Skip to main content
Version: 8.2505.x.x RR

Release notes

Ninja 8.2505.3.1 - 21.05.2025

Breaking changes

Changes and new features

  • CHANGED: Ninja is now compiled using Java 21. As this component is typically embedded as a dependency, the target compatibility remains Java 17. Therefore the supported Java versions at runtime stay the same as before: Java 17 and Java 21. (NINJA-239)

Ninja 8.2411.0.1 - 20.11.2024

  • UPGRADED: We upgraded the jcan-saml, jcan-sectoken dependency to version 8.2411.0.x. (NINJA-236)

Ninja 8.2405.0.2 - 15.05.2024

  • CHANGED: Ninja DEV mode now signes sectokens with SHA256 instead of SHA1. (NEVISIDM-9456)
  • UPGRADED: We upgraded the jcan-saml, jcan-sectoken dependency to version 8.2405.0.x. (NINJA-231)
  • UPGRADED: We upgraded the Servlet API third-party dependency to version 6.0.0. The Ninja filter was tested againts Servlet API version 5, 6 and 6.1. (NINJA-231)
  • UPGRADED: We upgraded the slf4j third-party dependency to version 2.0.12. (NINJA-231)

Ninja 7.2402.0.1 - 21.02.2024

  • NEW: Added add-dependencies-to-maven-repo.sh in the ninja-<version>.zip to simplify deploying artifacts to the local maven repository. (NINJA-228)

Ninja 7.2311.0.5 - 15.11.2023

Breaking changes

  • REMOVED: Non UTC expiration dates for SecTokens. This is the pair of the useGmt property removal for the TokenSpec configuration in the esauth4.xml in nevisAuth. From now we always use UTC (previous default). (NEVISAUTH-4173)
  • REMOVED: jcan-saml is now streamlined to it's sole purpose: verify SAML Assertions. Generation, signing and command line utilities are removed and jcan-saml-tools is discontinued. (NEVISAUTH-4134)
  • REMOVED: Deprecated methods and command line utilities in jcan-sectoken are removed. (NEVISAUTH-3856)
  • CHANGED: The ninja-uber.jar is discontinued. Originally it was intended to ease integration, however its usefulness was decreased by clashing version of dependencies. Now we ship all Nevis Ninja related artifacts and their pom.xml to provide flexibility in a zip file. See the description for more. (NINJA-222)
  • CHANGED: Interfaces in the Ninja / jcan-sectoken / jcan-saml API classes are now using the java.time.Instant instead of the old java.util.Date types where it is possible. Also, methods previously using Object return types and arguments were mostly migrated to accept/produce String. (NEVISAUTH-4418)
  • UPGRADED: We upgraded Servlet API to version 5. Migration from javax.servlet packages to jakarta.servlet. Ninja version 7.2311.x is not supported with javax.serlet API and Nevis component versions compiled using Java 8. (NINJA-214)

Changes

  • UPGRADED: We upgraded the slf4j third-party dependency to version 2.0.6. (NINJA-214)
  • UPGRADED: We upgraded jcan-sectoken to support Java17. (NEVISAUTH-3856)
  • UPGRADED: We upgraded jcan-saml to support Java17. (NEVISAUTH-3855)
  • UPGRADED: We upgraded the xmlsec third-party dependency to version 3.0.3. (NEVISAUTH-4393)

Ninja 2.1.3.1 - 15.02.2023

Changes

  • FIXED: We upgraded jcan-saml and jcan-sectoken which no longer use the library jcan-commons. jcan-commons is no longer shipped. (NEVISAUTH-3861)

Ninja 2.1.2.1 - 16.11.2022

Ninja 2.x disclaimer

The major breaking changes in the 2.x stream of Ninja are the following:

  • Container-specific login modules are removed.
  • Logging bridges are removed. Ninja uses the SLF4J logging API, which requires customers to supply the logging provider .jar to the classpath.
  • Support for newer Java versions (> 8) is added.

Customers can choose between the following courses of action regarding Ninja:

  1. Stay on the ninja 1.x versions with the currently supported container login modules, where we do not plan updates.
  2. Use ninja 2.x with Ninja Authentication Filter, or implementing custom container login modules and the desired logging bridges.

Changes

Ninja 2.1.1.1 - 01.08.2022

Ninja 2.x disclaimer

The major breaking changes in the 2.x stream of Ninja are the following:

  • Container-specific login modules are removed.
  • Logging bridges are removed. Ninja uses the SLF4J logging API, which requires customers to supply the logging provider .jar to the classpath.
  • Support for newer Java versions (> 8) is added.

Customers can choose between the following courses of action regarding Ninja:

  1. Stay on the ninja 1.x versions with the currently supported container login modules, where we do not plan updates.
  2. Use ninja 2.x with Ninja Authentication Filter, or implementing custom container login modules and the desired logging bridges.

Changes

Ninja 2.1.0.0 - 20.07.2022

Ninja 2.x disclaimer

This disclaimer serves to transparently inform the deep changes done in the Ninja artefact indicated by the 2.x major version number change.

The major breaking changes in the 2.x stream of Ninja are the following:

  • No container-specific login modules
  • No logging bridges. Ninja uses the SLF4J logging API which requires customers to supply the concrete logging provider .jar to the classpath
  • Support for newer Java versions (> 8)

So customers have the choice of:

  1. Staying on the ninja 1.x versions with the currently supported container login modules, where we do not plan updates.
  2. Using ninja 2.x with Ninja Authentication Filter, or implementing custom container login modules and the desired logging bridges.

Changes

  • FIXED: Ninja is now able to correctly verify SAML2-signed SecTokens related to Cannot load SchemaTypeSystem RuntimeExceptions. (NINJA-203)

Ninja 2.0.0.5 - 19.07.2022

Ninja 2.x disclaimer

This disclaimer serves to transparently inform the deep changes done in the Ninja artefact indicated by the 2.x major version number change.

The major breaking changes in the 2.x stream of Ninja are the following:

  • No container-specific login modules
  • No logging bridges. Ninja uses the SLF4J logging API which requires customers to supply the concrete logging provider .jar to the classpath
  • Support for newer Java versions (> 8)

So customers have the choice of:

  1. Staying on the ninja 1.x versions with the currently supported container login modules, where we do not plan updates.
  2. Using ninja 2.x with Ninja Authentication Filter, or implementing custom container login modules and the desired logging bridges.

Changes

  • UPGRADE: We upgraded the jcan-sectoken dependency to version 2.0.0.2. (NEVISAUTH-3734)
  • UPGRADE: We upgraded the jcan-saml dependency to version 1.1.9.0. (NEVISAUTH-3734)

Ninja 2.0.0.4 - 21.06.2022

Ninja 2.x disclaimer

This disclaimer serves to transparently inform the deep changes done in the Ninja artefact indicated by the 2.x major version number change.

The major breaking changes in the 2.x stream of Ninja are:

  • No container specific login modules
  • No logging bridges. Ninja uses the SLF4J logging API which requires customers to supply the concrete logging provider .jar to the classpath
  • Support for newer Java versions (> 8)

So customers have the choice of:

  1. Staying on the ninja 1.x versions with the currently supported container login modules, where we do not plan updates.
  2. Using ninja 2.x with Ninja Authentication Filter, or implementing custom container login modules and the desired logging bridges.

Breaking changes

  • REMOVED: We removed the support of all container-specific login modules (NINJA-184):
  • REMOVED: We removed the Jira Seraph integration module. (NINJA-184)
  • REMOVED: We removed the Ninja logging bridges and all related interfaces and abstract classes, and migrated to SLF4J API instead. (NINJA-193)
  • REMOVED: We removed the support for customer-specific SecToken implementations, and migrated from ch.adnovum.jcan-sectoken to the ch.nevis.jcan-sectoken implementation. (NINJA-194)

Changes

  • NEW: The Principal is no longer stored in the session. By default, the SecToken is checked on each request. To keep the legacy behavior, that is, caching the Principal in the session, use the new CachePrincipal configuration property.
  • NEW: We released Ninja uber / fat JAR containing all Ninja modules and their dependencies. (NINJA-192)