Skip to content

Releases: Waffle/waffle

Waffle 3.5.0

23 Sep 00:07
Compare
Choose a tag to compare
  • Drop support for tomcat 8.5 which ended support as previously noted with release 3.4.0
  • Correct spring boot filter 2 logback usage
  • Fix module name in spring boot 3
  • Move demo servlet spec to 4
  • Add fallback for caffeine cache in case where service loader fails to work
  • Bump site to 2.0 (ie doxia 2)
  • Update dependencies and plugins

Waffle 3.4.0

07 May 00:43
Compare
Choose a tag to compare
  • Requires java 11
  • Add tomcat 11 support
  • Jetty 12 for both javax (ee8) and jakarta (ee10)
  • Shiro 2.0 support

See https://github.com/Waffle/waffle/blob/master/CHANGELOG.md for details.

Waffle 3.3.0

26 Mar 04:54
Compare
Choose a tag to compare

Support for spring security 6 and spring boot 3.

See https://github.com/Waffle/waffle/blob/master/CHANGELOG.md for details.

Waffle 3.2.0

25 Oct 12:44
Compare
Choose a tag to compare

Waffle 3.1.1 Release

20 Dec 02:31
Compare
Choose a tag to compare

See https://github.com/Waffle/waffle/blob/master/CHANGELOG.md for details.

This release is just library patches over 3.1.0 to ensure log4j2 / logback vulnerabilities do not show in the tree at all.

Waffle 2.3.0 Release

25 Nov 19:52
Compare
Choose a tag to compare
  • Introduction of waffle-tomcat10 module
  • Introduction of waffle-jna-jakarta module for usage with jakarta package rename direct usage
  • #956: Fix DelegatingNegotiateSecurityFilter @cmolodo - Fixes #453

Release 2.2.0 line started at 2.2.1 (see notes)

27 Jan 04:10
Compare
Choose a tag to compare

2.2.1 (1/26/2020)

  • Fixed checkstyle configuration that failed 2.2.0 release.

2.2.0 (not released)

  • Security Check in tomcat valves performs a redirect to servletPath when successful. This is not required to finish the chain and causes an underlying error when servletPath returns empty string. This redirect has been removed.
  • Negotiate Check in tomcat valves performs half the necessary negotiation which is resulting in popup to log into windows. By catching the negotiation result and forcing a redirect to error page as intended (similar to security check), the browser and tomcat are able to successfully negotiate the communication without unnecessary popup to the user. Note that first request will still require popup to get data primed but all subsequent after logging out and back in save the hit.
  • Added logback to demos. It was defined and confirmed but not setup.
  • Cleanup documentation
  • Dependency updates
  • Add build environment entries to jar, source, and war modules
  • Add JPMS automatic module naming throughout
  • Moved onto Spring boot 2.2.x (no compatibility changes over 2.1.x)
  • Moved onto Spring 5.2.x (no compatibility changes over 5.1.x)
  • Fix sonar issues including prevention of XML entity attacks and other security related items
  • Fix spring boot modules as JNA alignment was broken

Waffle 2.1.0 Release

15 Sep 06:36
Compare
Choose a tag to compare

Waffle 2.1.0 Release

  • Remove obsolete tomcat8 from project - use tomcat 85 as a direct replacement
  • Correctly align spring boot 2 starter to spring security 5 module
  • Many library updates
  • Restored site distribution to github io pages

Waffle 2.0.0 release with recent release notes

29 Jun 16:47
Compare
Choose a tag to compare

2.0.0 (6/27/2019)

  • Dependency Updates
  • Stabalized Release

2.0.0-beta2 (2/6/2019)

  • Add spring boot demos to distro
  • Add spring boot and spring security 5 modules to distro
  • Dependency Updates

2.0.0-beta1 (12/31/2018)

  • JNA 5.2.0 support (breaking internal changes resulting in beta release for waffle)
  • Dependency Updates
  • Pom rework / cleanup
  • Changes
    • [#649] (#649): Bring dependencies up-to-date including JNA 5.x breaking changes @hazendaz.

1.9.1 (7/1/2018)

  • Documentation Updates
  • Added some tests for NegotiateSecurityFilter
  • Added test for new class waffle.util.CorsPreflightCheck
  • Add ability to disable SSO through servlet config parameter.
  • Added check for DELETE action in isNtlmType1PostAuthorizationHeader as IE will strip the body on challenge.
  • Resume filter chain when not in a windows environment
  • Changes
    • #631: Added excludeBearerAuthorization and excludeCorsPreflight #627@pedroneil.
    • #636: DisableSso flag, Delete option, skip when running on non windows [@MoreHeapSpace}(https://github.com/MoreHeapSpace)

Waffle 1.9.0

03 Jun 16:59
b5d2d0d
Compare
Choose a tag to compare
  • Documentation Updates

  • Version Updates

  • Sonar / Coverity Cleanup

  • Spring boot support

  • Spring / Spring Security 5 support

  • Breaking changes

    • Requires Java 8+
    • Dropped Tomcat 6 and Spring 3 modules
    • Moved servlet on Examples to servlet 4.0
    • Replaced guava with caffeine for caching
    • All remainder guava usage uses standard java routines
  • Changes