback to application/yaml #2152 (stevehu)
• fixes #2149 change the content type to application/x-yaml for yaml #2150 (stevehu)
• fixes #2147 update DefaultConfigLoader to support YAML response from … #2148 (stevehu)
• fixes #2145 update ContentType to add application/yaml #2146 (stevehu)
• fixes #2142 Update GenericDataSource to handle integer environment va… #2144 (stevehu)
• fixes #2124 use the client.timeout for the config server timeout #2143 (stevehu)
• fixes #2140 update mras, salesforce and external service config to su… #2141 (stevehu)
• fixes #2138 Handle empty string when loading typed value in Config #2139 (stevehu)
• fixes #2136 update pathPrefixAuth to support JSON string in ApiKeyConfig #2137 (stevehu)
• fixes #2134 change the config server timeout to startup.yml and defau… #2135 (stevehu)
• fixes #2132 support JSON string for serviceIdAuthServers for ClientCo… #2133 (stevehu)
• fixes #2130 update ExternalServiceConfig to support JSON string for u… #2131 (stevehu)
• fixes #2128 update RouterConfig to support stringified JSON values #2129 (stevehu)
• fixes #2126 remove the values.yml from config module #2127 (stevehu)
• fixes #2124 use the client.timeout for the config server timeout #2125 (stevehu)
• fixes #2122 limit.yml does not support JSON string for address, clien… #2123 (stevehu)
• [pre-commit.ci] pre-commit autoupdate #2119 (pre-commit-ci)
• fixes #2120 add acceptHeader to support YAML properties from config s… #2121 (stevehu)
• fixes #2117 skip quoteReplacement only for backslash and dollar compb… #2118 (stevehu)
• fixes #2115 Add ServerInfoUtil to be shared with light-aws-lambda #2116 (stevehu)
• fixes #2113 split the ServerInfoConfig to a info-config module #2114 (stevehu)
• fixes #2111 split the HealthConfig to a health-config module #2112 (stevehu)
• fixes #2109 update basic, apikey and simple web token security handle… #2110 (stevehu)
• fixes #2107 update a cient test case that fails on a slow computer #2108 (stevehu)
• fixes #2104 cache the undecryped and decrypted values.yml maps in Con… #2105 (stevehu)
• fixes #2102 support decrypt or not for values.yml and env injection #2103 (stevehu)
• fixes #2099 Update ModuleRegistry to add back isMaskConfigProperties #2100 (stevehu)
• fixes #2097 need a new way to load config file without decryption for… #2098 (stevehu)
• fixes #2095 use the environment from the startup.yml if light-env env… #2096 (stevehu)
• fixes #2087 AuditHandler Not Writing Entries at the End of the Exchan… #2088 (stevehu)
• fixes #2085 Add keysToNotSort in info.yml to skip the string array so… #2086 (stevehu)
• Audit Logging - Replace over putIfAbsent #2084 (KalevGonvick)
• fixes #2082 update HandleUtils and refactor ServiceDictHandler #2083 (stevehu)
• ExternalServiceHandler logging fix #2080 (KalevGonvick)

1.6.47

1.6.47 (2024-01-18)

Merged pull requests: