Skip to content

Releases: CyberSource/cybersource-sdk-java

cybersource-sdk-java-6.2.15

29 May 10:08
Compare
Choose a tag to compare

Changes:

  • Applied masking on password in logs

cybersource-sdk-java-6.2.14

04 Apr 14:41
Compare
Choose a tag to compare

Changes:

  • Removed unnecessary dependencies
  • Upgraded outdated versions

cybersource-sdk-java-6.2.13

16 Aug 09:51
Compare
Choose a tag to compare

Modified the CYBS P12 certificate's CN name verification to case insensitive.

cybersource-sdk-java-6.2.12

15 Jul 09:48
Compare
Choose a tag to compare

Mitigation of Apache WSS4j Security Vulnerability (CVE-2016-1000343, CVE-2018-1000180).

  • Updated Apache wss4j version from 1.6.19 to 2.4.1
  • Updated dependent libraries version. (xmlsec from 1.5.6 to 2.3.0, bcprov-jdk15on from 1.61 to 1.70)

cybersource-sdk-java-6.2.11

21 May 06:54
Compare
Choose a tag to compare

Changes in 6.2.11 release

1)Exception handling improvement.
2)Upgrading Apache's basic http client functionality.
3)Upgrading org.apache.httpcomponents:httpclient:4.5.11 to org.apache.httpcomponents:httpclient:4.5.13 because of CVE-2020-13956 vulnerability.
4)ReadMe changes for meta key support.
5)Http request retry is added in case of HttpPoolingClient when 'javax.net.ssl.SSLException:Connection reset' exception is thrown(specific to jdk8u251 & + version refer this https://bugs.openjdk.java.net/browse/JDK-8214339)
6)Separate out connection and socket timeout prop. Right now both are set via timeout property in case of jdk HttpUrlConnectiona and Apache basic http client.

cybersource-sdk-java-6.2.10

18 May 11:24
Compare
Choose a tag to compare

Changes:
1)Added PoolingHttpClientConnection implementation (note: recommended default value for socket timeout is 130000 (in ms) )

2)MerchantConfig Object Caching based on KeyAlias/Merchant Id

3)Changed retry interval from second to millisecond

4)Added one more request header "v-c-client-computetime" to calculate time taken to send request to Cybersource

5)Added troubleshooting section in README.

cybersource-sdk-java-6.2.9

14 Apr 18:49
Compare
Choose a tag to compare

corrected the header name

cybersource-sdk-java-6.2.8

18 Feb 14:47
Compare
Choose a tag to compare

Changes:
1)Added request header and logged request and response headers.
2)Caching of certificate is done using keyAlias earlier it was done using merchant_id.

For javadoc please check here https://repo1.maven.org/maven2/com/cybersource/cybersource-sdk-java/6.2.8/cybersource-sdk-java-6.2.8-javadoc.jar

cybersource-sdk-java-6.2.7

10 Jun 11:58
Compare
Choose a tag to compare
  1. Fixed security vulnerabilities found in the jar dependencies.
    xmlsec jar :-upgraded from version 1.4.3 to version 1.5.6
    opensaml jar :- Removed this jar as its not impacting our code base
    bcprov jar :- upgraded from version 1.54 to version 1.61
  2. Fixed keyfile password issue. Now using keyfile password to store/load p12 certs.

cybersource-sdk-java-6.2.6

19 May 11:21
Compare
Choose a tag to compare
  1. Added certificateCacheEnabled optional feature. certificateCacheEnabled parameter is set to false (default is true), the p12 certificate of a merchant will be reloaded from filesystem every time a transaction is made.If the certificateCacheEnabled is true then only at the first time certificate of a merchant will loaded from filesystem.

  2. Introduced a new feature to check merchant .p12 certificate file validity at run time. If it is replaced at runtime then SDK will reload the new certificate into the cache.