openid4java 0.9.7 released

[Johnny Bufu]

Hello everyone,

We've released version 0.9.7 of the openid4java library.

Most notable update is the fix for the XML external entity injection
vulnerability. See the change log below for more.

The new version is available for download from the project's home page:
http://code.google.com/p/openid4java/downloads

and can also be easily included in your projects using maven:
http://code.google.com/p/openid4java/wiki/MavenHowTo

Changelog since the previous version:

-----------------------------------------------------------------------
Notable changes:

Fixed XML external entity injection vulnerability when parsing discovery
data.
Fixed maven2 dependency declarations for easy inclusion in maven projects.
HttpClient dependency upgraded to 4.2.2.
Google Guice dependency updated to use the current com.google.inject id.
Configurable consumer nonces.
Default HttpCache limited to 1 minute.
Fixed Attribute Exchange handling of unlimited count request.
Fixed JdbcNonceVerifier database cleanup.
Fixed handling of declared preferred association types.
Fixed handling of PAPE custom auth level.

Plus a few minor bugs.
-----------------------------------------------------------------------

Thanks again to everyone who contributed, either directly or with
feedback and bug reports!


Johnny

[Christophe Levesque]

Great news! Thanks for sharing.

Any ETA on when it'll hit the central repo? I only saw 0.9.6 in there.

Thanks,

Christophe

Johnny

--
You received this message because you are subscribed to the Google Groups "OpenID4Java" group.
To post to this group, send email to openi...@googlegroups.com.
To unsubscribe from this group, send email to openid4java+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/openid4java?hl=en.

[Johnny Bufu]

It was available on maven central before I posted the announcement:

http://search.maven.org/#artifactdetails%7Corg.openid4java%7Copenid4java%7C0.9.7%7Cjar

Johnny

On 13-01-29 12:29 PM, Christophe Levesque wrote:
> Great news! Thanks for sharing.
>
> Any ETA on when it'll hit the central repo? I only saw 0.9.6 in there.
>
> Thanks,
>
> Christophe
>
>
>
> On Tue, Jan 22, 2013 at 10:31 AM, Johnny Bufu <johnn...@gmail.com
> <mailto:johnn...@gmail.com>> wrote:
>
> Hello everyone,
>
> We've released version 0.9.7 of the openid4java library.
>
> Most notable update is the fix for the XML external entity injection
> vulnerability. See the change log below for more.
>
> The new version is available for download from the project's home page:

> http://code.google.com/p/__openid4java/downloads

> <http://code.google.com/p/openid4java/downloads>
>
> and can also be easily included in your projects using maven:

> http://code.google.com/p/__openid4java/wiki/MavenHowTo

> <http://code.google.com/p/openid4java/wiki/MavenHowTo>
>
> Changelog since the previous version:
>

> ------------------------------__------------------------------__-----------

> Notable changes:
>
> Fixed XML external entity injection vulnerability when parsing
> discovery data.
> Fixed maven2 dependency declarations for easy inclusion in maven
> projects.
> HttpClient dependency upgraded to 4.2.2.
> Google Guice dependency updated to use the current com.google.inject id.
> Configurable consumer nonces.
> Default HttpCache limited to 1 minute.
> Fixed Attribute Exchange handling of unlimited count request.
> Fixed JdbcNonceVerifier database cleanup.
> Fixed handling of declared preferred association types.
> Fixed handling of PAPE custom auth level.
>
> Plus a few minor bugs.

> ------------------------------__------------------------------__-----------

>
> Thanks again to everyone who contributed, either directly or with
> feedback and bug reports!
>
>
> Johnny
>
> --
> You received this message because you are subscribed to the Google
> Groups "OpenID4Java" group.
> To post to this group, send email to openi...@googlegroups.com

> <mailto:openi...@googlegroups.com>.

> To unsubscribe from this group, send email to

> openid4java+unsubscribe@__googlegroups.com
> <mailto:openid4java%2Bunsu...@googlegroups.com>.

> For more options, visit this group at

> http://groups.google.com/__group/openid4java?hl=en
> <http://groups.google.com/group/openid4java?hl=en>.

>
>
> --
> You received this message because you are subscribed to the Google
> Groups "OpenID4Java" group.

> To unsubscribe from this group and stop receiving emails from it, send
> an email to openid4java...@googlegroups.com.

> To post to this group, send email to openi...@googlegroups.com.

> Visit this group at http://groups.google.com/group/openid4java?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>

[Christophe Levesque]

My bad. I was using the old openid4java-server artifact. The only artifact to use is openid4java, is that correct?

Thanks,

Christophe

    <mailto:openid4java@googlegroups.com>.

    To unsubscribe from this group, send email to

    openid4java+unsubscribe@__googlegroups.com
    <mailto:openid4java%2Bunsu...@googlegroups.com>.

    For more options, visit this group at

    http://groups.google.com/__group/openid4java?hl=en
    <http://groups.google.com/group/openid4java?hl=en>.

--
You received this message because you are subscribed to the Google
Groups "OpenID4Java" group.

To unsubscribe from this group and stop receiving emails from it, send

an email to openid4java+unsubscribe@googlegroups.com.

To post to this group, send email to openi...@googlegroups.com.

Visit this group at http://groups.google.com/group/openid4java?hl=en.

For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "OpenID4Java" group.

To unsubscribe from this group and stop receiving emails from it, send an email to openid4java+unsubscribe@googlegroups.com.

[Sutra Zhou]

Yes, there is only one artifact left, the others are dropped.

To unsubscribe from this group and stop receiving emails from it, send an email to openid4java...@googlegroups.com.