Releases: BandwidthOnDemand/nsi-dds
New and improved SSL/TLS configuration
This release contains:
- Restructured initialization and handling of the SSL/TLS context within the server.
Important to note that the dds.xml configuration schema has changed. The <secure/> element specifying the key and trust stores is no longer a child of <server/> and <client/> but a stand alone element specifying the single configuration for the SSLContext.
For example:
<server address="example.net" port="8401" packageName="net.es.nsi.dds" secure="true">
<static>
<path>src/test/resources/config/www</path>
<relative>/www</relative>
</static>
</server>
<client maxConnPerRoute="10" maxConnTotal="60" secure="true" />
<!-- Set production="true" if host and certificate validation should be enforced. -->
<secure production="true">
<keyStore type="JKS">
<file>config/keystore.jks</file>
<password>changeit</password>
</keyStore>
<trustStore type="JKS">
<file>config/truststore.jks</file>
<password>changeit</password>
</trustStore>
</secure>
The secure="true" attribute in each of <server/> and <client/> now identify if they should use https or not.
Additional Log4J security fixes.
This release includes:
- pom.xml file changes to update log4j to >= 2.16.0.
Security fixes.
This release contains:
- Security updates to published vulnerabilities;
- The ability to write the process pid to a file specified on the command line (-pidFile) for those doing a double fork on startup.
Enhanced Java and Docker support
This tagged release accumulates a series of care and feeding updates:
1. Support for Java 1.8 through Java 15 including ports from javax to Jakarta framework.
2. Updating of dependencies to more recent versions.
3. Port from the SL4J/Log4j to Log4J2 framework for logging.
4. Expanded capability for the internal authorization mechanism based on X.509 certificate DNs (this is still not 100% complete).
5. Docker & Helm support.
Enjoy!