[aerogear-dev] AeroGear Security releases and updates

Karel Piwko kpiwko at redhat.com
Mon Aug 12 03:28:54 EDT 2013 

I'm a bit confused here. So does 1.2.1-SNAPSHOT solve incompatibility issues
for Unified Push Server? Or will there be 1.1.3 with PL Beta7 compatible with
stable Unified Push Server as well?

On Fri, 09 Aug 2013 11:21:30 -0300
Bruno Oliveira <bruno at abstractj.org> wrote:

> Good morning peeps, I would like to give to you a heads up to avoid any
> kind of confusion (sorry for the long e-mail). If you are too lazy to
> read the whole e-mail here is the TL;DR:
> 
> Don't make use of AeroGear Security PicketLink 1.1.2/1.2.0 because they
> have critical bugs. Use the snapshot release 1.2.1-SNAPSHOT.
> 
> Some weeks ago AeroGear Security 1.2.0 was released with PicketLink Beta
> 6, Before the released I tested it against AeroGear Controller demo and
> couldn't find any issue.
> 
> Changelog
> 
> - AeroGear Security 1.2.0
> 
>  * [7743790] - Formatting
>  * [85805a4] - POJO is an acronym, should be uppercase
>  * [ee0f8fb] - mention Apache Shiro and Hawk
>  * [b65e403] - bump up to 1.2.0
>  * [a177956] - Adding unit tests for empty passwords and certificates
>  * [7d7e6ed] - [maven-release-plugin] prepare for next development iteration
>  * [c1f8aee] - [maven-release-plugin] prepare release 1.2.0
> 
> - AeroGear Security PicketLink 1.2.0 (PL beta6)
> 
> * [3d1407a] - [maven-release-plugin] prepare for next development iteration
> * [10b05d7] - [maven-release-plugin] prepare release 1.2.0
> * [7c1001f] - Merge branch 'AGSEC-93'
> * [1d84d7d] - Fixing unit tests and ignoring some methods
> * [93ce3f2] - Display the correct OTP login name
> * [98b444f] - Bump up to PicketLink beta6
> 
> After the released we found some compatibility issues with the push
> server and also security issues, so we had to keep the Unified push
> server stable and for this reason was created a branch '1.1.x' on
> AeroGear Security and released 1.1.2 with PicketLink Beta 5.
> 
> Changelog
> 
> - AeroGear Security 1.1.2
> 
>  * [86f1a3c] - [maven-release-plugin] prepare for next development iteration
>  * [271d52e] - [maven-release-plugin] prepare release 1.1.2
>  * [4851dc7] - Equate API release with ag-sec PL to prevent Broken APIs
>  * [df99702] - Merge branch 'password_reset' into 1.1.x
>  * [60b5d1f] - Grab the HTTP status provided by AG Exception
>  * [138ac22] - Message and HTTP status to credential already expired
>  * [29e6ca2] - Exception handling for AeroGear messages
>  * [475ecea] - Some Javadoc would be nice
>  * [6ee19ae] - Inclusion of contracts to revoke roles
>  * [d8afc7d] - Formatting
> 
> - AeroGear Security PicketLink 1.1.2
> 
>   * [091ef0f] - [maven-release-plugin] prepare for next development
> iteration
>  * [c4c0199] - [maven-release-plugin] prepare release 1.1.2
>  * [79abc3c] - Switch to the correct version of AGSec API
>  * [d0e80b0] - Merge branch 'password_reset' into 1.1.x
>  * [8c69551] - Validate if credential has expired
>  * [6eda9ae] - Credential matcher
>  * [9df4cc6] - Validate provided credentials and reset password if
> credentials are valid or already expired
>  * [24ddf34] - Extracting password validation to the credential matcher
>  * [ffc70fd] - Make travis happy with snapshot repository
>  * [bd44bb3] - Update the snapshot release from AGSec
>  * [387e2c2] - Optimizing imports
>  * [a7719f9] - Inclusion of a method to revoke roles to the specified
> user and avoiding a bunch of conditional statements at developers side
>  * [b38185a] - Formatting
>  * [757238c] - Parent POM
>  * [ac321a6] - Bump up to the snapshot release
>  * [4d9e397] - Validate the password expiration
>  * [22e1b7e] - Preparing to release 1.1.1
>  * [d0e339a] - Merge branch 'AGSEC-75'
>  * [4d98c9b] - Fixes NPE from PicketLink when some role can't be found
> 
> Today PicketLink Beta7 was released
> (http://lists.jboss.org/pipermail/security-dev/2013-August/001415.html)
> with the security fixes based on team's feedback and I already deployed
> AeroGear Security 1.2.1 on snapshots.
> 
> Changelog
> 
> - AeroGear Security
> 
>  * [f1900fe] - Removing any dependencies on Resteasy
> 
> - AeroGear Security PicketLink
> 
>  * [393a810] - Update to PicketLink 2.5.0 Beta7
>  * [829ff1a] - Bump up to snapshot release from PicketLink
>  * [99cd2e5] - Fixes the API compatibility broken by PL
> 
> The PicketLink API has changed a lot since Beta5 and some projects
> already received my PR:
> 
> - https://github.com/aerogear/aerogear-unified-push-server/pull/72
> - https://github.com/aerogear/aerogear-controller-demo
> 
> Thanks for your patience and time reading it, 1.2.1 will be released on
> the next week after some feedback.
> 
>

More information about the aerogear-dev mailing list