v5.7.3

New Features:

• added <static/> to serve static content
• added <shadowing/> which can mirror HTTP traffic to a second backend
• added <replace> with JSON path support, see examples/message-transformation
• <oAuth2Server> with <jwtBearerToken/> will now correctly serve the public part of the key on the jwks_uri used to sign the access tokens
• support for <ssl keyAlias="..."/>

Upgrades:

• dependency upgrades

Improvements:

• refactored SSL handling
• added examples/ssl/api-with-tls-pem demonstrating using Membrane with PEM formatted certificates and keys

v5.7.1

Features:

• Added configurable path to OTLP exporter: <otlpExporter host="demo.example.com" path="/demo" .../>

Fixes:

• upgraded dependencies

v5.7.0

Features:

• add additional headers and HTTPS to OtlpExporter
• add OpenAPI metadata to OTLP spans
• precompile SpEL expressions

v5.6.0

Improvements:

• fixed rewriting for OpenAPI handling in <apiDocs/>
• added <api test="..."> attribute, which can be used to arbitrary expressions. The expression must be true for the rule to match.
• improved debug output for <acme><azureTableStorage>
• <oauth2AuthorizationServer> now supports <jwtBearerTokens/>
• <oauth2AuthorizationServer> now supports <refresh><jwtBearerTokens/>
• dependency upgrades

Fixes:

• fixed deserialization of errors in <acme> (avoiding order flood)

v5.5.4

Improvements:

• <openapi><rewrite>: fixed test, added example
• added weight() function to support 80%-20%-routing of HTTP requests

Fixes:

• <oauth2Resource2/>: fixed calling endSessionEndpoint

v5.5.3

Features:

• added support for JSON greasing, see also examples/greasing.
• added support for combining <openapi> with <rewrite>, see examples/rewriter/openapi.
• Added compatibility for HTTP in OtlpExporter
• added <setProperty> interceptor to simplify several groovy workarounds
• support complex proxy match rules (WIP)

Fixes:

• #1119 NullPointerException during OpenAPI response header validation
• dependency upgrades
• OAuth2: Fixed error on logout after stale session callback

v5.5.2

Improvements:

• added <memcachedSessionManager cookiePrefix="..."/> to support multiple Membrane instances using MemcacheD as session storage
• added <flowInitiator logoutBeforeFlow="true" /> attribute
• added <openapi> response header validation

Fixes:

• upgraded several dependencies
• fixed some examples using external services
• fixed <openapi><rewrite> logic
• fixed <openapi> response validation with status code 204

v5.5.1

Fixes:

• fixed automatic release to Docker Hub: docker run predic8/membrane

v5.5.0

Changelog

• Added useXForwardedForAsClientAddr Flag to <accessControl>
  • Allows the last entry in X-Forwarded-For header

v5.4.1

Improvements:

• added option <openapi validateSecurity="yes"> to be able to selectively disable OpenAPI security validation (not advised ;-)
• added support for OpenID Connect RP-Initiated Logout 1.0, which will log the user out at the Authorization Server, if the server supports it

Fixes:

• upgraded dependencies

Unfortunately, the Docker Image build process is currently broken: predic8/membrane:5.4.1 is therefore not working at the moment. Please build your own Docker image in the mean time.