All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog
- Dependabot reported security issues fixed.
- Updated API health check details in documentation
- Fixed the CVE-2024-22262 springframework URL Parsing with Host Validation security issue
- updated images in docs folder
- Fixed the CVE-2024-22259 and CVE-2024-22257 security issue
- Upgraded base image due to vulnerability
- unused configuration entries in application.yml are not mandatory (e.g.
app.usersDetails.custodianWalletfor catena-x-ctx profile) - if
testprofile is active then authentication is turned off for the service - files placed to the resources/verifiablecredentials directory are served by the service's web-server as static
resources. If a file has .jsonld extension then correct
Content-Typeis set for it even if extension is missed in URL (e.g. for URL https://{SERVICE_HOST}/context/sd-document-v2210 the file resources/verifiablecredentials/sd-document-v2210.jsonld is returned whileContent-Typeis set toapplication/ld+json) - correct
Content-Typeis set for YAML extension (can beapplication/yamlortext/yaml)
- Updated Spring Boot to 3.2.3 to fix CVE-2024-22234 and CVE-2024-22243
- Provided multi-arch image of sdfactory
- Updated default imagePullPolicy
- Updated probes in values file so that it can be configurable
- Updated ARC42 document notice section
- Updated security context
- Header update in .tractusx file
- Updated installation steps in Install.md
- Fixed the CVE-2023-3635 security issue
- Fixed the CVE-2023-6481 security issue
- Fixed the CVE-2023-33202 security issue
- Fixed veracode security CVE-2023-6378(logback-classic Denial Of Service)
- Upgrade Spring Boot to get rid of CVE-2023-46589 and CVE-2023-34053
- Security fix for bouncycastle which can have DoS issue
- Updated base image
- Updated workflow for helm lint
- helm upgrade workflow fix
- Refactoring SD Factory
- Unification of SDFactory versions for different contexts and MIW
- Added support for FC schema.
- Added type to the subject
- Added BPN to the ServiceOffering subject as it was before
- Updated helm lint
- Disable signing VC
- Added CPU, memory request and limits
- Updated pom.xml
- Removed ghcr.io references and switched to DockerHub
- Removed hostnames from values.yaml
- Added headers in java files
- Updated the workflow to create the image in docker hub
- Added changes for Gaia-x compliance
- Updated the documentation
- Upgraded the guava android library
- Added helm lint in the repository
- Upgraded spring boot library due to security issue
- Added health check endpoint for SD factory
- Changed Code of Conduct
- Added CPU, Memory details
- Added Header in files
- Added Container images section in the README.md file that contains information about the used base image
- Specified runAsUser for the deployment
- Specified USER command in Dockerfile using IDs instead of just name
- Added .tractusx file
- Updated librabries and upgrade spring boot
- Fixed spring security web veracode security by upgrading its version to 6.0.3
- refactoring: removing keycloak-admin, webclient; introducing feign
- Added spring expression 6.0.8
- Spring Boot upgrade to 3.0.5
- Upgrade Spring Boot to 3.0.3
- Upgrade Snakeyaml to 2.0 as 1.33 has security issue
- Readme correction
- Authors.md modification
- Dockerfile modification
- call compliance service after getting the signature for asynchronous processing
- add async support.
- Remove 22.10 API from endpoint
- schema was changed so registrationNumber is an array of documents with type and value fields
- removed support for 22.10 as OpenAPI yaml is buggy and there ara complains from KICS
- Added AUTHORS.md, INSTALL.md file
- Added .helmignore file
- Added service port to values.yaml
- Changed versions & installations steps in Readme
- Changed secrets manifest in secret.yaml
- added a converter to support Trust Framework 22.10 keeping old API v1.0.6
- introduce vavr.io library for neater code
- add support for all versions of Trust Framework in a single project
- rename endpoint path to reflect API version (/api/22.04/selfdescription)
- better error propagation from the Custodian to get more details on an error
- update Spring Boot from 2.7.5 -> 2.7.6
- update springdoc-openapi-ui 1.6.12 -> 1.6.13
- update keycloak-admin-client 19.0.3 -> 20.0.2
- update com.google.protobuf 3.21.9 -> 3.21.11
- update openapi-generator-maven-plugin 6.2.0 -> 6.2.1
- compatibility with Trust Framework V.22.04.
- Better Exception handling
- parameters validation
- new schema of sd documents for TermsOfConditions, PhysicalResource, VirtualResource and InstantiatedVirtualResource
Added helm release, versioning & tagging
- Generate self description for LegalPerson
- Generate self description for ServiceOffering
- Keycloak protection is added
- Generate the controller from the openAPI description
- Update all the used libraries to the latest version
- Change the representation of the consumed content type to application/json
- All smells from SonarQube were fixed
- Moved helm charts from
helm/tocharts
- Controller has been removed