2.3.1

2.3.1 (2025-09-19)

Merged pull requests:

• Sync #2545 (stevehu)
• Negative Metrics Fix #2542 (KalevGonvick)
• fixes fix cache key #2536 (atmoshaman)
• Fix For Multi Threaded Config Load Race Condition #2540 (KalevGonvick)
• [pre-commit.ci] pre-commit autoupdate #2539 (pre-commit-ci)
• Find IP from system property STATUS_HOST_IP #2534 (atmoshaman)
• fixes #2523 add token_exchange section to client.yml in client-config #2524 (stevehu)
• 2521 metrics handler reporting negative numbers #2522 (KalevGonvick)
• Metrics Handler Cleanup #2520 (KalevGonvick)
• optimize audit handler performance and improve code readability #2518 (KalevGonvick)

2.3.0

2.3.0 (2025-06-25)

Merged pull requests:

• Bump org.postgresql:postgresql from 42.7.5 to 42.7.7 #2515 (dependabot)
• 2513 update token limit config with schema generation #2514 (KalevGonvick)
• TokenHandler + ClientConfig Fix #2512 (KalevGonvick)

Upgrade Guideline:

• This release is built with Java 21.

2.2.2

2.2.2 (2025-06-05)

Merged pull requests:

• 2509 header handler response not working as intended #2510 (KalevGonvick)
• Fix typo by exposing as configuration #2508 (DiogoFKT)
• Sync #2506 (stevehu)
• Change default value of enabled to false and fix a bug #2501 (atmoshaman)
• added new 'schema-generation' profile to toggle schema generation. #2498 (KalevGonvick)
• added header config schema and yaml generation #2496 (KalevGonvick)
• fixes #2489 add two error codes for portal command #2490 (stevehu)
• fixes #2486 add stack trace when server is started #2487 (stevehu)
• moved expect100continue handler to isolated module. #2485 (KalevGonvick)

2.2.1

2.2.1 (2025-03-22)

Merged pull requests:

• JSON Schema & YAML Config Generation Enhancement #2482 (KalevGonvick)
• fixes #2478 update dependency of mysql #2479 (stevehu)
• fixes #2476 update email dependency from javax to jakarta #2477 (stevehu)
• Sync #2475 (stevehu)
• 2473 remaining config conversion #2474 (KalevGonvick)
• 2469 client config module refactor #2472 (KalevGonvick)
• 2467 multi module schema generation #2468 (KalevGonvick)
• 2463 add configuration schema generation to basic config #2466 (KalevGonvick)
• 2459 mirroredtypeexceptions occur when using config generator annotations #2465 (stevehu)
• 2459 mirroredtypeexceptions occur when using config generator annotations #2461 (stevehu)
• MirroredTypeException Fix #2460 (KalevGonvick)
• 2452 create config file generator so configurations are always in sync with the pojo #2458 (stevehu)
• Added metrics attachment for handler execution. #2454 (KalevGonvick)

2.2.0

2.2.0 (2025-02-12)

Merged pull requests:

• Sync #2455 (stevehu)
• fixes #2450 update cache manager to make sure it only initialized once #2451 (stevehu)
• fixes #2448 move the cache manager creation to the instance variable … #2449 (stevehu)
• fixes #2446 refactor the key logic in the token-limit handler #2447 (stevehu)
• Sync #2445 (stevehu)
• sync to master PR #2444 (stevehu)
• fixes #2442 Add date conversion in DateUtil #2443 (stevehu)
• fixes #2440 update the email to eml to extract the email from the token #2441 (stevehu)
• fixes #2438 add email and host into the auditInfo in jwt verifier #2439 (stevehu)
• including header for application/json responses #2435 (DiogoFKT)
• Token limit cache implementation #2429 (stevehu)
• fixes #2419 update rule loader and implement rule actions for FGA #2420 (stevehu)
• fixes #2417 add eid entity id to the constants and shorten some const… #2418 (stevehu)
• fixes #2415 add an abstract isSkipAuth abstract method #2416 (stevehu)
• fixes #2413 update rule actions with new IAction interface #2414 (stevehu)
• fixes #2411 add email and elm constants #2412 (stevehu)
• fixes #2409 add several constants for token creation in oauth-kafka #2410 (stevehu)
• fixes #2407 Add a method in Util to parse the attributes in jwt token #2408 (stevehu)
• fixes #2004 update CorsHandler to add some trace statements #2405 (stevehu)
• fixes #2402 Do not put the cert into the certMap and check the finger… #2403 (stevehu)

2.1.38

2.1.38 (2024-11-30)

Merged pull requests:

2.1.37

2.1.37 (2024-09-20)

Merged pull requests:

• fixes #2345 Fix the transformer matching with encoding #2346 (stevehu)
• fixes #2343 Trim the encoding for req res tranformer interceptors #2344 (stevehu)
• fixes #2341 Dynamic loading jwk with kid is not working if multiple s… #2342 (stevehu)
• fixes #2339 allow the req or res body encoding to be customized per p… #2340 (stevehu)
• fixes #2337 update req/res transformer interceptor to handle the erro… #2338 (stevehu)
• fixes #2334 make convertEnvVars configurable to work with lower case … #2335 (stevehu)

Upgrade Guide

For this release, we have deprecated openapi-security.yml, graphql-security.yml, and hybrid-security.yml. Going forward, all JWT and SWT-related configurations should be centralized in a single security.yml file.

Important Changes for Users with Framework-Specific Security Configurations

If you have framework-specific security properties defined in values.yml, you’ll need to update these properties by removing the framework prefix (openapi-, graphql-, or hybrid-) and using only security as the prefix.

For example, if you previously had the following property in your values.yml file:

openapi-security.enableVerifyJwt: false

You should update it to:

security.enableVerifyJwt: false

This update simplifies configuration management by unifying security settings under a single security.yml file.

---

2.1.36

2.1.36 (2024-08-27)

Merged pull requests:

• fixes #2330 update response tranformer interceptor to use explicit UT… #2331 (stevehu)
• fixes #2328 refactor the security handlers to return status or null #2329 (stevehu)
• fixes #2325 security-config/src/main/resources/config/security.yml #2326 (stevehu)
• fixes #2323 Make status code 401 if the token kid cannot find jwk #2324 (stevehu)
• fixes #2321 2.1.35 introduced a new issue in the jwt verification #2322 (stevehu)

2.1.35

2.1.35 (2024-08-17)

Merged pull requests:

• fixes #2317 update transformer interceptor to avoid NPEfor logging #2318 (stevehu)
• fixes #2315 make the request response transformer body encoding confi… #2316 (stevehu)
• fixes #2313 Adding trace logging for response interceptor injection h… #2314 (stevehu)
• fixes #2311 resolve client, user, address rate limit without prefix d… #2312 (stevehu)
• fixes #2308 resolve a memory leak issue in the rate-limit handler #2309 (stevehu)
• fixes #2306 refactor security config to use only security.yml #2307 (stevehu)
• fixes #2304 Add constants for light-hybrid-4j #2305 (stevehu)
• fixes #2302 move the unified-config and unified-security from light-r… #2303 (stevehu)
• fixes #2300 handler needs to escape the double quotes in the status d… #2301 (stevehu)
• Add unsupported content-type status code #2299 (david0)
• fixes #2297 Deprecate MrasHandler and SalesforceHandler #2298 (stevehu)
• fixes #2295 Need to filter the jwks with use=sig for getJsonWebKeyMap #2296 (stevehu)
• fixes #2293 retrieve jwk will work with or without use sig in the res… #2294 (stevehu)
• fixes #2291 only the use=sig jwk will return from the retrieveJwk #2292 (stevehu)
• fixes #2289 Add a method to check if the jwt token has scopes in Jwt… #2290 (stevehu)
• fixes #2287 -Dlight-4j-config-password is not working for AutoAESSalt… #2288 (stevehu)
• fixes #2284 change the jwk cache object to single JsonWebKey #2285 (stevehu)
• fixes #2282 update dependences for some modules that depending on htt… #2283 (stevehu)
• fixes #2280 rollback the jwt issuer and verifier with local jks files #2281 (stevehu)
• fixes #2277 move MapUtil to light-4j utility module #2278 (stevehu)
• Merged Traceability & Correlation Handler #2273 (KalevGonvick)
• fixes #2270 remove dependency of json-schema-validator #2271 (stevehu)
• fixes #2267 return 413 response code if request body is too big #2268 (stevehu)
• fixes #2265 SidecarPathPrefixServiceHandler never calls put attachment #2266 (stevehu)

2.1.34

2.1.34 (2024-06-22)

Merged pull requests:

• fixes #2262 implement an admin endpoint to explore the cache manager #2263 (stevehu)
• fixes #2260 Update tlsVersion to TLSv1.3 by default in client.yml fro… #2261 (stevehu)
• fixes #2256 Move JwtVerifier and SwtVerifier to security-config #2257 (stevehu)
• fixes #2253 add a new error code to status.yml to indicate Lambda to … #2254 (stevehu)
• fixes #2251 make CONFIG_NAME public in RouterConfig and move the toke… #2252 (stevehu)
• fixes #2249 merge token-config to router-config #2250 (stevehu)
• fixes #2247 create router-config module to share with light-lambda-na… #2248 (stevehu)
• fixes #2244 add request and response to the keysToNotSort in info.yml #2245 (stevehu)
• fixes #2242 Move the PathTemplateMatcher to utility #2243 (stevehu)
• fixes #2240 double check the metrics handler instance in the injectio… #2241 (stevehu)
• Issue2236 #2239 (stevehu)
• fixes #2236 update basic-auth.yml to disable the handler by default #2237 (stevehu)
• fixes #2233 rollback the method overwritten rule to pattern matching … #2234 (stevehu)
• fixes #2231 Router rewriteMethod property does not work with path prefix #2232 (stevehu)
• fixes #2229 Add httpClient to PathPrefixAuth to cache the client inst… #2230 (stevehu)
• fixes #2227 move PathPrefixAuth to config module to share with Lambda #2228 (stevehu)
• fixes #2225 update request and response transformer to remove underto… #2226 (stevehu)
• fixes #2223 remove the cache.yml from the src resource of caffeine-cache #2224 (stevehu)
• fixes #2221 update MrasHandler to create a new client instance per re… #2222 (stevehu)
• fixes #2219 upgrade to http-client 1.0.10 with Jwt class change #2220 (stevehu)
• fixes #2217 split to token-config and sidecar-config modules to share… #2218 (stevehu)
• fixes #2215 Fix a bug in the request transformer interceptor #2216 (stevehu)
• fixes #2213 split rule-loader config from rule-loader module #2214 (stevehu)
• fixes #2211 split request response transformer config to separate mod… #2212 (stevehu)
• fixes #2209 update MrasHandler to set keepalive timeout to 10 seconds #2210 (stevehu)
• fixes #2207 replace light-4j client to http-client for ldap-util #2208 (stevehu)
• fixes #2205 remove ldap dependency from basic-config #2206 (stevehu)
• fixes #2203 Split basic-config module for basic-auth to share with la… #2204 (stevehu)
• fixes #2201 split apikey-config into a separate module to share with … #2202 (stevehu)
• [pre-commit.ci] pre-commit autoupdate #2200 (pre-commit-ci)
• fixes #2198 log the error response from downstream API in external se… #2199 (stevehu)
• fixes #2196 split common code to metrics-config to share with light-l… #2197 (stevehu)