.... OpenID4Java Library - CHANGELOG

========================================================================

This document highlights the major changes in the OpenID4Java library.
Please see the TODO file for outstanding items.

    For the detailed logs please see the commit comments at:
    - http://code.google.com/p/openid4java

20150208:

Security bug fix for URL identifiers comparison - use custom, proper implementation instead of relying on java.net.URL.

20130513:

Notable changes:

Updated API documentation for private/shared association stores.
Add flag and check that shared associations are not accepted as private in direct verification requests.
Don't mandate that a separate userSetupUrl must be provided to the ServerManager, fall-back to the OP endpoint URL.
Shuffled ServerManager.authResponse processing to only raise (some) errors when they affect the response.
Allow specifying a preferred alias when adding an extension.

20120115:

Notable changes:

Fixed XML external entity injection vulnerability when parsing discovery data.
Fixed maven2 dependency declarations for easy inclusion in maven projects.
HttpClient dependency upgraded to 4.2.2.
Google Guice dependency updated to use the current com.google.inject id.
Configurable consumer nonces.
Default HttpCache limited to 1 minute.
Fixed Attribute Exchange handling of unlimited count request.
Fixed JdbcNonceVerifier database cleanup.
Fixed handling of declared preferred association types.
Fixed handling of PAPE custom auth level.

Plus a few minor bugs.

20110413:

Notable changes since the previous release:

HttpClient upgraded to 4.0.
HttpClient is injectable, making Google AppEngine deployments possible.
HttpCache supports configurable TTL.
Attribute Exchange extension parameters are required to be signed.
Java 1.5 for source and distributed bytecode.

And a handful of bug fixes.

20090614:

A number of related specifications have been finalized since the previous
official release in November 2007, and are supported by OpenID4Java:

* OpenID Authentication 2.0
* Attribute Exchange 1.0
* PAPE 1.0

* Java 1.5 binaries are now released; source still compilable with Java 1.4

Under the hood:

* internal XRDS parsing to ensure correct identity data is discovered
* discovery code has been revised to be more robust
* discovery HTTP requests are transparently cached for increased performance
* a minimal set of library dependencies are packaged with the official release
* alternative packages are released with optional / extra functionality
* proxy XRI resolver delegating to the service provided by XRI.net
* local XRI resolver updated to use the latest openXRI 1.2.0 library
* JDBC implementations for nonces and associations stores


20071113:
    - Renamed AuthSuccess.setSignExtension() to AuthSuccess.addSignExtension()
      to better reflect the operation performed.

20071025:
    - Documented Relying Party Discovery requirements; 
      see INSTALL : Relying Party Discovery section

20070913:
    - Improved error reporting and message validation.

20070907:
    - Draft 12 compliant
    - Implemented identifier recycling
    - Implemented return URL validation against endpoints
      discovered from the RP's realm

20070905:
    - Updated to OpenID Attribute Exchange draft 7

20070821:
    - Added support for OpenID Information Cards 1.0, draft 1
    - Added (OpenID-Infocard) DemoRP and InfocardOP sample/demo projects 

20070626:
    - Implemented OpenID Provider Authentication Policy Extension 1.0, draft 1
      http://openid.net/specs/openid-provider-authentication-policy-extension-1_0-01.html

20070530:
    - API change in SRegResponse: method public SRegResponse createFetchResponse(SRegRequest req, Map userData) throws MessageException
      replaced with factory method public static SRegResponse createSRegResponse(SRegRequest req, Map userData) throws MessageException

20070407:
    - Implemented OpenID Simple Registration 1.0 and 1.1

20070403:
    - Added deployable JSP-only Relying Party and OpenID Provider

20070321:
    - Added forward-proxy support for consumers.

20070304:
    - Added logging.

20070212:
    - Message.getDestinationUrl() replaces the following:
        AuthRequest.getRedirectUrl()
        AuthSuccess.getRedirectUrl()
        IndirectError.getReturnTo()

20070208:
    - supports OpenID Attribute Exchange draft 4

20070115:
    - supports OpenID Authentication 2.0 draft 11

20061203: First public release, version 0.9.1.x
    - supports OpenID Authentication 2.0, draft 10:
        http://openid.net/specs/openid-authentication-2_0-10.html
    - supports OpenID Attribute Exhcange 1.0, draft 3
    - (few outstanding spec issues remain)



========================================================================
Copyright 2006-2008 Sxip Identity Corporation

Project home page and package distribution:
  => http://code.google.com/p/openid4java
  => http://code.google.com/p/openid4java/downloads/

For support, please visit the wiki and join the Google Groups!
  => http://groups.google.com/group/openid4java/
  => http://code.google.com/p/openid4java/w/

OpenID
  => http://openid.net/

Released under the Apache License 2.0
  => see LICENSE