)]}' { "log": [ { "commit": "b2cce440a2547a77061fcc5d659999b5f20a055b", "tree": "6bdb5bab24313ef767e28485ca5452cd794c03db", "parents": [ "07701083cf6984de90d83a3a6c826ad71c7b2f70" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Wed Jun 10 08:06:10 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Wed Jun 10 08:06:10 2026 -1000" }, "message": "RAMPART-44 / RAMPART-252: add a dedicated algorithm-downgrade test\n\nFollow-up to the Gemini review: add a focused, deterministic test for the new\ninbound algorithm-suite enforcement, rather than relying only on the incidental\ncoverage from RampartTest case 34.\n\nPolicyAssertionsTest.testAlgorithmSuiteDowngradeRejected builds a signed request\nwith a Basic128 (SHA-1) policy, then validates it as the server against a\nBasic128Sha256 (SHA-256) policy and asserts the message is rejected - a peer must\nnot be able to downgrade the digest algorithm below what the policy requires.\n\nConfirmed the test guards the fix: with applyAlgorithmSuite disabled the SHA-1\nsignature verifies and the message is accepted, failing the test. Adds the\nrampart-asymm-binding-1-sha256.xml policy (a Basic128Sha256 copy of\nrampart-asymm-binding-1.xml). Verified with a full clean -Papache-release verify\nacross all modules including the nine policy samples on JDK 25.\n\nCo-Authored-By: Claude Opus 4.8 (1M context) \u003cnoreply@anthropic.com\u003e\n" }, { "commit": "07701083cf6984de90d83a3a6c826ad71c7b2f70", "tree": "43216610fbf5de55d5636c5f416681d9db6db2e7", "parents": [ "205ae0c19bd5b0889cf91504a89cca2c950c9428" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Wed Jun 10 07:46:05 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Wed Jun 10 07:46:05 2026 -1000" }, "message": "RAMPART-44 / RAMPART-252: enforce the policy algorithm suite on inbound messages\n\nRampart did not check that the algorithms actually used in an incoming message\nmatched the policy\u0027s algorithm suite, so a peer could downgrade to weaker\nsignature / digest / canonicalization / encryption / key-wrap algorithms and the\nmessage would still be accepted (RAMPART-44).\n\nRampartEngine now builds a WSS4J AlgorithmSuite from the policy\u0027s AlgorithmSuite\nand sets it on the RequestData (applyAlgorithmSuite), so WSS4J rejects a message\nwhose algorithms are not those the policy mandates. Only the policy-defined\ncategories are constrained; unspecified categories and the key-length bounds keep\nWSS4J\u0027s defaults, so legitimate messages are unaffected (verified across the\nBasic128/Basic256/TripleDes-RSA15, SAML and SecureConversation integration\nscenarios and the nine policy samples).\n\nThis implements the algorithm-validation half of RAMPART-252, which supersedes\nRAMPART-44. The other half of RAMPART-252 (SAML issued-token referencelist\nprocessing) depended on WSS4J\u0027s WSS-206, which was never applied upstream, and is\nout of scope here.\n\nRampartTest case 34 (asymmetric client against a symmetric service) is now\nrejected by algorithm-suite enforcement - on the key-wrap algorithm - during\nsecurity-header processing rather than by the older certificate-presence\nheuristic. The negative test is relaxed to assert that the request is rejected\nrather than matching the previous specific message. Note: WSS4J\u0027s\nAlgorithmSuiteValidator raises a terse \"INVALID_SECURITY\" fault for a suite\nviolation; surfacing a clearer message is a possible follow-up.\n\nVerified with a full clean -Papache-release verify on JDK 25.\n\nCo-Authored-By: Claude Opus 4.8 (1M context) \u003cnoreply@anthropic.com\u003e\n" }, { "commit": "205ae0c19bd5b0889cf91504a89cca2c950c9428", "tree": "60d5531e79e0a9ff43dcda69a76edb2278c10f02", "parents": [ "e9ccb685286663879611feb62daa634ce5fe6267" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Wed Jun 10 05:53:43 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Wed Jun 10 05:53:43 2026 -1000" }, "message": "RAMPART-431: skip signing SignedParts headers that are absent from the message\n\nTransportBindingBuilder built signature parts directly from the policy\u0027s\nSignedParts headers without checking whether each header is actually present in\nthe message. When a header listed in SignedParts is missing - e.g. the\nWS-Addressing wsa:To header in an STS bootstrap / SecureConversation request -\nWSS4J fails the whole send with \"General security error ... Element to\nencrypt/sign not found: http://www.w3.org/2005/08/addressing, To\".\n\nThe four signature methods (X509 / Kerberos / IssuedToken / SecureConversation)\nnow add a SignedParts header only if a matching element exists in the SOAP header,\nvia the new addSignedPartHeaderIfPresent helper. This mirrors RampartUtil\u0027s\noutbound part resolution and the inbound validator, both of which treat an absent\nsigned-parts header as allowed.\n\nAdds a regression test (TransportBindingBuilderTest.testTransportBindingAbsentSignedHeader\nwith rampart-transport-binding-absent-signed-header.xml): a policy whose endorsing\ntoken signs a 2005/08 wsa:To header not present in the message now builds\nsuccessfully. With the presence check disabled the test reproduces the original\n\"Element to encrypt/sign not found\" error. Verified with a full clean\n-Papache-release verify across all modules including the nine policy samples on\nJDK 25.\n\nCo-Authored-By: Claude Opus 4.8 (1M context) \u003cnoreply@anthropic.com\u003e\n" }, { "commit": "e9ccb685286663879611feb62daa634ce5fe6267", "tree": "63bca36c75702d08ad26707d4f25ab844423c68c", "parents": [ "c8071bad73aa1e66aefcdaa4afffefc262afed27" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Wed Jun 10 04:50:04 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Wed Jun 10 04:50:04 2026 -1000" }, "message": "RAMPART-411: add regression test for signing the BinarySecurityToken\n\nThe original report (Rampart 1.6.2) could not sign the BinarySecurityToken: the\nWSS4J 1.x parameter-based \"signatureParts\" config failed with \"Element to\nencrypt/sign not found: ...BinarySecurityToken\" (the BST was referenced by QName -\nwith the wrong namespace - and could not be resolved at signing time).\n\nIn 2.0.0 this works through WS-SecurityPolicy: sp:ProtectTokens sets token\nprotection and the binding builders add the BinarySecurityToken to the signature\nby its wsu:Id (RampartUtil/...getBSTTokenId), so the token is reliably signed. No\ncode change is required.\n\nAdds an AsymmetricBindingBuilderTest case using a new ProtectTokens policy: the\nmessage builds successfully and the security header contains a signed\nBinarySecurityToken and Signature. Had BST signing been broken, build() would throw\nthe original \"Element to encrypt/sign not found\" error. Verified with a full clean\n-Papache-release verify across all modules including the nine policy samples on\nJDK 25.\n\nCo-Authored-By: Claude Opus 4.8 (1M context) \u003cnoreply@anthropic.com\u003e\n" }, { "commit": "c8071bad73aa1e66aefcdaa4afffefc262afed27", "tree": "f814ca991da7b60fd4d6c283a039dbc5e583932f", "parents": [ "8ce0aeb037fd5a45e93dd815e5e13263e77e5be7" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Wed Jun 10 03:58:00 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Wed Jun 10 03:58:00 2026 -1000" }, "message": "Address RAMPART-427 review: document init trade-off, guard config parsing\n\nFollow-up to the Gemini review of the RAMPART-427 fix (both findings are\npre-existing in RampartMessageData, not introduced by the race fix):\n\n- Document the performance-vs-correctness trade-off of running the WSS4J /\n Santuario / OpenSAML one-time initialisers in the per-message constructor: the\n calls are idempotent guards kept there to avoid the OpenSAML-5-migration\n unmarshallerFactory ordering bug; moving them to a once-per-lifecycle init is a\n separate, riskier change. No behaviour change.\n- Wrap the timestampTTL / timestampMaxSkew Integer.parseInt calls so a non-numeric\n RampartConfig value throws a clear RampartException naming the offending\n parameter and value, instead of an unhandled NumberFormatException. Adds the\n invalidRampartConfigValue message.\n\n(The reviewer\u0027s third, JUnit-version, note is skipped to stay consistent with the\nexisting test suite style.) Verified with a full clean -Papache-release verify\nacross all modules including the nine policy samples on JDK 25.\n\nCo-Authored-By: Claude Opus 4.8 (1M context) \u003cnoreply@anthropic.com\u003e\n" }, { "commit": "8ce0aeb037fd5a45e93dd815e5e13263e77e5be7", "tree": "1ab931f5b644afeb01f10b22a2e95457ee5c5cd5", "parents": [ "977e51f8a68046868dd089ef194abecc73c2c3f2" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Jun 09 16:38:22 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Jun 09 16:38:22 2026 -1000" }, "message": "RAMPART-427: add the CLIENT_SIDE marker parameter race-free\n\nRampartMessageData\u0027s constructor set the per-service CLIENT_SIDE marker parameter\nwith a non-atomic check-then-add: concurrent first requests to a service all saw\nthe parameter as absent, then each tried to add it with setLocked(true). The first\nwon; the rest failed with \"The CLIENT_SIDE parameter is already locked and the\nvalue cannot be overridden\", failing those requests intermittently under load.\n\nThe add is now done by addClientSideParameterIfAbsent(AxisService), which\nsynchronizes on the service and re-checks before adding, so the parameter is added\nat most once. The lock is per-service (not a global static), and the common path -\nparameter already present - never enters the synchronized method, so steady-state\nmessage processing stays lock-free.\n\nAdds RampartMessageDataTest covering idempotent and concurrent adds. (The original\nreport\u0027s integration test relied on commons-httpclient 3.x, which is no longer a\ndependency, and was an inherently timing-dependent test; this deterministic unit\ntest replaces it.) Verified with a full clean -Papache-release verify across all\nmodules including the integration scenarios and the nine policy samples on JDK 25.\n\nCo-Authored-By: Claude Opus 4.8 (1M context) \u003cnoreply@anthropic.com\u003e\n" }, { "commit": "977e51f8a68046868dd089ef194abecc73c2c3f2", "tree": "95cb75b5a9bea745c92865514a37c6e4c31cc9c7", "parents": [ "5346d2f602beb0e8343d51dbea1787da08b67a04" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Jun 09 16:16:07 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Jun 09 16:16:07 2026 -1000" }, "message": "RAMPART-428: harden the test XML parser against XXE\n\nFollow-up to the Gemini review: configure DocumentBuilderFactory in\nPolicyBasedResultsValidatorTest to disallow DTDs and external entities (OWASP\nsecure-parsing settings), so the security test does not model an insecure parser.\n\nCo-Authored-By: Claude Opus 4.8 (1M context) \u003cnoreply@anthropic.com\u003e\n" }, { "commit": "5346d2f602beb0e8343d51dbea1787da08b67a04", "tree": "a7ba2936c2f8c168be5d33718e502754a182d541", "parents": [ "9d0abc1ba487aabd5978ff32f909e1f9ee24434e" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Jun 09 16:14:35 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Jun 09 16:14:35 2026 -1000" }, "message": "RAMPART-428: apply the signed-element identity check to headers too\n\nFollow-up to the Gemini review of the body fix: the signed-header/element branch\nof validateSignedPartsHeaders still confirmed only that an element with the same\nQName was signed, which is the same signature-wrapping weakness fixed for the\nBody. It now verifies the element by node identity via isElementSigned().\n\nAlso drops the now-unused QName list (and its imports); the actual signed DOM\nelements are the single source of truth. Verified with a full clean\n-Papache-release verify across all modules including the signed-header\nintegration scenarios and the nine policy samples on JDK 25.\n\nCo-Authored-By: Claude Opus 4.8 (1M context) \u003cnoreply@anthropic.com\u003e\n" }, { "commit": "9d0abc1ba487aabd5978ff32f909e1f9ee24434e", "tree": "b8d7fb986f64a4858f45c6b063b18e2c20ac0416", "parents": [ "e73ba38eaf4388020bff8fb1303c7c967dae5a64" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Jun 09 16:04:30 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Jun 09 16:04:30 2026 -1000" }, "message": "RAMPART-428: validate the signed SOAP Body by identity, not by name\n\nThe signed-parts check confirmed only that *some* element named \"Body\" was\ncovered by the signature (actuallySigned.contains({soap}Body)). Because that\ntest is name-based, a message that relocates the signed Body into a wrapper and\nplaces a different, unsigned Body in the Body position would still pass\nvalidation while the application consumed the unsigned Body (signature\nwrapping).\n\nvalidateSignedPartsHeaders now resolves the actual SOAP Body element that will\nbe consumed (WSSecurityUtil.findBodyElement) and requires that exact element, by\nnode identity, to be among the elements the signature covered. The signed\nelements are now tracked as DOM elements alongside their QNames for this check.\n\nAdds PolicyBasedResultsValidatorTest covering the identity-based decision\n(relocated same-name body rejected, actual signed body accepted). Verified with a\nfull clean -Papache-release verify across all modules, including the signed-body\nintegration scenarios and the nine policy samples, on JDK 25.\n\nCo-Authored-By: Claude Opus 4.8 (1M context) \u003cnoreply@anthropic.com\u003e\n" }, { "commit": "e73ba38eaf4388020bff8fb1303c7c967dae5a64", "tree": "fbf0ede61bb5df707054fcc968528896d3675552", "parents": [ "1c36bd02d315743277ff3e370f5b5b8922a930a6" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Jun 09 15:35:44 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Jun 09 15:35:44 2026 -1000" }, "message": "RAMPART-371: cover the null-QName assertion case in RahasModuleTest\n\nFollow-up to the Gemini review: Rahas.canSupportAssertion guards against an\nassertion whose getName() is null, but the tests only covered a null assertion.\nAdd the null-QName case so the null-safety checks are fully exercised.\n\nCo-Authored-By: Claude Opus 4.8 (1M context) \u003cnoreply@anthropic.com\u003e\n" }, { "commit": "1c36bd02d315743277ff3e370f5b5b8922a930a6", "tree": "f2f465523342506cc2d1ad72041f67fecac7465a", "parents": [ "8a43eb533f01f54c1f8743d0dc596449eee340a1" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Jun 09 15:32:11 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Jun 09 15:32:11 2026 -1000" }, "message": "RAMPART-371: rahas must report support for WS-SecurityPolicy assertions\n\nRahas.canSupportAssertion() returned false unconditionally. During policy-driven\nmodule engagement, Axis2 (AxisDescription.engageModulesForPolicy) requires every\nmodule registered for an assertion\u0027s namespace to return true from\ncanSupportAssertion, otherwise it throws \"atleast one module can\u0027t support ...\".\n\nThe rahas module.xml registers for both the WS-SecurityPolicy 1.1\n(http://schemas.xmlsoap.org/ws/2005/07/securitypolicy) and 1.2\n(http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702) namespaces. For the\n1.2 namespace rahas is the ONLY registered module, so its blanket false made every\nWS-SecurityPolicy-1.2 policy fail for generated clients with e.g.\n\"atleast one module can\u0027t support {...200702}SupportingTokens\".\n\ncanSupportAssertion now returns true for assertions in the WS-SecurityPolicy 1.1\nand 1.2 namespaces (mirroring the Rampart module), and false otherwise. Adds\nRahasModuleTest. Verified with a full clean -Papache-release verify (all modules,\nall tests including the 9 policy samples) on JDK 25.\n\nCo-Authored-By: Claude Opus 4.8 (1M context) \u003cnoreply@anthropic.com\u003e\n" }, { "commit": "8a43eb533f01f54c1f8743d0dc596449eee340a1", "tree": "bd207d905adc0fd1ec8622ed9f2aff6a04ad291c", "parents": [ "9b92fcd4ae1fce71aad8581d3f500c311450d0a7" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Jun 09 14:25:12 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Jun 09 14:25:12 2026 -1000" }, "message": "RAMPART-337: also retire expired tokens on SimpleTokenStore.update()\n\nFollow-up to the Gemini review of the RAMPART-337 fix: perform the expired-token\ncleanup on update() as well as add(), so the store is bounded on every write path\n(e.g. update/renew-heavy workloads), not only when new tokens are added.\n\nAdds SimpleTokenStoreTest.testUpdateRetiresExpiredTokens. Verified with a full\nclean -Papache-release verify (all modules, all tests including the 9 policy\nsamples) on JDK 25.\n\nCo-Authored-By: Claude Opus 4.8 (1M context) \u003cnoreply@anthropic.com\u003e\n" }, { "commit": "9b92fcd4ae1fce71aad8581d3f500c311450d0a7", "tree": "a28ad7d99924e99717dd6df2aa5e50e89bf9b504", "parents": [ "cb60b2ebe86633d508852b934f8f236a1fa7b693" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Jun 09 14:18:23 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Jun 09 14:18:23 2026 -1000" }, "message": "Add .claude to .gitignore\n\nKeeps local Claude Code session/lock files out of the repository.\n\nCo-Authored-By: Claude Opus 4.8 (1M context) \u003cnoreply@anthropic.com\u003e\n" }, { "commit": "cb60b2ebe86633d508852b934f8f236a1fa7b693", "tree": "6920da316a49367c964fba2e01c424f6a5ad18e0", "parents": [ "da0ff64656814e24c0926395c4dfbee331c07593" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Jun 09 14:17:23 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Jun 09 14:17:23 2026 -1000" }, "message": "CI: skip snapshot Deploy step when Nexus credentials are absent\n\nThe Deploy job pushes a SNAPSHOT to repository.apache.org using the\nNEXUS_USER/NEXUS_PW secrets. When those secrets are not provisioned the upload\nfails with 401 Unauthorized, turning the whole workflow red even though the\nbuild itself succeeded.\n\nExpose the credentials as job-level env and guard the Deploy step with\n`if: env.NEXUS_USER !\u003d \u0027\u0027` so it is skipped cleanly when no credentials are\nconfigured. Snapshot deploys resume automatically once the secrets are set.\n\nCo-Authored-By: Claude Opus 4.8 (1M context) \u003cnoreply@anthropic.com\u003e\n" }, { "commit": "da0ff64656814e24c0926395c4dfbee331c07593", "tree": "6b292e25b3b1f4d904ad5829a0858ad8a01440ac", "parents": [ "62ffbcd77292c5b871c69eb2ca02d596936ff15b" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Jun 09 14:09:53 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Jun 09 14:09:53 2026 -1000" }, "message": "RAMPART-337: retire expired tokens from SimpleTokenStore to bound memory\n\nIssued tokens were added to the in-memory token store but expired tokens were\nonly marked EXPIRED, never removed, so under sustained STS/SecureConversation\nload the store grew without bound and could exhaust the heap.\n\nSimpleTokenStore.add() now opportunistically purges tokens whose expiry time\nelapsed more than a configurable grace period ago (default 5 minutes). The grace\nperiod keeps recently-expired tokens available so an in-flight message that still\nreferences one does not fail with \"Unsupported key identification\" (the failure\nmode noted on the issue when expired tokens were deleted immediately). Tokens\nwith no expiry are never purged.\n\nAdds SimpleTokenStoreTest coverage for retirement and for grace-period retention.\nVerified with a full clean -Papache-release verify (all modules, all tests\nincluding the 9 policy samples) on JDK 25.\n\nCo-Authored-By: Claude Opus 4.8 (1M context) \u003cnoreply@anthropic.com\u003e\n" }, { "commit": "62ffbcd77292c5b871c69eb2ca02d596936ff15b", "tree": "fd706aa7396cf4dd8c0ff06fb962c3423f986f25", "parents": [ "c34fe61616dc4b965cf62775408428136927f22e" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Jun 09 13:48:54 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Jun 09 13:48:54 2026 -1000" }, "message": "Reconcile legal/ license files with the actual binary distribution\n\nThe legal/ directory (copied into the binary distribution\u0027s lib/) was both\nstale and redundant. Audited it against the jars actually bundled in\nrampart-dist-bin.zip and against each dependency\u0027s declared license.\n\nRemoved license files for components no longer bundled at all:\n openws, slf4j-api, slf4j-jcl-over-slf4j, slf4j-jdk14, velocity,\n commons-collections, commons-lang\n(slf4j/commons came in transitively before; openws was OpenSAML 2.x;\ncommons-collections came via the now-removed ESAPI.)\n\nRemoved redundant license files for bundled Apache-2.0 components, which are\nalready covered by the distribution\u0027s top-level Apache 2.0 LICENSE:\n opensaml, wss4j, xmlsec\n\nKept bcprov-LICENSE.txt: Bouncy Castle is the only bundled component not under\nthe Apache License 2.0, and that one file covers bcprov/bcpkix/bcutil.\n\nVerified by rebuilding the binary distribution and confirming lib/ now contains\nonly bcprov-LICENSE.txt alongside the top-level LICENSE and NOTICE.\n\nCo-Authored-By: Claude Opus 4.8 (1M context) \u003cnoreply@anthropic.com\u003e\n" }, { "commit": "c34fe61616dc4b965cf62775408428136927f22e", "tree": "d0163ee49a772f40481d7e2d41db0dab7cd70154", "parents": [ "eb70efeccca543217de9d393d0949d7726cbfed4" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Jun 09 13:38:00 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Jun 09 13:38:00 2026 -1000" }, "message": "Remove unused OWASP ESAPI dependency from rampart-trust\n\nESAPI was declared as a direct compile dependency of rampart-trust but is\nnot referenced anywhere in the Rampart sources, is not pulled transitively\nby the OpenSAML/Shibboleth stack, and has no ESAPI.properties config (which\nit would require at runtime if actually used).\n\nRemoving it drops its entire transitive subtree from the binary distribution\n(lib/ goes from 64 to 45 jars), eliminating LGPL-licensed jars that should not\nship in an Apache release (xom, BeanShell/bsh) as well as a non-GA milestone\n(commons-collections4 4.5.0-M1) and the antisamy/batik/xml-apis tree.\n\nAlso removes the now-orphaned legal/esapi-LICENSE.txt.\n\nVerified with a full clean -Papache-release verify (all 12 modules, all tests\nincluding the 9 policy samples) on JDK 25.\n\nCo-Authored-By: Claude Opus 4.8 (1M context) \u003cnoreply@anthropic.com\u003e\n" }, { "commit": "eb70efeccca543217de9d393d0949d7726cbfed4", "tree": "e1c030f1d4bfe2eb0f8562a38f0c3a5406c76284", "parents": [ "c2db725a84503681f669447e348031c35bf05ce3" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Jun 09 13:18:57 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Jun 09 13:18:57 2026 -1000" }, "message": "Release prep: refresh 2.0.0 release notes and NOTICE copyright year\n\n- Release notes listed stale dependency versions that no longer match the POM:\n OpenSAML 5.2.1 -\u003e 5.2.2 and Bouncy Castle 1.83 -\u003e 1.84.\n- Update the top-level NOTICE copyright year to 2010-2026 for the release.\n\nCo-Authored-By: Claude Opus 4.8 (1M context) \u003cnoreply@anthropic.com\u003e\n" }, { "commit": "c2db725a84503681f669447e348031c35bf05ce3", "tree": "bea5adfd1d437c9bede0663083416cb437df31c0", "parents": [ "08fd2e334b9271280ae876d8313cd086e4e479ec" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Jun 09 12:48:21 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Jun 09 12:58:37 2026 -1000" }, "message": "Address Gemini review nits: enforcer comment + failIfNoTests safety net\n\n- Document why maven-enforcer requireNoRepositories uses banRepositories\u003dfalse\n (the Shibboleth repo is required to resolve OpenSAML, which is not on Maven\n Central). Prevents a future \"cleanup\" from removing the needed repository.\n\n- Make failIfNoTests a real safety net. Surefire defaults this to false, so the\n previous global \u003cfailIfNoTests\u003efalse\u003c/failIfNoTests\u003e was redundant and meant a\n code module whose tests vanished would pass silently. Set the property to true\n at the root and override it to false only in the modules that legitimately have\n no tests of their own (rampart-testutils, rampart-mar, rampart-trust-mar).\n\nVerified with a full clean -Papache-release verify (all 12 modules, all tests\nincluding the 9 policy samples) on JDK 25.\n\nCo-Authored-By: Claude Opus 4.8 (1M context) \u003cnoreply@anthropic.com\u003e\n" }, { "commit": "08fd2e334b9271280ae876d8313cd086e4e479ec", "tree": "96cbf61fa9d436c0e308ef1e2e11d956a13e6127", "parents": [ "772da3fb8f0761a7205d991af46142f9bad83bc3" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Jun 09 11:52:49 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Jun 09 11:52:49 2026 -1000" }, "message": "Use released Axis2 2.0.1, fix JDK 25 build, bump dependencies\n\nPrepare for the Rampart 2.0.0 release.\n\n- axis2.version 2.0.1-SNAPSHOT -\u003e 2.0.1 (released): fixes CI failure\n \"Unknown packaging: mar\" / axis2-mar-maven-plugin could not be\n resolved, and removes the forbidden SNAPSHOT dependency from a release.\n- gmavenplus groovy-all 4.0.23 -\u003e 4.0.32: Groovy 4.0.23 predates JDK 25\n and failed the Java 25 CI matrix job in rampart-dist with\n \"Unsupported class file major version 69\".\n- apache.snapshots plugin repo http:// -\u003e https:// (modern Maven blocks\n plaintext HTTP repositories).\n\nStable dependency upgrades:\n- opensaml 5.2.1 -\u003e 5.2.2\n- bcprov/bcpkix 1.83 -\u003e 1.84\n- dropwizard metrics 4.2.38 -\u003e 4.2.39\n- jacoco 0.8.14 -\u003e 0.8.15\n- maven-dependency-plugin 3.10.0 -\u003e 3.11.0\n- maven-enforcer-plugin 3.6.2 -\u003e 3.6.3\n\nVerified with a full clean -Papache-release verify (all 12 modules,\nall tests including the 9 policy samples) on JDK 25.\n\nCo-Authored-By: Claude Opus 4.8 (1M context) \u003cnoreply@anthropic.com\u003e\n" }, { "commit": "772da3fb8f0761a7205d991af46142f9bad83bc3", "tree": "3525c7dbb2476a99c8c79bcfe9adfcbf0b93ac52", "parents": [ "b6065af1fe45a20212d00dc1092e555cef21c11b" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Mon Jun 01 10:17:28 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Mon Jun 01 10:17:28 2026 -1000" }, "message": "Remove unverified WSS4J CVE IDs from history section\n\nCVE-2015-0226, CVE-2016-2170, CVE-2018-11775 were incorrectly\nattributed to WSS4J. Replace with generic descriptions of the\nvulnerability classes WSS4J has addressed.\n\nCo-Authored-By: Claude Opus 4.6 (1M context) \u003cnoreply@anthropic.com\u003e\n" }, { "commit": "b6065af1fe45a20212d00dc1092e555cef21c11b", "tree": "988cdd7ac3219a705b06f3f2903b1735a7f4bc9b", "parents": [ "f09f237032f6f968ae2a6e52d1f75478f6549491" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Mon Jun 01 10:13:11 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Mon Jun 01 10:13:11 2026 -1000" }, "message": "Fix incorrect path for RampartUsernameTokenValidator\n\nClass is in handler/ subpackage, not directly in rampart/.\n\nCo-Authored-By: Claude Opus 4.6 (1M context) \u003cnoreply@anthropic.com\u003e\n" }, { "commit": "f09f237032f6f968ae2a6e52d1f75478f6549491", "tree": "c0781569d8745b40b71f8563341e1fecf897b0e9", "parents": [ "ffe2ef2f43be2570ebe09f743ca42b95575a008a" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Mon Jun 01 09:35:55 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Mon Jun 01 09:35:55 2026 -1000" }, "message": "Address Gemini review findings for Glasswing threat model\n\n- Add WS-Trust STS (rahas) to attack surface table\n- Expand WSS4J CVE history with additional CVE references\n\nCo-Authored-By: Claude Opus 4.6 (1M context) \u003cnoreply@anthropic.com\u003e\n" }, { "commit": "ffe2ef2f43be2570ebe09f743ca42b95575a008a", "tree": "296f50fc261e2ef513ca7bb3525c9c33c775856a", "parents": [ "4a54f022bf64b6be1524a1625ca5730c1ed26f6f" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Mon Jun 01 09:29:13 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Mon Jun 01 09:29:13 2026 -1000" }, "message": "Add security threat model and AGENTS.md for Glasswing scan\n\nASF Security Team\u0027s Glasswing program requires a security/threat model\nand AGENTS.md before running AI-driven vulnerability scans. Documents\nroles, trust levels, security boundaries, attack surface (signature\nwrapping, SAML XXE, transport binding, crypto defaults), and dependency\nchain (WSS4J 4.0.1, OpenSAML 5.2.1).\n\nCo-Authored-By: Claude Opus 4.6 (1M context) \u003cnoreply@anthropic.com\u003e\n" }, { "commit": "4a54f022bf64b6be1524a1625ca5730c1ed26f6f", "tree": "6d06562650ed9894fb28686ec5714affde815a38", "parents": [ "9164fac0f83865f5787b286eaebaaf001f5e9e57", "7280acc88e81ede046e17da80c00ec3bf8a17d0e" ], "author": { "name": "robertlazarski", "email": "58150512+robertlazarski@users.noreply.github.com", "time": "Sun May 17 11:09:41 2026 -1000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sun May 17 11:09:41 2026 -1000" }, "message": "Merge pull request #26 from apache/infrastructure-ruleset-bot/default-branch-protection\n\n[INFRA] Set up default rulesets for default and release branches" }, { "commit": "7280acc88e81ede046e17da80c00ec3bf8a17d0e", "tree": "6d06562650ed9894fb28686ec5714affde815a38", "parents": [ "9164fac0f83865f5787b286eaebaaf001f5e9e57" ], "author": { "name": "The Apache Software Foundation", "email": "root-asf-gitbox-commits@apache.org", "time": "Fri May 15 13:56:02 2026 -0500" }, "committer": { "name": "The Apache Software Foundation", "email": "root-asf-gitbox-commits@apache.org", "time": "Fri May 15 13:56:02 2026 -0500" }, "message": "Set up default protection ruleset for default and release branches" }, { "commit": "9164fac0f83865f5787b286eaebaaf001f5e9e57", "tree": "3565e2a87a5292c22d56a5ac3e46f380ae6282b7", "parents": [ "2f9f8a599253a21c0b53548131e5f4ff13bdae08" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Mon Apr 13 07:07:54 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Mon Apr 13 08:19:45 2026 -1000" }, "message": "RAMPART-454 Document security / maintenance assumptions flagged by review\n\nAdd in-place comments at the three locations the Gemini review flagged\nas HIGH/MEDIUM risk so the assumptions are enforced the next time\nsomeone touches these files, without changing behaviour:\n\n- modules/distribution/bin.xml: prepend a MAINTENANCE NOTE describing\n why the \u003cexcludes\u003e list on the lib/ dependencySet exists (the dist\n must not duplicate jars already shipped in the Axis2 distribution)\n and what must be re-checked whenever ${axis2.version} or any\n transitive dep moves -- otherwise we re-introduce the httpcore5\n 5.2.5 vs 5.4.2 style silent breakage.\n\n- pom.xml: prepend a SECURITY NOTE to the \u003cproperties\u003e block listing\n the checklist reviewers must follow when bumping wss4j / opensaml /\n xmlsec / bouncycastle: read every intermediate CVE release note\n (not just the newest), make sure no weak algorithm or key size gets\n re-introduced as a default, and re-run the policy samples.\n\n- RampartUtil.validateTransport: expand the inline comment at the\n jakarta.servlet.request.X509Certificate lookup site to name the\n Servlet-spec contract we\u0027re relying on and explicitly state that\n re-validation of the chain is the transport listener\u0027s job, not\n ours. The Javadoc on the method already documented the attribute\n name; this makes the responsibility split visible at the call site.\n" }, { "commit": "2f9f8a599253a21c0b53548131e5f4ff13bdae08", "tree": "f6d0db7ece900c5e7cd08013777a06359db90181", "parents": [ "d24a319834993d4460e43fff5add37a3c3f126ca" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Mon Apr 13 06:17:19 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Mon Apr 13 08:19:45 2026 -1000" }, "message": "RAMPART-454 Align GitHub Actions CI with axis2-java-core\n\nAdopt the same three-job layout that axis2-java-core uses (build / site /\ndeploy) and bring the runner/action versions in line:\n\n- Build matrix: Java 17, 21, 25 (was 17, 19), matching the JDK set that\n the 2.0.0 release is supported on. Each matrix entry runs\n -Dmaven.compiler.release\u003d${{ matrix.java }} so the class file target\n actually tracks the JDK under test, not just the baseline.\n- runs-on: ubuntu-24.04 (was 22.04).\n- Actions: checkout@v6, cache@v5, setup-java@v5.\n- Java distribution: temurin (was zulu); centralised via\n DEFAULT_JAVA_DISTRIBUTION env var.\n- Add BASE_JAVA_VERSION\u003d17 env var for the non-matrix jobs.\n\nNew Site job: runs mvn package site-deploy on JDK 17 so that site\nregressions (e.g. the javadoc / apidocs aggregator classpath) are caught\nin CI instead of on release day.\n\nNew Deploy job: gated on push-to-master for the apache/axis-axis2-java-\nrampart repository only, needs both build and site to be green, and\npushes SNAPSHOTs to apache.snapshots.https using the NEXUS_USER /\nNEXUS_PW secrets (same mechanism as axis2-java-core).\n\nEvery job ends by deleting -SNAPSHOT entries from the local Maven cache\nso they aren\u0027t inadvertently reused between runs when the cache key\nmatches but the dependency tree has moved underneath.\n" }, { "commit": "d24a319834993d4460e43fff5add37a3c3f126ca", "tree": "cef0f67888be90ea098c4a3d55ef0b4c96ba3513", "parents": [ "bfe8f049b2834be49ca020dd78e0c584cf1aa1e4" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Mon Apr 13 05:55:06 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Mon Apr 13 08:19:45 2026 -1000" }, "message": "RAMPART-454 Refresh stale POM comment about OpenSAML xacml-saml pin\n\nThe \"Override stale 4.x transitive deps pulled by WSS4J 3.0.3\" comment\npredates both upgrades: we\u0027re on WSS4J 4.0.1 and OpenSAML 5.2.1 now.\nReword it to describe what the block actually does -- keep the xacml-saml\napi/impl artifacts pinned to ${opensaml.version} so the whole OpenSAML\n5.x set stays in lockstep regardless of what a transitive dependency\nprefers.\n" }, { "commit": "bfe8f049b2834be49ca020dd78e0c584cf1aa1e4", "tree": "941ef5805a1b834f2dff112128b24d0894b97607", "parents": [ "353ec6ebc963ad3a4890bae6e468f05a5065abf1" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Mon Apr 13 05:28:41 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Mon Apr 13 08:19:45 2026 -1000" }, "message": "RAMPART-454 Refresh site docs for the 2.0.0 release\n\n- index.md: state that Rampart 2.0.0 runs on Axis2 2.0.1, requires\n OpenJDK 17 as the minimum runtime, and has been tested on OpenJDK\n 21 and 25.\n- release-notes/2.0.0.md: the file was carried over with 1.x-era\n dependency numbers (Axis2 1.8.2, WSS4J 3.0.3, OpenSAML 4.3.2,\n Axiom 1.4.0, BC 1.79). Rewrite against the actual 2.0.0 stack\n (Axis2 2.0.1, Axiom 2.0.0, WSS4J 4.0.1, OpenSAML 5.2.1, Santuario\n 4.0.4, BC 1.83) and record the JDK 17 / 21 / 25 runtime matrix.\n- site.xml: add a \"2.0.0\" entry under the Release Notes menu.\n\nExisting in-code \"1.8.0 and later\" comments are left alone: each one\ndescribes a behavior change that happened in 1.8.0 (e.g. \"WSS4J sets\nthis as false however before 1.8.0 this was hard-coded to true\") and\nrewriting those as 2.0.0 would be historically wrong.\n" }, { "commit": "353ec6ebc963ad3a4890bae6e468f05a5065abf1", "tree": "aeaf24494f62e1f878c21b3322cdf609bdb262c5", "parents": [ "50c80d36af2ea53e4a478353d621eb13a1fba85e" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Mon Apr 13 05:28:26 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Mon Apr 13 08:19:45 2026 -1000" }, "message": "RAMPART-454 Put servlet-api on the aggregator Javadoc classpath\n\nmvn package (and mvn site / site-deploy) was failing in the apidocs\nmodule with:\n\n error: package jakarta.servlet.http does not exist\n import jakarta.servlet.http.HttpServletRequest;\n\nbecause rampart-core references HttpServletRequest (RampartUtil.java)\nand declares jakarta.servlet-api with \u003cscope\u003eprovided\u003c/scope\u003e. Provided\nscope is not transitive, so when apidocs aggregates rampart-core\u0027s\nsources for Javadoc, the servlet API is absent from the Javadoc\nclasspath.\n\nDeclare jakarta.servlet-api explicitly in apidocs/pom.xml so\njavadoc-no-fork (invoked at prepare-package for dist-javadoc and at\nsite for site-javadoc) can resolve the import.\n" }, { "commit": "50c80d36af2ea53e4a478353d621eb13a1fba85e", "tree": "691233473812b0b0ba4a7c081beba246553fb574", "parents": [ "8e4a0cae7bebf56d5e58a64116de29dd2886c255" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Mon Apr 13 05:28:15 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Mon Apr 13 08:19:45 2026 -1000" }, "message": "RAMPART-454 Fix rampart-dist lib/ layout for OpenSAML 5\n\nThe hand-curated \u003cinclude\u003e list in bin.xml referenced artifacts that no\nlonger exist (opensaml-core, net.shibboleth.utilities:java-support,\nnet.shibboleth:cryptography-api) and omitted the 5.x-split artifacts\n(opensaml-core-api, opensaml-core-impl, opensaml-messaging-api,\nopensaml-profile-api, opensaml-xacml-saml-api, opensaml-xacml-saml-impl,\nthe new net.shibboleth:shib-* artifacts, etc.). Running the samples\nagainst the resulting dist produced a sealing violation in\norg.opensaml.security.config and ClassNotFoundException for\nInitializationException.\n\nSwitch the lib/ dependencySet to useTransitiveDependencies +\nuseTransitiveFiltering (so it follows the real 5.x dependency graph)\nand explicitly exclude artifacts that are already shipped by the Axis2\nbinary distribution. Without those excludes we ship, for example,\nhttpcore5 5.2.5 alongside Axis2\u0027s httpcore5 5.4.2, which then breaks\nHTTPClient5 transport with \"NoSuchMethodError: ...Http1Config\".\n\nVerified: unzip axis2-2.0.1 + rampart-dist, ant setup, then ant\nservice.NN / ant client.NN for all nine policy samples pass.\n" }, { "commit": "8e4a0cae7bebf56d5e58a64116de29dd2886c255", "tree": "ef1560c902577fd770829e989bc3a8b940720ff4", "parents": [ "55f32746700a1360a29b53f274200cd679b59080" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Mon Apr 13 05:28:01 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Mon Apr 13 08:19:45 2026 -1000" }, "message": "RAMPART-454 Bump build to JDK 17 baseline; refresh plugin and library versions\n\nBuild / toolchain:\n- maven-compiler-plugin: \u003csource\u003e/\u003ctarget\u003e11 -\u003e \u003crelease\u003e17 (and property\n maven.compiler.target -\u003e maven.compiler.release\u003d17).\n- Enforcer: add requireJavaVersion [17,) so the build fails fast on older\n JDKs. Still tested on OpenJDK 17, 21 and 25.\n- Drop animal-sniffer-maven-plugin: it was pinned to the java18 (JDK 1.8)\n signature, which is meaningless once the baseline is 17; --release 17\n already provides an equivalent (stronger) API bound via ct.sym.\n- jacoco-maven-plugin: pick up the ${jacoco.version} property instead of\n hard-coding 0.8.12, and bump to 0.8.14 (supports Java 25 class files,\n which Ubuntu 25.10\u0027s default JVM emits when the sample Ant tasks fork).\n- Drop the duplicate \u003cdependencyManagement\u003e block for the wss4j artifacts\n that Maven was warning about (\"must be unique\").\n\nPlugin bumps:\n- maven-surefire-plugin 3.5.2 -\u003e 3.5.5\n- build-helper-maven-plugin 3.6.0 -\u003e 3.6.1\n- gmavenplus-plugin 4.0.1 -\u003e 4.3.1\n- maven-dependency-plugin 3.8.0 -\u003e 3.10.0\n- maven-antrun-plugin 3.1.0 -\u003e 3.2.0\n- maven-assembly-plugin 3.7.1 -\u003e 3.8.0\n- maven-javadoc-plugin 3.11.1 -\u003e 3.12.0\n- maven-enforcer-plugin 3.5.0 -\u003e 3.6.2\n- maven-compiler-plugin 3.13.0 -\u003e 3.15.0\n- maven-project-info-reports-plugin 3.8.0 -\u003e 3.9.0\n\nLibrary bumps:\n- dropwizard metrics-core 4.2.19 -\u003e 4.2.38\n- cryptacular 1.2.4 -\u003e 1.3.0\n- bouncycastle bcprov/bcpkix-jdk18on 1.79 -\u003e 1.83\n- santuario xmlsec 4.0.3 -\u003e 4.0.4\n- aspectjrt / aspectjweaver 1.9.22.1 -\u003e 1.9.25.1\n- jakarta.xml.bind-api 4.0.2 -\u003e 4.0.5\n\nIntentionally skipped (alpha/beta/milestone or cross-major): log4j 3.x,\nslf4j 2.1.0-alpha1, jakarta.servlet-api 6.2.0-M1, maven-compiler-plugin\n4.0.0-beta-*, maven-site-plugin 4.0.0-M16, groovy-all 5.x, esapi 2.7.x-RC1.\n" }, { "commit": "55f32746700a1360a29b53f274200cd679b59080", "tree": "4769177382a532bc4168ec8d249de95124b7fcf7", "parents": [ "aceacfe9e64e9a25f82bc6fc53d1a7a2ac343f44" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Mon Apr 13 05:27:36 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Mon Apr 13 08:19:25 2026 -1000" }, "message": "RAMPART-454 Finish OpenSAML 5 / Axis2 2.0.x API migration in trust/integration\n\n- getBuilderOrThrow -\u003e ensureBuilder (OpenSAML 5 builder-factory API).\n- net.shibboleth.utilities.java.support.xml -\u003e net.shibboleth.shared.xml\n (Shibboleth 9.x repackaging of ParserPool / BasicParserPool).\n- SubjectConfirmation.getConfirmationMethod() -\u003e getURI() in the SAML 1.1\n bearer integration test.\n- Switch the test axis2.xml transport senders from the HTTPClient4 classes\n (gone in Axis2 2.0) to HTTPClient5TransportSender.\n" }, { "commit": "aceacfe9e64e9a25f82bc6fc53d1a7a2ac343f44", "tree": "a0382680e8597592ae5791dece7f1700867592f1", "parents": [ "34f6918fd93aedf9e447474391cc597b8a3cd3a0" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Sun Apr 12 16:19:12 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Mon Apr 13 08:19:25 2026 -1000" }, "message": "RAMPART-454 Upgrade OpenSAML from 4.3.2 to 5.2.1\n\nOpenSAML 5.x API changes:\n- opensaml-core artifact renamed to opensaml-core-api (all other\n artifacts unchanged)\n- AuthnContextClassRef.setAuthnContextClassRef() -\u003e setURI()\n- ConfirmationMethod.getConfirmationMethod() -\u003e getURI()\n- ConfirmationMethod.setConfirmationMethod() -\u003e setURI()\n\nOnly 4 method renames needed. The Shibboleth Maven repo URL was\nupdated in the previous commit.\n\nBuilds successfully with: mvn install -Dmaven.test.skip\u003dtrue -Dmaven.javadoc.skip\u003dtrue\n\nCo-Authored-By: Claude Opus 4.6 (1M context) \u003cnoreply@anthropic.com\u003e\n" }, { "commit": "34f6918fd93aedf9e447474391cc597b8a3cd3a0", "tree": "d4f15bc9597cec4f1db59cbeeb69d6ef8f5434c0", "parents": [ "93e0883a3dee8189c3c2b358b7f106e2f8b7d476" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Sun Apr 12 16:15:01 2026 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Mon Apr 13 08:19:25 2026 -1000" }, "message": "RAMPART-454 Upgrade to Axis2 2.0.1-SNAPSHOT + Axiom 2.0.0 (Jakarta)\n\n- axis2.version: 1.8.2 -\u003e 2.0.1-SNAPSHOT\n- axiom.version: 1.4.0 -\u003e 2.0.0\n- javax.servlet -\u003e jakarta.servlet in RampartUtil.java\n- javax.servlet.request.X509Certificate -\u003e jakarta.servlet.request.X509Certificate\n- Added jakarta.servlet-api 6.0.0 (provided) dependency\n- Added axiom-jakarta-activation and axiom-jakarta-jaxb to dependencyManagement\n- Updated Shibboleth Maven repo URL (old Nexus -\u003e new releases)\n\nBuilds successfully with: mvn install -Dmaven.test.skip\u003dtrue -Dmaven.javadoc.skip\u003dtrue\nOpenSAML remains at 4.3.2 — 5.x upgrade is the next step.\n\nCo-Authored-By: Claude Opus 4.6 (1M context) \u003cnoreply@anthropic.com\u003e\n" }, { "commit": "93e0883a3dee8189c3c2b358b7f106e2f8b7d476", "tree": "55e72cd3249dfd08c62f00c1c9f9a27258f09296", "parents": [ "43d052810d080f8b215c51fca174c743d3d6fedd", "8f5b1967ee568705c32ef8f1a536a7fedd4270ae" ], "author": { "name": "Christian Ortlepp", "email": "christian.ortlepp@hypergene.com", "time": "Tue Apr 07 16:31:45 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 07 16:31:45 2026 +0200" }, "message": "Merge pull request #23 from apache/cortlepp/unify-log4j-deps\n\nchore: unify log4j deps and update them" }, { "commit": "8f5b1967ee568705c32ef8f1a536a7fedd4270ae", "tree": "55e72cd3249dfd08c62f00c1c9f9a27258f09296", "parents": [ "bf158eaf79b2282625e86a8fc72c3dfa382a7ed1" ], "author": { "name": "Christian Ortlepp", "email": "christian.ortlepp@hypergene.com", "time": "Tue Apr 07 16:23:55 2026 +0200" }, "committer": { "name": "Christian Ortlepp", "email": "christian.ortlepp@hypergene.com", "time": "Tue Apr 07 16:25:28 2026 +0200" }, "message": "chore: unify log4j deps and update them\n" }, { "commit": "bf158eaf79b2282625e86a8fc72c3dfa382a7ed1", "tree": "f77910c79a779453fda4b596d047d1c6affe83e1", "parents": [ "771370d5fc62d9c46331983bc8db2782fc2471e0", "24370d4933aadd7126d5c1f5a6b465884e169324" ], "author": { "name": "Christian Ortlepp", "email": "christian.ortlepp@hypergene.com", "time": "Tue Apr 07 16:15:00 2026 +0200" }, "committer": { "name": "Christian Ortlepp", "email": "christian.ortlepp@hypergene.com", "time": "Tue Apr 07 16:15:00 2026 +0200" }, "message": "Merge remote-tracking branch \u0027origin/dependabot/maven/modules/distribution/org.apache.logging.log4j-log4j-core-2.25.3\u0027 into cortlepp/unify-log4j-deps\n" }, { "commit": "771370d5fc62d9c46331983bc8db2782fc2471e0", "tree": "f77910c79a779453fda4b596d047d1c6affe83e1", "parents": [ "43d052810d080f8b215c51fca174c743d3d6fedd", "47c186f5a66da338ed6c7f4a9242ffdcca70aa30" ], "author": { "name": "Christian Ortlepp", "email": "christian.ortlepp@hypergene.com", "time": "Tue Apr 07 16:14:50 2026 +0200" }, "committer": { "name": "Christian Ortlepp", "email": "christian.ortlepp@hypergene.com", "time": "Tue Apr 07 16:14:50 2026 +0200" }, "message": "Merge remote-tracking branch \u0027origin/dependabot/maven/org.apache.logging.log4j-log4j-core-2.25.3\u0027 into cortlepp/unify-log4j-deps\n" }, { "commit": "43d052810d080f8b215c51fca174c743d3d6fedd", "tree": "2f386b2121c9049353438985ea7d6556d5446115", "parents": [ "ec1727afe0786937662c7fbff3b8668427970aa0", "91d0fcc5fc033750474b692d110b2f141f2e74d5" ], "author": { "name": "Christian Ortlepp", "email": "christian.ortlepp@hypergene.com", "time": "Tue Apr 07 16:10:05 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 07 16:10:05 2026 +0200" }, "message": "Merge pull request #22 from apupier/patch-1\n\nUse new shibboleth Maven repository URL" }, { "commit": "91d0fcc5fc033750474b692d110b2f141f2e74d5", "tree": "2f386b2121c9049353438985ea7d6556d5446115", "parents": [ "ec1727afe0786937662c7fbff3b8668427970aa0" ], "author": { "name": "Aurélien Pupier", "email": "apupier@ibm.com", "time": "Fri Apr 03 15:07:33 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 03 15:07:33 2026 +0200" }, "message": "Use new shibboleth Maven repository URL\n\n```\r\nAs of 20 January 2022, the following Maven repository URLs are being redirected : \r\nhttps://build.shibboleth.net/nexus/content/groups/public \r\nto\r\nhttps://build.shibboleth.net/maven/releases \r\n```\r\n\r\nsee https://shibboleth.atlassian.net/wiki/spaces/DEV/pages/2891317253/MavenRepositories#Old-Shibboleth-Maven-Repository-URLs" }, { "commit": "47c186f5a66da338ed6c7f4a9242ffdcca70aa30", "tree": "f55397e85476796a8e37e8c275ee2a7517ef5890", "parents": [ "ec1727afe0786937662c7fbff3b8668427970aa0" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Fri Dec 19 23:50:12 2025 +0000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Dec 19 23:50:12 2025 +0000" }, "message": "Bump org.apache.logging.log4j:log4j-core from 2.18.0 to 2.25.3\n\nBumps org.apache.logging.log4j:log4j-core from 2.18.0 to 2.25.3.\n\n---\nupdated-dependencies:\n- dependency-name: org.apache.logging.log4j:log4j-core\n dependency-version: 2.25.3\n dependency-type: direct:production\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e" }, { "commit": "24370d4933aadd7126d5c1f5a6b465884e169324", "tree": "f5783312a483ad9f1cd2940d42b18d59ec3530c1", "parents": [ "ec1727afe0786937662c7fbff3b8668427970aa0" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Fri Dec 19 23:20:24 2025 +0000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Dec 19 23:20:24 2025 +0000" }, "message": "Bump org.apache.logging.log4j:log4j-core in /modules/distribution\n\nBumps org.apache.logging.log4j:log4j-core from 2.18.0 to 2.25.3.\n\n---\nupdated-dependencies:\n- dependency-name: org.apache.logging.log4j:log4j-core\n dependency-version: 2.25.3\n dependency-type: direct:production\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e" }, { "commit": "ec1727afe0786937662c7fbff3b8668427970aa0", "tree": "d28c36682a9b78df7ac8bd5333757aff79b4dd5d", "parents": [ "89f975816fa107271d08b472769516086d70ea9f" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Sun Nov 02 10:38:28 2025 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Sun Nov 02 10:38:28 2025 -1000" }, "message": "Fix github actions\n" }, { "commit": "89f975816fa107271d08b472769516086d70ea9f", "tree": "675dee6e85a017e45ad016e56c50fb5059da519d", "parents": [ "47a984dce1af7bcf19b0f74c45c6b6a8bcd5ee01", "6b137e2be220fca750ecf7ee6ebd65e1e054a506" ], "author": { "name": "robertlazarski", "email": "58150512+robertlazarski@users.noreply.github.com", "time": "Sun Nov 02 10:30:53 2025 -1000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sun Nov 02 10:30:53 2025 -1000" }, "message": "Merge pull request #19 from apache/dependabot/maven/commons-fileupload-commons-fileupload-1.6.0\n\nBump commons-fileupload:commons-fileupload from 1.5 to 1.6.0" }, { "commit": "47a984dce1af7bcf19b0f74c45c6b6a8bcd5ee01", "tree": "622ce1f0c3fbd1965bfc513a11b03c34dec75a3d", "parents": [ "74b1038d89a4aed82796c77eab1bb6970045b27b" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Sun Nov 02 10:28:50 2025 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Sun Nov 02 10:28:50 2025 -1000" }, "message": "Big update to fix samples 1 thru 9. Also fix or remove a bunch of old http links\n" }, { "commit": "74b1038d89a4aed82796c77eab1bb6970045b27b", "tree": "25fe014b69471593f769d97cc6d227a970c91fe9", "parents": [ "c69ea973dc19afbe1ba682eb66769d8ba4640685" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Fri Oct 17 06:09:10 2025 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Fri Oct 17 06:09:10 2025 -1000" }, "message": "Add release notes for 2.0.0\n" }, { "commit": "6b137e2be220fca750ecf7ee6ebd65e1e054a506", "tree": "c3c9e80b2d3a2af8e95888b469342eb98d8a5586", "parents": [ "c69ea973dc19afbe1ba682eb66769d8ba4640685" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Wed Jul 09 18:56:25 2025 +0000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jul 09 18:56:25 2025 +0000" }, "message": "Bump commons-fileupload:commons-fileupload from 1.5 to 1.6.0\n\nBumps commons-fileupload:commons-fileupload from 1.5 to 1.6.0.\n\n---\nupdated-dependencies:\n- dependency-name: commons-fileupload:commons-fileupload\n dependency-version: 1.6.0\n dependency-type: direct:production\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e" }, { "commit": "c69ea973dc19afbe1ba682eb66769d8ba4640685", "tree": "a50373ae56a0fe0a1580f83d7eb1cb2bbcef7bd8", "parents": [ "77a6e2a1023c1c29cac79476eed85cd7c9d4c5a0" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Feb 18 08:30:16 2025 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Feb 18 08:30:16 2025 -1000" }, "message": "release doc updates\n" }, { "commit": "77a6e2a1023c1c29cac79476eed85cd7c9d4c5a0", "tree": "f2adcb4edb5e700a610014a335bb1a49f90148b7", "parents": [ "7add69c2a0b37a192c9494c66bb319e1eedd9606" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Dec 10 07:08:47 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Dec 10 07:08:47 2024 -1000" }, "message": "Release documentation updates\n" }, { "commit": "7add69c2a0b37a192c9494c66bb319e1eedd9606", "tree": "26bb1861daabf7afa858bd70c126df9df90c0a8e", "parents": [ "d0546ce351d884c9ac5faf8dc6785f68639ff9a5" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Sat Nov 30 11:31:09 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Sat Nov 30 11:31:09 2024 -1000" }, "message": "[maven-release-plugin] prepare for next development iteration\n" }, { "commit": "d0546ce351d884c9ac5faf8dc6785f68639ff9a5", "tree": "58ae7cadb279bea04d9217a2520d72d4e3246972", "parents": [ "f7c31c7ca72064e165cdd74edb3506039fa3d8a3" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Sat Nov 30 11:30:12 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Sat Nov 30 11:30:12 2024 -1000" }, "message": "[maven-release-plugin] prepare release v1.8.0\n" }, { "commit": "f7c31c7ca72064e165cdd74edb3506039fa3d8a3", "tree": "7e37e4fe33ed908ec2c6f2dea47b6b4d9bb9b458", "parents": [ "69449bc70f9347959d85f912acfdca2ec79bfad8" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Sat Nov 30 11:27:08 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Sat Nov 30 11:27:08 2024 -1000" }, "message": "dev guide updates\n" }, { "commit": "69449bc70f9347959d85f912acfdca2ec79bfad8", "tree": "1ee3352c82f33ec861770ce9df3ac03c9d423f1d", "parents": [ "fea03915ab97ad41d5b4fdfe962c3e5d631e7b39" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Sat Nov 30 11:13:54 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Sat Nov 30 11:13:54 2024 -1000" }, "message": "Update legal dir\n" }, { "commit": "fea03915ab97ad41d5b4fdfe962c3e5d631e7b39", "tree": "10e298a3cbf5c355858670325828c3076fdaab5d", "parents": [ "35297c247259a0ca2969093c42caff48be10ad41" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Sat Nov 30 11:03:43 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Sat Nov 30 11:03:43 2024 -1000" }, "message": "Update legal dir, and some dev guide updates\n" }, { "commit": "35297c247259a0ca2969093c42caff48be10ad41", "tree": "ea835dae8e8ea40880ef20a94f6ce1bc89a462f5", "parents": [ "463f7b22714951be619e534895ebfb018076cfdd" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Sat Nov 30 10:58:58 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Sat Nov 30 10:58:58 2024 -1000" }, "message": "Update legal dir, and some dev guide updates\n" }, { "commit": "463f7b22714951be619e534895ebfb018076cfdd", "tree": "66f82aa11e1e2cb7a9a6a9eae582e413ceeb077c", "parents": [ "1ded480c238d697e1cc09348ebd934f2dbe8f01b" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Sat Nov 30 07:38:08 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Sat Nov 30 07:38:08 2024 -1000" }, "message": "Release prep\n" }, { "commit": "1ded480c238d697e1cc09348ebd934f2dbe8f01b", "tree": "f039249808701b87edbdcacc0094439aff7b0ffb", "parents": [ "5ff658f644fde94f2c0860e2e7a72ee7620690c6" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Wed Nov 13 13:02:45 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Wed Nov 13 13:02:45 2024 -1000" }, "message": "site-deploy is not finding our JavaDoc, so fix that with some maven-resources-plugin config\n" }, { "commit": "5ff658f644fde94f2c0860e2e7a72ee7620690c6", "tree": "73951673d43ba2dc49c3e0b2964676c681050d00", "parents": [ "5ffdf8bb2f5a95f0903c3b96a59ac37d10c8c575" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Wed Nov 13 05:26:53 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Wed Nov 13 05:26:53 2024 -1000" }, "message": "More release cleanup\n" }, { "commit": "5ffdf8bb2f5a95f0903c3b96a59ac37d10c8c575", "tree": "8ada176ddb5ab01cba75a806805cd63dc5badf69", "parents": [ "50b0f0269d92c210dff5356c49458e43ba1e762f" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Nov 12 17:10:41 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Nov 12 17:10:41 2024 -1000" }, "message": "Release cleanup and docs, link to JavaDoc via apidocs needs to be fixed still\n" }, { "commit": "50b0f0269d92c210dff5356c49458e43ba1e762f", "tree": "61da9412c74aec9eca2dfbdb92fac90310d7b552", "parents": [ "3348434f3df9f20ca1246b1540cab752e2ab936e" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Nov 12 17:06:07 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Nov 12 17:06:07 2024 -1000" }, "message": "Release cleanup and docs, link to JavaDoc via apidocs needs to be fixed still\n" }, { "commit": "3348434f3df9f20ca1246b1540cab752e2ab936e", "tree": "21b9be4ea7a17d35aa0f70f2bd97c117be2771e8", "parents": [ "3a743272cf951345795ddebfa49876092d6c033c" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Thu Nov 07 12:05:08 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Thu Nov 07 12:05:08 2024 -1000" }, "message": "Update Ant to latest\n" }, { "commit": "3a743272cf951345795ddebfa49876092d6c033c", "tree": "6ce493767ff08eb666098429d18a52a38982eb77", "parents": [ "add45b830136cec9ba607fab04604d8c5d6f4beb" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Thu Nov 07 11:36:45 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Thu Nov 07 11:36:45 2024 -1000" }, "message": "RampartEngine fixes\n" }, { "commit": "add45b830136cec9ba607fab04604d8c5d6f4beb", "tree": "5f49ca1a47956ac8627677609e8adcb912ee89fb", "parents": [ "32f00ce8d28ae965727746a7f1bc87c0bba381d5" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Wed Nov 06 11:16:37 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Wed Nov 06 11:16:37 2024 -1000" }, "message": "Release notes update\n" }, { "commit": "32f00ce8d28ae965727746a7f1bc87c0bba381d5", "tree": "87b546886ae4c0ab0a79af7497165ed61720c971", "parents": [ "f8dcc7460487a18382320a0a553781e914fafb31" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Wed Nov 06 10:55:45 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Wed Nov 06 10:55:45 2024 -1000" }, "message": "RAMPART-234 Allow custom https listeners to populate the client certificate chain in the message context\n" }, { "commit": "f8dcc7460487a18382320a0a553781e914fafb31", "tree": "b2db24b467931cea519d9b161b3a928b36646e1f", "parents": [ "b0f0096543e1ef494b0356740ec76fda7d5def56" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Wed Nov 06 10:41:26 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Wed Nov 06 10:41:26 2024 -1000" }, "message": "RAMPART-234 Allow custom https listeners to populate the client certificate chain in the message context\n" }, { "commit": "b0f0096543e1ef494b0356740ec76fda7d5def56", "tree": "fdfceb8b2fc9cbe5984b0580878252d57c137fef", "parents": [ "1d69f56cac5490ded516503c38957ee4b4ba3759" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Wed Nov 06 09:18:13 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Wed Nov 06 09:18:13 2024 -1000" }, "message": "RAMPART-335 X509V3 KeyIdentifier cannot be set dynmaically\n" }, { "commit": "1d69f56cac5490ded516503c38957ee4b4ba3759", "tree": "b38ec4299d42f58ecfc743d222cc6260d812cedf", "parents": [ "7cc7075a5d89d07a24288198dc013b51af1e162b" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Wed Nov 06 08:56:31 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Wed Nov 06 08:56:31 2024 -1000" }, "message": "RAMPART-261 Ability to Toggle mustUnderstand flag in security header\n" }, { "commit": "7cc7075a5d89d07a24288198dc013b51af1e162b", "tree": "cd20e75e73cc03b31aa9beeff04c17cec5d7a522", "parents": [ "01a401cf2ec8f559717890292715ce64f9878296" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Nov 05 16:25:28 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Nov 05 16:25:28 2024 -1000" }, "message": "RAMPART-396 NullPointerException using STS, Trust and entropy\n" }, { "commit": "01a401cf2ec8f559717890292715ce64f9878296", "tree": "dfbc0c7079ac6f0c5f32b1be6908e692e25eeca9", "parents": [ "5bef64210be281d6f885f4e3c8269d244257a613" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Nov 05 16:22:44 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Nov 05 16:22:44 2024 -1000" }, "message": "RAMPART-396 NullPointerException using STS, Trust and entropy\n" }, { "commit": "5bef64210be281d6f885f4e3c8269d244257a613", "tree": "8f079f69adedca11b1673d7a13f7bd6914845726", "parents": [ "f7d0025284383789815e059200b2a3c57642240b" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Nov 05 15:22:58 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Nov 05 15:22:58 2024 -1000" }, "message": "RAMPART-420 Allow WS-Security timestamps to be spoofed and BSP checking disabled\n" }, { "commit": "f7d0025284383789815e059200b2a3c57642240b", "tree": "3bd739090803aebdc5250e53ced32dc72a9f567f", "parents": [ "fef676d1be0faff901b4a659eb8d177bb5f1a6aa" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Nov 05 15:14:57 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Nov 05 15:14:57 2024 -1000" }, "message": "RAMPART-420 Allow WS-Security timestamps to be spoofed and BSP checking disabled\n" }, { "commit": "fef676d1be0faff901b4a659eb8d177bb5f1a6aa", "tree": "5f8968813f480c587f247191c9d860432423d01f", "parents": [ "6d85d98d50bc019d6a085887f24a5d420977d312" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Nov 05 15:03:03 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Nov 05 15:03:03 2024 -1000" }, "message": "RAMPART-420 Allow WS-Security timestamps to be spoofed and BSP checking disabled\n" }, { "commit": "6d85d98d50bc019d6a085887f24a5d420977d312", "tree": "60d00d05b6a454d66ca7ef2fd06b70316ecc1145", "parents": [ "5136d7b5c74839c664f851cd666d3777e27f4d0b" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Nov 05 09:56:02 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Nov 05 09:56:02 2024 -1000" }, "message": "RAMPART-437 SHA256 not supported for DigestAlgorithm for TransportBinding when specified correctly in policy.xml\n" }, { "commit": "5136d7b5c74839c664f851cd666d3777e27f4d0b", "tree": "f811d5b75b8560c7e4157ac9f0bd3251e828a554", "parents": [ "a41a08e0a38aeb8258404bd98b4aca40efccfb57" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Nov 05 09:14:19 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Nov 05 09:14:19 2024 -1000" }, "message": "RAMPART-205, RAMPART-361, RAMPART-432, RAMPART-435 Add some customization to WSS4J RequestData via optional parameters in Options and RampartConfig\n" }, { "commit": "a41a08e0a38aeb8258404bd98b4aca40efccfb57", "tree": "c54cd08043fc614bdfdfeca99f39413bc3a1239b", "parents": [ "206965aaaa67b6c47259d9a5039ac01c7a599386" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Nov 05 09:10:16 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Nov 05 09:10:16 2024 -1000" }, "message": "RAMPART-205, RAMPART-361, RAMPART-432, RAMPART-435 Add some customization to WSS4J RequestData via optional parameters in Options and RampartConfig\n" }, { "commit": "206965aaaa67b6c47259d9a5039ac01c7a599386", "tree": "23fd4d66898d993d4a95cb1dfe35223de13f0890", "parents": [ "0c0006326eb72bd6b64e3c1f3ff9c6e86e00c6e0" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Fri Nov 01 08:45:24 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Fri Nov 01 08:45:24 2024 -1000" }, "message": "RAMPART-448 NullPointerException in RampartUtil.setKeyIdentifierType() when signing response\n" }, { "commit": "0c0006326eb72bd6b64e3c1f3ff9c6e86e00c6e0", "tree": "1eb9ac5692758e4a067fccd499f9be7284cebf71", "parents": [ "c6d3aa3a2aaf0b8b53acddfcd3dca15c11c113fc" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Fri Nov 01 08:44:33 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Fri Nov 01 08:44:33 2024 -1000" }, "message": "RAMPART-448 NullPointerException in RampartUtil.setKeyIdentifierType() when signing response\n" }, { "commit": "c6d3aa3a2aaf0b8b53acddfcd3dca15c11c113fc", "tree": "dc490519514c2d379634de3edd02bef40d923e34", "parents": [ "c1f7692b5f5466faaa291b05a835d5fff31fe43f" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Fri Nov 01 07:09:30 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Fri Nov 01 07:09:30 2024 -1000" }, "message": "RAMPART-325 NullPointerException with UsernameToken Policy and MTOM Policy without Rampart Config in WSDL\n" }, { "commit": "c1f7692b5f5466faaa291b05a835d5fff31fe43f", "tree": "ddb0e9787cf84d8edeacabf317c60f0b73349b53", "parents": [ "3f457fe7408cbb7803506e6c3329b915000e1124" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Thu Oct 31 11:11:17 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Thu Oct 31 11:11:17 2024 -1000" }, "message": "RAMPART-425 Links not found\n" }, { "commit": "3f457fe7408cbb7803506e6c3329b915000e1124", "tree": "1697e56d2ef28d23f72f669ce28f76642957fea9", "parents": [ "c4371bf8b187086b56fd92dafa54ab15a246e067" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Wed Oct 30 05:35:41 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Wed Oct 30 05:35:41 2024 -1000" }, "message": "RAMPART-432 Add disableBSPEnforcement to RampartConfig docs\n" }, { "commit": "c4371bf8b187086b56fd92dafa54ab15a246e067", "tree": "645e00aa835ae26e94008577eeeccc95c5a943d2", "parents": [ "36e84d7802ef4427727327fe65e7c1758647ca30" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Wed Oct 30 05:22:31 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Wed Oct 30 05:22:31 2024 -1000" }, "message": "RAMPART-432 Add a client and server way to set the WSS4J param disableBSPEnforcement. I need community help on a unit test, or more time to figure out one in a subsequent release\n" }, { "commit": "36e84d7802ef4427727327fe65e7c1758647ca30", "tree": "b4c8ff2c254e0f9a1c01358fbac2980a9f6cba3a", "parents": [ "a8f4591a770489b95118d0dc4c44f505c9de05b4" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Sat Oct 26 07:52:16 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Sat Oct 26 07:52:16 2024 -1000" }, "message": "Fix pom.xml scm and distributionManagement tags\n" }, { "commit": "a8f4591a770489b95118d0dc4c44f505c9de05b4", "tree": "1fa7a9eb40ad53d633d0749d94dd0eb7df359626", "parents": [ "4d779c56d0bfd7032b8fbb02820080b3be513f9a" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Sat Oct 26 07:43:56 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Sat Oct 26 07:43:56 2024 -1000" }, "message": "Dep updates\n" }, { "commit": "4d779c56d0bfd7032b8fbb02820080b3be513f9a", "tree": "3bbe63f4ae4e855e18f3feb66f8a37669c832152", "parents": [ "4bf1c82911b74746c3d3215ebd7ef53e878668a7" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Sat Oct 26 07:42:58 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Sat Oct 26 07:42:58 2024 -1000" }, "message": "Dep updates\n" }, { "commit": "4bf1c82911b74746c3d3215ebd7ef53e878668a7", "tree": "27ac64e01b43f8d5b608fd4999a1679ed71e0190", "parents": [ "d53fe1b1a995098dd39f5175b035555e4e54aceb" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Sat Oct 26 06:24:13 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Sat Oct 26 06:24:13 2024 -1000" }, "message": "RAMPART-441 community patch on docs\n" }, { "commit": "d53fe1b1a995098dd39f5175b035555e4e54aceb", "tree": "66f1a57c99b7880795543e0ef44fc0d906cbf65c", "parents": [ "373ffcaa9872dea6ab3e00f012349c317743da27" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Fri Oct 25 11:48:19 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Fri Oct 25 11:48:19 2024 -1000" }, "message": "Test code cleanup\n" }, { "commit": "373ffcaa9872dea6ab3e00f012349c317743da27", "tree": "80bc2179301c37caf8c41b94c3fce4e55caae3bd", "parents": [ "fa2cae15d19d4c97eb7b1316fa6f64ceb58de2c3" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Thu Oct 24 10:04:24 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Thu Oct 24 10:04:24 2024 -1000" }, "message": "Sample typos\n" }, { "commit": "fa2cae15d19d4c97eb7b1316fa6f64ceb58de2c3", "tree": "1f599a04f4f1d96fb8b42409f987c5338a5d195d", "parents": [ "a9bd8b10e4d39febb89df93045571005d267a52f" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Thu Oct 24 09:32:33 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Thu Oct 24 09:32:33 2024 -1000" }, "message": "Fix source control links in developer-guide.xml\n" }, { "commit": "a9bd8b10e4d39febb89df93045571005d267a52f", "tree": "96f5c0ba49eb5af981303202cac4cafa9e132487", "parents": [ "69e24ef8e96edac2d89abdf1f7741e2c4b6bcdfa" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Thu Oct 24 07:02:03 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Thu Oct 24 07:02:03 2024 -1000" }, "message": "RAMPART-451 remove unmaintained xalan dep\n" }, { "commit": "69e24ef8e96edac2d89abdf1f7741e2c4b6bcdfa", "tree": "ec885a0b8b274394630bd57f105080befc2e4f83", "parents": [ "c6c53b497c58e06b3c00419a3de3b64dcfac3302" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Oct 22 15:07:11 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Oct 22 15:07:11 2024 -1000" }, "message": "Add release notes for 1.8.0, which will be expanded with fixed issues once some Jira clean up has been done\n" }, { "commit": "c6c53b497c58e06b3c00419a3de3b64dcfac3302", "tree": "5c308f1aca71764bff6885863022535b3ac7743e", "parents": [ "ddff746ba1ede3326f14b5992a277c5f11806657" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Oct 22 14:18:01 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Oct 22 14:18:01 2024 -1000" }, "message": "Include xmlsec as a dep to fix the samples\n" }, { "commit": "ddff746ba1ede3326f14b5992a277c5f11806657", "tree": "61f92259ed3c1c0d34bfa2190db9ea3f9ca4e59c", "parents": [ "65c3c4858efc72312c0faddb9afe7f5f59bff29d" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Oct 22 13:43:15 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Oct 22 13:43:15 2024 -1000" }, "message": "Fix some JKS / pkcs12 mismatches from a previous commit\n" }, { "commit": "65c3c4858efc72312c0faddb9afe7f5f59bff29d", "tree": "4d00bbeea02a7ef3be5f38c477a4d87cf64afab2", "parents": [ "6b1e7c1082224a365c815e72079b69adc324e859" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Oct 22 12:28:58 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Oct 22 12:28:58 2024 -1000" }, "message": "Update some more deps\n" }, { "commit": "6b1e7c1082224a365c815e72079b69adc324e859", "tree": "b3ee80f721c429bc2219d9aec1673b9b9618e624", "parents": [ "07fd82e56fcfbee2f3f22e72d02c23de521031a1" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Oct 22 09:12:45 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Oct 22 09:12:45 2024 -1000" }, "message": "Update wss4j is to latest, 3.0.3\n" }, { "commit": "07fd82e56fcfbee2f3f22e72d02c23de521031a1", "tree": "93f2a0e8fc180c49f637e55fd04944bbf1136e9f", "parents": [ "69cb19a39ada58b02cbc03624ccfae72d55ba055" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Oct 22 07:54:48 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Oct 22 07:54:48 2024 -1000" }, "message": "AXIS2-6066 fix site build, upgrade to latest maven-site-plugin\n" }, { "commit": "69cb19a39ada58b02cbc03624ccfae72d55ba055", "tree": "d52323e8d54f162c0d5698b7cc0a60eb83ce761f", "parents": [ "56911ffceb64641a143bc49b823e2678c6a46659" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Oct 15 09:38:15 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Oct 15 09:38:15 2024 -1000" }, "message": "Update maven-fluido-skin to latest, getting the site-deploy Maven task closer to working\n" }, { "commit": "56911ffceb64641a143bc49b823e2678c6a46659", "tree": "f621a5c0f9f83060e0ac2d935c070e04423fd481", "parents": [ "99dbae29b91f5c36c991474d6c0e3bf66a8376e5" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Oct 08 03:26:33 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Oct 08 03:26:33 2024 -1000" }, "message": "Remove some certs recently created that ended up not being used\n" }, { "commit": "99dbae29b91f5c36c991474d6c0e3bf66a8376e5", "tree": "7f4d116f03d2472df2dd54d0894f0b633bd48ee5", "parents": [ "cc65c034c2572bc8f8cf880404e6dc6a0bd76cb4" ], "author": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Oct 08 03:11:52 2024 -1000" }, "committer": { "name": "Robert Lazarski", "email": "robertlazarski@gmail.com", "time": "Tue Oct 08 03:11:52 2024 -1000" }, "message": "Use JSK 11 as a compile target since that is what axis2 uses\n" } ], "next": "cc65c034c2572bc8f8cf880404e6dc6a0bd76cb4" }