Add feature changes.

[shibboleth/cpp-sp.git] / doc / NEWS.txt

Sep 15, 2007
Version 1.3.1

Refresh of branch with numerous bug and portability fixes
Expanded support for more 64-bit platforms (but not Windows)
Auto-detection of Apache version during build
Enhancements to RequestMap to support Host and Path regex matches
Trust engine changes to align behavior with 2.0 release
Optional header spoofing detection by modules
Apache module cleanup, including use of environment variables
Minor logging improvements
FastCGI support

Oct 2, 2006
Version 1.3f

Fix for secadv 20061002

6/15/06
Version 1.3e

Fix for secadv 20060615

4/15/06
Version 1.3d

Support for Apache 2.2, improved autoconf and RPM support
Support for some 64-bit platforms (e.g. x86_64 Linux)
Misc. fixes and small enhancements

12/15/06
Version 1.3c

Updated fix for secadv 20051227
Fixed seldom-used Apache commands
Fixed NSAPI redirects
Included optional ADFS support

11/8/05
Version 1.3b

Updated fix for secadv 20050901
Fixes for bugs involving embedded slashes in RequestMap Paths,
inheritance of handler locations in overridden Applications,
inheritance of Access Control plugins in RequestMap,
creation of per-site script mapping in IIS install

9/1/05
Version 1.3a

Fix for secadv 20050901

7/15/05
Version 1.3

See http://shibboleth.internet2.edu for details of this
new major release.

11/15/04
Version 1.2.1

This release is a fully compatible minor update
to the Shibboleth 1.2.1 release. It addesses problems
and small functional gaps identified since the release
of the previous version.

New features in 1.2
-------------------
Support for the target software on Mac OS X

Improved target RequestMap handling of web sites
running on both http and https.

Bug Fixes
---------
Target build scripts better detect and handle threading
and RPC issues.

Variety of target race conditions and exceptions in RPC
and socket handling.

Bugs in assertion condition handling.

Target RequestMap should ignore query strings.

Fixed the library path in Windows resolvertest batch 
file loader.

Fixed a crash in extkeytool program.

Fixed a file descriptor leak in the IdP.

Fixed a bug that prevented the HS from supporting 
multiple SAML Name Identifier formats.

The attribute resolver now retains the order of attribute 
values obtained from data connectors.

The JDBC Data Connector ignores case when mapping 
sourceName to the attribute name.

Minor udpates to documentation.

Rev'd dependant java libraries (Xerces, Commons Pool, 
Commons DBCP)


-------
4/30/04
Version 1.2

This release represents a fully compatible minor update 
to the Shibboleth 1.0 release, and is considered to be 
ready for production use.

New features in 1.2

Origin
-----------------

Multi-federation support.  Most origin configuration,
including signing credentials and identifiers, can be
overriden depending on the recipient of the assertions.

Simplified application architecture.  Both origins
and targets now reference each other using a single 
identifier called a "provider id".

The Attribute Authority can be configured to answer 
requests with multiple SAML Subject formats, 
increasing interoperability with other SAML-based 
software.

Signing credentials can now be loaded from a variety
of formats, including those commonly used with OpenSSL.

The origin now validates all requests from 1.2+ targets
against federation metadata.

Compatibility with 1.1 targets using a "legacy" or
"default" configuration.

Separate logs are created for errors and transaction 
auditing.

Easier logging configuration.

Support is included for pulling attribute data from SQL 
databases using JDBC.  The JDBC Data Connector includes 
support for conection pooling and prepared statements. 

Mechanism for throttling requests to the Handle Service.  
This improves performance by preventing the server from 
becoming saturated with signing requests. Throttle can
be adjusted based for servers with more than two CPUs.

Support for signatures on all SAML Assertions and 
Responses, which allows for more interoperability
with other SAML-based software and profiles.

Attribute Release Policies can contain match functions 
on attribute values.  This allows the release of specific 
values based on regular expression.

Support has been added to the Attribute Authority for 
using alternate data connectors in the event of a 
failure.

The resolvertest program can now process and enforce 
Attribute Release Policies.

Updated library dependencies, including OpenSAML and XML 
Security, with substantial performance improvements when
signing.

Many important bug fixes


Target
-----------------

New XML-based configuration system supporting runtime
adjustment of many settings and better integration with
supplemental configuration files

Ability to partition deployment into "Applications" at the
vhost, path, or document level

"Lazy" sessions allow applications to redirect browser
to initiate a session, allowing content to decide it
needs authentication or attributes at runtime

Flexible support for multi-federation deployment, including
selection of credentials and authorities based on the request
and the origin site or federation

Support for more types of key and certificate formats

Improved pluggability for many aspects of system, including
access control modules

Clearer trace logging and support for a transaction/audit log

Pooling and caching of HTTP and TLS connections to origins

Support for alternative SAML name formats for intra-enterprise
deployments and better interoperability with SAML products

Support for tailoring attribute query behavior, particularly
non-fatal failure modes for intelligent applications prepared
to deal with missing information

Updated library dependencies, including OpenSAML, Xerces parser,
XML Security, and support for all GCC 3.x compiler versions

Support for Apache 2.0 as well as Apache 1.3 and IIS

Many important bug fixes