2.3.3

2.3.3 (2026-02-19)

Merged pull requests:

• Additional Refactor For Token Exchange Handler #2668 (KalevGonvick)
• Token-Transformer Plugin & Token-Exchange Merge #2661 (KalevGonvick)
• Issue2637 #2644 (stevehu)

Upgrade Guide:
For this release, we have removed some deprecated methods from Http2Client in the client module to reduce the risk of connection leakage. If you are using Http2Client, please migrate to the SimpleConnectionPool. The following are some reference documents for this migration. If you are using any coding agent, you can use the attached skill simplepool-migration.md

• Migration Guide
• Http2Client Documentation
• SimplePool Design
  simplepool-migration.md

2.3.2

2.3.2 (2026-02-02)

Merged pull requests:

• fixes #2633 Add a test case in rate-limit to test config auto reload #2634 (stevehu)
• fixes #2631 add pathPrefixes config property to set up path prefix ba… #2632 (stevehu)
• Issue2619 #2629 (stevehu)
• Config Schema Generator Refactor #2625 (KalevGonvick)
• Remaining Cloud Event Stubs #2624 (KalevGonvick)
• DAAHP-1186 #2621 (stevehu)
• Cloud Event Stub Support #2610 (KalevGonvick)
• ip-whitelist generation #2600 (KalevGonvick)
• Limit Config Schema Generator Fix #2597 (KalevGonvick)

2.3.1

2.3.1 (2025-09-19)

Merged pull requests:

• Sync #2545 (stevehu)
• Negative Metrics Fix #2542 (KalevGonvick)
• fixes fix cache key #2536 (atmoshaman)
• Fix For Multi Threaded Config Load Race Condition #2540 (KalevGonvick)
• [pre-commit.ci] pre-commit autoupdate #2539 (pre-commit-ci)
• Find IP from system property STATUS_HOST_IP #2534 (atmoshaman)
• fixes #2523 add token_exchange section to client.yml in client-config #2524 (stevehu)
• 2521 metrics handler reporting negative numbers #2522 (KalevGonvick)
• Metrics Handler Cleanup #2520 (KalevGonvick)
• optimize audit handler performance and improve code readability #2518 (KalevGonvick)

2.3.0

2.3.0 (2025-06-25)

Merged pull requests:

• Bump org.postgresql:postgresql from 42.7.5 to 42.7.7 #2515 (dependabot)
• 2513 update token limit config with schema generation #2514 (KalevGonvick)
• TokenHandler + ClientConfig Fix #2512 (KalevGonvick)

Upgrade Guideline:

• This release is built with Java 21.

2.2.2

2.2.2 (2025-06-05)

Merged pull requests:

• 2509 header handler response not working as intended #2510 (KalevGonvick)
• Fix typo by exposing as configuration #2508 (DiogoFKT)
• Sync #2506 (stevehu)
• Change default value of enabled to false and fix a bug #2501 (atmoshaman)
• added new 'schema-generation' profile to toggle schema generation. #2498 (KalevGonvick)
• added header config schema and yaml generation #2496 (KalevGonvick)
• fixes #2489 add two error codes for portal command #2490 (stevehu)
• fixes #2486 add stack trace when server is started #2487 (stevehu)
• moved expect100continue handler to isolated module. #2485 (KalevGonvick)

2.2.1

2.2.1 (2025-03-22)

Merged pull requests:

• JSON Schema & YAML Config Generation Enhancement #2482 (KalevGonvick)
• fixes #2478 update dependency of mysql #2479 (stevehu)
• fixes #2476 update email dependency from javax to jakarta #2477 (stevehu)
• Sync #2475 (stevehu)
• 2473 remaining config conversion #2474 (KalevGonvick)
• 2469 client config module refactor #2472 (KalevGonvick)
• 2467 multi module schema generation #2468 (KalevGonvick)
• 2463 add configuration schema generation to basic config #2466 (KalevGonvick)
• 2459 mirroredtypeexceptions occur when using config generator annotations #2465 (stevehu)
• 2459 mirroredtypeexceptions occur when using config generator annotations #2461 (stevehu)
• MirroredTypeException Fix #2460 (KalevGonvick)
• 2452 create config file generator so configurations are always in sync with the pojo #2458 (stevehu)
• Added metrics attachment for handler execution. #2454 (KalevGonvick)

2.2.0

2.2.0 (2025-02-12)

Merged pull requests:

• Sync #2455 (stevehu)
• fixes #2450 update cache manager to make sure it only initialized once #2451 (stevehu)
• fixes #2448 move the cache manager creation to the instance variable … #2449 (stevehu)
• fixes #2446 refactor the key logic in the token-limit handler #2447 (stevehu)
• Sync #2445 (stevehu)
• sync to master PR #2444 (stevehu)
• fixes #2442 Add date conversion in DateUtil #2443 (stevehu)
• fixes #2440 update the email to eml to extract the email from the token #2441 (stevehu)
• fixes #2438 add email and host into the auditInfo in jwt verifier #2439 (stevehu)
• including header for application/json responses #2435 (DiogoFKT)
• Token limit cache implementation #2429 (stevehu)
• fixes #2419 update rule loader and implement rule actions for FGA #2420 (stevehu)
• fixes #2417 add eid entity id to the constants and shorten some const… #2418 (stevehu)
• fixes #2415 add an abstract isSkipAuth abstract method #2416 (stevehu)
• fixes #2413 update rule actions with new IAction interface #2414 (stevehu)
• fixes #2411 add email and elm constants #2412 (stevehu)
• fixes #2409 add several constants for token creation in oauth-kafka #2410 (stevehu)
• fixes #2407 Add a method in Util to parse the attributes in jwt token #2408 (stevehu)
• fixes #2004 update CorsHandler to add some trace statements #2405 (stevehu)
• fixes #2402 Do not put the cert into the certMap and check the finger… #2403 (stevehu)

2.1.38

2.1.38 (2024-11-30)

Merged pull requests:

2.1.37

2.1.37 (2024-09-20)

Merged pull requests:

• fixes #2345 Fix the transformer matching with encoding #2346 (stevehu)
• fixes #2343 Trim the encoding for req res tranformer interceptors #2344 (stevehu)
• fixes #2341 Dynamic loading jwk with kid is not working if multiple s… #2342 (stevehu)
• fixes #2339 allow the req or res body encoding to be customized per p… #2340 (stevehu)
• fixes #2337 update req/res transformer interceptor to handle the erro… #2338 (stevehu)
• fixes #2334 make convertEnvVars configurable to work with lower case … #2335 (stevehu)

Upgrade Guide

For this release, we have deprecated openapi-security.yml, graphql-security.yml, and hybrid-security.yml. Going forward, all JWT and SWT-related configurations should be centralized in a single security.yml file.

Important Changes for Users with Framework-Specific Security Configurations

If you have framework-specific security properties defined in values.yml, you’ll need to update these properties by removing the framework prefix (openapi-, graphql-, or hybrid-) and using only security as the prefix.

For example, if you previously had the following property in your values.yml file:

openapi-security.enableVerifyJwt: false

You should update it to:

security.enableVerifyJwt: false

This update simplifies configuration management by unifying security settings under a single security.yml file.

---

2.1.36

2.1.36 (2024-08-27)

Merged pull requests:

• fixes #2330 update response tranformer interceptor to use explicit UT… #2331 (stevehu)
• fixes #2328 refactor the security handlers to return status or null #2329 (stevehu)
• fixes #2325 security-config/src/main/resources/config/security.yml #2326 (stevehu)
• fixes #2323 Make status code 401 if the token kid cannot find jwk #2324 (stevehu)
• fixes #2321 2.1.35 introduced a new issue in the jwt verification #2322 (stevehu)