Releases: ukf/ukf-mda
Add CRDetectingStage
Add a stage to allow detecting CR characters in text, so that we can avoid the SSPCPP-684 issue in the Shibboleth SP.
Upgrade to Shibboleth MDA 0.9.0
This release is compatible with the Shibboleth MDA 0.9.0 release, and terminates the 0.9pre development branch.
Classes which now have equivalents in the upstream API have been removed.
Add NamespacesStrippingStage
v0.8.8 Version 0.8.8
Add SAMLStringElementCheckingStage.
v0.8.7 Version 0.8.7.
Implement EntityAttributeAddingStage
Added EntityAttributeAddingStage.
mdui:IPHint bug fix
Fixes a problem which resulted in an array index out of bounds while validating mdui:IPHint values without a CIDR suffix.
Entity Attribute Filtering
Added EntityAttributeFilteringStage and associated matchers.
Minor bug fixes and updates
- Issue #2: duplicate ODN detector should allow setting naming strategy for clashing entity
- Issue #7: duplicate ODN detector can be fooled by inconsistent case
- Issue #9: allow blank lines in blacklist files
- Issue #10: shorten class names on X.509 validators
- Improved error status messages from X509RSAOpenSSLBlacklistValidator.
More X.509 validators
Added more X.509 certificate validators:
X509CertificateConsistentNameValidatorX509CertificateRSAExponentValidatorX509CertificateRSAOpenSSLBlacklistValidator
Validator beans are now identifiable, initializable, destructable components, in the same way that Stages are.
Validation frameworks and RSA key length checking.
There is a lot of internal refactoring in this release. Only two new classes have been introduced:
X509CertificateValidationStageallows a list of validators to be applied to all X.509 certificates in each item's metadataX509CertificateRSAKeyLengthValidatoris such a validator, which allows warnings or errors to be placed on items using key lengths below the configured thresholds.