Release notes
Ninja 2.1.4.1 - 15.11.2023
Changes
- UPGRADED: We upgraded the xmlsec third-party dependency to version 3.0.3. (NEVISAUTH-4393)
Ninja 2.1.3.1 - 15.02.2023
Changes
- FIXED: We upgraded
jcan-samlandjcan-sectokenwhich no longer use the libraryjcan-commons.jcan-commonsis no longer shipped. (NEVISAUTH-3861)
Ninja 2.1.2.1 - 16.11.2022
Ninja 2.x disclaimer
The major breaking changes in the 2.x stream of Ninja are the following:
- Container-specific login modules are removed.
- Logging bridges are removed. Ninja uses the SLF4J logging API, which requires customers to supply the logging provider
.jarto the classpath. - Support for newer Java versions (> 8) is added.
Customers can choose between the following courses of action regarding Ninja:
- Stay on the ninja 1.x versions with the currently supported container login modules, where we do not plan updates.
- Use ninja 2.x with Ninja Authentication Filter, or implementing custom container login modules and the desired logging bridges.
Changes
- FIXED: We upgraded the Jcan-saml third-party dependency woodstox due to the CVE-2022-40153 vulnerability. Note that the CVE report has quality issues, see the comments https://github.com/x-stream/xstream/issues/304#issuecomment-1254647926 and https://github.com/FasterXML/woodstox/issues/157. (NEVISAUTH-3879)
Ninja 2.1.1.1 - 01.08.2022
Ninja 2.x disclaimer
The major breaking changes in the 2.x stream of Ninja are the following:
- Container-specific login modules are removed.
- Logging bridges are removed. Ninja uses the SLF4J logging API, which requires customers to supply the logging provider
.jarto the classpath. - Support for newer Java versions (> 8) is added.
Customers can choose between the following courses of action regarding Ninja:
- Stay on the ninja 1.x versions with the currently supported container login modules, where we do not plan updates.
- Use ninja 2.x with Ninja Authentication Filter, or implementing custom container login modules and the desired logging bridges.
Changes
- FIXED: Jcan-saml 3rd party dependency Xalan is removed due to new vulnerability `http://nvd.nist.gov/vuln/detail/CVE-2022-34169. The library was not used anymore. (NEVISAUTH-3759)
Ninja 2.1.0.0 - 20.07.2022
Ninja 2.x disclaimer
This disclaimer serves to transparently inform the deep changes done in the Ninja artefact indicated by the 2.x major version number change.
The major breaking changes in the 2.x stream of Ninja are the following:
- No container-specific login modules
- No logging bridges. Ninja uses the SLF4J logging API which requires customers to supply the concrete logging provider
.jarto the classpath - Support for newer Java versions (> 8)
So customers have the choice of:
- Staying on the ninja 1.x versions with the currently supported container login modules, where we do not plan updates.
- Using ninja 2.x with Ninja Authentication Filter, or implementing custom container login modules and the desired logging bridges.
Changes
- FIXED: Ninja is now able to correctly verify SAML2-signed SecTokens related to
Cannot load SchemaTypeSystemRuntimeExceptions. (NINJA-203)
Ninja 2.0.0.5 - 19.07.2022
Ninja 2.x disclaimer
This disclaimer serves to transparently inform the deep changes done in the Ninja artefact indicated by the 2.x major version number change.
The major breaking changes in the 2.x stream of Ninja are the following:
- No container-specific login modules
- No logging bridges. Ninja uses the SLF4J logging API which requires customers to supply the concrete logging provider
.jarto the classpath - Support for newer Java versions (> 8)
So customers have the choice of:
- Staying on the ninja 1.x versions with the currently supported container login modules, where we do not plan updates.
- Using ninja 2.x with Ninja Authentication Filter, or implementing custom container login modules and the desired logging bridges.
Changes
- UPGRADE: We upgraded the
jcan-sectokendependency to version 2.0.0.2. (NEVISAUTH-3734) - UPGRADE: We upgraded the
jcan-samldependency to version 1.1.9.0. (NEVISAUTH-3734)
Ninja 2.0.0.4 - 21.06.2022
Ninja 2.x disclaimer
This disclaimer serves to transparently inform the deep changes done in the Ninja artefact indicated by the 2.x major version number change.
The major breaking changes in the 2.x stream of Ninja are:
- No container specific login modules
- No logging bridges. Ninja uses the SLF4J logging API which requires customers to supply the concrete logging provider
.jarto the classpath - Support for newer Java versions (> 8)
So customers have the choice of:
- Staying on the ninja 1.x versions with the currently supported container login modules, where we do not plan updates.
- Using ninja 2.x with Ninja Authentication Filter, or implementing custom container login modules and the desired logging bridges.
Breaking changes
- REMOVED: We removed the support of all container-specific login modules (NINJA-184):
- REMOVED: We removed the Jira Seraph integration module. (NINJA-184)
- REMOVED: We removed the Ninja logging bridges and all related interfaces and abstract classes, and migrated to SLF4J API instead. (NINJA-193)
- REMOVED: We removed the support for customer-specific
SecTokenimplementations, and migrated fromch.adnovum.jcan-sectokento thech.nevis.jcan-sectokenimplementation. (NINJA-194)
Changes
- NEW: The
Principalis no longer stored in the session. By default, theSecTokenis checked on each request. To keep the legacy behavior, that is, caching thePrincipalin the session, use the newCachePrincipalconfiguration property. - NEW: We released Ninja uber / fat JAR containing all Ninja modules and their dependencies. (NINJA-192)