Releases: CyberSource/cybersource-sdk-java
cybersource-sdk-java-6.2.15
Changes:
- Applied masking on password in logs
cybersource-sdk-java-6.2.14
Changes:
- Removed unnecessary dependencies
- Upgraded outdated versions
cybersource-sdk-java-6.2.13
Modified the CYBS P12 certificate's CN name verification to case insensitive.
cybersource-sdk-java-6.2.12
Mitigation of Apache WSS4j Security Vulnerability (CVE-2016-1000343, CVE-2018-1000180).
- Updated Apache wss4j version from 1.6.19 to 2.4.1
- Updated dependent libraries version. (xmlsec from 1.5.6 to 2.3.0, bcprov-jdk15on from 1.61 to 1.70)
cybersource-sdk-java-6.2.11
Changes in 6.2.11 release
1)Exception handling improvement.
2)Upgrading Apache's basic http client functionality.
3)Upgrading org.apache.httpcomponents:httpclient:4.5.11 to org.apache.httpcomponents:httpclient:4.5.13 because of CVE-2020-13956 vulnerability.
4)ReadMe changes for meta key support.
5)Http request retry is added in case of HttpPoolingClient when 'javax.net.ssl.SSLException:Connection reset' exception is thrown(specific to jdk8u251 & + version refer this https://bugs.openjdk.java.net/browse/JDK-8214339)
6)Separate out connection and socket timeout prop. Right now both are set via timeout property in case of jdk HttpUrlConnectiona and Apache basic http client.
cybersource-sdk-java-6.2.10
Changes:
1)Added PoolingHttpClientConnection implementation (note: recommended default value for socket timeout is 130000 (in ms) )
2)MerchantConfig Object Caching based on KeyAlias/Merchant Id
3)Changed retry interval from second to millisecond
4)Added one more request header "v-c-client-computetime" to calculate time taken to send request to Cybersource
5)Added troubleshooting section in README.
cybersource-sdk-java-6.2.9
corrected the header name
cybersource-sdk-java-6.2.8
Changes:
1)Added request header and logged request and response headers.
2)Caching of certificate is done using keyAlias earlier it was done using merchant_id.
For javadoc please check here https://repo1.maven.org/maven2/com/cybersource/cybersource-sdk-java/6.2.8/cybersource-sdk-java-6.2.8-javadoc.jar
cybersource-sdk-java-6.2.7
- Fixed security vulnerabilities found in the jar dependencies.
xmlsec jar :-upgraded from version 1.4.3 to version 1.5.6
opensaml jar :- Removed this jar as its not impacting our code base
bcprov jar :- upgraded from version 1.54 to version 1.61 - Fixed keyfile password issue. Now using keyfile password to store/load p12 certs.
cybersource-sdk-java-6.2.6
-
Added certificateCacheEnabled optional feature. certificateCacheEnabled parameter is set to false (default is true), the p12 certificate of a merchant will be reloaded from filesystem every time a transaction is made.If the certificateCacheEnabled is true then only at the first time certificate of a merchant will loaded from filesystem.
-
Introduced a new feature to check merchant .p12 certificate file validity at run time. If it is replaced at runtime then SDK will reload the new certificate into the cache.