Waffle 3.5.0

• Drop support for tomcat 8.5 which ended support as previously noted with release 3.4.0
• Correct spring boot filter 2 logback usage
• Fix module name in spring boot 3
• Move demo servlet spec to 4
• Add fallback for caffeine cache in case where service loader fails to work
• Bump site to 2.0 (ie doxia 2)
• Update dependencies and plugins

Waffle 3.4.0

• Requires java 11
• Add tomcat 11 support
• Jetty 12 for both javax (ee8) and jakarta (ee10)
• Shiro 2.0 support

See https://github.com/Waffle/waffle/blob/master/CHANGELOG.md for details.

Waffle 3.3.0

Support for spring security 6 and spring boot 3.

See https://github.com/Waffle/waffle/blob/master/CHANGELOG.md for details.

Waffle 3.2.0

See https://github.com/Waffle/waffle/blob/master/CHANGELOG.md for details.

Waffle 3.1.1 Release

See https://github.com/Waffle/waffle/blob/master/CHANGELOG.md for details.

This release is just library patches over 3.1.0 to ensure log4j2 / logback vulnerabilities do not show in the tree at all.

Waffle 2.3.0 Release

• Introduction of waffle-tomcat10 module
• Introduction of waffle-jna-jakarta module for usage with jakarta package rename direct usage
• #956: Fix DelegatingNegotiateSecurityFilter @cmolodo - Fixes #453

Release 2.2.0 line started at 2.2.1 (see notes)

2.2.1 (1/26/2020)

• Fixed checkstyle configuration that failed 2.2.0 release.

2.2.0 (not released)

• Security Check in tomcat valves performs a redirect to servletPath when successful. This is not required to finish the chain and causes an underlying error when servletPath returns empty string. This redirect has been removed.
• Negotiate Check in tomcat valves performs half the necessary negotiation which is resulting in popup to log into windows. By catching the negotiation result and forcing a redirect to error page as intended (similar to security check), the browser and tomcat are able to successfully negotiate the communication without unnecessary popup to the user. Note that first request will still require popup to get data primed but all subsequent after logging out and back in save the hit.
• Added logback to demos. It was defined and confirmed but not setup.
• Cleanup documentation
• Dependency updates
• Add build environment entries to jar, source, and war modules
• Add JPMS automatic module naming throughout
• Moved onto Spring boot 2.2.x (no compatibility changes over 2.1.x)
• Moved onto Spring 5.2.x (no compatibility changes over 5.1.x)
• Fix sonar issues including prevention of XML entity attacks and other security related items
• Fix spring boot modules as JNA alignment was broken

Waffle 2.1.0 Release

Waffle 2.1.0 Release

• Remove obsolete tomcat8 from project - use tomcat 85 as a direct replacement
• Correctly align spring boot 2 starter to spring security 5 module
• Many library updates
• Restored site distribution to github io pages

Waffle 2.0.0 release with recent release notes

2.0.0 (6/27/2019)

• Dependency Updates
• Stabalized Release

2.0.0-beta2 (2/6/2019)

• Add spring boot demos to distro
• Add spring boot and spring security 5 modules to distro
• Dependency Updates

2.0.0-beta1 (12/31/2018)

• JNA 5.2.0 support (breaking internal changes resulting in beta release for waffle)
• Dependency Updates
• Pom rework / cleanup
• Changes
  • [#649] (#649): Bring dependencies up-to-date including JNA 5.x breaking changes @hazendaz.

1.9.1 (7/1/2018)

• Documentation Updates
• Added some tests for NegotiateSecurityFilter
• Added test for new class waffle.util.CorsPreflightCheck
• Add ability to disable SSO through servlet config parameter.
• Added check for DELETE action in isNtlmType1PostAuthorizationHeader as IE will strip the body on challenge.
• Resume filter chain when not in a windows environment
• Changes
  • #631: Added excludeBearerAuthorization and excludeCorsPreflight #627@pedroneil.
  • #636: DisableSso flag, Delete option, skip when running on non windows [@MoreHeapSpace}(https://github.com/MoreHeapSpace)

Waffle 1.9.0

• Documentation Updates

• Version Updates

• Sonar / Coverity Cleanup

• Spring boot support

• Spring / Spring Security 5 support

• Breaking changes

  • Requires Java 8+
  • Dropped Tomcat 6 and Spring 3 modules
  • Moved servlet on Examples to servlet 4.0
  • Replaced guava with caffeine for caching
  • All remainder guava usage uses standard java routines

• Changes

  • #479: Upgrade to Java 8 - using caffeine #304@ben-manes.
  • #482: Remove Spring Security 3 #478@hazendaz.
  • #483: Remove Tomcat 6 #323@hazendaz.
  • #486: Upgrade to Servlet 3.0 in demos #471@hazendaz.
  • #487: Updated guava joiner to string.join #304@hazendaz.
  • #488: Use java.util.Base64 with java 8 #304@hazendaz.
  • #491: Rewrite guava Files.write to java 7 FilesWrite #304@hazendaz.
  • #498: Add third party license files@hazendaz.
  • #553: Add spring boot starter and demo@mgoldgeier.
  • #558: Add initial support for spring 5 using spring security 4 still@hazendaz.
  • #559: Add spring milestone repo and upgrade to spring security 5.0.0.M4@hazendaz.
  • #571: Custom instances of GenericPrincipal in WaffleAuthenticatorBase@Snap252.
  • #583: Added continueContextsTimeout property to WaffleAuthenticatorBase for tomcat(s): Ported forwards (1.8.4)@alanlavintman.
  • #609: Use only securityContext.isContinue() to decide if SC_UNAUTHORIZED response is needed to trigger another pass in authentication @tjstuart on behalf @AriSuutariST.