Releases · JanssenProject/jans (original) (raw)
nightly
What's Changed
- chore: revert nightly by @moabu in #14069
- fix(jans-cedarling): fix race condition in shutdown by @SafinWasi in #14076
- docs: add JARM doc by @ossdhaval in #13969
- docs(OIDC feature): created documentation for CIBA #4733 by @yuriyz in #14077
- fix(jans-auth-server): added request_uri validation in AuthorizeAction.getRequestedClaims by @yuriyz in #14086
- fix(config-api):audit endpoint changes by @pujavs in #14027
- fix(jans-cedarling): problem with normalizing token iss by @olehbozhok in #14084
- fix: remove gradle/wrapper/gradle-wrapper.jar from android projects by @duttarnab in #14089
- perf(jans-cedarling): optimize string types, logging path and entity serialization by @dagregi in #14090
- fix(jans-cedarling): remove outdated fields in Cedarling docs by @olehbozhok in #14096
- fix(jans-auth-server): escaped postLogoutUri in EndSessionUtils by @yuriyz in #14103
- fix(docs): OIDC consent by @ossdhaval in #14017
- fix(jans-fido2): align surefire JUnit engine version with jans-bom by @imran-ishaq in #14085
- feat(jans-cedarling): reject non-HTTPS issuer URLs at JWT fetch by @tareknaser in #14102
- perf(jans-cedarling): replace RwLock with ArcSwap to reduce lock contention by @dagregi in #14108
- fix(jans-auth-server): added validation for sector_identifier_uri in RedirectionUriService by @yuriyz in #14111
- fix(docs): fix incorrect placeholder by @ossdhaval in #14118
- feat(jans-cedarling): Synchronize JWT bootstrap defaults & enforce strict validation as default by @olehbozhok in #14098
- chore: avoid reloading attributes per user retrieval by @jgomer2001 in #14121
- feat(jans-cedarling): add CEDARLING_JWT_STATUS_LIST_REFRESH_INTERVAL_MAX bootstrap property by @olehbozhok in #14106
- ci: publish to PYPI by @moabu in #14116
- docs: add lost OpenSearch plugin entry by @jgomer2001 in #14129
- feat(jans-fido2): add Fido2MetricsConstants unit tests by @imran-ishaq in #14095
- fix: correct urls in Chart.yaml and README by @misba7 in #14146
- feat(jans-auth-server): how to test interception scripts? - sample unit test and docs #12663 by @yuriyz in #14147
- fix(cloud-native): regression after k8s python client upgraded to v36 by @iromli in #14157
- chore(cloud-native): update OCI image dependencies by @iromli in #14159
- ci: SLSA L3 by @moabu in #14152
- feat(jans-cedarling): warn at startup when JWT sig or status validation is disabled by @tareknaser in #14141
- feat(cedarling): Support static bearer token presentation for Lock Server API authorization by @yurem in #14151
- feat(cedarling): update cedarling-java build by @yurem in #14161
- refactor(jans-cedarling): replace explicit MemoryLogger eviction with SparKV earliest-expiration policy by @haileyesus2433 in #14162
- feat(jans-cedarling): remove wheel dependency from sidecar by @SafinWasi in #14125
- feat(jans-auth-server): added User Info JWT to Token Status List #14007 by @yuriyz in #14163
- feat: sync test-cases and README of java binding as per new policy store by @duttarnab in #14165
- perf(jans-cedarling): reduce clones through Arc sharing by @dagregi in #14173
- fix(jans-cedarling): disable token cache when max TTL is zero by @pradhankukiran in #14166
- fix(jans-pycloudlib): check if combined multi-parts secret already a valid JSON string by @iromli in #14183
- fix: improve OpenSSF scorecard security posture by @mo-auto in #14187
- fix(cloud-native): update pycloudlib to handle invalid multi-parts secret by @iromli in #14191
- feat(jans-lock): update integration with jans-lock and add integration tests by @yurem in #14169
- feat(jans-fido2): add JUnit 5 coverage for UserMetricsUpdateRequest DTO by @imran-ishaq in #14138
- feat(jans-fido2): fix test dependecies by @yurem in #14196
- feat(jans-cedarling): cap HTTP response body size on every remote fetch by @tareknaser in #14168
- chore: sync tarp with the latest cedarling changes by @duttarnab in #14182
- chore(jans-cedarling): improve wasm optimization build flags by @olehbozhok in #14202
- fix(jans-fido2): align AppleAttestationProcessorTest mocks with getAp… by @imran-ishaq in #14198
- ci: publish Java artifacts to GitHub Packages + Releases (jenkins offboarding A) by @mo-auto in #14199
- ci: repoint artifact consumers off jenkins/maven.jans.io to GitHub (offboarding B) by @mo-auto in #14210
- build: migrate Maven deps off jenkins/maven.jans.io to Central + Packages (offboarding B3) by @mo-auto in #14212
- test(jans-fido2): add JUnit 5 coverage for Fido2MetricsData DTO by @imran-ishaq in #14139
- fix(ci): build cedarling uniffi native lib in build-test (unblock nightly) by @mo-auto in #14218
- docs: refactor navigation for quick start guides by @ossdhaval in #14216
- ci: chain nightly/release pipeline via workflow_run (offboarding C) by @mo-auto in #14215
- fix(ci): publish agama-inbound jar so the auth-server image can build by @mo-auto in #14228
- fix(ci): clean leftover draft nightly releases before recreating by @mo-auto in #14229
- fix(docker-fido2): retry external cert/MDS downloads to survive transient errors by @mo-auto in #14230
- fix(docker-fido2): make FIDO MDS TOC seed download best-effort by @mo-auto in #14232
- docs(jans-cedarling): fix per-file trusted-issuer format by @tareknaser in #14209
- fix: treat secret as in rfc4226 by @jgomer2001 in #14237
- ci(jans-cedarling): upgrade OPA version by @SafinWasi in #14241
- feat(jans-fido2): add Fido2UserMetrics rate-calculation unit tests by @imran-ishaq in #14193
- Update ExternalResourceOwnerPasswordCredentialsService.java by @ayushjain0702 in #14149
- fix(cedarling-flask-sidecar): regenerate uv.lock to sync python-dotenv specifier by @mo-auto in #14250
- ci(docker): split all-in-one into post-matrix job, exclude shibboleth from build_all by @mo-auto in #14252
- feat(jans-cedarling): make Cedar schema optional by @olehbozhok in #14214
- feat(jans-cedarling): updating policies from URL by ttl by @haileyesus2433 in #14174
- feat(jans-cedarling): Cedarling PostgreSQL Extension by @haileyesus2433 in #13856
- ci(docker): pass JANS_SOURCE_VERSION as build-arg from current commit SHA by @mo-auto in #14269
- fix(jans-auth-server): p-256 signature happens with X or Y curve being less than 32 bytes, breaking RFC 7518 §6.2.1.2 by @ayushjain0702 in #14256
- ci: run the Java integration test-suite on GitHub against AIO (jenkins offboarding D) by @mo-auto in #14225
- fix(cloud-native): unable to generate auth keys by @iromli in #14275
- ci: remove docker-jans-monolith (jenkins offboarding E) by @mo-auto in #14277
- ci: final jenkins.jans.io / maven.jans.io reference cleanup (jenkins offboarding F) by @mo-auto in #14314
- test(jans-auth-server): improved ECDSAPublicKeyTest by @ayushjain0702 in #14317
- ci: drop the last jenkins.jans.io reference (offboarding follow-u...
v2.1.0
2.1.0 (2026-05-12)
Features
- add ability in tarp to use the details of client already regist… (#14008) (fdb7edb)
- add opensearch-cedarling plugin (#13921) (e0ee855)
- add terraform and terraform JWT implementations with cedarling opa (#13988) (0ea4187)
- added SimpleUser class wrapper (#13986) (05e040b)
- cloud-native: create archived public keys in jansArchJwk table (#13928) (577a372)
- cloud-native: map fido2-metrics READ scope to admin role (#14046) (281dab0)
- jans-auth-server: improved Invalid Request message for Authorization Endpoint #2775 (#14004) (667f096)
- jans-auth-server: removed arquillian server side tests which are old and duplicates client tests checks (#14057) (c287a6b)
- jans-auth-server: removed arquillian server side tests which are old and duplicates client tests checks #14056 (c287a6b)
- jans-cedarling: add automatic jwks key rotation (#13956) (ee1efbf)
- jans-cedarling: add benchmarks for cedarling binding platforms (#13985) (9705689)
- jans-cedarling: add cedarling_opa plugin functionality (#13861) (57f3fe8)
- jans-cedarling: implement collecting and sending telemetry for the lock server (#13787) (1ee8912)
- jans-cedarling: implement sending health checks to the lock server (#14023) (cb1a9a2)
- jans-cli-tui: create TUI client with SSA (#13923) (554bf00)
- jans-fido2: make Apple WebAuthn root CA subject DN configurable (#13737) (16e7a46)
- jans-linux-setup: map fido2-metrics READ scope to admin role (used in admin ui) by default (#14040) (5eb5ebb)
- jans-orm: allow to persist JSONObject (#13939) (dbd7ae6)
- jans-tarp: UI/UX improvement in jans-tarp (#13995) (069e29f)
Bug Fixes
- auth code flow not working in incognito mode (#14053) (8a78926)
- cloud-native: audit log filter returns entries beyond the specified end date (#14006) (f5e1e8a)
- config-api: audit log filter returns entries beyond the specified end date (#13920) (dc1bcc3)
- config-api: lock stats endpoint not working (#13925) (d86a77e)
- docs: fix broken links (#13958) (bc6ecaf)
- jans-auth-server: "unknown" in consent screen #13868 (#14014) (33a3747)
- jans-auth-server: added nested jwt into JWE for address claim tests #13895 (#13922) (67a1787)
- jans-auth-server: corrected tests execution on jenkins for LogoutStatusJwtHttpTest (#13899) (e138eec)
- jans-auth-server: migrated encryption tests to use nested jws to reflect changes on AS side #13895 (#13972) (dc5a4ce)
- jans-cedarling: add request timeouts to outbound HTTP clients (#14003) (a1b4975)
- jans-cedarling: swap unmaintained serde_yml and add cargo-audit CI (7fd5cb9)
- jans-cedarling: use local build instead of assets for sidecar (#13944) (2236015)
- jans-cli-tui: client authorization algs (#14019) (cd3998a)
- jans-cli-tui: omit missing properties for asset mappings (#13934) (cb1a96c)
- jans-cli-tui: some scripts are missing for clients (#13983) (bded1b4)
- jans-fido2: implement processAaidEntry to store AAID-keyed TOC e… (#13993) (889f05c)
- jans-fido2: implement processAaidEntry to store AAID-keyed TOC entries in metadata map (889f05c)
- jans-linux-setup: install MySQL from official repo for Debian 13 (#13945) (4d040eb)
- opensearch-cedarling plugin compilation (#13954) (fe7014f)
v2.0.0
2.0.0 (2026-04-22)
Features
- add download cert functionality to plugin (#13200) (c681a63)
- add separate httproute for each service (#13583) (50504cb)
- charts: make Gateway ports configurable and support Gateway in janssen helm chart (#12995) (583b64c)
- charts: support gateway api in janssen-aio (#12907) (f5077ae)
- client certificate authentication casa plugin (#12927) (6d80354)
- cloud-native: add subchart for Gateway API conformant implementation (#13415) (8be2875)
- cloud-native: add support for gRPC bridge (#13094) (2cbc23b)
- cloud-native: enable TLSv1.3 in java.security file (#13166) (f41f3d3)
- cloud-native: manage disableExternalLoggerConfiguration config key in persistence (#13191) (353e815)
- cloud-native: quickstart for compose-based janssen all-in-one deployment (#13750) (790df76)
- cloud-native: support for additional schema files (#13011) (ac78d8b)
- cloud-native: upgrade jetty to v12.1.8 (#13805) (24cc50e)
- cloud-native: upgrade jmx prometheus agent library (#13809) (ade6b0f)
- cloud-native: use admin-ui policy store from cjar file (#13604) (9278b2d)
- condition gateway resource creation and customized section names (23b990d)
- conditional gateway resource creation and customized section names (#13551) (23b990d)
- config-api: client operation for clientSecret and removed unused dependency (#13572) (5c8ed0d)
- core: fix deps2 (#12965) (19ad682)
- correct the jans_assets scopes names (#13025) (02409e4)
- customizable log target and level for root logger (#13671) (859de27)
- fix release tag (5323032)
- introduce roundTripMaxTime config property (#13009) (e5ab6dc)
- jans-auth-server: Added configurable rate limiting for authentication endpoints to prevent brute-force attacks #12664 (#12868) (7a5f846)
- jans-auth-server: added support for X-Forwarded-Tls-Client-Cert for Traefik proxy #13467 (#13678) (a34d4d9)
- jans-auth-server: harden allowed schemes for redirects #13423 (#13429) (e5e1bf9)
- jans-auth-server: log failed authentication in jans-auth INFO logging #13248 (#13404) (9e2b94f)
- jans-auth-server: sanitized log in AuthenticationService #12958 (#12959) (ba21b2f)
- jans-auth-server: Support OAuth Client ID Metadata Document (CMID) #13220 (#13519) (06bdcd3)
- jans-auth-server: support X-Forwarded-Client-Cert header #13444 (#13446) (3a717da)
- jans-auth-server: upgradeв implementation to latest AuthZEN (Jan 2026) #12363 (#13077) (ff72ecb)
- jans-auth: add HttpServletRequest producer to produce bridge (#13103) (a015fc9)
- jans-auth: servletLoggingFilter should support filter async (#13102) (5810ed7)
- jans-cedarling: add C bindings support (#13542) (a871e1c)
- jans-cedarling: add custom linter for inefficient string concatenation (#13164) (46d7b50)
- jans-cedarling: add policy metadata introspection API (#13588) (93d1737)
- jans-cedarling: add python bindings policy metadata introspection API (#13634) (e32009a)
- jans-cedarling: Add TrustedIssuerLoadingInfo methods to the bindings (#13565) (5a42659)
- jans-cedarling: align UniFFI and Java authorize_unsigned with optional RequestUnsigned.principal (#13840) (c0ae216)
- jans-cedarling: Implement disabling file checksum validation using configuration (#13424) (e5a992a)
- jans-cedarling: implement using Lock server with gRPC protocol (#13237) (781d5cf)
- jans-cedarling: New interface to Push Data (#13231) (cb286ea)
- jans-cedarling: Remove authorization method based on user principals (#13538) ([a744d68](https://github.com/JanssenProject/jans/commit...
v1.16.0
1.16.0 (2026-01-22)
Known Issues
Installing the AIO helm chart may result in the config-api service not working with 500s. This is mainly because the chart is passing the admin-ui plugin which shouldn’t be passed in the charts.
Fix:
In the values.yaml pass plugins: "fido2,scim,user-mgt" removing the admin-ui
References:
Features
- charts: make Gateway ports configurable and support Gateway in janssen helm chart (#12995) (583b64c)
- charts: support gateway api in janssen-aio (#12907) (f5077ae)
- client certificate authentication casa plugin (#12927) (6d80354)
- cloud-native: add feature to update config-api scopes sync from template (#12909) (17d0462)
- cloud-native: support for additional schema files (#13011) (ac78d8b)
- config-api: feature wise admin scope for endpoints (#12736) (a02118e)
- core: fix deps2 (#12965) (19ad682)
- core: merge logging changes from gluu4 (#12871) (1fabadb)
- correct the jans_assets scopes names (#13025) (02409e4)
- introduce roundTripMaxTime config property (#13009) (e5ab6dc)
- jans-auth-server: Added configurable rate limiting for authentication endpoints to prevent brute-force attacks #12664 (#12868) (7a5f846)
- jans-auth-server: sanitized log in AuthenticationService #12958 (#12959) (ba21b2f)
- jans-auth: remove old jackson2 dependency (#12886) (31e31cf)
- jans-cli-tui: additional config-api parameters (#12914) (819a206)
- jans-cli-tui: remove Admin-UI plugin (#12893) (28a40a0)
- jans-config-api: change in process of accessing config-api endpoints in Admin UI (#12983) (7b984ee)
- jans-core: remove tika-core from jackrabbit-core deps (#12960) (75fa989)
- jans-core: removed FILE script type (48b8080)
- jans-core: removed FILE script type #12997 (#12998) (48b8080)
- jans-linux-setup: flex update requirements (#12985) (a9eb502)
- jans-linux-setup: introduce Mako templating engine (#13054) (1b904a9)
- jans-linux-setup: update the renamed scopes in role-to-scope mapping (#12899) (ec72a0f)
- jans-pycloudlib: add support for user session-level postgres schema selection (#12889) (b8cc3ab)
- jans-tarp: implement Cedar-Policy-Aware AI Agent Scaffolding in jans-tarp (#12806) (6e1646a)
- orm: add method to check data after entry update (#12873) (03a48e7)
- send 403 - Forbidden error code in response if Admin UI requests Config API with expired session. This will indicate to Admin UI to logout. (#13022) (a2701ae)
- update the renamed scopes in role-to-scope mapping (ec72a0f)
Bug Fixes
- admin-ui: failed logout on tarp (#12882) (6e4be8a)
- AdminUICookieFilter should not be called in Jans installation (#13041) (2f2675f)
- cloud-native: set restrictive file permissions on SQL property files containing credentials (#12901) (280b2f7)
- config-api: client secret getting encrypted (#12930) (7b73e80)
- docker-jans-cloudtools: add type validation for --limit parameter (#12946) (4fdd2dd)
- docs: add PostgreSQL-related commands to Docker install quick start (#13032) (ad0147d)
- docs: broken links in Authorization Endpoint (#12243) (#12745) (42225c6)
- docs: fix linting issues - trailing spaces and EOF newline (#12879) (734f644)
- docs: fix linting issues - trailing spaces and EOF newline (#12859) (05683c2)
- docs: Set CEDARLING_JWT_SIG_VALIDATION to "disabled" (#12917) (c4665b4)
- docs: update contribution guide, jans README, and Docker Compose… (#12990) (4887ac7)
- fix build error (#13040) (97d5cf0)
- fix error in signing firefox extension for self distribution (#13053) (22ec96f)
- jans-auth-server: fix build after dependencies upgrade (tika) #12971 (#12972) ([43acf6a](https://github.com/JanssenProject...
v1.15.0
1.15.0 (2025-12-19)
Features
- cloud-native: add ability to run persistence to update entries (#12760) (4fab8b1)
- cloud-native: add support for enabling/disabling Casa admin console (#12771) (376237b)
- config-api: User search by mobile number not functioning and Swagger API schema changes (#12704) (63c9c98)
- demo: mcp server for Janssen config api (#12778) (dd1930b)
- jans-auth-server: allow to run update token scripts universally (even if it's not assigned to client) #12837 (#12844) (1946606)
- jans-auth-server: introduced interception script for tx_tokens #8376 (#12724) (a1d9d23)
- jans-auth-server: introducing interception script for tx_tokens (a1d9d23)
- jans-auth-server: make sessions time check configurable for high latency environments when defaultPromptLogin=true #12802 (#12821) (ebea173)
- jans-auth-server: upgraded status list implementation to latest draft 13 (from 02) #10097 (#12783) (f045fba)
- jans-cedarling: Multi-issuer authorization feature for Cedarling (#12503) (334a235)
- jans-config-api: configuration changes to handle clientSecret in response (#12847) (2738d91)
- jans-fido2: added the final fixes and calls to the metrics-func… (#12800) (aca7ea9)
- jans-fido2: added the metrics aggregations and analytics (#12405) (9d80cda)
- jans-pycloudlib: add support for connecting to cloudsql via cloud auth proxy (#12788) (192c071)
- orm: add mysql-socket dependecy (#12824) (30ece77)
- orm: add postgres-socket-factory (#12827) (f99adc1)
- terraform-provider: add agama and config data sources (#12855) (e9fea40)
Bug Fixes
- config-api: error message not indicating exact cause that SP name already exists (#12830) (2189ef4)
- config-api: user birthday not displayed when fetched #12799 (#12803) (a1e3b6d)
- docker-jans-persistence-loader: preserve the order of columns when creating the table (#12818) (a8790f4)
- docs: align Cedarling docs file naming and structure with navigation (#12710) (3e76bab)
- docs: fix linting issues - trailing spaces and EOF newline (#12731) (6f84f97)
- docs: fix linting issues - trailing spaces and EOF newline (#12849) (6f1837d)
- docs: fix linting issues - trailing spaces and EOF newline (#12758) (b7b0d02)
- docs: fix linting issues - trailing spaces and EOF newline (#12766) (89bc4dc)
- docs: fix linting issues - trailing spaces and EOF newline (#12835) (37c20f9)
- docs: fix linting issues - trailing spaces and EOF newline (#12840) (917e56f)
- docs: fix linting issues - trailing spaces and EOF newline (#12843) (2377415)
- docs: Set CEDARLING_JWT_SIG_VALIDATION to "disabled" (#12854) (7873d25)
- docs: update PostgreSQL installation command (#12709) (502d0db)
- docs: updated Cedarling Intro Diagram (#12738) (d6b9f40)
- failed authentication is not handled in jans-tarp (#12721) (4bdfb0e)
- git package is not installed during execution of startjanssenmonolithdemo script (#12725) (c29cbab)
- jans-auth-server: ExternalTokenExchangeService.externalValidate returns null instead of result (#12809) (470badd)
- jans-auth-server: ExternalTokenExchangeService.externalValidate() returns null instead of result #12804 (470badd)
- jans-auth-server: put in access_token and id_token jwt only explicitly requested and allowed claims (#12848) (a19d82d)
- jans-cedarling: Add LSP support for Cedarling python errors bindings (#12807) (033e792)
- jans-cedarling: Improve caching JWT tokens to make it more deterministic (#12797) (c9dc41a)
- jans-cedarling: Update cedarling initialization to run with no trusted issuer (#12455) (4cf1bf2)
- jans-cli-tui: hide passwords in log files (#12795) (a881a6f)
- jans-cli-tui: sort user claims (#12755) ([ac255bd](ac255bd3663...
v1.14.0
1.14.0 (2025-11-18)
Features
- changes in endpoints used in Admin UI for cedarling integration (#12652) (458abbb)
- cloud-native: add policy store file for admin-ui and cedarling integration (#12659) (621e303)
- core: allow to reuse cluster node services (#12506) (a1f56c9)
- core: update jython to v2.7.4 (#12394) (2776762)
- implement token cache (#12687) (88d8e89)
- jans-auth-server: adding interception script for PAR #10556 (#12334) (7027c1c)
- jans-config-api: rest endpoint specifications for Cedarling integration in Admin UI (#12388) (7d4f3f2)
- jans-linux-setup: Admin UI and Cedarling integration (#12572) (a3f75eb)
- jans-linux-setup: jans-lock-cedarling custom lib (#12590) (4ffb47a)
- jans-lock: audit server actions (#12588) (dcb2fbd)
- jans-lock: log audit status (#12600) (e726a9e)
Bug Fixes
- cloud-native: add missing jans-lock policy (#12402) (7c3f0b6)
- cloud-native: escape special characters used in database credentials (#12565) (1501723)
- cloud-native: unable to decode cedar policy schema base64 (#12631) (2fb4c26)
- config-api: agama deployment metadata type fix for deployment (#12374) (6dd0db3)
- docs: add contact email address for CLA contributions (#12684) (108356e)
- docs: autogenerate docs (#12656) (ada29b2)
- docs: broken link in the Run integration tests #12233 (#12274) (8076bf1)
- docs: correct broken link in prompt create page (#12399) (b485d89)
- docs: correct broken links in External Libraries documentation (#12540) (a812b53)
- docs: fix broken link in client-registration.md (#12545) (e67dcae)
- docs: fix broken link with revision and testing (#12539) (257597d)
- docs: fix link of cedarling in a javascript app (#12593) (d72c853)
- docs: fix link of Cedarling Rust Developer Guide (#12592) (2250afb)
- docs: fix link of Client Registration scripts link (#12591) (dae2ca5)
- docs: fix link of Token Endpoint (#12685) (cdd657a)
- docs: fix link to Cedarling TBAC quickstart in Python docs (#12558) (cad0a0e)
- docs: fix link to ConfigApiInterception script (#12528) (adb84ae)
- docs: Fix link to dynamic scope script in userinfo.md (#12519) (fd54f1e)
- docs: fix link to end session interception script (#12520) (79f2174)
- docs: fix link to Persistence Extension documentation (#12452) (7cab7b0)
- docs: fix typo in trusted issuers section of documentation (#12569) (1462da7)
- docs: update broken link in Access Evaluation Endpoint (#12527) (f789e0a)
- docs: update jans
UbuntuandUsing CLI/TUIdocs (#12466) (38983c3) - jans-auth-server: swagger yaml has bad identation #12422 (#12423) (45815a0)
- jans-casa: resolve multiple device registration and passkey imag… (#12501) (e2782c2)
- jans-casa: resolve multiple device registration and passkey image styling issues (e2782c2)
- jans-cedarling: Add namesapce support for default entities and parse Cedar JSON format (#12462) (92a0034)
- jans-cedarling: disable hash checking in sidecar (#12481) (81b0ea0)
- jans-cedarling: FIx boostrap properties documentation (#12420) (00dddae)
- jans-cedarling: Fix retrieving resource entity from default entities (#12544) (b9379e0)
- jans-cedarling: Update rust toolchain because dependency lib was updated (#12457) (a8a6d3c)
- jans-cli-tui: role is admin not api-admin (#12688) (f5fa229)
- jans-config-api: inum of duplicate scopes (#12411) ([25b3b6a](https://github.com/JanssenProject/jans/commit/...
v1.13.0
What's Changed
- chore(main): release 1.11.0 by @mo-auto in #12137
- feat: expose API to manage user tokens by @jgomer2001 in #12144
- chore: revert to nightly by @moabu in #12148
- feat(jans-linux-setup): add add password grant type to scim client for testing by @devrimyatar in #12142
- chore: update ZK repo and version by @jgomer2001 in #12154
- fix(jans-cli-tui): Admin UI Roles by @devrimyatar in #12162
- build: jackrabbit version change by @pujavs in #12165
- fix(jans-cli-tui): error saving auth logging by @devrimyatar in #12172
- (jans-fido2): removed unused fields and fix the typo issue by @imran-ishaq in #12048
- fix(config-api): ssa delete endpoint and fix to admin-ui-permission delete endpoint by @pujavs in #12174
- feat(jans-pycloudlib): add low-level support for SSL persistence connection by @iromli in #12194
- feat(jans-linux-setup): PostgreSQL SSL support by @devrimyatar in #12195
- feat(config-api): scope update for ssa endpoint by @pujavs in #12191
- feat(cloud-native): add support for SSL connection to persistence by @iromli in #12198
- feat(jans-linux-setup) ssl settings for postgresql by @devrimyatar in #12200
- chore: release 1.12.0 by @moabu in #12205
- chore(main): release 1.12.0 by @mo-auto in #12212
- feat(jans-fido2): add comprehensive data model for the performance me… by @imran-ishaq in #12143
- fix: 1.12.0 hotfix by @moabu in #12217
- fix(jans-fido2): resolved schema issue by @imran-ishaq in #12238
- chore: revert from
1.12.0to nightly by @moabu in #12265 - chore(deps): bump org.apache.maven.plugins:maven-deploy-plugin from 3.1.3 to 3.1.4 in /jans-scim by @dependabot[bot] in #12005
- fix(jans-linux-setup): always set user agent to Mozilla while downloading by @devrimyatar in #12261
- chore(deps): bump org.jacoco:jacoco-maven-plugin from 0.8.12 to 0.8.13 in /jans-scim by @dependabot[bot] in #12006
- feat(jans-auth-server): added jwt-bearer grant type #11979 by @yuriyz in #12098
- fix(cloud-native): fix sql-ssl secret volume permissions by @misba7 in #12275
- Cedarling diagram update by @nynymike in #12270
- fix(docs): broken link in the Rich Authorization Requests #12236 by @The-D-007 in #12239
- fix(jans-cli-tui): agama projects github response by @devrimyatar in #12305
- chore(deps): bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.4.0 to 4.9.6.0 in /jans-casa by @dependabot[bot] in #12188
- feat(jans-auth-server): Added DPoP Proof Replay mitigation(s) #2117 by @yuriyz in #12304
- fix(jans-fido2): fix persistence entity manager issue by @imran-ishaq in #12313
- chore(deps): bump bc.version from 1.80 to 1.82 in /jans-casa by @dependabot[bot] in #12310
- fix(docs): remove unwanted content from Using CLI/TUI document #12216 by @The-D-007 in #12220
- fix(docs): broken link in the cedarling getting started #12231 by @The-D-007 in #12272
- fix(docs): broken link in the Janssen's FIDO2 server #12235 by @The-D-007 in #12277
- chore: update jans source version by @moabu in #12323
- chore(deps): bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.4.0 to 4.9.6.0 in /jans-scim by @dependabot[bot] in #12189
- chore(deps): bump org.apache.maven.plugins:maven-javadoc-plugin from 3.11.3 to 3.12.0 in /jans-scim by @dependabot[bot] in #12293
- chore(deps): bump org.apache.maven.plugins:maven-dependency-plugin from 3.8.1 to 3.9.0 in /jans-scim by @dependabot[bot] in #12317
- feat(charts): update hpa apiVersion to autoscaling/v2 by @misba7 in #12319
- fix(jans-linux-setup): agama projects github response by @devrimyatar in #12326
- fix(jans-cedarling): Fix broken Cedarling build by @olehbozhok in #12328
- fix(jans-linux-setup): jans command linked to /usr/sbin by @devrimyatar in #12339
- fix: references of using the wrong whl in flask cedarling by @moabu in #12336
- fix(cloud-native): avoid saving keySelectionStrategy config multiple times by @iromli in #12342
- feat(core): disable logging service log level updates if by @yurem in #12348
- fix(docs): broken link in the Cedarling logs #12232 by @The-D-007 in #12273
- jans(lock): implement cedarling protection support by @yurem in #12352
- fix(lock): sync policy scope name by @yurem in #12359
- docs(jans-cedarling): update sidecar instructions by @SafinWasi in #12345
- feat: update terraform provider by @moabu in #12362
- chore: prepare release for 1.13.0 by @moabu in #12367
Full Changelog: v1.11.0...v1.13.0
v1.12.0
Known Issues
- Agama project uploads via TUI/CLI
What's Changed
- chore(main): release 1.11.0 by @mo-auto in #12137
- feat: expose API to manage user tokens by @jgomer2001 in #12144
- chore: revert to nightly by @moabu in #12148
- feat(jans-linux-setup): add add password grant type to scim client for testing by @devrimyatar in #12142
- chore: update ZK repo and version by @jgomer2001 in #12154
- fix(jans-cli-tui): Admin UI Roles by @devrimyatar in #12162
- build: jackrabbit version change by @pujavs in #12165
- fix(jans-cli-tui): error saving auth logging by @devrimyatar in #12172
- (jans-fido2): removed unused fields and fix the typo issue by @imran-ishaq in #12048
- fix(config-api): ssa delete endpoint and fix to admin-ui-permission delete endpoint by @pujavs in #12174
- feat(jans-pycloudlib): add low-level support for SSL persistence connection by @iromli in #12194
- feat(jans-linux-setup): PostgreSQL SSL support by @devrimyatar in #12195
- feat(config-api): scope update for ssa endpoint by @pujavs in #12191
- feat(cloud-native): add support for SSL connection to persistence by @iromli in #12198
- feat(jans-linux-setup) ssl settings for postgresql by @devrimyatar in #12200
- chore: release 1.12.0 by @moabu in #12205
- chore(main): release 1.12.0 by @mo-auto in #12212
- feat(jans-fido2): add comprehensive data model for the performance me… by @imran-ishaq in #12143
- fix: 1.12.0 hotfix by @moabu in #12217
Full Changelog: v1.11.0...v1.12.0
v1.11.0
1.11.0 (2025-09-11)
Features
- config-api: audit for config-api endpoint (#11895) (5088857)
- config-api: endpoint to return table info (#11866) (bd94675)
- config-api: lock and fido2 config and scim audit changes (#12107) (cb004f8)
- increase the validity period of tokens in tarp to one day (#11900) (8b0195e)
- jans-auth-server: added cookie interception script #366 (#11975) (aa47c7f)
- jans-auth-server: created interception script for Logout Status JWT #11250 (#11930) (19728e0)
- jans-auth-server: provided configuration for changing case-sensitivity of FAPI response #11394 (#12018) (e388493)
- jans-auth-server: updates to Audience Values for OAuth 2.0 Authorization Servers #11842 (#11851) (e71c35b)
- jans-auth: add type prefixes to each keys which application stores in cache #11565 (#11871) (0a4fe05)
- jans-auth: handle gzip compressed token responses (#12052) (cbde4d6)
- jans-cedarling: Support
default_entitiesinpolicy_stores(#11936) (0ea7511) - jans-cedarling: use hashes for ID in fields (#10853) (5c9423a)
- jans-cli-tui: audit log tab for Config Api (#11931) (992a9cc)
- jans-config-api: restore jans-config-api plugins jans-link-plugin (#11912) (2941a9f)
- jans-config-api: ssa revoke endpoint should be created in config-api (#12134) (e0cbefc)
- jans-core: update jetty to 12.0.25 (#12075) (9781cdb)
- jans-linux-setup: add scim user tokens scope (#12136) (e6c0dc9)
- jans-linux-setup: redirecting errors on stderr for the scheduler (#12013) (b00469b)
- offer a way to easily copy the tokens to clipboard (#11949) (053d95e)
Bug Fixes
- add no gorn mode (#12011) (46fc7c4)
- cloud-native: error running kc-jans-scheduler (#12053) (86c2fed)
- cloud-native: invalid pathType when nginx ingress controller uses strict-validate-path-type config (#11911) (ba6f74b)
- config-api: asset endpoint fix for uplaod and fetch (27f800a)
- config-api: asset endpoint fix for upload and fetch (#12039) (27f800a)
- css style for paragraph rendering (#12014) (e3fd6ee)
- docs: fix broken links issue (#11902) (7b94ab4)
- docs: fix formatting in Jans README (#11938) (4766343)
- docs: fix person authentication docs url issue (#12103) (600bbce)
- docs: fix person authentication url issue (600bbce)
- docs: Fix script link issue (7b94ab4)
- docs: include benchmark doc link (#11987) (2b3663a)
- docs: Lock Server Docs Update (#12032) (c666eb9)
- docs: merge the Cedarling quick start guides (#11872) (1686099)
- docs: remove doc readme (df7184e)
- docs: remove duplicate
interception-scriptsfile (83ac957) - docs: remove duplicate
interception-scriptsreadme file (#11963) (83ac957) - docs: remove unused README (#12104) (df7184e)
- docs: update `application-session (79e71b5)
- docs: update `readmeformat (4766343)
- docs: update doc
SMTP configurationin TUI section (#12105) (0229a6d) - docs: update endpoint file title (#11962) (34356f4)
- docs: update java Cedarling docs (#12102) (66c9d3e)
- docs: update java doc (66c9d3e)
- docs: update link to the script location (#11940) (79e71b5)
- docs: update TARP installation instructions (#11856) (41d08d9)
- ignore trailing slash of issuer (5fc0ed5)
- jans-auth-server: acr mappings (alias) does not work if acr comes from request object's "claims/id_token" ([#12060](htt...
v1.9.0
1.9.0 (2025-07-25)
Features
- add check to prevent unsigned user-info jwt in the role_based_scopes_update_token script (Admin UI) (#11724) (52c4682)
- add the mandatory permissions for default roles in Admin UI (#11711) (9a56669)
- added essentialPermissionInAdminUI attribute to AdminPermission object (#11714) (d945703)
- cloud-native: add the mandatory permissions for default roles in Admin UI (#11739) (7831887)
- config-api: audit for config-api endpoints (#11760) (be52530)
- config-api: logs to indicate password related activity (#11791) (838686b)
- jans-auth-server: deprecated /revoke_session endpoint (it duplicates Global Token Revocation functionality) #11470 (#11801) (d7178aa)
- jans-auth-server: improved SessionIdService - added option to load session without local copy #11366 (#11761) (4510bd2)
- jans-auth-server: small improvement of ssa doc #11736 (#11737) (7a6af91)
- jans-auth: exclude htmlunit-* dependencies from final artifacts (#11830) (1c17b6d)
- jans-auth: fix client_registration script imports (#11705) (8b75934)
- jans-cedarling: add maven javadocs plugin in java binding (#11745) (f68e936)
- jans-cedarling: add support for the optional SSA JWT (#11653) (902f9d0)
- jans-cedarling: implement JWT status list validation (#11520) (f2e7f29)
- jans-cedarling: output cedar annotations when there are any policy failures (#11588) (0714a17)
- jans-config-api: add cedarlingLogType attribute in Admin UI configuration (#11755) (d4da957)
- jans-config-api: add endpoint to reset license details in Admin UI configuration (#11786) (56df1e6)
- jans-config-api: update OpenApi specs for Admin UI plugin (#11729) (4dc0c9a)
- jans-fido2: Add unit tests for attestation controller for handling missing username, invalid origin, and challenge, with successful register and verify scenarios. (ca68fd0)
- jans-linux-setup: add Debian 13 MySQL support (#11759) (7fbcd10)
- jans-linux-setup: create clients takes all possible arguments (#11770) (eca4b0c)
- jans-linux-setup: debian 13 support for internal use (#11685) (7b6e25b)
- jans-orm: add method to return internal information about tables (#11695) (7039b74)
- update OpenApi specs for Admin UI plugin (4dc0c9a)
Bug Fixes
- add defeat the gorn (5ed2dcd)
- config-api: user name validation modification (#11776) (45386c1)
- doc: added default values for sessionId related properties to avoid confusion (#11781) (0894860)
- docs: add documentation for configuration and session management (#11091) (0184771)
- docs: add note on config refresh behavior in TUI (#11789) (b237d19)
- docs: add upgrade note about manual custom script updates (#11719) (8a6e3db)
- docs: docs fix cedarling propertie link issue (aaa4eb9)
- docs: docs fix Sample Scripts link issue (bf617a3)
- docs: docs fix sample scripts link issue (#11779) (bf617a3)
- docs: docs update jans readme (#11687) (bf42440)
- docs: fix Cedarling property link issue (#11780) (aaa4eb9)
- docs: fix incorrect link in Jans Casa docs (#11798) (ec9a3a9)
- docs: remove attribute page (00e0b2d)
- docs: remove config-api attribute page (#11722) (00e0b2d)
- docs: remove converting data (e729c89)
- docs: remove the link to the converting data document from left nav (#11720) (e729c89)
- docs: reorganise supported OS versions for VM installation (#11679) (329a113)
- docs: update supported OS versions (329a113)
- docs: update testing document with Poetry installation instructions (#11681) (e609156)
- jans-auth-server: set sub claim to client identifier for "client credentials grant" for AT as JWT #11413 (#11778) (60373a7...