Skip to content

Latest commit

 

History

History
106 lines (72 loc) · 5.48 KB

CHANGELOG.md

File metadata and controls

106 lines (72 loc) · 5.48 KB

Changelog

1.7.0 - 2024-09-27

  • Upgrade to Spring Security 6.x and Jakarta EE 9 (thanks to @basil).
  • Compatibility with Jenkins 2.476 and higher (requires Java 17).
  • Incompatibility with Jenkins 2.475 and lower, please make sure to upgrade CAS plugin and Jenkins together.

1.6.3 - 2023-05-14

  • Fixed security issue (SECURITY-3000).

1.6.2 - 2022-05-29

  • Added explicit dependency on JAXB plugin (JENKINS-68455).

1.6.1 - 2021-06-29

1.6.0 - 2021-02-18

  • Added option to customize validation URL parameters in advanced protocol configuration.
  • Allow using {{attribute}} placeholders in Full Name and Email Attribute configuration (e.g. {{firstName}} {{lastName}} or {{uid}}@example.com).
  • Fixed handling of empty attributes.

1.5.0 - 2020-11-22

  • Compatibility with Jenkins 2.266 and higher (replacement of Acegi Security with Spring Security, see JEP-227).
  • Incompatibility with Jenkins 2.265 and lower (for the reason above), please make sure to upgrade CAS plugin and Jenkins together.
  • Added support for CAS 3.0 JSON protocol format.
  • Added option to control redirection to CAS after logging out of Jenkins.

1.4.3 - 2019-01-21

1.4.2 - 2018-06-04

1.4.1 - 2017-10-01

  • Fixed NullPointerException in SessionUrlAuthenticationSuccessHandler, that could occur when coming back from CAS on some servlet containers (JENKINS-46993).
  • Fixed NullPointerException in Cas10Protocol, when using an empty Groovy role parsing script (JENKINS-45441).

1.4.0 - 2017-05-09

  • Fixed security issues related to Groovy script execution in CAS Protocol 1.0 configuration (SECURITY-488, see 2017-04-10 security advisory).

1.3.0 - 2016-10-19

  • Updated CAS client version to 3.4.1 with less dependencies and support for CAS Protocol 3.0.
  • Added CAS REST API support to authenticate Jenkins API calls with real username/password (thanks to Sebastian Sdorra).
  • Bumped minimum Jenkins version to 1.625.3 (and require Java 7).
  • Restored compatibility with Jenkins version 2.19.1 when using SAML 1.1 (missing dependency no longer required).

1.2.0 - 2015-09-13

  • Updated spring-security and CAS client versions with improved robustness and compatibility (thanks to Waldemar Biller).
  • Improved detection of Jenkins root URL.
  • Fixed usage of forceRenewal parameter in the ticket validator.

1.1.2 - 2014-06-02

  • Better handling of multi-valued attributes during Jenkins user creation/update (thanks to Maxime Besson).
  • Changed 'Try again' link in failed login page to be relative instead of absolute (fixes issue when Jenkins is run from sub-uri).

1.1.1 - 2012-11-10

  • Redirect to origin URL after authentication (instead of always showing Jenkins home page).
  • Show custom error page with proper "Try again" link in case of login failure (e.g. due to an invalid ticket).
  • Removed unused AspectJ JARs, reducing the overall plugin size (thanks to Jozef Kotlar).

1.1.0 - 2012-09-07

  • Support for CAS 2.0 Proxy Tickets, allowing external applications already secured with CAS to authenticate in Jenkins without requiring user input or password.

1.0.0 - 2012-09-05

  • Initial release of the new CAS Plugin
  • Multiple protocols support: CAS 1.0, CAS 2.0, SAML 1.1
  • Custom CAS 1.0 response parsing support
  • CAS 2.0 and SAML 1.1 attributes support
  • Single Sign-Out support
  • Jenkins API Token support (no conflict)