securityfilter-announce Mailing List for SecurityFilter
Brought to you by:
chris_schultz,
maxcooper
Menu
▾
▴
securityfilter-announce — Security Filter Announcements list
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(2) |
Sep
(1) |
Oct
|
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
(1) |
Feb
(1) |
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
| 2004 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: <sec...@li...> - 2004-01-26 12:12:11
|
This is an alpha release that includes "remember me" functionality. Please see the securityfilter-rememberme.war application for an example (configuration details, etc.) of how to use this functionality. This is an alpha release, so please use caution when considering it for use in a production environment. This release passes the automated tests for all the functionality in previous releases, but there are no tests yet for the "remember me" functionality. It also passes new tests for cookie-less users (a feature added in this release), and may be worth upgrading if support for usage without cookies is an immediate concern. A full release with "remember me" functionality and cookie-less user support is coming soon. Changes in Release 2.0-alpha1, 2004-Jan-26: =========================================== * Fixed URL-rewriting to support session persistence without cookies. http://sourceforge.net/tracker/index.php?func=detail&aid=734184&group_id=59484&a tid=491164 * New DTD for version 2.0. form-default-page is now required in form-login-config. Added "remember me" elements. * Added "remember me" functionality. See securityfilter-rememberme.war for an example of how to add this feature to an application. Thanks for your interest, The SecurityFilter Team |
|
From: <sec...@li...> - 2003-10-26 03:09:31
|
securityfilter-1.1 released NOTES: The securityfilter-1.1 release adds BASIC authentication support that was not available in previous (non-beta) releases. A number of functionality-related bugs have been fixed as well. This release does not have any major security-vulnerability fixes in it when compared to securityfilter-1.0.1. There is one minor fix related to invalidating the session if the user is logged in and then logs in as a different user in the same session (see http://sourceforge.net/tracker/index.php?func=detail&aid=824791&group_id=59484&atid=491164). If you are happy with the functionality of securityfilter-1.0.1 and the session invalidation issue is not a problem, there is little reason to upgrade. Users of previous versions (pre-1.0.1) should upgrade to securityfilter-1.1 for maximum security, however. CHANGES: Release 1.1, 2003-Oct-25 ======================== * Session is now invalidated if the user spontaneously logs in again as a different user. The session is kept if they login as the same user. http://sourceforge.net/tracker/index.php?func=detail&aid=824791&group_id=59484&atid=491164 * Query string parameters on <form-login-page> and <form-error-page> URIs is now supported. http://sourceforge.net/tracker/index.php?func=detail&aid=783697&group_id=59484&atid=491164 * Fixed classloader issue that was causing problems on Tomcat + JBoss 3.x: http://sourceforge.net/tracker/index.php?func=detail&aid=770075&group_id=59484&atid=491164 Release 1.1-b1, 2003-Jul-15 =========================== * Added support for BASIC authentication scheme. * User is compeletely logged out of the system on a logout request even when using BASIC Authentication scheme. This feature has not been implemented in any J2EE Application server known so far. This feature has been tested on Orion 1.5.2 (which implements "Servlet 2.3 public final draft" but not "Servlet 2.3 specification") and Weblogic 6.1 SP3. This feature is useful for developers using Orion 1.5.2. Thank you for using and supporting the SecurityFilter project! |
|
From: <sec...@li...> - 2003-07-15 11:31:04
|
securityfilter-1.1-b1 released Notes: ------ This release adds support for the BASIC authentication method. This is a beta release. The final 1.1 release will be available soon. Changes: -------- * Added support for BASIC authentication scheme. * User is compeletely logged out of the system on a logout request even when using BASIC Authentication scheme. This feature has not been implemented in any J2EE Application server known so far. This feature has been tested on Orion 1.5.2 (which implements "Servlet 2.3 public final draft" but not "Servlet 2.3 specification") and Weblogic 6.1 SP3. This feature is useful for developers using Orion 1.5.2. Thanks for your interest, The SecurityFilter Team |
|
From: <sec...@li...> - 2003-03-30 12:35:04
|
This release includes a fix for matching UTF-encoded request URLs. It is recommended that all users of SecurityFilter update their applications to fix this security vulnerability. Please see the project home page for complete details: http://www.securityfilter.org/ Click here for downloads: http://sourceforge.net/project/showfiles.php?group_id=59484&release_id=149720 Thanks for your interest, The SecurityFilter Team |
|
From: <sec...@li...> - 2003-02-07 12:14:20
|
This release represents the efforts of SecurityFilter developers and user community to produce a production-ready, stable release of the SecurityFilter project. SecurityFilter is a filter-based replacement for J2EE container-managed security. This release fixes a few minor bugs from the last beta release (1.0-b5). This is the securityfilter-1.0 release. Please see the project home page for complete details: http://www.securityfilter.org/ Click here for downloads: https://sourceforge.net/project/showfiles.php?group_id=59484&release_id=138588 Thanks for your interest, The SecurityFilter Team |
|
From: <sec...@li...> - 2003-01-06 06:17:05
|
Version 1.0-b5 of SecurityFilter has been released! It is recommended that all users of previous versions upgrade to this release for increased security and reliability. NOTES: This release fixes a number of bugs, security issues, and Servlet-spec compliance bugs. CHANGES: * Fixed sort order for "exact" pattern types: http://sourceforge.net/tracker/index.php?func=detail&aid=661261&group_id=594 84&atid=491164 * The default mapping / is now supported. This url-pattern will be tried last and will match any request: http://sourceforge.net/tracker/index.php?func=detail&aid=656697&group_id=594 84&atid=491164 * Matching is now tighter for j_security_check. If the request URI ends in "/j_security_check", that is a match: http://sourceforge.net/tracker/index.php?func=detail&aid=650835&group_id=594 84&atid=491164 * Requests for the login page and login error page are now allowed, even if the URL would otherwise be restricted by a security constraint: http://sourceforge.net/tracker/index.php?func=detail&aid=650833&group_id=594 84&atid=491164 * Old session is now invalidated when a user re-authenticates. The session is saved through an unauthenticated/authenticated transition, but is invalidated through an authenticated/authenticated transition: http://sourceforge.net/tracker/index.php?func=detail&aid=620772&group_id=594 84&atid=491164 * SecurityFilter now encodes URLs on redirects: https://sourceforge.net/tracker/index.php?func=detail&aid=655221&group_id=59 484&atid=491164 * Fixed pattern matching thread safety issues: http://sourceforge.net/tracker/index.php?func=detail&aid=650697&group_id=594 84&atid=491164 * Fixed pattern matching issues, including resolving patterns to the root of the URI: http://sourceforge.net/tracker/index.php?func=detail&aid=638556&group_id=594 84&atid=491164 * Changed regular expression library from Jakarta-Regexp to Jakarta-ORO. A performance simulation test indicated that Jakarta-ORO Perl5 expressions offer the best performance for this application. The old implementation was verified to fail in multi-threaded environments, and the new implementation technique has proven to be thread-safe. -Max SecurityFilter.org |
|
From: <sec...@li...> - 2002-09-14 12:11:53
|
Project Description: SecurityFilter is intended for use by Java Web application developers. It provides robust security and automatic authentication services for Web applications. It mimics the behavior and configuration format of container-managed security, but has several important advantages that make it an ideal solution for single-context, public Web sites, or when it is necessary or simply desirable to avoid the server configuration hassles and portability issues associated with container-managed security. Project Home Page: http://securityfilter.sourceforge.net/ Release Notes: This is a minor release that adds support for using the local copy of the securityfilter-config.xml DTD. This eliminates the need to access the DTD from the internet for increased reliability and for servers behind a restrictive firewall. Download: http://sourceforge.net/project/showfiles.php?group_id=59484 -Max |
|
From: <sec...@li...> - 2002-08-15 10:34:39
|
This new release adds <http-method> element and Servlet spec-compliant <url-pattern> matching order support. It also fixes some bugs that caused errors on WebLogic and other containers. Please see the project home page for SecurityFilter information: http://securityfilter.sourceforge.net Release 1.0-b2 can be downloaded from: http://sourceforge.net/project/showfiles.php?group_id=59484&release_id=10533 8 |
|
From: <sec...@li...> - 2002-08-09 12:01:50
|
The first public release of the securityfilter project is now available for download. Please visit the Files page to download: http://sourceforge.net/project/showfiles.php?group_id=59484&release_id=10429 2 |
