v3.0.3

Summary

liboscal-java 3.0.3 is a patch release with improvements and changes that are backwards compatible, specifically updating liboscal-java and metaschema-framework dependencies to make use of the OSCAL v1.1.2 models and dependency updates.

Changes: Key Take-aways

Key takeaways are below:

1. OSCAL model updates from v1.1.1 to v1.1.2
2. Dependency updates

Details

1. e659797 Update OSCAL models to v1.1.2 for [#234]

Appendix

Detailed Commit Log

Note for NIST developers: the output below is from executing the following command against the release branch (main) on a developer workstation: git log origin/main..origin/develop --pretty=oneline --abbrev-commit.

1. bc4c359 (tag: v3.0.3, origin/release-3.0, release-3.0) [maven-release-plugin] prepare release v3.0.3
2. e659797 Update OSCAL models to v1.1.2 for #234. (#235)
3. a758cce Bump org.codehaus.mojo:templating-maven-plugin from 1.0.0 to 3.0.0 (#230)
4. 272ab18 Bump org.xmlunit:xmlunit-assertj3 from 2.9.0 to 2.9.1 (#226)
5. fbe7ea9 Bump org.assertj:assertj-core from 3.24.2 to 3.25.2 (#229)
6. 9484c63 Bump com.google.auto.service:auto-service from 1.0.1 to 1.1.1 (#225)
7. b098a86 Bump gov.nist.secauto:oss-parent from 26 to 27 (#212)
8. b7fb926 Bump org.xmlunit:xmlunit-core from 2.9.0 to 2.9.1 (#214)
9. 3e91c09 Bump com.googlecode.maven-download-plugin:download-maven-plugin (#219)
10. 49075ba Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.3 to 2.7.11 (#221)
11. 13e5c25 Bump org.xmlresolver:xmlresolver from 4.6.0 to 5.2.3 (#223)
12. 35f8969 Bump github/codeql-action from 2.22.8 to 3.23.2 (#224)
13. f60b79a Bump net.sf.saxon:Saxon-HE from 12.3 to 12.4 (#208)
14. 96cb559 Bump dependency.log4j2.version from 2.21.1 to 2.22.0 (#204)
15. a85440e Bump org.apache.commons:commons-lang3 from 3.13.0 to 3.14.0 (#205)
16. 036b7e0 Bump actions/setup-java from 3.13.0 to 4.0.0 (#207)
17. 63d9440 Bump github/codeql-action from 2.22.4 to 2.22.8 (#206)
18. 4fe3be4 (origin/200-resolution-ungrouped-control-exception) Bump io.github.git-commit-id:git-commit-id-maven-plugin (#196)
19. 36b3fea Bump actions/checkout from 4.1.0 to 4.1.1 (#194)
20. f70907e Bump github/codeql-action from 2.21.9 to 2.22.4 (#197)
21. 6457c0f Bump dependency.log4j2.version from 2.20.0 to 2.21.1 (#199)
22. 25650ac Bump github/codeql-action from 2.21.8 to 2.21.9 (#186)
23. 2e703fd Bump actions/checkout from 4.0.0 to 4.1.0 (#185)
24. 3250810 Bump actions/setup-java from 3.12.0 to 3.13.0 (#184)

v3.0.2

Summary

liboscal-java 3.0.2 is a patch release with improvements and changes that are backwards compatible, specifically updating the library to the v1.1.1 release of OSCAL models and a bug fix of metaschema-java generation of XML schemas.

Changes: Key Take-aways

Key takeaways are below:

1. Update embedded OSCAL models to v1.1.1 release.
2. Update metaschema-java module to correct missing type information in generated XML schemas used for OSCAL document validation.

Details

1. a326055 Update XML schema type gen for #181. (#182)
2. b7130ab Update models to OSCAL v1.1.1 release.

Appendix

Detailed Commit Log

Note for NIST developers: the output below is from executing the following command against the release branch (main) on a developer workstation: git log origin/main..origin/develop --pretty=oneline --abbrev-commit.

1. 5b66a44 Bump github/codeql-action from 2.21.7 to 2.21.8 (#183)
2. a326055 Update XML schema type gen for #181. (#182)
3. 1e4ee2b Bump actions/checkout from 3.5.3 to 4.0.0 (#178)
4. 1aba33a Bump github/codeql-action from 2.21.4 to 2.21.7 (#180)
5. b7130ab Update models to OSCAL v1.1.1 release.
6. 09418c0 [maven-release-plugin] prepare for next development iteration

v3.0.1

Summary

liboscal-java 3.0.1 is a patch release with improvements and changes that are backwards compatible, specifically correcting where embedded JSON and XML schemas are located. Updating the path will fix schema validation in this library. The oscal-cli utility relies upon it, and it is currently not working until these changes are released for inclusion in an updated oscal-cli release.

Changes: Key Take-aways

Key takeaways are below:

1. Embedded JSON and XML schemas' resource paths needed to be updated.

Details

1. c6e084c Fix build res path issue for #171.

Appendix

Detailed Commit Log

Note for NIST developers: the output below is from executing the following command against the release branch (main) on a developer workstation: git log origin/main..origin/develop --pretty=oneline --abbrev-commit.

1. 8eb8c58 (tag: v3.0.1) [maven-release-plugin] prepare release v3.0.1
2. d48958a Update metaschema-java from 0.12.0 to 0.12.1 (#174)
3. e2499d9 Update GHA CI/CD checkout for version string (#173)
4. 1ce285a Bump github/codeql-action from 2.21.3 to 2.21.4 (#172)
5. 13db3f1 Bump github/codeql-action from 2.21.2 to 2.21.3 (#170)
6. c6e084c Fix build res path issue for #171.
7. f47aa8a [maven-release-plugin] prepare for next development iteration

v3.0.0

Summary

liboscal-java 3.0.0 will be a major release with improvements and changes that are not backwards compatible, specifically obsolete imports from package restructuring and removed library functions for control mappings.

Changes: Key Take-aways

Key takeaways are below:

1. Update OSCAL models to 1.1.0.
2. Deprecate utility functions for control mapping.

Details

Below is a list of all changes that will be promoted from develop to 3.0.0 release branch.

1. Update OSCAL models to 1.1.0 (#165)

Appendix

Detailed Commit Log

Note for NIST developers: the output below is from executing the following command against the release branch (main) on a developer workstation: git log origin/main..origin/develop --pretty=oneline --abbrev-commit.

1. 212aea9 Update OSCAL models to 1.1.0 (#165)
2. 8f4fe6a Bump github/codeql-action from 2.21.1 to 2.21.2 (#168)
3. 6637d96 Bump org.apache.commons:commons-lang3 from 3.12.0 to 3.13.0 (#167)
4. 6f01d96 Bump github/codeql-action from 2.21.0 to 2.21.1 (#166)
5. 3f1accb Bump github/codeql-action from 2.20.3 to 2.21.0 (#161)
6. 541906b Bump actions/setup-java from 3.11.0 to 3.12.0 (#163)
7. ed63a9a [maven-release-plugin] prepare for next development iteration

v2.0.0

What's Changed

• Bump github/codeql-action from 2.2.1 to 2.2.4 by @dependabot in #117
• Bump actions/setup-java from 3.9.0 to 3.10.0 by @dependabot in #114
• Bump Saxon-HE from 11.4 to 12.0 by @dependabot in #112
• Bump dependency.log4j2.version from 2.19.0 to 2.20.0 by @dependabot in #118
• Extend AbstractOscalInstance for all document types by @kylelaker in #129
• Bump Saxon-HE from 12.0 to 12.1 by @dependabot in #124
• Bump actions/setup-java from 3.10.0 to 3.11.0 by @dependabot in #128
• Bump actions/checkout from 3.3.0 to 3.5.2 by @dependabot in #135
• Bump github/codeql-action from 2.2.4 to 2.2.12 by @dependabot in #134
• Bump github/codeql-action from 2.2.12 to 2.3.6 by @dependabot in #145
• Bump git-commit-id-maven-plugin from 5.0.0 to 6.0.0 by @dependabot in #142
• Bump Saxon-HE from 12.1 to 12.2 by @dependabot in #139
• Update README.md by @milespop in #153
• metaschema-java v0.11.0 update by @david-waltermire-nist in #150
• Bump Saxon-HE from 12.2 to 12.3 by @dependabot in #154
• Bump github/codeql-action from 2.3.6 to 2.20.2 by @dependabot in #152
• Bump actions/checkout from 3.5.2 to 3.5.3 by @dependabot in #146
• Bump github/codeql-action from 2.20.2 to 2.20.3 by @dependabot in #155
• Code cleanup by @david-waltermire-nist in #156
• Update metaschema-java to 0.12.0 by @aj-stein-nist in #160
• Updated build workflows. by @david-waltermire-nist in #162

New Contributors

• @kylelaker made their first contribution in #129
• @milespop made their first contribution in #153

Full Changelog: v1.0.4.4...v2.0.0

v1.0.4.4

What's Changed

• Bump github/codeql-action from 2.1.36 to 2.2.1 (#108)
• Bump assertj-core from 3.23.1 to 3.24.2 (#105)
• Bump actions/checkout from 3.1.0 to 3.3.0 (#102)
• Bump spotbugs-annotations from 4.7.2 to 4.7.3 (#98)
• Bump cyclonedx-maven-plugin from 2.7.1 to 2.7.3 (#97)
• Bump actions/setup-java from 3.8.0 to 3.9.0 (#96)
• Fix missing DateTimeDatatype datatype from embedded OSCAL and metaschema submodules. (#109)
• Bump actions/setup-java from 3.6.0 to 3.8.0 (#92)
• Bump github/codeql-action from 2.1.29 to 2.1.36 (#93)

Full Changelog: v1.0.4.3...v1.0.4.4

Download

This release is on Maven Central.

v1.0.4.3

What's Changed

• Refactored profile resolution visitors by @david-waltermire-nist in #85 and #69
  • Refactored the visitors used to process catalogs and profiles during profile resolution to improve performance.
    • The current solution now reuses the index reducing the need to walk the document multiple times.
    • The index code has been simplified to reduce a significant amount of redundant method calls.
    • The various visitors now use a common set of base implementation classes making maintenance easier.
  • Added support for property name="keep" in the reference handler.
  • Fixed reference handling for orphaned groups during flat structuring. Resolves #65.
• Fixed compile, Checkstyle, PMD, and Spotbugs errors.
• Bump spotbugs-maven-plugin from 4.7.1.1 to 4.7.2.0 by @dependabot in #68
• Bump spotbugs-maven-plugin from 4.7.2.0 to 4.7.2.1 by @dependabot in #80
• Bump github/codeql-action from 2.1.18 to 2.1.22 by @dependabot in #66
• Bump github/codeql-action from 2.1.22 to 2.1.29 by @dependabot in #84
• Bump actions/setup-java from 3.4.1 to 3.5.0 by @dependabot in #70
• Bump actions/setup-java from 3.5.0 to 3.6.0 by @dependabot in #82
• Bump spotbugs-annotations from 4.7.1 to 4.7.2 by @dependabot in #67
• Bump dependency.log4j2.version from 2.18.0 to 2.19.0 by @dependabot in #73
• Bump dependency.xmlresolver.version from 4.5.1 to 4.5.2 by @dependabot in #74
• Bump actions/checkout from 3.0.2 to 3.1.0 by @dependabot in #78

Full Changelog: v1.0.4.2...v1.0.4.3

Download

This release is on Maven Central.

v1.0.4.2 Release

What's Changed

• Support alter set-parameter, add, and remove functions by @david-waltermire-nist in #56
  • Added support for OSCAL profile alter statements supporting set-parameter, add, and remove functions.
  • Refactored build to eliminate extraneous dependencies.
  • Setup auto-service generation for OSCAL Metapath function extensions.
• Improved error handling by @david-waltermire-nist in #60
  • Added additional error handling for alter statements to provide context.
  • Fixed bug in remove match handling. Resolved #59.
• Updated to latest OSCAL development build.
• Streamlined error reporting for alter statement related errors.
• Added reference policies for legacy SP 800-53 rev4 references to reduce constraint validation errors.
• Updated to latest released version of metaschema-java v0.9.0.
• Reformatted code, fixed Javadoc, Checkstyle, PMD, and spotbugs errors.

Dependency Changes

• Bump actions/setup-java from 3.4.0 to 3.4.1 by @dependabot in #47
• Bump cyclonedx-maven-plugin from 2.7.0 to 2.7.1 by @dependabot in #51
• Bump Saxon-HE from 11.3 to 11.4 by @dependabot in #53
• Bump dependency.xmlresolver.version from 4.4.0 to 4.5.0 by @dependabot in #55
• Bump spotbugs-annotations from 4.2.0 to 4.7.1 by @dependabot in #58
• Bump github/codeql-action from 2.1.15 to 2.1.18 by @dependabot in #54
• Bump dependency.xmlresolver.version from 4.5.0 to 4.5.1 by @dependabot in #57

Full Changelog: v1.0.4.1...v1.0.4.2

Download

This release is on Maven Central.

v1.0.4.1

What's Changed

Fixed a bug caused by not specifying an output encoding of UTF-8 when serializing to an OutputStream by @david-waltermire-nist in usnistgov/metaschema-java#72

Dependencies

• Bump metaschema-java from 0.8.0 to 0.8.1
• Bump dependency.xmlresolver.version from 4.3.0 to 4.4.0 by @dependabot in #43
• Bump github/codeql-action from 2.1.14 to 2.1.15 by @dependabot in #42

Full Changelog: v1.0.4...v1.0.4.1

Download

This release is on Maven Central.

v1.0.4

What's Changed

• Added a unit test that illustrates a simple example of how to use the library. Resolved #10 by @david-waltermire-nist in #37
• Added support for a URI resolver which can be specified by extending the ProfileResolver.getEntityResolver(URI) method. Resolved #12 by @david-waltermire-nist in #20
• Adjusted generated XML declarations to use double quotes instead of single quotes. Resolved #14 by @david-waltermire-nist in usnistgov/metaschema-java#53
• Corrected metadata/oscal-version handling bug to use OSCAL version, not the content version from a source profile. Resolves #15 by @david-waltermire-nist in #21
• Redesigned profile resolver reference tracking to properly handle configured references, ensuring referenced objects (i.e., roles, parties) are preserved properly. Resolves #17 @david-waltermire-nist in #36
• Added support for defining a constraint validation handler on a deserializer. Resolves #19 by @david-waltermire-nist in usnistgov/metaschema-java#66

Dependencies

• Bump actions/setup-java from 2 to 3 by @dependabot in #23
• Bump actions/checkout from 2 to 3 by @dependabot in #22
• Bump download-maven-plugin from 1.4.2 to 1.6.8 by @dependabot in #29
• Bump Saxon-HE from 11.2 to 11.3 by @dependabot in #28
• Bump xmlunit-core from 2.8.4 to 2.9.0 by @dependabot in #27
• Bump xmlunit-assertj3 from 2.8.4 to 2.9.0 by @dependabot in #26
• Bump dependency.xmlresolver.version from 4.2.0 to 4.3.0 by @dependabot in #25
• Bump cyclonedx-maven-plugin from 2.5.3 to 2.6.2 by @dependabot in #30
• Bump assertj-core from 3.22.0 to 3.23.1 by @dependabot in #34
• Bump cyclonedx-maven-plugin from 2.6.2 to 2.7.0 by @dependabot in #32
• Bump github/codeql-action from 2.1.11 to 2.1.12 by @dependabot in #35
• Bump actions/setup-java from 3 to 3.4.0 by @dependabot in #38
• Bump github/codeql-action from 2.1.12 to 2.1.14 by @dependabot in #40

Full Changelog: v1.0.2...v1.0.4

New Contributors

• @dependabot made their first contribution in #23

Download

This release is on Maven Central.