You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by dk...@apache.org on 2019/10/31 14:36:06 UTC
[ws-wss4j] 05/07: Added tag for 1.5.5-RC2
This is an automated email from the ASF dual-hosted git repository.
dkulp pushed a commit to annotated tag 1_5_5
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
commit 97723197d0b384db093a845eaf3b3ba61d5e6113
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Jan 14 18:37:18 2009 +0000
Added tag for 1.5.5-RC2
---
ChangeLog.txt | 30 +++++++++++++++--
contrib/wss4j-release.sh | 87 ++++++++++++++++++++++++++++++++++++++++++++++++
pom.xml | 3 +-
3 files changed, 116 insertions(+), 4 deletions(-)
diff --git a/ChangeLog.txt b/ChangeLog.txt
index db778eb..09ab5c4 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -9,18 +9,33 @@ Release 1.5.5
=============
** Bug
+
* [WSS-42] - java.lang.NoClassDefFoundError: org/apache/xml/security/encryption/XMLEncryptionException
+ * [WSS-60] - Problems when SOAP envelope namespace prefix is null
+ * [WSS-62] - the crypto file not being retrieved in the doReceiverAction method for the Saml Signed Token
+ * [WSS-86] - CryptoBase.splitAndTrim does not take into account the format of a DN constructed by different providers
+ * [WSS-87] - CryptoBase.getAliasForX509Cert(String, BigInteger) fails when issuer string contains OIDs
* [WSS-94] - Security Breach : The client certificate signature is not verified if the serial number is known in the keystore
+ * [WSS-111] - Some work on UsernameToken derived keys
* [WSS-121] - Bug in default value for SAML issuer class property
* [WSS-126] - SignatureProcessor:verifyXMLSignature method - Crypto object can have null values in the following scenario but it throws an Exception if the Crypto object is null
+ * [WSS-127] - No way of signing with UsernameToken without sending the password
* [WSS-129] - Couple places where "cause" of WSSecurityException not set
* [WSS-133] - Method and variable misspellings fixed
* [WSS-140] - WSSecEncryptedKey produces EncryptedKey element with invalid Id attribute
* [WSS-141] - handleUsernameToken gives too much information. Can be used to deternine if a username exists or not
* [WSS-142] - We ship opensaml 1.0.1 even though we use opensaml 1.1 in maven
* [WSS-149] - AbstractCrypto requires org.apache.ws.security.crypto.merlin.file to be set and point to an existing file
+ * [WSS-151] - Password type in UsernameToken not deserialized correctly
+ * [WSS-152] - Problem with processing Username Tokens with no password type
+ * [WSS-153] - Signature confirmation of multiple signatures doesn't work
+
** Improvement
+
+ * [WSS-79] - Compatibility issue with weblogic wsse
* [WSS-85] - Better exception handling in the crypto (e.g. no e.printStackTrace())
+ * [WSS-110] - Add OSGi entries to jar manifest.
+ * [WSS-118] - Support for SAML 1.1 SecurityTokenReferences in /org/apache/ws/security/processor/DerivedKeyTokenProcessor
* [WSS-122] - Some fixes for the website
* [WSS-123] - 1.5.4 requires opensaml jar, older versions did not
* [WSS-125] - Upgrade BouncyCastle version
@@ -30,13 +45,24 @@ Release 1.5.5
* [WSS-138] - Add Nabble to site mailing list page
* [WSS-145] - Problem in upgrading to xml-sec 1.4.2
* [WSS-150] - Upgrade to XALAN 2.7.1
-* New Feature
+ * [WSS-154] - Allow WSSConfig injection in WSHandler and improve WSSConfig for injection of Processors instances
+
+** New Feature
+
* [WSS-23] - no way to programmatically set crypto.properties
-* Task
+
+** Task
+
* [WSS-124] - Get maven dependencies pushed to central
* [WSS-132] - TestWSSecurityX509v1 failing
* [WSS-144] - Remove tab characters from WSS4J files
+** Wish
+
+ * [WSS-75] - remove dependency on xalan because it gets in the way of trax resolution
+ * [WSS-91] - carriage return/line feed in the security header
+
+
Release 1.5.4
=============
diff --git a/contrib/wss4j-release.sh b/contrib/wss4j-release.sh
new file mode 100755
index 0000000..531e8e6
--- /dev/null
+++ b/contrib/wss4j-release.sh
@@ -0,0 +1,87 @@
+#!/bin/sh
+#
+# Copyright (c) The Apache Software Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+if [ -z "${WSS4J_SRC_ROOT}" ]
+then
+ echo "Assuming WSS4J source tree is the CWD..."
+ WSS4J_SRC_ROOT=.
+fi
+if [ -z "${WSS4J_VERSION}" ]
+then
+ WSS4J_VERSION=SNAPSHOT
+ echo "Setting WSS4J_VERSION to ${WSS4J_VERSION}"
+fi
+if [ -z "${WSS4J_STAGE_ROOT}" ]
+then
+ WSS4J_STAGE_ROOT=/tmp/$(id -u -nr)/stage_wss4j/${WSS4J_VERSION}
+ echo "Setting WSS4J_STAGE_ROOT to ${WSS4J_STAGE_ROOT}"
+fi
+if [ -z "${M2_REPO}" ]
+then
+ M2_REPO=$HOME/.m2/repository
+ echo "Setting M2_REPO to ${M2_REPO}"
+fi
+#
+# set up the staging area
+#
+rm -rf ${WSS4J_STAGE_ROOT}
+mkdir -p ${WSS4J_STAGE_ROOT}/dist
+mkdir -p ${WSS4J_STAGE_ROOT}/maven/org/apache/ws/security/wss4j/${WSS4J_VERSION}
+#
+# Build and stage the distribution using ant
+#
+cd ${WSS4J_SRC_ROOT}
+ant clean
+ant dist || exit 1
+cp -r dist/* ${WSS4J_STAGE_ROOT}/dist
+#
+# Build and stage through maven; copy the Jartifact built by Maven to the dist
+# Since we build and test with ant, we use the ant-built JAR as the version of
+# the artifact we'll use in maven.
+#
+# All this will get fixed when we move to maven throughout.
+#
+mvn clean || exit 1
+mvn -Prelease,jdk14 install || exit 1
+mkdir -p ${WSS4J_STAGE_ROOT}/maven/org/apache/ws/security/wss4j/
+cp -r ${M2_REPO}/org/apache/ws/security/wss4j/${WSS4J_VERSION} ${WSS4J_STAGE_ROOT}/maven/org/apache/ws/security/wss4j
+cp -f ${WSS4J_STAGE_ROOT}/build/wss4j-${WSS4J_VERSION}.jar ${M2_REPO}/org/apache/ws/security/wss4j/${WSS4J_VERSION}
+#
+# Sign and hash the release bits
+#
+cd ${WSS4J_STAGE_ROOT}/dist
+for i in *
+do
+ gpg --detach-sign --armor $i
+ gpg --verify $i.asc
+done
+cd ${WSS4J_STAGE_ROOT}/maven/org/apache/ws/security/wss4j/${WSS4J_VERSION}
+for i in *
+do
+ gpg --detach-sign --armor $i
+ gpg --verify $i.asc
+done
+for i in *.jar *.pom
+do
+ md5 -q $i > $i.md5
+done
+#
+# Build the web site
+#
+cd ${WSS4J_SRC_ROOT}
+mvn site || exit 1
+cp -r target/site ${WSS4J_STAGE_ROOT}/site
+
diff --git a/pom.xml b/pom.xml
index 66d9cc6..b417255 100644
--- a/pom.xml
+++ b/pom.xml
@@ -7,8 +7,7 @@
<artifactId>wss4j</artifactId>
<packaging>bundle</packaging>
<name>WSS4J</name>
- <!-- <version>1.5.4</version> -->
- <version>1.5.5-SNAPSHOT</version>
+ <version>1.5.5-RC2</version>
<description>
Apache WSS4J is an implementation of the Web Services Security
(WS-Security) being developed at OASIS Web Services Security TC.