From a15c2b5aaa588ea03b5f8e648d3d061627955c99 Mon Sep 17 00:00:00 2001 From: dmuelle Date: Thu, 7 Dec 2023 17:13:57 +0000 Subject: [PATCH 01/20] 23.0.0.12 --- posts/2023-12-12-23.0.0.12.adoc | 1076 +++++++++++++++++++++++++++++++ 1 file changed, 1076 insertions(+) create mode 100644 posts/2023-12-12-23.0.0.12.adoc diff --git a/posts/2023-12-12-23.0.0.12.adoc b/posts/2023-12-12-23.0.0.12.adoc new file mode 100644 index 000000000..2e5a22d22 --- /dev/null +++ b/posts/2023-12-12-23.0.0.12.adoc @@ -0,0 +1,1076 @@ +--- +layout: post +title: "TITLE" +# Do NOT change the categories section +categories: blog +author_picture: https://avatars3.githubusercontent.com/dmuelle +author_github: https://github.com/dmuelle +seo-title: TITLE - makes sure it ends with - OpenLiberty.io +seo-description: DESCRIPTION +blog_description: DESCRIPTION +open-graph-image: https://openliberty.io/img/twitter_card.jpg +open-graph-image-alt: Open Liberty Logo +--- += TITLE +David Mueller +:imagesdir: / +:url-prefix: +:url-about: / +//Blank line here is necessary before starting the body of the post. + +// // // // // // // // +// In the preceding section: +// Do not insert any blank lines between any of the lines. +// Do not remove or edit the variables on the lines beneath the author name. +// +// "open-graph-image" is set to OL logo. Whenever possible update this to a more appropriate/specific image (For example if present a image that is being used in the post). However, it +// can be left empty which will set it to the default +// +// "open-graph-image-alt" is a description of what is in the image (not a caption). When changing "open-graph-image" to +// a custom picture, you must provide a custom string for "open-graph-image-alt". +// +// Replace TITLE with the blog post title eg: MicroProfile 3.3 is now available on Open Liberty 20.0.0.4 +// Replace dmuelle with your GitHub username eg: lauracowen +// Replace DESCRIPTION with a short summary (~60 words) of the release (a more succinct version of the first paragraph of the post). +// Replace David Mueller with your name as you'd like it to be displayed, eg: Laura Cowen +// +// Example post: 2020-04-09-microprofile-3-3-open-liberty-20004.adoc +// +// If adding image into the post add : +// ------------------------- +// [.img_border_light] +// image::img/blog/FILE_NAME[IMAGE CAPTION ,width=70%,align="center"] +// ------------------------- +// "[.img_border_light]" = This adds a faint grey border around the image to make its edges sharper. Use it around screenshots but not +// around diagrams. Then double check how it looks. +// There is also a "[.img_border_dark]" class which tends to work best with screenshots that are taken on dark +// backgrounds. +// Change "FILE_NAME" to the name of the image file. Also make sure to put the image into the right folder which is: img/blog +// change the "IMAGE CAPTION" to a couple words of what the image is +// // // // // // // // + +RELEASE_SUMMARY + +// // // // // // // // +// In the preceding section: +// Leave any instances of `tag::xxxx[]` or `end:xxxx[]` as they are. +// +// Replace RELEASE_SUMMARY with a short paragraph that summarises the release. Start with the lead feature but also summarise what else is new in the release. You will agree which will be the lead feature with the reviewers so you can just leave a placeholder here until after the initial review. +// // // // // // // // + +// // // // // // // // +// Replace the following throughout the document: +// Replace 23.0.0.12 with the version number of Open Liberty, eg: 22.0.0.2 +// Replace 230012 with the version number of Open Liberty wihtout the periods, eg: 22002 +// // // // // // // // + +In link:{url-about}[Open Liberty] 23.0.0.12: + +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> + + +// // // // // // // // +// If there were updates to guides since last release, keep the following, otherwise remove section. +// // // // // // // // +Along with the new features and functions added to the runtime, we’ve also made <>. + +// // // // // // // // +// In the preceding section: +// Replace the TAG_X with a short label for the feature in lower-case, eg: mp3 +// Replace the FEATURE_1_HEADING with heading the feature section, eg: MicroProfile 3.3 +// Where the updates are grouped as sub-headings under a single heading +// (eg all the features in a MicroProfile release), provide sub-entries in the list; +// eg replace SUB_TAG_1 with mpr, and SUB_FEATURE_1_HEADING with +// Easily determine HTTP headers on outgoing requests (MicroProfile Rest Client 1.4) +// // // // // // // // + +View the list of fixed bugs in link:https://github.com/OpenLiberty/open-liberty/issues?q=label%3Arelease%3A230012+label%3A%22release+bug%22[23.0.0.12]. + +Check out link:{url-prefix}/blog/?search=release&search!=beta[previous Open Liberty GA release blog posts]. + + +[#run] + +// // // // // // // // +// LINKS +// +// OpenLiberty.io site links: +// link:{url-prefix}/guides/maven-intro.html[Maven] +// +// Off-site links: +//link:https://openapi-generator.tech/docs/installation#jar[Download Instructions] +// +// IMAGES +// +// Place images in ./img/blog/ +// Use the syntax: +// image::/img/blog/log4j-rhocp-diagrams/current-problem.png[Logging problem diagram,width=70%,align="center"] +// // // // // // // // + +== Develop and run your apps using 23.0.0.12 + +If you're using link:{url-prefix}/guides/maven-intro.html[Maven], include the following in your `pom.xml` file: + +[source,xml] +---- + + io.openliberty.tools + liberty-maven-plugin + 3.8.2 + +---- + +Or for link:{url-prefix}/guides/gradle-intro.html[Gradle], include the following in your `build.gradle` file: + +[source,gradle] +---- +buildscript { + repositories { + mavenCentral() + } + dependencies { + classpath 'io.openliberty.tools:liberty-gradle-plugin:3.6.2' + } +} +apply plugin: 'liberty' +---- +// // // // // // // // +// In the preceding section: +// Replace the Maven `3.8.2` with the latest version of the plugin: https://search.maven.org/artifact/io.openliberty.tools/liberty-maven-plugin +// Replace the Gradle `3.6.2` with the latest version of the plugin: https://search.maven.org/artifact/io.openliberty.tools/liberty-gradle-plugin +// TODO: Update GHA to automatically do the above. If the maven.org is problematic, then could fallback to using the GH Releases for the plugins +// // // // // // // // + +Or if you're using link:{url-prefix}/docs/latest/container-images.html[container images]: + +[source] +---- +FROM icr.io/appcafe/open-liberty +---- + +Or take a look at our link:{url-prefix}/start/[Downloads page]. + +If you're using link:https://plugins.jetbrains.com/plugin/14856-liberty-tools[IntelliJ IDEA], link:https://marketplace.visualstudio.com/items?itemName=Open-Liberty.liberty-dev-vscode-ext[Visual Studio Code] or link:https://marketplace.eclipse.org/content/liberty-tools[Eclipse IDE], you can also take advantage of our open source link:https://openliberty.io/docs/latest/develop-liberty-tools.html[Liberty developer tools] to enable effective development, testing, debugging and application management all from within your IDE. + +[link=https://stackoverflow.com/tags/open-liberty] +image::img/blog/blog_btn_stack.svg[Ask a question on Stack Overflow, align="center"] + +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/27087 +// Contact/Reviewer: yeekangc +// // // // // // // // +[#SUB_TAG_0] +== Liberty Maven Plugin 3.10 and Liberty Gradle Plugin 3.8 +The information you provide here will be included in the Open Liberty GA release blog post (link:https://openliberty.io/blog/2022/01/18/microprofile5-22001.html[example]), which will be published on link:https://www.openliberty.io/blog/[openliberty.io/blog/], and potentially elsewhere, to promote this newly released feature/function of Open Liberty. For this post to be included in the GA issue please make sure that this is completed by the end of Friday following the GM (Wednesday). The beta and release blogs are created using automation and rely on you following the template's structure. **DO NOT REMOVE/ALTER THE `` TAGS THROUGHOUT THIS TEMPLATE.** + +Please provide the following information: + +1. If this was previously published in a beta blog post, then provide the link to that `OpenLiberty/open-liberty` beta blog post issue on the next line between the `` tags. If nothing has changed since the beta, you're done and can omit the remaining steps. If you need to make updates/alterations to the beta content, then do all the steps. + https://github.com/OpenLiberty/open-liberty/issues/0 + + +2. Which Liberty feature(s) does your update relate to? Liberty Maven Plugin and Liberty Gradle Plugin + + Human-readable name (eg WebSockets feature): Liberty Maven and Gradle plugins + + Short feature name (eg websockets-1.0): N/A + + + + + +3. Who is the target persona? Who do you expect to use the update? eg application developer, operations. + + Application Developers + + + +4. Provide a summary of the update, including the following points: + + - A sentence or two that introduces the update to someone new to the general technology/concept. + New releases for Liberty Maven and Gradle plugins + + - What was the problem before and how does your update make their life better? (Why should they care?) + Notable new features include support for deploying Spring Boot 3 applications to Liberty using the build plugins through Liberty's springBoot-3.0 feature and support for running the plugins using Java 21. + + - Briefly explain how to make your update work. Include screenshots, diagrams, and/or code snippets, and provide a `server.xml` snippet. + For Maven, specify the 3.10 and 3.8 releases respectively in your Maven `pom.xm`l file. + For Gradle, specify the 3.8 release in your `build.gradle` file. + + - Where can they find out more about this specific update (eg Open Liberty docs, Javadoc) and/or the wider technology? + link:https://github.com/OpenLiberty/ci.maven/releases[Liberty Maven Plugin 3.10 release notes] + link:https://github.com/OpenLiberty/ci.gradle/releases[Liberty Gradle Plugin 3.8 release notes] + + For more information about Spring Boot support with the Liberty Maven plugin, see link:https://github.com/OpenLiberty/ci.maven/blob/main/docs/spring-boot-support.md[ci.maven: Spring Boot Support]. + For more information about Spring Boot support with the Liberty Gradle plugin, see link:https://github.com/OpenLiberty/ci.gradle/blob/main/docs/spring-boot-support.md[ci.gradle: Spring Boot Support]. + + +// DO NOT MODIFY THIS LINE. + +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/27086 +// Contact/Reviewer: yeekangc +// // // // // // // // +[#SUB_TAG_1] +== Liberty Tools 23.0.12 for Eclipse IDE, IntelliJ IDEA, and Visual Studio Code + +2. Which Liberty feature(s) does your update relate to? + + Human-readable name (eg WebSockets feature): Liberty Tools + + Short feature name (eg websockets-1.0): N/A + + + + + +3. Who is the target persona? Who do you expect to use the update? eg application developer, operations. + + Developers + + + +4. Provide a summary of the update, including the following points: + + - A sentence or two that introduces the update to someone new to the general technology/concept. + Liberty Tools now support the latest available releases of Eclipse IDE, IntelliJ IDEA, and Visual Studio Code. Various issues and improvements are included too. For more information, see the release notes that are linked at the end of this section. + + - What was the problem before and how does your update make their life better? (Why should they care?) + + - Briefly explain how to make your update work. Include screenshots, diagrams, and/or code snippets, and provide a `server.xml` snippet. + Update to the latest release of the Liberty Tools from the IDE you are working with or download the latest version from the marketplace of your IDE. + + Liberty Tools for Eclipse IDE - link:https://marketplace.eclipse.org/content/liberty-tools[Eclipse Marketplace] + Liberty Tools for IntelliJ IDEA - link:https://plugins.jetbrains.com/plugin/14856-liberty-tools[JetBrains Marketplace] + Liberty Tools for Visual Studio Code - link:https://marketplace.visualstudio.com/items?itemName=Open-Liberty.liberty-dev-vscode-ext[Visual Studio Marketplace] + + - Where can they find out more about this specific update (eg Open Liberty docs, Javadoc) and/or the wider technology? + link:https://github.com/OpenLiberty/liberty-tools-eclipse/releases[Release notes for Liberty Tools for Eclipse IDE] + link:https://github.com/OpenLiberty/liberty-tools-intellij/releases[Release notes for Liberty Tools for IntelliJ IDEA] + link:https://github.com/OpenLiberty/liberty-tools-vscode/releases[Release notes for Liberty Tools for Visual Studio Code] + +// DO NOT MODIFY THIS LINE. + +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/27048 +// Contact/Reviewer: Zech-Hein +// // // // // // // // +[#SUB_TAG_2] +== Support LTPA keys rotation without requiring planned outage +// The following excerpt for issue https://github.com/OpenLiberty/open-liberty/issues/26138 was found in 2023-09-26-23.0.0.10-beta.adoc. +// ------ ------ +// Contact/Reviewer: Zech-Hein +// // // // // // // // +[#ltpa] +== Support LTPA keys rotation without a planned outage + +Open Liberty can now automatically generate new primary LTPA keys files while continuing to use validation keys files to validate LTPA tokens. This update enables you to rotate LTPA keys without any disruption to the application's user experience. Previously, application users had to log in to their applications again after the Liberty server LTPA keys were rotated, which is no longer necessary. + + +Primary Keys are LTPA keys in the specified keys default `ltpa.keys` file. Primary keys are used both for generating new LTPA tokens and for validating LTPA tokens. There can only be one primary keys file per Liberty runtime. + + +Validation keys are LTPA keys in any `.keys` files other than the primary keys file. The validation keys are used only for validating LTPA tokens. They are _not_ used for generating new LTPA tokens. All validation keys must be located in the same directory as the primary keys file. + + + +There are 2 ways to enable LTPA keys rotation without a planned outage: monitoring the primary keys file directory or specifying the validation keys file. + + +=== Monitor the directory of the primary keys file for any new validation keys files. + +Enable the `monitorDirectory` and `monitorInterval` attributes. For example, add the following configurations to the `server.xml`: + +[source,xml] +---- + + +---- + +The `monitorDirectory` attribute monitors the `${server.config.dir}/resources/security/` directory by default, but can monitor any directory the primary keys file is specified in. The directory monitor looks for any LTPA keys files with the `.keys` extension. The Open Liberty server reads these LTPA keys and uses them as validation keys. + + +If the `monitorInterval` is set to `0`, the default value, the directory is not monitored. + + +The `ltpa.keys` file can be renamed, for example, `validation1.keys` and then Liberty automatically regenerates a new `ltpa.keys` file with new primary keys that are used for all new LTPA tokens created. The keys in `validation1.keys` continue to be used for validating existing LTPA tokens. + + +When the `validation1.keys` are no longer needed, remove them by deleting the file or by setting `monitorDirectory` to `false`. It is recommended to remove unused validation keys as it can improve performance. + + +=== Specify the validation keys file and optionally specify a date-time to stop using the validation keys. + + 1. Copy the primary keys file (`ltpa.keys`) to a validation keys file, for example `validation1.keys`. + 2. Modify the server configuration to use the validation keys file by specifying a `validationKeys` server configuration element inside the `ltpa` element. For example, add the following configuration to the `server.xml` file: + +[source,xml] +---- + + + +---- + +The `validation1.keys` file can be removed from use at a specified date-time in the future with the optional `notUseAfterDate` attribute. It is recommended to use `notUseAfterDate` to ignore validation keys after a given period as it can improve performance. + + +The `fileName` and `password` attributes are required in the `validationKeys` element, but `notUseAfterDate` is optional. + +After the validation keys file is loaded from the server configuration update, the original primary keys file (`ltpa.keys`) can be deleted, which triggers new primary keys to be created while continuing to use `validation1.keys` for validation. + +Specifying validation keys in this way can be combined with enabling monitor directory to also use validation keys that are not specified in the `server.xml` configuration at the same time. For example: + +[source,xml] +---- + + + +---- + +To see all of the Liberty `` server configuration options see link:/docs/latest/reference/config/ltpa.html[LTPA configuration docs]. + + + +// ------ ------ + +2. Which Liberty feature(s) does your update relate to? + + Human-readable name (eg WebSockets feature): + Application Security + + Short feature name (eg websockets-1.0): + appSecurity-* + + + + + +3. Who is the target persona? Who do you expect to use the update? eg application developer, operations. + Administrator + + + + +4. Provide a summary of the update, including the following points: + + - A sentence or two that introduces the update to someone new to the general technology/concept. + + - What was the problem before and how does your update make their life better? (Why should they care?) + + - Briefly explain how to make your update work. Include screenshots, diagrams, and/or code snippets, and provide a `server.xml` snippet. + + - Where can they find out more about this specific update (eg Open Liberty docs, Javadoc) and/or the wider technology? + +Open Liberty can now automatically generate new primary LTPA keys files while continuing to use validation keys files to validate LTPA tokens. This update enables you to rotate LTPA keys without any disruption to the application’s user experience. Previously, application users had to log in to their applications again after the Liberty server LTPA keys were rotated, which is no longer necessary. + +Primary Keys are LTPA keys in the specified keys default `ltpa.keys` file. Primary keys are used both for generating new LTPA tokens and for validating LTPA tokens. There can only be one primary keys file per Liberty runtime. + +Validation keys are LTPA keys in any `.keys` files other than the primary keys file. The validation keys are used only for validating LTPA tokens. They are not used for generating new LTPA tokens. All validation keys must be located in the same directory as the primary keys file. + +There are 2 ways to enable LTPA keys rotation without a planned outage: monitoring the primary keys file directory or specifying the validation keys file. +### Monitor the directory of the primary keys file for any new validation keys files. + +Enable the `monitorValidationKeysDir` and `monitorInterval` attributes. For example, add the following configurations to the server.xml: +``` + +``` +The `monitorValidationKeysDir` attribute monitors the directory of the primary keys file for any `.keys` extension files. By default, this directory is `${server.config.dir}/resources/security/` but can be configured. The Open Liberty server loads these LTPA keys and uses them as validation keys. + +Note that monitoring is only enabled when the `updateTrigger` is set to `polled` and the `monitorInterval` is set to a duration greater than 0. The default value of `updateTrigger` is `polled` and the default value of `monitorInterval` is `0`. + +The `ltpa.keys` file can be renamed, for example, `validation1.keys` and then Liberty automatically regenerates a new `ltpa.keys` file with new primary keys that are used for all new LTPA tokens created. The keys in `validation1.keys` continue to be used for validating existing LTPA tokens. + +When the `validation1.keys` are no longer needed, remove them by deleting the file or by setting `monitorValidationKeysDir` to false. It is recommended to remove unused validation keys as it can improve performance. + +### Specify the validation keys file and optionally specify a date-time to stop using the validation keys. + +1. Copy the primary keys file (`ltpa.keys`) to a validation keys file, for example `validation1.keys`. + +2. Modify the server configuration to use the validation keys file by specifying a `validationKeys` server configuration element inside the `ltpa` element. For example, add the following configuration to the `server.xml` file: +``` + + + +``` +The `validation1.keys` file can be removed from use at a specified date-time in the future with the optional `validUntilDate` attribute. It is recommended to use `validUntilDate` to ignore validation keys after a given period as it can improve performance. + +The `fileName` and `password` attributes are required in the `validationKeys` element, but `validUntilDate` is optional. + +After the validation keys file is loaded from the server configuration update, the original primary keys file (`ltpa.keys`) can be deleted, which triggers new primary keys to be created while continuing to use `validation1.keys` for validation. + +Specifying validation keys in this way can be combined with enabling monitor directory to also use validation keys that are not specified in the `server.xml` configuration at the same time. For example: +``` + + + +``` + +### UpdateTrigger attribute added to LTPA element +LTPA keys files can be reloaded by the server if the `updateTrigger` attribute is set to `polled` or `mbean`. It is `polled` by default. If set to `polled`, then the server monitors the keys files for changes based on the rate set in the `monitorInterval` attribute. If the `updateTrigger` attribute is set to `mbean` then the server will reload the keys files when it receives notification from the `WebSphere:service=com.ibm.ws.kernel.filemonitor.FileNotificationMBean` MBean. For example: +``` + +``` +If `updateTrigger` is set to `disabled` then no file monitoring will occur. + +For more information on `` server configuration options see link:https://openliberty.io/docs/latest/reference/config/ltpa.html[LTPA configuration docs]. + + + +// DO NOT MODIFY THIS LINE. + +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/27046 +// Contact/Reviewer: abutch3r +// // // // // // // // +[#SUB_TAG_3] +== MicroProfile OpenAPI endpoint path configuration +// The following excerpt for issue https://github.com/OpenLiberty/open-liberty/issues/26222 was found in 2023-09-26-23.0.0.10-beta.adoc. +// ------ ------ +// Contact/Reviewer: Azquelt +// // // // // // // // + +[#mpapi] +== MicroProfile OpenAPI 3.1: OpenAPI doc endpoint path configuration + + +MicroProfile OpenAPI generates and serves OpenAPI documentation for JAX-RS applications that are deployed to the Open Liberty server. The OpenAPI documentation is served from `/openapi` and a user interface for browsing this documentation is served from `/openapi/ui`. + +With MicroProfile OpenAPI 3.1, you can configure the paths for these endpoints by adding configuration to your `server.xml`. For example: + +[source,xml] +---- + +---- + +When you set this configuration on a local test server, you can then access the OpenAPI document at `localhost:9080/my/openapi/doc/path` and the UI at `localhost:9080/docsUi`. + + +This is particularly useful if you want to expose the OpenAPI documentation through a Kubernetes ingress which routes requests to different services based on the path. For example, with this ingress configuration: + +[source,yaml] +---- + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: +name: my-ingress +spec: +rules: +- http: + paths: + - path: /appA + pathType: Prefix + backend: + service: + name: appA + port: + number: 9080 +---- + +You could use the following `server.xml` configuration to ensure that the OpenAPI UI is available at `/appA/openapi/ui`: + +[source,xml] +---- + +---- + +When `uiPath` is not set, it defaults to the value of `docPath` with `/ui` appended. + +For more information about MicroProfile OpenAPI, see: + +* link:https://github.com/eclipse/microprofile-open-api[MicroProfile OpenAPI repo] +* link:{url-prefix}/docs/latest/documentation-openapi.html[API documentation with OpenAPI] + + + +// ------ ------ +The information you provide here will be included in the Open Liberty GA release blog post (link:https://openliberty.io/blog/2022/01/18/microprofile5-22001.html[example]), which will be published on link:https://www.openliberty.io/blog/[openliberty.io/blog/], and potentially elsewhere, to promote this newly released feature/function of Open Liberty. For this post to be included in the GA issue please make sure that this is completed by the end of Friday following the GM (Wednesday). The beta and release blogs are created using automation and rely on you following the template's structure. **DO NOT REMOVE/ALTER THE `` TAGS THROUGHOUT THIS TEMPLATE.** + +Please provide the following information: + +1. If this was previously published in a beta blog post, then provide the link to that `OpenLiberty/open-liberty` beta blog post issue on the next line between the `` tags. If nothing has changed since the beta, you're done and can omit the remaining steps. If you need to make updates/alterations to the beta content, then do all the steps. + https://github.com/OpenLiberty/open-liberty/issues/26222 + + +// DO NOT MODIFY THIS LINE. + +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/26999 +// Contact/Reviewer: Emily-Jiang +// // // // // // // // +[#SUB_TAG_4] +== MP 6.1 +// The following excerpt for issue https://github.com/OpenLiberty/open-liberty/issues/26170 was found in 2023-09-26-23.0.0.10-beta.adoc. +// ------ ------ +// Contact/Reviewer: Emily-Jiang +// // // // // // // // +[#mp61] +== MicroProfile 6.1 support + +MicroProfile 6.1 is a minor release and is backwards-compatible with MicroProfile 6.0. It brings in Jakarta EE 10 Core Profile APIs and the following MicroProfile component specifications: + +* link:https://jakarta.ee/specifications/coreprofile/10/[Jakarta EE 10 Core Profile] +* link:https://github.com/eclipse/microprofile-config/releases/tag/3.1-RC1[MicroProfile Config 3.1] +* link:https://github.com/eclipse/microprofile-fault-tolerance/releases/tag/4.0.2[MicroProfile Fault Tolerance 4.0] +* link:https://github.com/eclipse/microprofile-metrics/releases/tag/5.1.0-RC1[MicroProfile Metrics 5.1] +* link:https://github.com/eclipse/microprofile-health/releases/tag/4.0.1[MicroProfile Health 4.0] +* link:https://github.com/eclipse/microprofile-telemetry/releases/tag/1.1-RC1[MicroProfile Telemetry 1.1] +* link:https://github.com/eclipse/microprofile-open-api/releases/tag/3.1[MicroProfile OpenAPI 3.1] +* link:https://github.com/eclipse/microprofile-jwt-auth/releases/tag/2.1[MicroProfile JWT Authentication 2.1] +* link:https://github.com/eclipse/microprofile-rest-client/releases/tag/3.0.1[MicroProfile Rest Client 3.0] + +The following three specifications have minor updates, while the other five specifications remain unchanged: + +* MicroProfile Metrics 5.1 + +* MicroProfile Telemetry 1.1 + +* MicroProfile Config 3.1 (mainly some TCK updates to ensure the tests run against either CDI 3.x or CDI 4.0 Lite) + + +See the following sections for more details about each of these features and how to try them out. + + + +// ------ ------ + +2. Which Liberty feature(s) does your update relate to? + + Human-readable name (eg WebSockets feature): + + Short feature name (eg websockets-1.0): + + + + + +3. Who is the target persona? Who do you expect to use the update? eg application developer, operations. + + + + + +4. Provide a summary of the update, including the following points: + + - A sentence or two that introduces the update to someone new to the general technology/concept. + + - What was the problem before and how does your update make their life better? (Why should they care?) + + - Briefly explain how to make your update work. Include screenshots, diagrams, and/or code snippets, and provide a `server.xml` snippet. + + - Where can they find out more about this specific update (eg Open Liberty docs, Javadoc) and/or the wider technology? + + +// DO NOT MODIFY THIS LINE. + +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/26994 +// Contact/Reviewer: Channyboy +// // // // // // // // +[#SUB_TAG_5] +== MicroProfile Metrics 5.1 for 23.0.0.12 +// The following excerpt for issue https://github.com/OpenLiberty/open-liberty/issues/26027 was found in 2023-09-26-23.0.0.10-beta.adoc. +// ------ ------ +// Contact/Reviewer: Channyboy +// // // // // // // // +[#mpmetrics] +=== MicroProfile Metrics 5.1: configure statistics tracked by Histogram and Timer metrics + + + +MicroProfile Metrics 5.1 includes new MicroProfile Config properties that are used for configuring the statistics that the Histogram and Timer metrics track and output. In MicroProfile Metrics 5.0, the Histogram and Timer metrics only track and output the _max_ recorded value, the _sum_ of all values, the _count_ of the recorded values, and a static set of percentiles for the 50th, 75th, 95th, 98th, 99th, and 99.9th percentile. These values are emitted to the `/metrics` endpoint in Prometheus format. + + + +The new properties introduced in MicroProfile Metrics 5.1 allow you to define a custom set of percentiles as well as a custom set of histogram buckets for the Histogram and Timer metrics. There are also additional configuration properties for enabling a default set of histogram buckets, including properties for defining an upper and lower bound for the bucket set. + +The properties in the following table allow you to define a semicolon-separated list of value definitions using the syntax: + + +[source] +---- +metric_name=value_1[,value_2…value_n] +---- + + + + +[%header,cols="1,1"] +|=== +| Property |Description +| mp.metrics.distribution.percentiles +a| - Defines a custom set of percentiles for matching Histogram and Timer metrics to track and output. +- Accepts a set of integer and decimal values for a metric name pairing. +- Can be used to disable percentile output if no value is provided with a metric name pairing. + + +| mp.metrics.distribution.histogram.buckets +a| - Defines a custom set of (cumulative) histogram buckets for matching Histogram metrics to track and output. +- Accepts a set of integer and decimal values for a metric name pairing. + + +| mp.metrics.distribution.timer.buckets +a| - Defines a custom set of (cumulative) histogram buckets for matching Timer metrics to track and output. + - Accepts a set of decimal values with a time unit appended (i.e., ms, s, m, h) for a metric name pairing. + + +|mp.metrics.distribution.percentiles-histogram.enabled +a| - Configures any matching Histogram or Timer metric to provide a large set of default histogram buckets to allow for percentile configuration with a monitoring tool. +- Accepts a true/false value for a metric name pairing. + + +| mp.metrics.distribution.histogram.max-value +a| - When percentile-histogram is enabled for a Timer, this property defines a upper bound for the buckets reported. +- Accepts a single integer or decimal value for a metric name pairing. + + +| mp.metrics.distribution.histogram.min-value +a| - When percentile-histogram is enabled for a Timer, this property defines a lower bound for the buckets reported. +- Accepts a single integer or decimal value for a metric name pairing. + + +|mp.metrics.distribution.timer.max-value +a| - When percentile-histogram is enabled for a Histogram, this property defines a upper bound for the buckets reported. +- Accepts a single decimal values with a time unit appended (i.e., ms, s, m, h) for a metric name pairing. + +|mp.metrics.distribution.timer.min-value +a| - When percentile-histogram is enabled for a Histogram, this property defines a lower bound for the buckets reported. +- Accepts a single decimal value with a time unit appended (i.e., ms, s, m, h) for a metric name pairing. + +|=== + +Some properties can accept multiple values for a given metric name while some can only accept a single value. +You can use an asterisk (i.e., *) as a wild card at the end of the metric name. +For example, the `mp.metrics.distribution.percentiles` can be defined as: + +[source] +---- +mp.metrics.distribution.percentiles=alpha.timer=0.5,0.7,0.75,0.8;alpha.histogram=0.8,0.85,0.9,0.99;delta.*= +---- + +This example creates the `alpha.timer` timer metric to track and output the 50th, 70th, 75th, and 80th percentile values. The `alpha.histogram` histogram metric outputs the 80th, 85th, 90th, and 99th percentiles values. Percentiles are disabled for any Histogram or Timer metric that matches with `delta.*` . + + +We'll expand on the previous example and define histogram buckets for the `alpha.timer` timer metric using the `mp.metrics.distribution.timer.buckets` property: + + +[source,xml] +---- +mp.metrics.distribution.timer.buckets=alpha.timer=100ms,200ms,1s +---- + +This configuration tells the metrics runtime to track and output the count of durations that fall within 0-100ms, 0-200ms, and 0-1 seconds. These values are ranges because the histogram buckets work _cumulatively_ . + + +The corresponding Prometheus output for the `alpha.timer` metric at the `/metrics` REST endpoint is: + +[source] +---- +# HELP alpha_timer_seconds_max +# TYPE alpha_timer_seconds_max gauge +alpha_timer_seconds_max{scope="application",} 5.633 +# HELP alpha_timer_seconds +# TYPE alpha_timer_seconds histogram <1> +alpha_timer_seconds{scope="application",quantile="0.5",} 0.67108864 +alpha_timer_seconds{scope="application",quantile="0.7",} 5.603590144 +alpha_timer_seconds{scope="application",quantile="0.75",} 5.603590144 +alpha_timer_seconds{scope="application",quantile="0.8",} 5.603590144 +alpha_timer_seconds_bucket{scope="application",le="0.1",} 0.0 <2> +alpha_timer_seconds_bucket{scope="application",le="0.2",} 0.0 <2> +alpha_timer_seconds_bucket{scope="application",le="1.0",} 1.0 <2> +alpha_timer_seconds_bucket{scope="application",le="+Inf",} 2.0 <2><3> +alpha_timer_seconds_count{scope="application",} 2.0 +alpha_timer_seconds_sum{scope="application",} 6.333 +---- + +<1> The Prometheus metric type is `histogram`. Both the quantiles or percentiles and buckets are represented under this type. +<2> The `le` tag represents _less than_ and is for the defined buckets, which are converted to seconds. +<3> Prometheus requires a `+Inf` bucket, which counts all hits. + +For more information about MicroProfile Metrics, see: + +* link:https://github.com/eclipse/microprofile-telemetry[MicroProfile Metrics repo] +* link:{url-prefix}/docs/latest/introduction-monitoring-metrics.html[Monitoring with metrics docs] + + +// ------ ------ + +2. Which Liberty feature(s) does your update relate to? + + Human-readable name (eg WebSockets feature): `MicroProfile Metrics 5.1 feature` + + Short feature name (eg websockets-1.0): `mpMetrics-5.1` + + + + + +3. Who is the target persona? Who do you expect to use the update? eg application developer, operations. + + Application developer and operations (whomever will deploy the application) + + + +4. Provide a summary of the update, including the following points: + +## **!Use the same content as BETA blog, but add to the end the below section** +``` +---- +Additionally, the `@RegistryScope` annotation is now a CDI qualifier. +``` +!link:https://github.com/OpenLiberty/open-liberty/assets/2858176/e3a58f42-311e-49aa-9fe3-078bf31c1bf3[image] + + +// DO NOT MODIFY THIS LINE. + +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/26970 +// Contact/Reviewer: kdcptkai31 +// // // // // // // // +[#SUB_TAG_6] +== Liberty to send the resource parameter during the Authorization request for the Authorization Code Flow + +2. Which Liberty feature(s) does your update relate to? + + Human-readable name (eg WebSockets feature): + + OpenIDConnectClient feature + + Short feature name (eg websockets-1.0): + + openidConnectClient-1.0 + + + + +3. Who is the target persona? Who do you expect to use the update? eg application developer, operations. + + operations + + + + +4. Provide a summary of the update, including the following points: + + - A sentence or two that introduces the update to someone new to the general technology/concept. + +Authorization requests can be done using wither the Implicit Flow or the Authorization Code flow. When using the Implicit Flow, all tokens are returned from the Authorization Endpoint; the Token Endpoint is not used. When using the Authorization Code Flow, all tokens are returned from the Token Endpoint. + + - What was the problem before and how does your update make their life better? (Why should they care?) + + Before, Liberty would only send the resource parameter during an Implicit Flow request. So if one would require the resource parameter and could only use the Authorization Code Flow, this action would fail. This update sends the resource parameter additionally for the Authorization Code Flow. + + - Briefly explain how to make your update work. Include screenshots, diagrams, and/or code snippets, and provide a `server.xml` snippet. + +To make this update work, a check was removed that only sent the resource parameter during an Implicit Flow. If now sends it for both flows. + + - Where can they find out more about this specific update (eg Open Liberty docs, Javadoc) and/or the wider technology? + Here is the link:https://github.com/OpenLiberty/open-liberty/issues/23126[issue] for reference. + +// DO NOT MODIFY THIS LINE. + +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/26969 +// Contact/Reviewer: kdcptkai31 +// // // // // // // // +[#SUB_TAG_7] +== Obtain the Role Information from the Access Token / OIDC Configuration + +2. Which Liberty feature(s) does your update relate to? + + Human-readable name (eg WebSockets feature): + + OpenIDConnectClient feature + + Short feature name (eg websockets-1.0): + + openidConnectClient-1.0 + + + + +3. Who is the target persona? Who do you expect to use the update? eg application developer, operations. + + operations + + + + +4. Provide a summary of the update, including the following points: + + - A sentence or two that introduces the update to someone new to the general technology/concept. + For authentication and authorization, a token is a digital object that contains information about the identity of the principal making the request and what kind of access they are authorized for. There are two types of tokens usually; access tokens and ID tokens. + + + + - What was the problem before and how does your update make their life better? (Why should they care?) + +ID tokens are JSON Web Tokens that conform to the OpenID Connect specification. Currently, user role information can only be obtained from this ID token. If role information was not provided within the ID token, then the information would not be found. This feature provides checks to attempt to obtain role information from Access Token if it is not found within the ID token. + + - Briefly explain how to make your update work. Include screenshots, diagrams, and/or code snippets, and provide a `server.xml` snippet. + +A check was added to attempt to get the role information from access token, if it was not found within the ID token. + +server.xml snippet + + + - Where can they find out more about this specific update (eg Open Liberty docs, Javadoc) and/or the wider technology? + Here is the link:https://github.com/OpenLiberty/open-liberty/issues/25460[issue] for reference. + Here is more information about the link:https://auth0.com/docs/authenticate/protocols/openid-connect-protocol[OIDC protocol]. + + +// DO NOT MODIFY THIS LINE. + +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/26945 +// Contact/Reviewer: yasmin-aumeeruddy +// // // // // // // // +[#SUB_TAG_8] +== Microprofile Telemetry 1.1 + +2. Which Liberty feature(s) does your update relate to? + + Human-readable name (eg WebSockets feature): + + Short feature name (eg websockets-1.0): + + + + + +3. Who is the target persona? Who do you expect to use the update? eg application developer, operations. + + Application Developers + + + + +4. Provide a summary of the update, including the following points: + +MicroProfile Telemetry 1.1 provides developers with the latest Open Telemetry technology as the feature now consumes OpenTelemetry-1.29.0 which has been updated from 1.19.0. Consequently, a lot of the dependencies are now stable. + +The feature is compatible with Java EE 7 with MicroProfile 1.4, Java EE 8 with MicroProfile 4.1, Jakarta EE 9 with MicroProfile 5.0 and Jakarta EE 10 with MicroProfile 6.1. + +``` + + mpTelemetry-1.1 + +``` + +Additionally, third-party APIs must be made visible for your application in the server.xml: +``` + + + + +``` + +For more information about MicroProfile Telemetry, see the following links: + +https://github.com/eclipse/microprofile-telemetry +https://github.com/open-telemetry/opentelemetry-specification/blob/v1.20.0/specification/trace/api.md +https://openliberty.io/docs/latest/docs/latest/microprofile-telemetry.html + + +// DO NOT MODIFY THIS LINE. + +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/26699 +// Contact/Reviewer: fmhwong +// // // // // // // // +[#SUB_TAG_9] +== HTTP Request Tracing + +2. Which Liberty feature(s) does your update relate to? https://github.com/OpenLiberty/open-liberty/issues/24379 + + Human-readable name (eg WebSockets feature): HTTP request tracing with MicroProfile Telemetry + + Short feature name (eg websockets-1.0): mpTelemetry-1.0/1.1 + + + + + +3. Who is the target persona? Who do you expect to use the update? eg application developer, operations. + + + + developers, operations + +4. Provide a summary of the update, including the following points: + + - A sentence or two that introduces the update to someone new to the general technology/concept. + MicroProfile Telemetry feature provides automatic distributed tracing on Jakarta RESTful web service (aka JAX-RS) applications. Traces and spans can be observed using various tracing backend systems. Additional spans can be created by instrumenting the application with OpenTelemetry APIs. + + - What was the problem before and how does your update make their life better? (Why should they care?) + In OpenLiberty 23.0.0.11, MicroProfile Telemetry 1.0 feature has been enhanced to automatically trace incoming HTTP requests (static files, servlets and JSPs). This enhancement is also available to the beta feature MicroProfile Telemetry 1.1. + + - Briefly explain how to make your update work. Include screenshots, diagrams, and/or code snippets, and provide a `server.xml` snippet. + No change in configuration is needed. + + - Where can they find out more about this specific update (eg Open Liberty docs, Javadoc) and/or the wider technology? + + +// DO NOT MODIFY THIS LINE. + + +For more details, check the LINK[LINK_DESCRIPTION]. + +// // // // // // // // +// In the preceding section: +// Replace TAG_X/SUB_TAG_X with the given tag of your secton from the contents list +// Replace SUB_FEATURE_TITLE/FEATURE_X_TITLE with the given title from the contents list +// Replace FEATURE with the feature name for the server.xml file e.g. mpHealth-1.4 +// Replace LINK with the link for extra information given for the feature +// Replace LINK_DESCRIPTION with a readable description of the information +// // // // // // // // + +[#CVEs] +== Security vulnerability (CVE) fixes in this release +[cols="5*"] +|=== +|CVE |CVSS Score |Vulnerability Assessment |Versions Affected |Notes + +|Link[CVE-XXXX-XXXXX] +|Score +|vulnerability +|Affected versions +|Affected Features and other notes +|=== +// // // // // // // // +// In the preceding section: +// If there were any CVEs addressed in this release, fill out the table. For the information, reference https://github.com/OpenLiberty/docs/blob/draft/modules/ROOT/pages/security-vulnerabilities.adoc. If it has not been updated for this release, reach out to Kristen Clarke or Michal Broz. +// Note: When linking to features, use the +// `link:{url-prefix}/docs/latest/reference/feature/someFeature-1.0.html[Some Feature 1.0]` format and +// NOT what security-vulnerabilities.adoc does (feature:someFeature-1.0[]) +// +// If there are no CVEs fixed in this release, replace the table with: +// "There are no security vulnerability fixes in Open Liberty [23.0.0.12]." +// // // // // // // // +For a list of past security vulnerability fixes, reference the link:{url-prefix}/docs/latest/security-vulnerabilities.html[Security vulnerability (CVE) list]. + + +[#bugs] +== Notable bugs fixed in this release + + +We’ve spent some time fixing bugs. The following sections describe just some of the issues resolved in this release. If you’re interested, here’s the link:https://github.com/OpenLiberty/open-liberty/issues?q=label%3Arelease%3A230012+label%3A%22release+bug%22[full list of bugs fixed in 23.0.0.12]. + +* link:https://github.com/OpenLiberty/open-liberty/issues/26963[IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2023-44487 CVSS 7.5)] ++ + +* link:https://github.com/OpenLiberty/open-liberty/issues/26943[NO_USER_REGISTRY message is not output properly] ++ +NO_USER_REGISTRY message is not output properly. It should be a descriptive message, output in the appropriate localized language. +``` +[ERROR ] NO_USER_REGISTRY + defaultOrb + 10 +``` + +* link:https://github.com/OpenLiberty/open-liberty/issues/26942[Liberty startup script does not resolve symbolic link to bin directory] ++ + +* link:https://github.com/OpenLiberty/open-liberty/issues/26911[Registered RestClientBuilderListeners are not called for injected rest client instances for MP Rest Client 1.x and 2.x] ++ + +Since MP Rest Client 1.1 Applications can [register a `RestClientBuilderListener`][javadoc] by implementing the interface and creating a services file. Registered classes should be instantiated and called every time a new `RestClientBuilder` is created so that they can apply global configurations to all rest client instances. ++ +However, the liberty `mpRestClient-1.x` and `mpRestClient-2.x` features do not call registered `RestClientBuilderListener`s for rest clients which are injected via CDI. This seems like a bug given that `RestClientBuilderListener` is, according to its docs, intended for global providers. + +* link:https://github.com/OpenLiberty/open-liberty/issues/26893[Space in value of -D option in jvm.options breaks server package command] ++ +If jvm.options has a -D option where the value contains a space, the server package command does not work. ++ + +* link:https://github.com/OpenLiberty/open-liberty/issues/26846[JAX-WS: After upgrade to WLP 23.0.0.9 SOAP client generates a SOAP header part in the SOAP body] ++ +From 23.0.0.9, a part that belongs in the SOAP header is generated as part of the SOAP body. This can affect both Requests or Responses. ++ +23.0.0.8: +``` + + + ... + + + ... + + +``` +23.0.0.9: - After Upgrade - +``` + + + + + ... + ... + + +``` + +* link:https://github.com/OpenLiberty/open-liberty/issues/26818[Processing dir files alphabetically does not match configDropins behavior] ++ + +* link:https://github.com/OpenLiberty/open-liberty/issues/26809[Lease timestamp not updated for home server when recoveryGroups and tran logs in a database is configured and database outage > couple of seconds occurs] ++ +When using a transaction recoveryGroup with the recovery logs in a database, if a database outage occurs, the server's lease renewal process's retry mechanism for its own lease does not perform apply the correct retry algorithm , using instead a lightweight retry mechanism thath gives up after a couple of seconds. If that mechanism fails then the app server no longer updates its lease timestamp and other app servers in the recovery group will attempt peer recovery. That peer recovery attempt will fail, because the logs heart beat timestamp will be current (that uses a different/the correct retry algoritm). ++ + +* link:https://github.com/OpenLiberty/open-liberty/issues/26722[Microprofile Rest Client (CDI): mpConfig property "proxyAddress" not respected] ++ + +* link:https://github.com/OpenLiberty/open-liberty/issues/26655[OpenAPI UI required fields have an extra  character] ++ +Run the Liberty OpenAPI guide with Open Liberty 23.0.0.10. The required fields in the OpenAPI UI have an extra `Â` character appended the end of the required field name. ++ +![Screenshot 2023-10-18 at 3 16 37 PM](https://github.com/OpenLiberty/open-liberty/assets/22381072/4a5c7b2b-050a-4aa2-83a6-dc66bbfc52f3) ++ +If there is a stack trace, please include the FULL stack trace (without any `[internal classes]` lines in it). To find the full stack trace, you may need to check in `$WLP_OUTPUT_DIR/messages.log` + +* link:https://github.com/OpenLiberty/open-liberty/issues/25467[A better error for the NullPointer we get if WithSpan is on the class level] ++ + + +// // // // // // // // +// In the preceding section: +// For this section ask either Michal Broz or Tom Evans or the #openliberty-release-blog channel for Notable bug fixes in this release. +// Present them as a list in the order as provided, linking to the issue and providing a short description of the bug and the resolution. +// If the issue on Github is missing any information, leave a comment in the issue along the lines of: +// "@[issue_owner(s)] please update the description of this `release bug` using the [bug report template](https://github.com/OpenLiberty/open-liberty/issues/new?assignees=&labels=release+bug&template=bug_report.md&title=)" +// Feel free to message the owner(s) directly as well, especially if no action has been taken by them. +// For inspiration about how to write this section look at previous blogs e.g- 20.0.0.10 or 21.0.0.12 (https://openliberty.io/blog/2021/11/26/jakarta-ee-9.1.html#bugs) +// // // // // // // // + + +// // // // // // // // +// If there were updates to guides since last release, keep the following, otherwise remove section. +// Check with Gilbert Kwan, otherwise Michal Broz or YK Chang +// // // // // // // // +[#guides] +== New and updated guides since the previous release +As Open Liberty features and functionality continue to grow, we continue to add link:https://openliberty.io/guides/?search=new&key=tag[new guides to openliberty.io] on those topics to make their adoption as easy as possible. Existing guides also receive updates to address any reported bugs/issues, keep their content current, and expand what their topic covers. + +// // // // // // // // +// In the following section, list any new guides, or changes/updates to existing guides. +// The following is an example of how the list can be structured (similar to the bugs section): +// * link:{url-prefix}/guides/[new/updated guide].html[Guide Title] +// ** Description of the guide or the changes made to the guide. +// // // // // // // // + + +== Get Open Liberty 23.0.0.12 now + +Available through <>. From 13e69eb42e5e7b8f5a0879ba0455f39e4edea0d0 Mon Sep 17 00:00:00 2001 From: David Mueller Date: Thu, 7 Dec 2023 18:12:05 -0500 Subject: [PATCH 02/20] 23.0.0.12 draft GA post --- posts/2023-12-12-23.0.0.12.adoc | 1187 ++++++++----------------------- 1 file changed, 313 insertions(+), 874 deletions(-) diff --git a/posts/2023-12-12-23.0.0.12.adoc b/posts/2023-12-12-23.0.0.12.adoc index 2e5a22d22..4950760ec 100644 --- a/posts/2023-12-12-23.0.0.12.adoc +++ b/posts/2023-12-12-23.0.0.12.adoc @@ -1,453 +1,253 @@ --- layout: post -title: "TITLE" +title: "MicroProfile 6.1, Liberty Tools updates, and more in Open Liberty 23.0.0.12" # Do NOT change the categories section categories: blog author_picture: https://avatars3.githubusercontent.com/dmuelle author_github: https://github.com/dmuelle -seo-title: TITLE - makes sure it ends with - OpenLiberty.io -seo-description: DESCRIPTION -blog_description: DESCRIPTION +seo-title: MicroProfile 6.1, Liberty Tools updates, and more in Open Liberty 23.0.0.12 - OpenLiberty.io +seo-description: Open Liberty 23.0.0.12 introduces MicroProfile 6.1, a minor release with updates for MicroProfile Config, MicroProfile Metrics and MicroProfile Telemetry. This release also coincides with new versions of the Liberty Maven and Gradle plugins, and includes enhancements for HTTP request tracing, LTPA key management, and more. +blog_description: Open Liberty 23.0.0.12 introduces MicroProfile 6.1, a minor release with updates for MicroProfile Config, MicroProfile Metrics and MicroProfile Telemetry. This release also coincides with new versions of the Liberty Maven and Gradle plugins, and includes enhancements for HTTP request tracing, LTPA key management, and more. open-graph-image: https://openliberty.io/img/twitter_card.jpg open-graph-image-alt: Open Liberty Logo --- -= TITLE += MicroProfile 6.1, Liberty Tools updates, and more in Open Liberty 23.0.0.12 David Mueller :imagesdir: / :url-prefix: :url-about: / //Blank line here is necessary before starting the body of the post. -// // // // // // // // -// In the preceding section: -// Do not insert any blank lines between any of the lines. -// Do not remove or edit the variables on the lines beneath the author name. -// -// "open-graph-image" is set to OL logo. Whenever possible update this to a more appropriate/specific image (For example if present a image that is being used in the post). However, it -// can be left empty which will set it to the default -// -// "open-graph-image-alt" is a description of what is in the image (not a caption). When changing "open-graph-image" to -// a custom picture, you must provide a custom string for "open-graph-image-alt". -// -// Replace TITLE with the blog post title eg: MicroProfile 3.3 is now available on Open Liberty 20.0.0.4 -// Replace dmuelle with your GitHub username eg: lauracowen -// Replace DESCRIPTION with a short summary (~60 words) of the release (a more succinct version of the first paragraph of the post). -// Replace David Mueller with your name as you'd like it to be displayed, eg: Laura Cowen -// -// Example post: 2020-04-09-microprofile-3-3-open-liberty-20004.adoc -// -// If adding image into the post add : -// ------------------------- -// [.img_border_light] -// image::img/blog/FILE_NAME[IMAGE CAPTION ,width=70%,align="center"] -// ------------------------- -// "[.img_border_light]" = This adds a faint grey border around the image to make its edges sharper. Use it around screenshots but not -// around diagrams. Then double check how it looks. -// There is also a "[.img_border_dark]" class which tends to work best with screenshots that are taken on dark -// backgrounds. -// Change "FILE_NAME" to the name of the image file. Also make sure to put the image into the right folder which is: img/blog -// change the "IMAGE CAPTION" to a couple words of what the image is -// // // // // // // // +Open Liberty 23.0.0.12 introduces MicroProfile 6.1, a minor release with updates for MicroProfile Metrics and MicroProfile Telemetry. This release also coincides with new versions of Liberty Tools and the Liberty Maven and Gradle plugins, and includes enhancements for HTTP request tracing, LTPA key management, and more. -RELEASE_SUMMARY +In link:{url-about}[Open Liberty] 23.0.0.12: -// // // // // // // // -// In the preceding section: -// Leave any instances of `tag::xxxx[]` or `end:xxxx[]` as they are. -// -// Replace RELEASE_SUMMARY with a short paragraph that summarises the release. Start with the lead feature but also summarise what else is new in the release. You will agree which will be the lead feature with the reviewers so you can just leave a placeholder here until after the initial review. -// // // // // // // // +* <> + ** <> + ** <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> -// // // // // // // // -// Replace the following throughout the document: -// Replace 23.0.0.12 with the version number of Open Liberty, eg: 22.0.0.2 -// Replace 230012 with the version number of Open Liberty wihtout the periods, eg: 22002 -// // // // // // // // -In link:{url-about}[Open Liberty] 23.0.0.12: -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> +View the list of fixed bugs in link:https://github.com/OpenLiberty/open-liberty/issues?q=label%3Arelease%3A230012+label%3A%22release+bug%22[23.0.0.12]. +Check out link:{url-prefix}/blog/?search=release&search!=beta[previous Open Liberty GA release blog posts]. +// The following excerpt for issue https://github.com/OpenLiberty/open-liberty/issues/26170 was found in 2023-09-26-23.0.0.10-beta.adoc. +// ------ ------ +// Contact/Reviewer: Emily-Jiang // // // // // // // // -// If there were updates to guides since last release, keep the following, otherwise remove section. -// // // // // // // // -Along with the new features and functions added to the runtime, we’ve also made <>. +== Get Open Liberty 23.0.0.12 now -// // // // // // // // -// In the preceding section: -// Replace the TAG_X with a short label for the feature in lower-case, eg: mp3 -// Replace the FEATURE_1_HEADING with heading the feature section, eg: MicroProfile 3.3 -// Where the updates are grouped as sub-headings under a single heading -// (eg all the features in a MicroProfile release), provide sub-entries in the list; -// eg replace SUB_TAG_1 with mpr, and SUB_FEATURE_1_HEADING with -// Easily determine HTTP headers on outgoing requests (MicroProfile Rest Client 1.4) -// // // // // // // // +Available through <>. -View the list of fixed bugs in link:https://github.com/OpenLiberty/open-liberty/issues?q=label%3Arelease%3A230012+label%3A%22release+bug%22[23.0.0.12]. +[link=https://stackoverflow.com/tags/open-liberty] +image::img/blog/blog_btn_stack.svg[Ask a question on Stack Overflow, align="center"] -Check out link:{url-prefix}/blog/?search=release&search!=beta[previous Open Liberty GA release blog posts]. +[#mp61] +== MicroProfile 6.1 support +MicroProfile 6.1 is a minor release and is backwards-compatible with MicroProfile 6.0. It brings in Jakarta EE 10 Core Profile APIs and the following MicroProfile component specifications: -[#run] +* link:https://jakarta.ee/specifications/coreprofile/10/[Jakarta EE 10 Core Profile] +* link:https://github.com/eclipse/microprofile-config/releases/tag/3.1-RC1[MicroProfile Config 3.1] +* link:https://github.com/eclipse/microprofile-fault-tolerance/releases/tag/4.0.2[MicroProfile Fault Tolerance 4.0] +* link:https://github.com/eclipse/microprofile-metrics/releases/tag/5.1.0-RC1[MicroProfile Metrics 5.1] +* link:https://github.com/eclipse/microprofile-health/releases/tag/4.0.1[MicroProfile Health 4.0] +* link:https://github.com/eclipse/microprofile-telemetry/releases/tag/1.1-RC1[MicroProfile Telemetry 1.1] +* link:https://github.com/eclipse/microprofile-open-api/releases/tag/3.1[MicroProfile OpenAPI 3.1] +* link:https://github.com/eclipse/microprofile-jwt-auth/releases/tag/2.1[MicroProfile JWT Authentication 2.1] +* link:https://github.com/eclipse/microprofile-rest-client/releases/tag/3.0.1[MicroProfile Rest Client 3.0] -// // // // // // // // -// LINKS -// -// OpenLiberty.io site links: -// link:{url-prefix}/guides/maven-intro.html[Maven] -// -// Off-site links: -//link:https://openapi-generator.tech/docs/installation#jar[Download Instructions] -// -// IMAGES -// -// Place images in ./img/blog/ -// Use the syntax: -// image::/img/blog/log4j-rhocp-diagrams/current-problem.png[Logging problem diagram,width=70%,align="center"] -// // // // // // // // +The following three specifications have minor updates, while the other five specifications remain unchanged: -== Develop and run your apps using 23.0.0.12 +* MicroProfile Metrics 5.1 -If you're using link:{url-prefix}/guides/maven-intro.html[Maven], include the following in your `pom.xml` file: +* MicroProfile Telemetry 1.1 -[source,xml] ----- - - io.openliberty.tools - liberty-maven-plugin - 3.8.2 - ----- +* MicroProfile Config 3.1 (mainly some TCK updates to ensure the tests run against either CDI 3.x or CDI 4.0 Lite) -Or for link:{url-prefix}/guides/gradle-intro.html[Gradle], include the following in your `build.gradle` file: -[source,gradle] ----- -buildscript { - repositories { - mavenCentral() - } - dependencies { - classpath 'io.openliberty.tools:liberty-gradle-plugin:3.6.2' - } -} -apply plugin: 'liberty' ----- -// // // // // // // // -// In the preceding section: -// Replace the Maven `3.8.2` with the latest version of the plugin: https://search.maven.org/artifact/io.openliberty.tools/liberty-maven-plugin -// Replace the Gradle `3.6.2` with the latest version of the plugin: https://search.maven.org/artifact/io.openliberty.tools/liberty-gradle-plugin -// TODO: Update GHA to automatically do the above. If the maven.org is problematic, then could fallback to using the GH Releases for the plugins -// // // // // // // // +See the following sections for more details about each of these features and how to try them out. + +[#mpm51] + +[#mpmetrics] +=== Configure statistics tracked by Histogram and Timer metrics with MicroProfile Metrics 5.1 + +MicroProfile Metrics 5.1 includes new MicroProfile Config properties that are used for configuring the statistics that the Histogram and Timer metrics track and output. In MicroProfile Metrics 5.0, the Histogram and Timer metrics only track and output the _max_ recorded value, the _sum_ of all values, the _count_ of the recorded values, and a static set of percentiles for the 50th, 75th, 95th, 98th, 99th, and 99.9th percentile. These values are emitted to the `/metrics` endpoint in Prometheus format. + + + +The new properties introduced in MicroProfile Metrics 5.1 allow you to define a custom set of percentiles as well as a custom set of histogram buckets for the Histogram and Timer metrics. There are also additional configuration properties for enabling a default set of histogram buckets, including properties for defining an upper and lower bound for the bucket set. + +The properties in the following table allow you to define a semicolon-separated list of value definitions using the syntax: -Or if you're using link:{url-prefix}/docs/latest/container-images.html[container images]: [source] ---- -FROM icr.io/appcafe/open-liberty +metric_name=value_1[,value_2…value_n] ---- -Or take a look at our link:{url-prefix}/start/[Downloads page]. +[%header,cols="1,1"] +|=== +| Property |Description +| mp.metrics.distribution.percentiles +a| - Defines a custom set of percentiles for matching Histogram and Timer metrics to track and output. +- Accepts a set of integer and decimal values for a metric name pairing. +- Can be used to disable percentile output if no value is provided with a metric name pairing. -If you're using link:https://plugins.jetbrains.com/plugin/14856-liberty-tools[IntelliJ IDEA], link:https://marketplace.visualstudio.com/items?itemName=Open-Liberty.liberty-dev-vscode-ext[Visual Studio Code] or link:https://marketplace.eclipse.org/content/liberty-tools[Eclipse IDE], you can also take advantage of our open source link:https://openliberty.io/docs/latest/develop-liberty-tools.html[Liberty developer tools] to enable effective development, testing, debugging and application management all from within your IDE. -[link=https://stackoverflow.com/tags/open-liberty] -image::img/blog/blog_btn_stack.svg[Ask a question on Stack Overflow, align="center"] +| mp.metrics.distribution.histogram.buckets +a| - Defines a custom set of (cumulative) histogram buckets for matching Histogram metrics to track and output. +- Accepts a set of integer and decimal values for a metric name pairing. -// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // -// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/27087 -// Contact/Reviewer: yeekangc -// // // // // // // // -[#SUB_TAG_0] -== Liberty Maven Plugin 3.10 and Liberty Gradle Plugin 3.8 -The information you provide here will be included in the Open Liberty GA release blog post (link:https://openliberty.io/blog/2022/01/18/microprofile5-22001.html[example]), which will be published on link:https://www.openliberty.io/blog/[openliberty.io/blog/], and potentially elsewhere, to promote this newly released feature/function of Open Liberty. For this post to be included in the GA issue please make sure that this is completed by the end of Friday following the GM (Wednesday). The beta and release blogs are created using automation and rely on you following the template's structure. **DO NOT REMOVE/ALTER THE `` TAGS THROUGHOUT THIS TEMPLATE.** - -Please provide the following information: - -1. If this was previously published in a beta blog post, then provide the link to that `OpenLiberty/open-liberty` beta blog post issue on the next line between the `` tags. If nothing has changed since the beta, you're done and can omit the remaining steps. If you need to make updates/alterations to the beta content, then do all the steps. - https://github.com/OpenLiberty/open-liberty/issues/0 - - -2. Which Liberty feature(s) does your update relate to? Liberty Maven Plugin and Liberty Gradle Plugin - - Human-readable name (eg WebSockets feature): Liberty Maven and Gradle plugins - - Short feature name (eg websockets-1.0): N/A - - - - - -3. Who is the target persona? Who do you expect to use the update? eg application developer, operations. - - Application Developers - - - -4. Provide a summary of the update, including the following points: - - - A sentence or two that introduces the update to someone new to the general technology/concept. - New releases for Liberty Maven and Gradle plugins - - - What was the problem before and how does your update make their life better? (Why should they care?) - Notable new features include support for deploying Spring Boot 3 applications to Liberty using the build plugins through Liberty's springBoot-3.0 feature and support for running the plugins using Java 21. - - - Briefly explain how to make your update work. Include screenshots, diagrams, and/or code snippets, and provide a `server.xml` snippet. - For Maven, specify the 3.10 and 3.8 releases respectively in your Maven `pom.xm`l file. - For Gradle, specify the 3.8 release in your `build.gradle` file. - - - Where can they find out more about this specific update (eg Open Liberty docs, Javadoc) and/or the wider technology? - link:https://github.com/OpenLiberty/ci.maven/releases[Liberty Maven Plugin 3.10 release notes] - link:https://github.com/OpenLiberty/ci.gradle/releases[Liberty Gradle Plugin 3.8 release notes] - - For more information about Spring Boot support with the Liberty Maven plugin, see link:https://github.com/OpenLiberty/ci.maven/blob/main/docs/spring-boot-support.md[ci.maven: Spring Boot Support]. - For more information about Spring Boot support with the Liberty Gradle plugin, see link:https://github.com/OpenLiberty/ci.gradle/blob/main/docs/spring-boot-support.md[ci.gradle: Spring Boot Support]. - - -// DO NOT MODIFY THIS LINE. - -// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // -// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/27086 -// Contact/Reviewer: yeekangc -// // // // // // // // -[#SUB_TAG_1] -== Liberty Tools 23.0.12 for Eclipse IDE, IntelliJ IDEA, and Visual Studio Code - -2. Which Liberty feature(s) does your update relate to? - - Human-readable name (eg WebSockets feature): Liberty Tools - - Short feature name (eg websockets-1.0): N/A - - - - - -3. Who is the target persona? Who do you expect to use the update? eg application developer, operations. - - Developers - - - -4. Provide a summary of the update, including the following points: - - - A sentence or two that introduces the update to someone new to the general technology/concept. - Liberty Tools now support the latest available releases of Eclipse IDE, IntelliJ IDEA, and Visual Studio Code. Various issues and improvements are included too. For more information, see the release notes that are linked at the end of this section. - - - What was the problem before and how does your update make their life better? (Why should they care?) - - - Briefly explain how to make your update work. Include screenshots, diagrams, and/or code snippets, and provide a `server.xml` snippet. - Update to the latest release of the Liberty Tools from the IDE you are working with or download the latest version from the marketplace of your IDE. - - Liberty Tools for Eclipse IDE - link:https://marketplace.eclipse.org/content/liberty-tools[Eclipse Marketplace] - Liberty Tools for IntelliJ IDEA - link:https://plugins.jetbrains.com/plugin/14856-liberty-tools[JetBrains Marketplace] - Liberty Tools for Visual Studio Code - link:https://marketplace.visualstudio.com/items?itemName=Open-Liberty.liberty-dev-vscode-ext[Visual Studio Marketplace] - - - Where can they find out more about this specific update (eg Open Liberty docs, Javadoc) and/or the wider technology? - link:https://github.com/OpenLiberty/liberty-tools-eclipse/releases[Release notes for Liberty Tools for Eclipse IDE] - link:https://github.com/OpenLiberty/liberty-tools-intellij/releases[Release notes for Liberty Tools for IntelliJ IDEA] - link:https://github.com/OpenLiberty/liberty-tools-vscode/releases[Release notes for Liberty Tools for Visual Studio Code] - -// DO NOT MODIFY THIS LINE. - -// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // -// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/27048 -// Contact/Reviewer: Zech-Hein -// // // // // // // // -[#SUB_TAG_2] -== Support LTPA keys rotation without requiring planned outage -// The following excerpt for issue https://github.com/OpenLiberty/open-liberty/issues/26138 was found in 2023-09-26-23.0.0.10-beta.adoc. -// ------ ------ -// Contact/Reviewer: Zech-Hein -// // // // // // // // -[#ltpa] -== Support LTPA keys rotation without a planned outage -Open Liberty can now automatically generate new primary LTPA keys files while continuing to use validation keys files to validate LTPA tokens. This update enables you to rotate LTPA keys without any disruption to the application's user experience. Previously, application users had to log in to their applications again after the Liberty server LTPA keys were rotated, which is no longer necessary. +| mp.metrics.distribution.timer.buckets +a| - Defines a custom set of (cumulative) histogram buckets for matching Timer metrics to track and output. + - Accepts a set of decimal values with a time unit appended (i.e., ms, s, m, h) for a metric name pairing. -Primary Keys are LTPA keys in the specified keys default `ltpa.keys` file. Primary keys are used both for generating new LTPA tokens and for validating LTPA tokens. There can only be one primary keys file per Liberty runtime. +|mp.metrics.distribution.percentiles-histogram.enabled +a| - Configures any matching Histogram or Timer metric to provide a large set of default histogram buckets to allow for percentile configuration with a monitoring tool. +- Accepts a true/false value for a metric name pairing. -Validation keys are LTPA keys in any `.keys` files other than the primary keys file. The validation keys are used only for validating LTPA tokens. They are _not_ used for generating new LTPA tokens. All validation keys must be located in the same directory as the primary keys file. +| mp.metrics.distribution.histogram.max-value +a| - When percentile-histogram is enabled for a Timer, this property defines a upper bound for the buckets reported. +- Accepts a single integer or decimal value for a metric name pairing. - -There are 2 ways to enable LTPA keys rotation without a planned outage: monitoring the primary keys file directory or specifying the validation keys file. +| mp.metrics.distribution.histogram.min-value +a| - When percentile-histogram is enabled for a Timer, this property defines a lower bound for the buckets reported. +- Accepts a single integer or decimal value for a metric name pairing. + + +|mp.metrics.distribution.timer.max-value +a| - When percentile-histogram is enabled for a Histogram, this property defines a upper bound for the buckets reported. +- Accepts a single decimal values with a time unit appended (i.e., ms, s, m, h) for a metric name pairing. +|mp.metrics.distribution.timer.min-value +a| - When percentile-histogram is enabled for a Histogram, this property defines a lower bound for the buckets reported. +- Accepts a single decimal value with a time unit appended (i.e., ms, s, m, h) for a metric name pairing. -=== Monitor the directory of the primary keys file for any new validation keys files. +|=== -Enable the `monitorDirectory` and `monitorInterval` attributes. For example, add the following configurations to the `server.xml`: +Some properties can accept multiple values for a given metric name while some can only accept a single value. +You can use an asterisk (i.e., *) as a wild card at the end of the metric name. +For example, the `mp.metrics.distribution.percentiles` can be defined as: -[source,xml] +[source] +---- +mp.metrics.distribution.percentiles=alpha.timer=0.5,0.7,0.75,0.8;alpha.histogram=0.8,0.85,0.9,0.99;delta.*= ---- - +This example creates the `alpha.timer` timer metric to track and output the 50th, 70th, 75th, and 80th percentile values. The `alpha.histogram` histogram metric outputs the 80th, 85th, 90th, and 99th percentiles values. Percentiles are disabled for any Histogram or Timer metric that matches with `delta.*` . + + +We'll expand on the previous example and define histogram buckets for the `alpha.timer` timer metric using the `mp.metrics.distribution.timer.buckets` property: + + +[source,xml] +---- +mp.metrics.distribution.timer.buckets=alpha.timer=100ms,200ms,1s ---- -The `monitorDirectory` attribute monitors the `${server.config.dir}/resources/security/` directory by default, but can monitor any directory the primary keys file is specified in. The directory monitor looks for any LTPA keys files with the `.keys` extension. The Open Liberty server reads these LTPA keys and uses them as validation keys. +This configuration tells the metrics runtime to track and output the count of durations that fall within 0-100ms, 0-200ms, and 0-1 seconds. These values are ranges because the histogram buckets work _cumulatively_ . -If the `monitorInterval` is set to `0`, the default value, the directory is not monitored. +The corresponding Prometheus output for the `alpha.timer` metric at the `/metrics` REST endpoint is: +[source] +---- +# HELP alpha_timer_seconds_max +# TYPE alpha_timer_seconds_max gauge +alpha_timer_seconds_max{scope="application",} 5.633 +# HELP alpha_timer_seconds +# TYPE alpha_timer_seconds histogram <1> +alpha_timer_seconds{scope="application",quantile="0.5",} 0.67108864 +alpha_timer_seconds{scope="application",quantile="0.7",} 5.603590144 +alpha_timer_seconds{scope="application",quantile="0.75",} 5.603590144 +alpha_timer_seconds{scope="application",quantile="0.8",} 5.603590144 +alpha_timer_seconds_bucket{scope="application",le="0.1",} 0.0 <2> +alpha_timer_seconds_bucket{scope="application",le="0.2",} 0.0 <2> +alpha_timer_seconds_bucket{scope="application",le="1.0",} 1.0 <2> +alpha_timer_seconds_bucket{scope="application",le="+Inf",} 2.0 <2><3> +alpha_timer_seconds_count{scope="application",} 2.0 +alpha_timer_seconds_sum{scope="application",} 6.333 +---- -The `ltpa.keys` file can be renamed, for example, `validation1.keys` and then Liberty automatically regenerates a new `ltpa.keys` file with new primary keys that are used for all new LTPA tokens created. The keys in `validation1.keys` continue to be used for validating existing LTPA tokens. +<1> The Prometheus metric type is `histogram`. Both the quantiles or percentiles and buckets are represented under this type. +<2> The `le` tag represents _less than_ and is for the defined buckets, which are converted to seconds. +<3> Prometheus requires a `+Inf` bucket, which counts all hits. +Additionally, the `@RegistryScope` annotation is now a CDI qualifier. -When the `validation1.keys` are no longer needed, remove them by deleting the file or by setting `monitorDirectory` to `false`. It is recommended to remove unused validation keys as it can improve performance. +For more information about MicroProfile Metrics, see: +* link:https://github.com/eclipse/microprofile-telemetry[MicroProfile Metrics repo] +* link:{url-prefix}/docs/latest/introduction-monitoring-metrics.html[Monitoring with metrics docs] -=== Specify the validation keys file and optionally specify a date-time to stop using the validation keys. +// DO NOT MODIFY THIS LINE. - 1. Copy the primary keys file (`ltpa.keys`) to a validation keys file, for example `validation1.keys`. - 2. Modify the server configuration to use the validation keys file by specifying a `validationKeys` server configuration element inside the `ltpa` element. For example, add the following configuration to the `server.xml` file: +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/26945 +// Contact/Reviewer: yasmin-aumeeruddy +// // // // // // // // +[#mpt11] +=== Expanded Java EE and Jakarta EE support in MicroProfile Telemetry 1.1 -[source,xml] ----- - - - ----- +MicroProfile Telemetry 1.1 provides you with the latest Open Telemetry technology as the feature now consumes OpenTelemetry-1.29.0, updated from 1.19.0. Consequently, a lot of the dependencies are now stable. -The `validation1.keys` file can be removed from use at a specified date-time in the future with the optional `notUseAfterDate` attribute. It is recommended to use `notUseAfterDate` to ignore validation keys after a given period as it can improve performance. +The feature is compatible with Java EE 7 paired with MicroProfile 1.4, Java EE 8 paired with MicroProfile 4.1, Jakarta EE 9 paired with MicroProfile 5.0 and Jakarta EE 10 paired with MicroProfile 6.1. +``` + + mpTelemetry-1.1 + +``` -The `fileName` and `password` attributes are required in the `validationKeys` element, but `notUseAfterDate` is optional. +Also, third-party APIs must be made visible for your application in the server.xml: +``` + + + + +``` -After the validation keys file is loaded from the server configuration update, the original primary keys file (`ltpa.keys`) can be deleted, which triggers new primary keys to be created while continuing to use `validation1.keys` for validation. +Also in Open Liberty 23.0.0.12, the MicroProfile Telemetry 1.0 and 1.1 features are enhanced to automatically trace incoming HTTP requests (static files, servlets and JSPs). -Specifying validation keys in this way can be combined with enabling monitor directory to also use validation keys that are not specified in the `server.xml` configuration at the same time. For example: +For more information about MicroProfile Telemetry, see the following links: -[source,xml] ----- - - - ----- +https://github.com/eclipse/microprofile-telemetry +https://github.com/open-telemetry/opentelemetry-specification/blob/v1.20.0/specification/trace/api.md +https://openliberty.io/docs/latest/docs/latest/microprofile-telemetry.html -To see all of the Liberty `` server configuration options see link:/docs/latest/reference/config/ltpa.html[LTPA configuration docs]. - - - -// ------ ------ - -2. Which Liberty feature(s) does your update relate to? - - Human-readable name (eg WebSockets feature): - Application Security - - Short feature name (eg websockets-1.0): - appSecurity-* - - - - - -3. Who is the target persona? Who do you expect to use the update? eg application developer, operations. - Administrator - - - - -4. Provide a summary of the update, including the following points: - - - A sentence or two that introduces the update to someone new to the general technology/concept. - - - What was the problem before and how does your update make their life better? (Why should they care?) - - - Briefly explain how to make your update work. Include screenshots, diagrams, and/or code snippets, and provide a `server.xml` snippet. - - - Where can they find out more about this specific update (eg Open Liberty docs, Javadoc) and/or the wider technology? - -Open Liberty can now automatically generate new primary LTPA keys files while continuing to use validation keys files to validate LTPA tokens. This update enables you to rotate LTPA keys without any disruption to the application’s user experience. Previously, application users had to log in to their applications again after the Liberty server LTPA keys were rotated, which is no longer necessary. - -Primary Keys are LTPA keys in the specified keys default `ltpa.keys` file. Primary keys are used both for generating new LTPA tokens and for validating LTPA tokens. There can only be one primary keys file per Liberty runtime. - -Validation keys are LTPA keys in any `.keys` files other than the primary keys file. The validation keys are used only for validating LTPA tokens. They are not used for generating new LTPA tokens. All validation keys must be located in the same directory as the primary keys file. - -There are 2 ways to enable LTPA keys rotation without a planned outage: monitoring the primary keys file directory or specifying the validation keys file. -### Monitor the directory of the primary keys file for any new validation keys files. - -Enable the `monitorValidationKeysDir` and `monitorInterval` attributes. For example, add the following configurations to the server.xml: -``` - -``` -The `monitorValidationKeysDir` attribute monitors the directory of the primary keys file for any `.keys` extension files. By default, this directory is `${server.config.dir}/resources/security/` but can be configured. The Open Liberty server loads these LTPA keys and uses them as validation keys. - -Note that monitoring is only enabled when the `updateTrigger` is set to `polled` and the `monitorInterval` is set to a duration greater than 0. The default value of `updateTrigger` is `polled` and the default value of `monitorInterval` is `0`. - -The `ltpa.keys` file can be renamed, for example, `validation1.keys` and then Liberty automatically regenerates a new `ltpa.keys` file with new primary keys that are used for all new LTPA tokens created. The keys in `validation1.keys` continue to be used for validating existing LTPA tokens. - -When the `validation1.keys` are no longer needed, remove them by deleting the file or by setting `monitorValidationKeysDir` to false. It is recommended to remove unused validation keys as it can improve performance. - -### Specify the validation keys file and optionally specify a date-time to stop using the validation keys. - -1. Copy the primary keys file (`ltpa.keys`) to a validation keys file, for example `validation1.keys`. - -2. Modify the server configuration to use the validation keys file by specifying a `validationKeys` server configuration element inside the `ltpa` element. For example, add the following configuration to the `server.xml` file: -``` - - - -``` -The `validation1.keys` file can be removed from use at a specified date-time in the future with the optional `validUntilDate` attribute. It is recommended to use `validUntilDate` to ignore validation keys after a given period as it can improve performance. - -The `fileName` and `password` attributes are required in the `validationKeys` element, but `validUntilDate` is optional. - -After the validation keys file is loaded from the server configuration update, the original primary keys file (`ltpa.keys`) can be deleted, which triggers new primary keys to be created while continuing to use `validation1.keys` for validation. - -Specifying validation keys in this way can be combined with enabling monitor directory to also use validation keys that are not specified in the `server.xml` configuration at the same time. For example: -``` - - - -``` - -### UpdateTrigger attribute added to LTPA element -LTPA keys files can be reloaded by the server if the `updateTrigger` attribute is set to `polled` or `mbean`. It is `polled` by default. If set to `polled`, then the server monitors the keys files for changes based on the rate set in the `monitorInterval` attribute. If the `updateTrigger` attribute is set to `mbean` then the server will reload the keys files when it receives notification from the `WebSphere:service=com.ibm.ws.kernel.filemonitor.FileNotificationMBean` MBean. For example: -``` - -``` -If `updateTrigger` is set to `disabled` then no file monitoring will occur. - -For more information on `` server configuration options see link:https://openliberty.io/docs/latest/reference/config/ltpa.html[LTPA configuration docs]. - - - -// DO NOT MODIFY THIS LINE. - -// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // + +// DO NOT MODIFY THIS LINE. + +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // // Blog issue: https://github.com/OpenLiberty/open-liberty/issues/27046 // Contact/Reviewer: abutch3r -// // // // // // // // -[#SUB_TAG_3] -== MicroProfile OpenAPI endpoint path configuration +// // // // // // // // // The following excerpt for issue https://github.com/OpenLiberty/open-liberty/issues/26222 was found in 2023-09-26-23.0.0.10-beta.adoc. // ------ ------ // Contact/Reviewer: Azquelt -// // // // // // // // +// // // // // // // // -[#mpapi] +[#mpoa] == MicroProfile OpenAPI 3.1: OpenAPI doc endpoint path configuration - MicroProfile OpenAPI generates and serves OpenAPI documentation for JAX-RS applications that are deployed to the Open Liberty server. The OpenAPI documentation is served from `/openapi` and a user interface for browsing this documentation is served from `/openapi/ui`. With MicroProfile OpenAPI 3.1, you can configure the paths for these endpoints by adding configuration to your `server.xml`. For example: - + [source,xml] ---- @@ -492,449 +292,166 @@ For more information about MicroProfile OpenAPI, see: * link:https://github.com/eclipse/microprofile-open-api[MicroProfile OpenAPI repo] * link:{url-prefix}/docs/latest/documentation-openapi.html[API documentation with OpenAPI] - -// ------ ------ -The information you provide here will be included in the Open Liberty GA release blog post (link:https://openliberty.io/blog/2022/01/18/microprofile5-22001.html[example]), which will be published on link:https://www.openliberty.io/blog/[openliberty.io/blog/], and potentially elsewhere, to promote this newly released feature/function of Open Liberty. For this post to be included in the GA issue please make sure that this is completed by the end of Friday following the GM (Wednesday). The beta and release blogs are created using automation and rely on you following the template's structure. **DO NOT REMOVE/ALTER THE `` TAGS THROUGHOUT THIS TEMPLATE.** - -Please provide the following information: - -1. If this was previously published in a beta blog post, then provide the link to that `OpenLiberty/open-liberty` beta blog post issue on the next line between the `` tags. If nothing has changed since the beta, you're done and can omit the remaining steps. If you need to make updates/alterations to the beta content, then do all the steps. - https://github.com/OpenLiberty/open-liberty/issues/26222 - -// DO NOT MODIFY THIS LINE. +// ------ ------ -// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // -// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/26999 -// Contact/Reviewer: Emily-Jiang -// // // // // // // // -[#SUB_TAG_4] -== MP 6.1 -// The following excerpt for issue https://github.com/OpenLiberty/open-liberty/issues/26170 was found in 2023-09-26-23.0.0.10-beta.adoc. -// ------ ------ -// Contact/Reviewer: Emily-Jiang -// // // // // // // // -[#mp61] -== MicroProfile 6.1 support +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/27087 +// Contact/Reviewer: yeekangc +// // // // // // // // +[#maven] +== Liberty Maven Plugin 3.10 and Liberty Gradle Plugin 3.8 -MicroProfile 6.1 is a minor release and is backwards-compatible with MicroProfile 6.0. It brings in Jakarta EE 10 Core Profile APIs and the following MicroProfile component specifications: +New releases for Liberty Maven and Gradle plugins are now available. The following notable new features are included: -* link:https://jakarta.ee/specifications/coreprofile/10/[Jakarta EE 10 Core Profile] -* link:https://github.com/eclipse/microprofile-config/releases/tag/3.1-RC1[MicroProfile Config 3.1] -* link:https://github.com/eclipse/microprofile-fault-tolerance/releases/tag/4.0.2[MicroProfile Fault Tolerance 4.0] -* link:https://github.com/eclipse/microprofile-metrics/releases/tag/5.1.0-RC1[MicroProfile Metrics 5.1] -* link:https://github.com/eclipse/microprofile-health/releases/tag/4.0.1[MicroProfile Health 4.0] -* link:https://github.com/eclipse/microprofile-telemetry/releases/tag/1.1-RC1[MicroProfile Telemetry 1.1] -* link:https://github.com/eclipse/microprofile-open-api/releases/tag/3.1[MicroProfile OpenAPI 3.1] -* link:https://github.com/eclipse/microprofile-jwt-auth/releases/tag/2.1[MicroProfile JWT Authentication 2.1] -* link:https://github.com/eclipse/microprofile-rest-client/releases/tag/3.0.1[MicroProfile Rest Client 3.0] +* Support for deploying Spring Boot 3 applications to Liberty using the build plugins through Liberty's springBoot-3.0 feature +* Support for running the plugins using Java 21 -The following three specifications have minor updates, while the other five specifications remain unchanged: -* MicroProfile Metrics 5.1 +To use the new Maven plugin version, specify the 3.10 release in your Maven `pom.xm`l file. +For Gradle, specify the 3.8 release in your `build.gradle` file. -* MicroProfile Telemetry 1.1 +For more information about these plugins, see the following resources: -* MicroProfile Config 3.1 (mainly some TCK updates to ensure the tests run against either CDI 3.x or CDI 4.0 Lite) +* link:https://github.com/OpenLiberty/ci.maven/releases[Liberty Maven Plugin 3.10 release notes] +* link:https://github.com/OpenLiberty/ci.gradle/releases[Liberty Gradle Plugin 3.8 release notes] +For more information about Spring Boot support with the Liberty Maven plugin, see link:https://github.com/OpenLiberty/ci.maven/blob/main/docs/spring-boot-support.md[ci.maven: Spring Boot Support]. +For more information about Spring Boot support with the Liberty Gradle plugin, see link:https://github.com/OpenLiberty/ci.gradle/blob/main/docs/spring-boot-support.md[ci.gradle: Spring Boot Support]. -See the following sections for more details about each of these features and how to try them out. - - - -// ------ ------ - -2. Which Liberty feature(s) does your update relate to? - - Human-readable name (eg WebSockets feature): - - Short feature name (eg websockets-1.0): - - - - - -3. Who is the target persona? Who do you expect to use the update? eg application developer, operations. - - - - - -4. Provide a summary of the update, including the following points: - - - A sentence or two that introduces the update to someone new to the general technology/concept. - - - What was the problem before and how does your update make their life better? (Why should they care?) - - - Briefly explain how to make your update work. Include screenshots, diagrams, and/or code snippets, and provide a `server.xml` snippet. - - - Where can they find out more about this specific update (eg Open Liberty docs, Javadoc) and/or the wider technology? - - -// DO NOT MODIFY THIS LINE. - -// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // -// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/26994 -// Contact/Reviewer: Channyboy -// // // // // // // // -[#SUB_TAG_5] -== MicroProfile Metrics 5.1 for 23.0.0.12 -// The following excerpt for issue https://github.com/OpenLiberty/open-liberty/issues/26027 was found in 2023-09-26-23.0.0.10-beta.adoc. -// ------ ------ -// Contact/Reviewer: Channyboy -// // // // // // // // -[#mpmetrics] -=== MicroProfile Metrics 5.1: configure statistics tracked by Histogram and Timer metrics +// DO NOT MODIFY THIS LINE. - -MicroProfile Metrics 5.1 includes new MicroProfile Config properties that are used for configuring the statistics that the Histogram and Timer metrics track and output. In MicroProfile Metrics 5.0, the Histogram and Timer metrics only track and output the _max_ recorded value, the _sum_ of all values, the _count_ of the recorded values, and a static set of percentiles for the 50th, 75th, 95th, 98th, 99th, and 99.9th percentile. These values are emitted to the `/metrics` endpoint in Prometheus format. +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/27086 +// Contact/Reviewer: yeekangc +// // // // // // // // +[#lt] +== Liberty Tools 23.0.12 for Eclipse IDE, IntelliJ IDEA, and Visual Studio Code +Liberty Tools now support the latest available releases of Eclipse IDE, IntelliJ IDEA, and Visual Studio Code. Various issues and improvements are included too. +Update to the latest release of the Liberty Tools from the IDE you are working with or download the latest version from the marketplace of your IDE. -The new properties introduced in MicroProfile Metrics 5.1 allow you to define a custom set of percentiles as well as a custom set of histogram buckets for the Histogram and Timer metrics. There are also additional configuration properties for enabling a default set of histogram buckets, including properties for defining an upper and lower bound for the bucket set. +* Liberty Tools for Eclipse IDE - link:https://marketplace.eclipse.org/content/liberty-tools[Eclipse Marketplace] +* Liberty Tools for IntelliJ IDEA - link:https://plugins.jetbrains.com/plugin/14856-liberty-tools[JetBrains Marketplace] +* Liberty Tools for Visual Studio Code - link:https://marketplace.visualstudio.com/items?itemName=Open-Liberty.liberty-dev-vscode-ext[Visual Studio Marketplace] -The properties in the following table allow you to define a semicolon-separated list of value definitions using the syntax: +For more information, see the following release notes: +* link:https://github.com/OpenLiberty/liberty-tools-eclipse/releases[Release notes for Liberty Tools for Eclipse IDE] +* link:https://github.com/OpenLiberty/liberty-tools-intellij/releases[Release notes for Liberty Tools for IntelliJ IDEA] +* link:https://github.com/OpenLiberty/liberty-tools-vscode/releases[Release notes for Liberty Tools for Visual Studio Code] -[source] ----- -metric_name=value_1[,value_2…value_n] ----- +// DO NOT MODIFY THIS LINE. +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/27048 +// Contact/Reviewer: Zech-Hein +// // // // // // // // +// The following excerpt for issue https://github.com/OpenLiberty/open-liberty/issues/26138 was found in 2023-09-26-23.0.0.10-beta.adoc. +// ------ ------ +// Contact/Reviewer: Zech-Hein +// // // // // // // // +[#ltpa] +== Support LTPA keys rotation without a planned outage +Open Liberty can now automatically generate new primary LTPA keys files while continuing to use validation keys files to validate LTPA tokens. This update enables you to rotate LTPA keys without any disruption to the application’s user experience. Previously, application users had to log in to their applications again after the Liberty server LTPA keys were rotated, which is no longer necessary. -[%header,cols="1,1"] -|=== -| Property |Description -| mp.metrics.distribution.percentiles -a| - Defines a custom set of percentiles for matching Histogram and Timer metrics to track and output. -- Accepts a set of integer and decimal values for a metric name pairing. -- Can be used to disable percentile output if no value is provided with a metric name pairing. +Primary Keys are LTPA keys in the specified keys default `ltpa.keys` file. Primary keys are used both for generating new LTPA tokens and for validating LTPA tokens. There can only be one primary keys file per Liberty runtime. +Validation keys are LTPA keys in any `.keys` files other than the primary keys file. The validation keys are used only for validating LTPA tokens. They are not used for generating new LTPA tokens. All validation keys must be located in the same directory as the primary keys file. -| mp.metrics.distribution.histogram.buckets -a| - Defines a custom set of (cumulative) histogram buckets for matching Histogram metrics to track and output. -- Accepts a set of integer and decimal values for a metric name pairing. +There are 2 ways to enable LTPA keys rotation without a planned outage: monitoring the primary keys file directory or specifying the validation keys file. +=== Monitor the directory of the primary keys file for any new validation keys files. -| mp.metrics.distribution.timer.buckets -a| - Defines a custom set of (cumulative) histogram buckets for matching Timer metrics to track and output. - - Accepts a set of decimal values with a time unit appended (i.e., ms, s, m, h) for a metric name pairing. +Enable the `monitorValidationKeysDir` and `monitorInterval` attributes. For example, add the following configurations to the server.xml: +``` + +``` +The `monitorValidationKeysDir` attribute monitors the directory of the primary keys file for any `.keys` extension files. By default, this directory is `${server.config.dir}/resources/security/` but can be configured. The Open Liberty server loads these LTPA keys and uses them as validation keys. +Note that monitoring is only enabled when the `updateTrigger` is set to `polled` and the `monitorInterval` is set to a duration greater than 0. The default value of `updateTrigger` is `polled` and the default value of `monitorInterval` is `0`. -|mp.metrics.distribution.percentiles-histogram.enabled -a| - Configures any matching Histogram or Timer metric to provide a large set of default histogram buckets to allow for percentile configuration with a monitoring tool. -- Accepts a true/false value for a metric name pairing. +The `ltpa.keys` file can be renamed, for example, `validation1.keys` and then Liberty automatically regenerates a new `ltpa.keys` file with new primary keys that are used for all new LTPA tokens created. The keys in `validation1.keys` continue to be used for validating existing LTPA tokens. +When the `validation1.keys` are no longer needed, remove them by deleting the file or by setting `monitorValidationKeysDir` to false. It is recommended to remove unused validation keys as it can improve performance. -| mp.metrics.distribution.histogram.max-value -a| - When percentile-histogram is enabled for a Timer, this property defines a upper bound for the buckets reported. -- Accepts a single integer or decimal value for a metric name pairing. +=== Specify the validation keys file and optionally specify a date-time to stop using the validation keys. +1. Copy the primary keys file (`ltpa.keys`) to a validation keys file, for example `validation1.keys`. -| mp.metrics.distribution.histogram.min-value -a| - When percentile-histogram is enabled for a Timer, this property defines a lower bound for the buckets reported. -- Accepts a single integer or decimal value for a metric name pairing. +2. Modify the server configuration to use the validation keys file by specifying a `validationKeys` server configuration element inside the `ltpa` element. For example, add the following configuration to the `server.xml` file: +``` + + + +``` +The `validation1.keys` file can be removed from use at a specified date-time in the future with the optional `validUntilDate` attribute. It is recommended to use `validUntilDate` to ignore validation keys after a given period as it can improve performance. +The `fileName` and `password` attributes are required in the `validationKeys` element, but `validUntilDate` is optional. -|mp.metrics.distribution.timer.max-value -a| - When percentile-histogram is enabled for a Histogram, this property defines a upper bound for the buckets reported. -- Accepts a single decimal values with a time unit appended (i.e., ms, s, m, h) for a metric name pairing. +After the validation keys file is loaded from the server configuration update, the original primary keys file (`ltpa.keys`) can be deleted, which triggers new primary keys to be created while continuing to use `validation1.keys` for validation. -|mp.metrics.distribution.timer.min-value -a| - When percentile-histogram is enabled for a Histogram, this property defines a lower bound for the buckets reported. -- Accepts a single decimal value with a time unit appended (i.e., ms, s, m, h) for a metric name pairing. +Specifying validation keys in this way can be combined with enabling monitor directory to also use validation keys that are not specified in the `server.xml` configuration at the same time. For example: +``` + + + +``` -|=== +=== UpdateTrigger attribute added to LTPA element +LTPA keys files can be reloaded by the server if the `updateTrigger` attribute is set to `polled` or `mbean`. It is `polled` by default. If set to `polled`, then the server monitors the keys files for changes based on the rate set in the `monitorInterval` attribute. If the `updateTrigger` attribute is set to `mbean` then the server will reload the keys files when it receives notification from the `WebSphere:service=com.ibm.ws.kernel.filemonitor.FileNotificationMBean` MBean. For example: +``` + +``` +If `updateTrigger` is set to `disabled` then no file monitoring will occur. -Some properties can accept multiple values for a given metric name while some can only accept a single value. -You can use an asterisk (i.e., *) as a wild card at the end of the metric name. -For example, the `mp.metrics.distribution.percentiles` can be defined as: +For more information on `` server configuration options see link:https://openliberty.io/docs/latest/reference/config/ltpa.html[LTPA configuration docs]. -[source] ----- -mp.metrics.distribution.percentiles=alpha.timer=0.5,0.7,0.75,0.8;alpha.histogram=0.8,0.85,0.9,0.99;delta.*= ----- -This example creates the `alpha.timer` timer metric to track and output the 50th, 70th, 75th, and 80th percentile values. The `alpha.histogram` histogram metric outputs the 80th, 85th, 90th, and 99th percentiles values. Percentiles are disabled for any Histogram or Timer metric that matches with `delta.*` . +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/26970 +// Contact/Reviewer: kdcptkai31 +// // // // // // // // +[#auth] +== Liberty can send the resource parameter with an authorization request that uses the authorization code flow -We'll expand on the previous example and define histogram buckets for the `alpha.timer` timer metric using the `mp.metrics.distribution.timer.buckets` property: +Authorization requests can be made by using either the implicit flow or the authorization code flow. When requests use the implicit flow, all tokens are returned from the authorization endpoint and the token endpoint is not used. When requests use the authorization code flow, all tokens are returned from the token endpoint. +Previously, Liberty sent the resource parameter only during an implicit flow request. So if your request needed the resource parameter but could only use the authorization code flow, the request failed. This update enables the resource parameter to be sent with the authorization code flow. -[source,xml] ----- -mp.metrics.distribution.timer.buckets=alpha.timer=100ms,200ms,1s ----- +To make this update work, a check was removed that only sent the resource parameter during an implicit flow. The parameter is now sent for both flows. -This configuration tells the metrics runtime to track and output the count of durations that fall within 0-100ms, 0-200ms, and 0-1 seconds. These values are ranges because the histogram buckets work _cumulatively_ . +For more information, see this link:https://github.com/OpenLiberty/open-liberty/issues/23126[issue]. +// DO NOT MODIFY THIS LINE. -The corresponding Prometheus output for the `alpha.timer` metric at the `/metrics` REST endpoint is: +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/26969 +// Contact/Reviewer: kdcptkai31 +// // // // // // // // +[#oidc] +== Obtain the Role Information from the Access Token / OIDC Configuration -[source] ----- -# HELP alpha_timer_seconds_max -# TYPE alpha_timer_seconds_max gauge -alpha_timer_seconds_max{scope="application",} 5.633 -# HELP alpha_timer_seconds -# TYPE alpha_timer_seconds histogram <1> -alpha_timer_seconds{scope="application",quantile="0.5",} 0.67108864 -alpha_timer_seconds{scope="application",quantile="0.7",} 5.603590144 -alpha_timer_seconds{scope="application",quantile="0.75",} 5.603590144 -alpha_timer_seconds{scope="application",quantile="0.8",} 5.603590144 -alpha_timer_seconds_bucket{scope="application",le="0.1",} 0.0 <2> -alpha_timer_seconds_bucket{scope="application",le="0.2",} 0.0 <2> -alpha_timer_seconds_bucket{scope="application",le="1.0",} 1.0 <2> -alpha_timer_seconds_bucket{scope="application",le="+Inf",} 2.0 <2><3> -alpha_timer_seconds_count{scope="application",} 2.0 -alpha_timer_seconds_sum{scope="application",} 6.333 ----- +For authentication and authorization, a token is a digital object that contains information about the identity of the principal that made the request and what kind of access they are authorized for. Generally, these tokens fall into one of two types: access tokens or ID tokens. -<1> The Prometheus metric type is `histogram`. Both the quantiles or percentiles and buckets are represented under this type. -<2> The `le` tag represents _less than_ and is for the defined buckets, which are converted to seconds. -<3> Prometheus requires a `+Inf` bucket, which counts all hits. +ID tokens are JSON Web Tokens that conform to the OpenID Connect specification. Previously, user role information could be obtained only from this ID token. If role information was not provided within the ID token, then the information was not found. This update provides checks to attempt to obtain role information from the Access Token if it is not found within the ID token. -For more information about MicroProfile Metrics, see: + - Briefly explain how to make your update work. Include screenshots, diagrams, and/or code snippets, and provide a `server.xml` snippet. -* link:https://github.com/eclipse/microprofile-telemetry[MicroProfile Metrics repo] -* link:{url-prefix}/docs/latest/introduction-monitoring-metrics.html[Monitoring with metrics docs] - - -// ------ ------ - -2. Which Liberty feature(s) does your update relate to? - - Human-readable name (eg WebSockets feature): `MicroProfile Metrics 5.1 feature` - - Short feature name (eg websockets-1.0): `mpMetrics-5.1` - - - - - -3. Who is the target persona? Who do you expect to use the update? eg application developer, operations. - - Application developer and operations (whomever will deploy the application) - - - -4. Provide a summary of the update, including the following points: - -## **!Use the same content as BETA blog, but add to the end the below section** -``` ----- -Additionally, the `@RegistryScope` annotation is now a CDI qualifier. -``` -!link:https://github.com/OpenLiberty/open-liberty/assets/2858176/e3a58f42-311e-49aa-9fe3-078bf31c1bf3[image] - - -// DO NOT MODIFY THIS LINE. - -// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // -// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/26970 -// Contact/Reviewer: kdcptkai31 -// // // // // // // // -[#SUB_TAG_6] -== Liberty to send the resource parameter during the Authorization request for the Authorization Code Flow - -2. Which Liberty feature(s) does your update relate to? - - Human-readable name (eg WebSockets feature): - - OpenIDConnectClient feature - - Short feature name (eg websockets-1.0): - - openidConnectClient-1.0 - - - - -3. Who is the target persona? Who do you expect to use the update? eg application developer, operations. - - operations - - - - -4. Provide a summary of the update, including the following points: - - - A sentence or two that introduces the update to someone new to the general technology/concept. - -Authorization requests can be done using wither the Implicit Flow or the Authorization Code flow. When using the Implicit Flow, all tokens are returned from the Authorization Endpoint; the Token Endpoint is not used. When using the Authorization Code Flow, all tokens are returned from the Token Endpoint. - - - What was the problem before and how does your update make their life better? (Why should they care?) - - Before, Liberty would only send the resource parameter during an Implicit Flow request. So if one would require the resource parameter and could only use the Authorization Code Flow, this action would fail. This update sends the resource parameter additionally for the Authorization Code Flow. - - - Briefly explain how to make your update work. Include screenshots, diagrams, and/or code snippets, and provide a `server.xml` snippet. - -To make this update work, a check was removed that only sent the resource parameter during an Implicit Flow. If now sends it for both flows. - - - Where can they find out more about this specific update (eg Open Liberty docs, Javadoc) and/or the wider technology? - Here is the link:https://github.com/OpenLiberty/open-liberty/issues/23126[issue] for reference. - -// DO NOT MODIFY THIS LINE. - -// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // -// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/26969 -// Contact/Reviewer: kdcptkai31 -// // // // // // // // -[#SUB_TAG_7] -== Obtain the Role Information from the Access Token / OIDC Configuration - -2. Which Liberty feature(s) does your update relate to? - - Human-readable name (eg WebSockets feature): - - OpenIDConnectClient feature - - Short feature name (eg websockets-1.0): - - openidConnectClient-1.0 - - - - -3. Who is the target persona? Who do you expect to use the update? eg application developer, operations. - - operations - - - - -4. Provide a summary of the update, including the following points: - - - A sentence or two that introduces the update to someone new to the general technology/concept. - For authentication and authorization, a token is a digital object that contains information about the identity of the principal making the request and what kind of access they are authorized for. There are two types of tokens usually; access tokens and ID tokens. - - - - - What was the problem before and how does your update make their life better? (Why should they care?) - -ID tokens are JSON Web Tokens that conform to the OpenID Connect specification. Currently, user role information can only be obtained from this ID token. If role information was not provided within the ID token, then the information would not be found. This feature provides checks to attempt to obtain role information from Access Token if it is not found within the ID token. - - - Briefly explain how to make your update work. Include screenshots, diagrams, and/or code snippets, and provide a `server.xml` snippet. - -A check was added to attempt to get the role information from access token, if it was not found within the ID token. - -server.xml snippet - - - - Where can they find out more about this specific update (eg Open Liberty docs, Javadoc) and/or the wider technology? - Here is the link:https://github.com/OpenLiberty/open-liberty/issues/25460[issue] for reference. - Here is more information about the link:https://auth0.com/docs/authenticate/protocols/openid-connect-protocol[OIDC protocol]. - - -// DO NOT MODIFY THIS LINE. - -// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // -// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/26945 -// Contact/Reviewer: yasmin-aumeeruddy -// // // // // // // // -[#SUB_TAG_8] -== Microprofile Telemetry 1.1 - -2. Which Liberty feature(s) does your update relate to? - - Human-readable name (eg WebSockets feature): - - Short feature name (eg websockets-1.0): - - - - - -3. Who is the target persona? Who do you expect to use the update? eg application developer, operations. - - Application Developers - - - - -4. Provide a summary of the update, including the following points: - -MicroProfile Telemetry 1.1 provides developers with the latest Open Telemetry technology as the feature now consumes OpenTelemetry-1.29.0 which has been updated from 1.19.0. Consequently, a lot of the dependencies are now stable. - -The feature is compatible with Java EE 7 with MicroProfile 1.4, Java EE 8 with MicroProfile 4.1, Jakarta EE 9 with MicroProfile 5.0 and Jakarta EE 10 with MicroProfile 6.1. - -``` - - mpTelemetry-1.1 - -``` - -Additionally, third-party APIs must be made visible for your application in the server.xml: -``` - - - - -``` - -For more information about MicroProfile Telemetry, see the following links: - -https://github.com/eclipse/microprofile-telemetry -https://github.com/open-telemetry/opentelemetry-specification/blob/v1.20.0/specification/trace/api.md -https://openliberty.io/docs/latest/docs/latest/microprofile-telemetry.html - - -// DO NOT MODIFY THIS LINE. - -// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // -// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/26699 -// Contact/Reviewer: fmhwong -// // // // // // // // -[#SUB_TAG_9] -== HTTP Request Tracing - -2. Which Liberty feature(s) does your update relate to? https://github.com/OpenLiberty/open-liberty/issues/24379 - - Human-readable name (eg WebSockets feature): HTTP request tracing with MicroProfile Telemetry - - Short feature name (eg websockets-1.0): mpTelemetry-1.0/1.1 - - - - - -3. Who is the target persona? Who do you expect to use the update? eg application developer, operations. - - - - developers, operations - -4. Provide a summary of the update, including the following points: - - - A sentence or two that introduces the update to someone new to the general technology/concept. - MicroProfile Telemetry feature provides automatic distributed tracing on Jakarta RESTful web service (aka JAX-RS) applications. Traces and spans can be observed using various tracing backend systems. Additional spans can be created by instrumenting the application with OpenTelemetry APIs. - - - What was the problem before and how does your update make their life better? (Why should they care?) - In OpenLiberty 23.0.0.11, MicroProfile Telemetry 1.0 feature has been enhanced to automatically trace incoming HTTP requests (static files, servlets and JSPs). This enhancement is also available to the beta feature MicroProfile Telemetry 1.1. - - - Briefly explain how to make your update work. Include screenshots, diagrams, and/or code snippets, and provide a `server.xml` snippet. - No change in configuration is needed. - - - Where can they find out more about this specific update (eg Open Liberty docs, Javadoc) and/or the wider technology? - - -// DO NOT MODIFY THIS LINE. - - -For more details, check the LINK[LINK_DESCRIPTION]. +A check was added to attempt to get the role information from access token, if it was not found within the ID token. You can enable this check by setting the `tokensOrderToFetchCallerClaims` attribute to `AccessToken IDToken Userinfo`, as shown in the following `sever.xml` file example: -// // // // // // // // -// In the preceding section: -// Replace TAG_X/SUB_TAG_X with the given tag of your secton from the contents list -// Replace SUB_FEATURE_TITLE/FEATURE_X_TITLE with the given title from the contents list -// Replace FEATURE with the feature name for the server.xml file e.g. mpHealth-1.4 -// Replace LINK with the link for extra information given for the feature -// Replace LINK_DESCRIPTION with a readable description of the information -// // // // // // // // +[source,xml] +---- + +---- + +For more information, see xref:/docs/latest/reference/feature/openidConnectClient-1.0.html#access-token[Check the access token for user and group information]. [#CVEs] == Security vulnerability (CVE) fixes in this release @@ -942,135 +459,57 @@ For more details, check the LINK[LINK_DESCRIPTION]. |=== |CVE |CVSS Score |Vulnerability Assessment |Versions Affected |Notes -|Link[CVE-XXXX-XXXXX] -|Score -|vulnerability -|Affected versions -|Affected Features and other notes +|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487[CVE-2023-44487] +|7.5 +|Denial of service +|18.0.0.2 - 23.0.0.11 +|Affects the link:{url-prefix}/docs/latest/reference/feature/servlet-3.1.html[servlet-3.0], link:{url-prefix}/docs/latest/reference/feature/servlet-4.0.html[servlet-4.0], link:{url-prefix}/docs/latest/reference/feature/servlet-5.0.html[servlet-5.0] and link:{url-prefix}/docs/latest/reference/feature/servlet-6.0.html[servlet-6.0] features |=== -// // // // // // // // -// In the preceding section: -// If there were any CVEs addressed in this release, fill out the table. For the information, reference https://github.com/OpenLiberty/docs/blob/draft/modules/ROOT/pages/security-vulnerabilities.adoc. If it has not been updated for this release, reach out to Kristen Clarke or Michal Broz. -// Note: When linking to features, use the -// `link:{url-prefix}/docs/latest/reference/feature/someFeature-1.0.html[Some Feature 1.0]` format and -// NOT what security-vulnerabilities.adoc does (feature:someFeature-1.0[]) -// -// If there are no CVEs fixed in this release, replace the table with: -// "There are no security vulnerability fixes in Open Liberty [23.0.0.12]." -// // // // // // // // -For a list of past security vulnerability fixes, reference the link:{url-prefix}/docs/latest/security-vulnerabilities.html[Security vulnerability (CVE) list]. +For a list of past security vulnerability fixes, reference the link:{url-prefix}/docs/latest/security-vulnerabilities.html[Security vulnerability (CVE) list]. -[#bugs] -== Notable bugs fixed in this release - - -We’ve spent some time fixing bugs. The following sections describe just some of the issues resolved in this release. If you’re interested, here’s the link:https://github.com/OpenLiberty/open-liberty/issues?q=label%3Arelease%3A230012+label%3A%22release+bug%22[full list of bugs fixed in 23.0.0.12]. - -* link:https://github.com/OpenLiberty/open-liberty/issues/26963[IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2023-44487 CVSS 7.5)] -+ - -* link:https://github.com/OpenLiberty/open-liberty/issues/26943[NO_USER_REGISTRY message is not output properly] -+ -NO_USER_REGISTRY message is not output properly. It should be a descriptive message, output in the appropriate localized language. -``` -[ERROR ] NO_USER_REGISTRY - defaultOrb - 10 -``` - -* link:https://github.com/OpenLiberty/open-liberty/issues/26942[Liberty startup script does not resolve symbolic link to bin directory] -+ - -* link:https://github.com/OpenLiberty/open-liberty/issues/26911[Registered RestClientBuilderListeners are not called for injected rest client instances for MP Rest Client 1.x and 2.x] -+ - -Since MP Rest Client 1.1 Applications can [register a `RestClientBuilderListener`][javadoc] by implementing the interface and creating a services file. Registered classes should be instantiated and called every time a new `RestClientBuilder` is created so that they can apply global configurations to all rest client instances. -+ -However, the liberty `mpRestClient-1.x` and `mpRestClient-2.x` features do not call registered `RestClientBuilderListener`s for rest clients which are injected via CDI. This seems like a bug given that `RestClientBuilderListener` is, according to its docs, intended for global providers. - -* link:https://github.com/OpenLiberty/open-liberty/issues/26893[Space in value of -D option in jvm.options breaks server package command] -+ -If jvm.options has a -D option where the value contains a space, the server package command does not work. -+ - -* link:https://github.com/OpenLiberty/open-liberty/issues/26846[JAX-WS: After upgrade to WLP 23.0.0.9 SOAP client generates a SOAP header part in the SOAP body] -+ -From 23.0.0.9, a part that belongs in the SOAP header is generated as part of the SOAP body. This can affect both Requests or Responses. -+ -23.0.0.8: -``` - - - ... - - - ... - - -``` -23.0.0.9: - After Upgrade - -``` - - - - - ... - ... - - -``` - -* link:https://github.com/OpenLiberty/open-liberty/issues/26818[Processing dir files alphabetically does not match configDropins behavior] -+ - -* link:https://github.com/OpenLiberty/open-liberty/issues/26809[Lease timestamp not updated for home server when recoveryGroups and tran logs in a database is configured and database outage > couple of seconds occurs] -+ -When using a transaction recoveryGroup with the recovery logs in a database, if a database outage occurs, the server's lease renewal process's retry mechanism for its own lease does not perform apply the correct retry algorithm , using instead a lightweight retry mechanism thath gives up after a couple of seconds. If that mechanism fails then the app server no longer updates its lease timestamp and other app servers in the recovery group will attempt peer recovery. That peer recovery attempt will fail, because the logs heart beat timestamp will be current (that uses a different/the correct retry algoritm). -+ - -* link:https://github.com/OpenLiberty/open-liberty/issues/26722[Microprofile Rest Client (CDI): mpConfig property "proxyAddress" not respected] -+ - -* link:https://github.com/OpenLiberty/open-liberty/issues/26655[OpenAPI UI required fields have an extra  character] -+ -Run the Liberty OpenAPI guide with Open Liberty 23.0.0.10. The required fields in the OpenAPI UI have an extra `Â` character appended the end of the required field name. -+ -![Screenshot 2023-10-18 at 3 16 37 PM](https://github.com/OpenLiberty/open-liberty/assets/22381072/4a5c7b2b-050a-4aa2-83a6-dc66bbfc52f3) -+ -If there is a stack trace, please include the FULL stack trace (without any `[internal classes]` lines in it). To find the full stack trace, you may need to check in `$WLP_OUTPUT_DIR/messages.log` - -* link:https://github.com/OpenLiberty/open-liberty/issues/25467[A better error for the NullPointer we get if WithSpan is on the class level] -+ +[#run] +== Develop and run your apps using 23.0.0.12 +If you're using link:{url-prefix}/guides/maven-intro.html[Maven], include the following in your `pom.xml` file: -// // // // // // // // -// In the preceding section: -// For this section ask either Michal Broz or Tom Evans or the #openliberty-release-blog channel for Notable bug fixes in this release. -// Present them as a list in the order as provided, linking to the issue and providing a short description of the bug and the resolution. -// If the issue on Github is missing any information, leave a comment in the issue along the lines of: -// "@[issue_owner(s)] please update the description of this `release bug` using the [bug report template](https://github.com/OpenLiberty/open-liberty/issues/new?assignees=&labels=release+bug&template=bug_report.md&title=)" -// Feel free to message the owner(s) directly as well, especially if no action has been taken by them. -// For inspiration about how to write this section look at previous blogs e.g- 20.0.0.10 or 21.0.0.12 (https://openliberty.io/blog/2021/11/26/jakarta-ee-9.1.html#bugs) -// // // // // // // // +[source,xml] +---- + + io.openliberty.tools + liberty-maven-plugin + 3.10 + +---- +Or for link:{url-prefix}/guides/gradle-intro.html[Gradle], include the following in your `build.gradle` file: +[source,gradle] +---- +buildscript { + repositories { + mavenCentral() + } + dependencies { + classpath 'io.openliberty.tools:liberty-gradle-plugin:3.8' + } +} +apply plugin: 'liberty' +---- // // // // // // // // -// If there were updates to guides since last release, keep the following, otherwise remove section. -// Check with Gilbert Kwan, otherwise Michal Broz or YK Chang +// In the preceding section: +// Replace the Maven `3.8.2` with the latest version of the plugin: https://search.maven.org/artifact/io.openliberty.tools/liberty-maven-plugin +// Replace the Gradle `3.6.2` with the latest version of the plugin: https://search.maven.org/artifact/io.openliberty.tools/liberty-gradle-plugin +// TODO: Update GHA to automatically do the above. If the maven.org is problematic, then could fallback to using the GH Releases for the plugins // // // // // // // // -[#guides] -== New and updated guides since the previous release -As Open Liberty features and functionality continue to grow, we continue to add link:https://openliberty.io/guides/?search=new&key=tag[new guides to openliberty.io] on those topics to make their adoption as easy as possible. Existing guides also receive updates to address any reported bugs/issues, keep their content current, and expand what their topic covers. -// // // // // // // // -// In the following section, list any new guides, or changes/updates to existing guides. -// The following is an example of how the list can be structured (similar to the bugs section): -// * link:{url-prefix}/guides/[new/updated guide].html[Guide Title] -// ** Description of the guide or the changes made to the guide. -// // // // // // // // +Or if you're using link:{url-prefix}/docs/latest/container-images.html[container images]: +[source] +---- +FROM icr.io/appcafe/open-liberty +---- -== Get Open Liberty 23.0.0.12 now +Or take a look at our link:{url-prefix}/start/[Downloads page]. -Available through <>. +If you're using link:https://plugins.jetbrains.com/plugin/14856-liberty-tools[IntelliJ IDEA], link:https://marketplace.visualstudio.com/items?itemName=Open-Liberty.liberty-dev-vscode-ext[Visual Studio Code] or link:https://marketplace.eclipse.org/content/liberty-tools[Eclipse IDE], you can also take advantage of our open source link:https://openliberty.io/docs/latest/develop-liberty-tools.html[Liberty developer tools] to enable effective development, testing, debugging and application management all from within your IDE. From 3b4f06b6c740ffbb218b004e1d7905064c59cb5d Mon Sep 17 00:00:00 2001 From: David Mueller Date: Fri, 8 Dec 2023 11:01:36 -0500 Subject: [PATCH 03/20] edits --- posts/2023-12-12-23.0.0.12.adoc | 220 +++++++++++++++++--------------- 1 file changed, 118 insertions(+), 102 deletions(-) diff --git a/posts/2023-12-12-23.0.0.12.adoc b/posts/2023-12-12-23.0.0.12.adoc index 4950760ec..cdaa75b5b 100644 --- a/posts/2023-12-12-23.0.0.12.adoc +++ b/posts/2023-12-12-23.0.0.12.adoc @@ -6,8 +6,8 @@ categories: blog author_picture: https://avatars3.githubusercontent.com/dmuelle author_github: https://github.com/dmuelle seo-title: MicroProfile 6.1, Liberty Tools updates, and more in Open Liberty 23.0.0.12 - OpenLiberty.io -seo-description: Open Liberty 23.0.0.12 introduces MicroProfile 6.1, a minor release with updates for MicroProfile Config, MicroProfile Metrics and MicroProfile Telemetry. This release also coincides with new versions of the Liberty Maven and Gradle plugins, and includes enhancements for HTTP request tracing, LTPA key management, and more. -blog_description: Open Liberty 23.0.0.12 introduces MicroProfile 6.1, a minor release with updates for MicroProfile Config, MicroProfile Metrics and MicroProfile Telemetry. This release also coincides with new versions of the Liberty Maven and Gradle plugins, and includes enhancements for HTTP request tracing, LTPA key management, and more. +seo-description: Open Liberty 23.0.0.12 introduces MicroProfile 6.1, a minor release with updates for MicroProfile Metrics and MicroProfile Telemetry. This release also coincides with new versions of the Liberty Maven and Gradle plug-ins, and includes enhancements for OpenID Connect, LTPA key management, and more. +blog_description: Open Liberty 23.0.0.12 introduces MicroProfile 6.1, a minor release with updates for MicroProfile Metrics and MicroProfile Telemetry. This release also coincides with new versions of the Liberty Maven and Gradle plug-ins, and includes enhancements for OpenID Connect, LTPA key management, and more. open-graph-image: https://openliberty.io/img/twitter_card.jpg open-graph-image-alt: Open Liberty Logo --- @@ -18,20 +18,21 @@ David Mueller :url-about: / //Blank line here is necessary before starting the body of the post. -Open Liberty 23.0.0.12 introduces MicroProfile 6.1, a minor release with updates for MicroProfile Metrics and MicroProfile Telemetry. This release also coincides with new versions of Liberty Tools and the Liberty Maven and Gradle plugins, and includes enhancements for HTTP request tracing, LTPA key management, and more. +Open Liberty 23.0.0.12 introduces MicroProfile 6.1, a minor release with updates for MicroProfile Metrics and MicroProfile Telemetry. This release also coincides with new versions of Liberty Tools and the Liberty Maven and Gradle plug-ins, and includes enhancements for OpenID Connect, LTPA key management, and more. In link:{url-about}[Open Liberty] 23.0.0.12: * <> - ** <> + ** <> ** <> + ** <> * <> -* <> +* <> * <> * <> -* <> -* <> -* <> +* <> +* <> +* <> @@ -53,7 +54,7 @@ image::img/blog/blog_btn_stack.svg[Ask a question on Stack Overflow, align="cent [#mp61] == MicroProfile 6.1 support -MicroProfile 6.1 is a minor release and is backwards-compatible with MicroProfile 6.0. It brings in Jakarta EE 10 Core Profile APIs and the following MicroProfile component specifications: +MicroProfile 6.1 is a minor release and is compatible with MicroProfile 6.0. It brings in Jakarta EE 10 Core Profile APIs and the following MicroProfile component specifications: * link:https://jakarta.ee/specifications/coreprofile/10/[Jakarta EE 10 Core Profile] * link:https://github.com/eclipse/microprofile-config/releases/tag/3.1-RC1[MicroProfile Config 3.1] @@ -77,17 +78,13 @@ The following three specifications have minor updates, while the other five spec See the following sections for more details about each of these features and how to try them out. [#mpm51] +=== Configure statistics that are tracked by histogram and timer metrics with MicroProfile Metrics 5.1 -[#mpmetrics] -=== Configure statistics tracked by Histogram and Timer metrics with MicroProfile Metrics 5.1 +MicroProfile Metrics 5.1 includes new MicroProfile Config properties to configure the statistics that the histogram and timer metrics track and output. In MicroProfile Metrics 5.0, the histogram and timer metrics track and output only the _max_ recorded value, the _sum_ of all values, the _count_ of the recorded values, and a static set of the 50th, 75th, 95th, 98th, 99th, and 99.9th percentiles. These values are emitted to the `/metrics` endpoint in Prometheus format. -MicroProfile Metrics 5.1 includes new MicroProfile Config properties that are used for configuring the statistics that the Histogram and Timer metrics track and output. In MicroProfile Metrics 5.0, the Histogram and Timer metrics only track and output the _max_ recorded value, the _sum_ of all values, the _count_ of the recorded values, and a static set of percentiles for the 50th, 75th, 95th, 98th, 99th, and 99.9th percentile. These values are emitted to the `/metrics` endpoint in Prometheus format. +The properties that are introduced in MicroProfile Metrics 5.1 can define a custom set of percentiles and a custom set of histogram buckets for the histogram and timer metrics. Configuration properties are also included to enable a default set of histogram buckets, including properties for defining an upper and lower bound for the bucket set. - - -The new properties introduced in MicroProfile Metrics 5.1 allow you to define a custom set of percentiles as well as a custom set of histogram buckets for the Histogram and Timer metrics. There are also additional configuration properties for enabling a default set of histogram buckets, including properties for defining an upper and lower bound for the bucket set. - -The properties in the following table allow you to define a semicolon-separated list of value definitions using the syntax: +The properties in the following table can define a semicolon-separated list of value definitions by using the following syntax: [source] @@ -99,48 +96,48 @@ metric_name=value_1[,value_2…value_n] |=== | Property |Description | mp.metrics.distribution.percentiles -a| - Defines a custom set of percentiles for matching Histogram and Timer metrics to track and output. +a| - Defines a custom set of percentiles for matching histogram and timer metrics to track and output. - Accepts a set of integer and decimal values for a metric name pairing. - Can be used to disable percentile output if no value is provided with a metric name pairing. | mp.metrics.distribution.histogram.buckets -a| - Defines a custom set of (cumulative) histogram buckets for matching Histogram metrics to track and output. +a| - Defines a custom set of (cumulative) histogram buckets for matching histogram metrics to track and output. - Accepts a set of integer and decimal values for a metric name pairing. | mp.metrics.distribution.timer.buckets -a| - Defines a custom set of (cumulative) histogram buckets for matching Timer metrics to track and output. - - Accepts a set of decimal values with a time unit appended (i.e., ms, s, m, h) for a metric name pairing. +a| - Defines a custom set of (cumulative) histogram buckets for matching timer metrics to track and output. + - Accepts a set of decimal values with a time unit appended (such as, ms, s, m, h) for a metric name pairing. |mp.metrics.distribution.percentiles-histogram.enabled -a| - Configures any matching Histogram or Timer metric to provide a large set of default histogram buckets to allow for percentile configuration with a monitoring tool. +a| - Configures any matching histogram or timer metric to provide a large set of default histogram buckets to allow for percentile configuration with a monitoring tool. - Accepts a true/false value for a metric name pairing. | mp.metrics.distribution.histogram.max-value -a| - When percentile-histogram is enabled for a Timer, this property defines a upper bound for the buckets reported. +a| - When percentile-histogram is enabled for a timer, this property defines an upper bound for the buckets reported. - Accepts a single integer or decimal value for a metric name pairing. | mp.metrics.distribution.histogram.min-value -a| - When percentile-histogram is enabled for a Timer, this property defines a lower bound for the buckets reported. +a| - When percentile-histogram is enabled for a timer, this property defines a lower bound for the buckets reported. - Accepts a single integer or decimal value for a metric name pairing. |mp.metrics.distribution.timer.max-value -a| - When percentile-histogram is enabled for a Histogram, this property defines a upper bound for the buckets reported. -- Accepts a single decimal values with a time unit appended (i.e., ms, s, m, h) for a metric name pairing. +a| - When percentile-histogram is enabled for a histogram, this property defines an upper bound for the buckets reported. +- Accepts a single decimal value with a time unit appended (such as ms, s, m, h) for a metric name pairing. |mp.metrics.distribution.timer.min-value -a| - When percentile-histogram is enabled for a Histogram, this property defines a lower bound for the buckets reported. -- Accepts a single decimal value with a time unit appended (i.e., ms, s, m, h) for a metric name pairing. +a| - When percentile-histogram is enabled for a histogram, this property defines a lower bound for the buckets reported. +- Accepts a single decimal value with a time unit appended (such as ms, s, m, h) for a metric name pairing. |=== Some properties can accept multiple values for a given metric name while some can only accept a single value. -You can use an asterisk (i.e., *) as a wild card at the end of the metric name. +You can use an asterisk (such as *) as a wildcard at the end of the metric name. For example, the `mp.metrics.distribution.percentiles` can be defined as: [source] @@ -148,10 +145,10 @@ For example, the `mp.metrics.distribution.percentiles` can be defined as: mp.metrics.distribution.percentiles=alpha.timer=0.5,0.7,0.75,0.8;alpha.histogram=0.8,0.85,0.9,0.99;delta.*= ---- -This example creates the `alpha.timer` timer metric to track and output the 50th, 70th, 75th, and 80th percentile values. The `alpha.histogram` histogram metric outputs the 80th, 85th, 90th, and 99th percentiles values. Percentiles are disabled for any Histogram or Timer metric that matches with `delta.*` . +This example creates the `alpha.timer` timer metric to track and output the 50th, 70th, 75th, and 80th percentile values. The `alpha.histogram` histogram metric outputs the 80th, 85th, 90th, and 99th percentile values. Percentiles are disabled for any histogram or timer metric that matches with `delta.*` . -We'll expand on the previous example and define histogram buckets for the `alpha.timer` timer metric using the `mp.metrics.distribution.timer.buckets` property: +The following example expands on the previous example to define histogram buckets for the `alpha.timer` timer metric by using the `mp.metrics.distribution.timer.buckets` property: [source,xml] @@ -159,7 +156,7 @@ We'll expand on the previous example and define histogram buckets for the `alpha mp.metrics.distribution.timer.buckets=alpha.timer=100ms,200ms,1s ---- -This configuration tells the metrics runtime to track and output the count of durations that fall within 0-100ms, 0-200ms, and 0-1 seconds. These values are ranges because the histogram buckets work _cumulatively_ . +This configuration tells the metrics runtime to track and output the count of durations that fall within 0-100ms, 0-200ms, and 0-1 seconds. These values are ranges because the histogram buckets work _cumulatively. The corresponding Prometheus output for the `alpha.timer` metric at the `/metrics` REST endpoint is: @@ -192,7 +189,7 @@ Additionally, the `@RegistryScope` annotation is now a CDI qualifier. For more information about MicroProfile Metrics, see: * link:https://github.com/eclipse/microprofile-telemetry[MicroProfile Metrics repo] -* link:{url-prefix}/docs/latest/introduction-monitoring-metrics.html[Monitoring with metrics docs] +* link:{url-prefix}/docs/latest/introduction-monitoring-metrics.html[Monitoring with metrics documentation] // DO NOT MODIFY THIS LINE. @@ -203,31 +200,42 @@ For more information about MicroProfile Metrics, see: [#mpt11] === Expanded Java EE and Jakarta EE support in MicroProfile Telemetry 1.1 -MicroProfile Telemetry 1.1 provides you with the latest Open Telemetry technology as the feature now consumes OpenTelemetry-1.29.0, updated from 1.19.0. Consequently, a lot of the dependencies are now stable. +MicroProfile Telemetry 1.1 provides you with the latest Open Telemetry technology as the feature now consumes OpenTelemetry-1.29.0, which is updated from 1.19.0. Therefore, many of the dependencies are now stable. -The feature is compatible with Java EE 7 paired with MicroProfile 1.4, Java EE 8 paired with MicroProfile 4.1, Jakarta EE 9 paired with MicroProfile 5.0 and Jakarta EE 10 paired with MicroProfile 6.1. +The feature is compatible with the following programming model combinations: +* Java EE 7 paired with MicroProfile 1.4 +* Java EE 8 paired with MicroProfile 4.1 +* Jakarta EE 9 paired with MicroProfile 5.0 +* Jakarta EE 10 paired with MicroProfile 6.1. -``` +To enable this feature, add the following feature definition to your `server.xml` file: + +[source,xml] +---- mpTelemetry-1.1 -``` +---- + +Also, you must make third-party APIs visible for your application in the `server.xml` file: -Also, third-party APIs must be made visible for your application in the server.xml: -``` +[source,xml] +---- -``` +---- -Also in Open Liberty 23.0.0.12, the MicroProfile Telemetry 1.0 and 1.1 features are enhanced to automatically trace incoming HTTP requests (static files, servlets and JSPs). +[#trace] +=== Trace incoming HTTP requests with MicroProfile Telemetry 1.0 and 1.1 +Also in Open Liberty 23.0.0.12, the MicroProfile Telemetry 1.0 and 1.1 features are enhanced to automatically trace incoming HTTP requests (static files, servlets, and JSPs). For more information about MicroProfile Telemetry, see the following links: -https://github.com/eclipse/microprofile-telemetry -https://github.com/open-telemetry/opentelemetry-specification/blob/v1.20.0/specification/trace/api.md -https://openliberty.io/docs/latest/docs/latest/microprofile-telemetry.html +* link:https://github.com/eclipse/microprofile-telemetry +https://github.com/open-telemetry/opentelemetry-specification/blob/v1.20.0/specification/trace/api.md[Tracing API] +https://openliberty.io/docs/latest/docs/latest/microprofile-telemetry.html[Enable distributed tracing with MicroProfile Telemetry]. // DO NOT MODIFY THIS LINE. @@ -244,9 +252,9 @@ https://openliberty.io/docs/latest/docs/latest/microprofile-telemetry.html [#mpoa] == MicroProfile OpenAPI 3.1: OpenAPI doc endpoint path configuration -MicroProfile OpenAPI generates and serves OpenAPI documentation for JAX-RS applications that are deployed to the Open Liberty server. The OpenAPI documentation is served from `/openapi` and a user interface for browsing this documentation is served from `/openapi/ui`. +MicroProfile OpenAPI generates and serves OpenAPI documentation for JAX-RS applications that are deployed to the Open Liberty server. The OpenAPI documentation is served from the `/openapi` endpoint and a user interface for browsing this documentation is served from the `/openapi/ui`endpoint. -With MicroProfile OpenAPI 3.1, you can configure the paths for these endpoints by adding configuration to your `server.xml`. For example: +With MicroProfile OpenAPI 3.1, you can configure the paths for these endpoints by adding configuration to your `server.xml`, as shown in the following example: [source,xml] ---- @@ -256,7 +264,7 @@ With MicroProfile OpenAPI 3.1, you can configure the paths for these endpoints b When you set this configuration on a local test server, you can then access the OpenAPI document at `localhost:9080/my/openapi/doc/path` and the UI at `localhost:9080/docsUi`. -This is particularly useful if you want to expose the OpenAPI documentation through a Kubernetes ingress which routes requests to different services based on the path. For example, with this ingress configuration: +This configuration is particularly useful if you want to expose the OpenAPI documentation through a Kubernetes ingress that routes requests to different services based on the path. For example, with this ingress configuration: [source,yaml] ---- @@ -278,14 +286,14 @@ rules: number: 9080 ---- -You could use the following `server.xml` configuration to ensure that the OpenAPI UI is available at `/appA/openapi/ui`: +You might use the following `server.xml` configuration to ensure that the OpenAPI UI is available at `/appA/openapi/ui`: [source,xml] ---- ---- -When `uiPath` is not set, it defaults to the value of `docPath` with `/ui` appended. +When `uiPath` is not set, it defaults to the value of `docPath` with `/ui` appended. For more information about MicroProfile OpenAPI, see: @@ -301,24 +309,24 @@ For more information about MicroProfile OpenAPI, see: // Contact/Reviewer: yeekangc // // // // // // // // [#maven] -== Liberty Maven Plugin 3.10 and Liberty Gradle Plugin 3.8 +== Liberty Maven plug-in 3.10 and Liberty Gradle plug-in 3.8 -New releases for Liberty Maven and Gradle plugins are now available. The following notable new features are included: +New releases for Liberty Maven and Gradle plug-ins are now available. The following notable new features are included: -* Support for deploying Spring Boot 3 applications to Liberty using the build plugins through Liberty's springBoot-3.0 feature -* Support for running the plugins using Java 21 +* Support for deploying Spring Boot 3 applications to Liberty by using the build plug-ins through Liberty's springBoot-3.0 feature +* Support for running the plug-ins with Java 21 -To use the new Maven plugin version, specify the 3.10 release in your Maven `pom.xm`l file. -For Gradle, specify the 3.8 release in your `build.gradle` file. +To use the new Maven plug-in version, specify the 3.10 release in your Maven `pom.xm`l file. +For Gradle, specify the 3.8 release in your `build.gradle` file. -For more information about these plugins, see the following resources: +For more information about these plug-ins, see the following resources: -* link:https://github.com/OpenLiberty/ci.maven/releases[Liberty Maven Plugin 3.10 release notes] -* link:https://github.com/OpenLiberty/ci.gradle/releases[Liberty Gradle Plugin 3.8 release notes] +* link:https://github.com/OpenLiberty/ci.maven/releases[Liberty Maven plug-in 3.10 release notes] +* link:https://github.com/OpenLiberty/ci.gradle/releases[Liberty Gradle plug-in 3.8 release notes] -For more information about Spring Boot support with the Liberty Maven plugin, see link:https://github.com/OpenLiberty/ci.maven/blob/main/docs/spring-boot-support.md[ci.maven: Spring Boot Support]. -For more information about Spring Boot support with the Liberty Gradle plugin, see link:https://github.com/OpenLiberty/ci.gradle/blob/main/docs/spring-boot-support.md[ci.gradle: Spring Boot Support]. +For more information about Spring Boot support with the Liberty Maven plug-in, see link:https://github.com/OpenLiberty/ci.maven/blob/main/docs/spring-boot-support.md[ci.maven: Spring Boot Support]. +For more information about Spring Boot support with the Liberty Gradle plug-in, see link:https://github.com/OpenLiberty/ci.gradle/blob/main/docs/spring-boot-support.md[ci.gradle: Spring Boot Support]. // DO NOT MODIFY THIS LINE. @@ -327,6 +335,7 @@ For more information about Spring Boot support with the Liberty Gradle plugin, s // Blog issue: https://github.com/OpenLiberty/open-liberty/issues/27086 // Contact/Reviewer: yeekangc // // // // // // // // + [#lt] == Liberty Tools 23.0.12 for Eclipse IDE, IntelliJ IDEA, and Visual Studio Code @@ -355,62 +364,75 @@ For more information, see the following release notes: // ------ ------ // Contact/Reviewer: Zech-Hein // // // // // // // // + [#ltpa] == Support LTPA keys rotation without a planned outage -Open Liberty can now automatically generate new primary LTPA keys files while continuing to use validation keys files to validate LTPA tokens. This update enables you to rotate LTPA keys without any disruption to the application’s user experience. Previously, application users had to log in to their applications again after the Liberty server LTPA keys were rotated, which is no longer necessary. +Open Liberty can now automatically generate new primary LTPA keys files while it continues to use validation keys files to validate LTPA tokens. With this update, you can rotate LTPA keys without any disruption to the application user experience. Previously, application users had to log in to their applications again after the Liberty server LTPA keys were rotated, which is no longer necessary. -Primary Keys are LTPA keys in the specified keys default `ltpa.keys` file. Primary keys are used both for generating new LTPA tokens and for validating LTPA tokens. There can only be one primary keys file per Liberty runtime. +Primary Keys are LTPA keys in the specified keys default `ltpa.keys` file. Primary keys are used both for generating new LTPA tokens and for validating LTPA tokens. One one primary keys file is permitted per Liberty runtime. Validation keys are LTPA keys in any `.keys` files other than the primary keys file. The validation keys are used only for validating LTPA tokens. They are not used for generating new LTPA tokens. All validation keys must be located in the same directory as the primary keys file. -There are 2 ways to enable LTPA keys rotation without a planned outage: monitoring the primary keys file directory or specifying the validation keys file. - -=== Monitor the directory of the primary keys file for any new validation keys files. +Two ways are available to enable LTPA keys rotation without a planned outage: monitoring the primary keys file directory or specifying the validation keys file. +Monitor the directory of the primary keys file for any new validation keys files:: ++ Enable the `monitorValidationKeysDir` and `monitorInterval` attributes. For example, add the following configurations to the server.xml: -``` ++ +[source,xml] +---- -``` -The `monitorValidationKeysDir` attribute monitors the directory of the primary keys file for any `.keys` extension files. By default, this directory is `${server.config.dir}/resources/security/` but can be configured. The Open Liberty server loads these LTPA keys and uses them as validation keys. - -Note that monitoring is only enabled when the `updateTrigger` is set to `polled` and the `monitorInterval` is set to a duration greater than 0. The default value of `updateTrigger` is `polled` and the default value of `monitorInterval` is `0`. - +---- ++ +The `monitorValidationKeysDir` attribute monitors the directory of the primary keys file for any `.keys` extension files. By default, this directory is `${server.config.dir}/resources/security/` but it can be configured. The Open Liberty server loads these LTPA keys and uses them as validation keys. ++ +Monitoring is enabled only when the `updateTrigger` is set to `polled` and the `monitorInterval` is set to a duration greater than 0. The default value of `updateTrigger` is `polled` and the default value of `monitorInterval` is `0`. ++ The `ltpa.keys` file can be renamed, for example, `validation1.keys` and then Liberty automatically regenerates a new `ltpa.keys` file with new primary keys that are used for all new LTPA tokens created. The keys in `validation1.keys` continue to be used for validating existing LTPA tokens. ++ +When the `validation1.keys` are no longer needed, remove them by deleting the file or by setting `monitorValidationKeysDir` to false. Removing unused validation keys can improve performance. -When the `validation1.keys` are no longer needed, remove them by deleting the file or by setting `monitorValidationKeysDir` to false. It is recommended to remove unused validation keys as it can improve performance. - -=== Specify the validation keys file and optionally specify a date-time to stop using the validation keys. - +Specify the validation keys file and optionally specify a date-time to stop using the validation keys:: ++ 1. Copy the primary keys file (`ltpa.keys`) to a validation keys file, for example `validation1.keys`. - ++ 2. Modify the server configuration to use the validation keys file by specifying a `validationKeys` server configuration element inside the `ltpa` element. For example, add the following configuration to the `server.xml` file: -``` ++ +[source,xml] +---- -``` -The `validation1.keys` file can be removed from use at a specified date-time in the future with the optional `validUntilDate` attribute. It is recommended to use `validUntilDate` to ignore validation keys after a given period as it can improve performance. - +---- ++ +The `validation1.keys` file can be removed from use at a specified date-time in the future with the optional `validUntilDate` attribute. It is recommended to use `validUntilDate` to ignore validation keys after a period as it can improve performance. ++ The `fileName` and `password` attributes are required in the `validationKeys` element, but `validUntilDate` is optional. - -After the validation keys file is loaded from the server configuration update, the original primary keys file (`ltpa.keys`) can be deleted, which triggers new primary keys to be created while continuing to use `validation1.keys` for validation. - -Specifying validation keys in this way can be combined with enabling monitor directory to also use validation keys that are not specified in the `server.xml` configuration at the same time. For example: -``` ++ +After the validation keys file is loaded from the server configuration update, the original primary keys file (`ltpa.keys`) can be deleted, which triggers new primary keys to be created while it continues to use `validation1.keys` for validation. ++ +Specifying validation keys in this way can be combined with enabling the monitor directory to also use validation keys that are not specified in the `server.xml` configuration at the same time, as shown in the following example: ++ +[source,xml] +---- -``` +---- === UpdateTrigger attribute added to LTPA element -LTPA keys files can be reloaded by the server if the `updateTrigger` attribute is set to `polled` or `mbean`. It is `polled` by default. If set to `polled`, then the server monitors the keys files for changes based on the rate set in the `monitorInterval` attribute. If the `updateTrigger` attribute is set to `mbean` then the server will reload the keys files when it receives notification from the `WebSphere:service=com.ibm.ws.kernel.filemonitor.FileNotificationMBean` MBean. For example: -``` + +LTPA keys files can be reloaded by the server if the `updateTrigger` attribute is set to `polled` or `mbean`. It is `polled` by default. If set to `polled`, then the server monitors the keys files for changes based on the rate set in the `monitorInterval` attribute. If the `updateTrigger` attribute is set to `mbean`, the server reloads the keys files when it receives notification from the `WebSphere:service=com.ibm.ws.kernel.filemonitor.FileNotificationMBean` MBean, as shown in the following example: + +[source,xml] +---- -``` -If `updateTrigger` is set to `disabled` then no file monitoring will occur. +---- + +If `updateTrigger` is set to `disabled` then no file monitoring occurs. -For more information on `` server configuration options see link:https://openliberty.io/docs/latest/reference/config/ltpa.html[LTPA configuration docs]. +For more information on `ltpa` server configuration options see link:https://openliberty.io/docs/latest/reference/config/ltpa.html[LTPA configuration docs]. @@ -418,14 +440,15 @@ For more information on `` server configuration options see link:https://o // Blog issue: https://github.com/OpenLiberty/open-liberty/issues/26970 // Contact/Reviewer: kdcptkai31 // // // // // // // // + [#auth] == Liberty can send the resource parameter with an authorization request that uses the authorization code flow Authorization requests can be made by using either the implicit flow or the authorization code flow. When requests use the implicit flow, all tokens are returned from the authorization endpoint and the token endpoint is not used. When requests use the authorization code flow, all tokens are returned from the token endpoint. -Previously, Liberty sent the resource parameter only during an implicit flow request. So if your request needed the resource parameter but could only use the authorization code flow, the request failed. This update enables the resource parameter to be sent with the authorization code flow. +Previously, Liberty sent the resource parameter only during an implicit flow request. So if your request needed the resource parameter but could use only the authorization code flow, the request failed. This update enables the resource parameter to be sent with the authorization code flow. -To make this update work, a check was removed that only sent the resource parameter during an implicit flow. The parameter is now sent for both flows. +To implement this update, a check was removed that only sent the resource parameter during an implicit flow. The parameter is now sent for both flows. For more information, see this link:https://github.com/OpenLiberty/open-liberty/issues/23126[issue]. @@ -435,6 +458,7 @@ For more information, see this link:https://github.com/OpenLiberty/open-liberty/ // Blog issue: https://github.com/OpenLiberty/open-liberty/issues/26969 // Contact/Reviewer: kdcptkai31 // // // // // // // // + [#oidc] == Obtain the Role Information from the Access Token / OIDC Configuration @@ -442,8 +466,6 @@ For authentication and authorization, a token is a digital object that contains ID tokens are JSON Web Tokens that conform to the OpenID Connect specification. Previously, user role information could be obtained only from this ID token. If role information was not provided within the ID token, then the information was not found. This update provides checks to attempt to obtain role information from the Access Token if it is not found within the ID token. - - Briefly explain how to make your update work. Include screenshots, diagrams, and/or code snippets, and provide a `server.xml` snippet. - A check was added to attempt to get the role information from access token, if it was not found within the ID token. You can enable this check by setting the `tokensOrderToFetchCallerClaims` attribute to `AccessToken IDToken Userinfo`, as shown in the following `sever.xml` file example: [source,xml] @@ -496,12 +518,6 @@ buildscript { } apply plugin: 'liberty' ---- -// // // // // // // // -// In the preceding section: -// Replace the Maven `3.8.2` with the latest version of the plugin: https://search.maven.org/artifact/io.openliberty.tools/liberty-maven-plugin -// Replace the Gradle `3.6.2` with the latest version of the plugin: https://search.maven.org/artifact/io.openliberty.tools/liberty-gradle-plugin -// TODO: Update GHA to automatically do the above. If the maven.org is problematic, then could fallback to using the GH Releases for the plugins -// // // // // // // // Or if you're using link:{url-prefix}/docs/latest/container-images.html[container images]: @@ -512,4 +528,4 @@ FROM icr.io/appcafe/open-liberty Or take a look at our link:{url-prefix}/start/[Downloads page]. -If you're using link:https://plugins.jetbrains.com/plugin/14856-liberty-tools[IntelliJ IDEA], link:https://marketplace.visualstudio.com/items?itemName=Open-Liberty.liberty-dev-vscode-ext[Visual Studio Code] or link:https://marketplace.eclipse.org/content/liberty-tools[Eclipse IDE], you can also take advantage of our open source link:https://openliberty.io/docs/latest/develop-liberty-tools.html[Liberty developer tools] to enable effective development, testing, debugging and application management all from within your IDE. +If you're using link:https://plugins.jetbrains.com/plugin/14856-liberty-tools[IntelliJ IDEA], link:https://marketplace.visualstudio.com/items?itemName=Open-Liberty.liberty-dev-vscode-ext[Visual Studio Code] or link:https://marketplace.eclipse.org/content/liberty-tools[Eclipse IDE], you can also take advantage of our open source link:https://openliberty.io/docs/latest/develop-liberty-tools.html[Liberty developer tools] to enable effective development, testing, debugging, and application management all from within your IDE. From e8367c6aefefac7fd8bc584f7db438cba473228c Mon Sep 17 00:00:00 2001 From: David Mueller Date: Fri, 8 Dec 2023 11:41:15 -0500 Subject: [PATCH 04/20] edits --- posts/2023-12-12-23.0.0.12.adoc | 109 ++++++++++++++++---------------- 1 file changed, 54 insertions(+), 55 deletions(-) diff --git a/posts/2023-12-12-23.0.0.12.adoc b/posts/2023-12-12-23.0.0.12.adoc index cdaa75b5b..b64d29415 100644 --- a/posts/2023-12-12-23.0.0.12.adoc +++ b/posts/2023-12-12-23.0.0.12.adoc @@ -27,12 +27,12 @@ In link:{url-about}[Open Liberty] 23.0.0.12: ** <> ** <> * <> -* <> -* <> * <> * <> * <> * <> +* <> +* <> @@ -301,58 +301,6 @@ For more information about MicroProfile OpenAPI, see: * link:{url-prefix}/docs/latest/documentation-openapi.html[API documentation with OpenAPI] - -// ------ ------ - -// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // -// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/27087 -// Contact/Reviewer: yeekangc -// // // // // // // // -[#maven] -== Liberty Maven plug-in 3.10 and Liberty Gradle plug-in 3.8 - -New releases for Liberty Maven and Gradle plug-ins are now available. The following notable new features are included: - -* Support for deploying Spring Boot 3 applications to Liberty by using the build plug-ins through Liberty's springBoot-3.0 feature -* Support for running the plug-ins with Java 21 - - -To use the new Maven plug-in version, specify the 3.10 release in your Maven `pom.xm`l file. -For Gradle, specify the 3.8 release in your `build.gradle` file. - -For more information about these plug-ins, see the following resources: - -* link:https://github.com/OpenLiberty/ci.maven/releases[Liberty Maven plug-in 3.10 release notes] -* link:https://github.com/OpenLiberty/ci.gradle/releases[Liberty Gradle plug-in 3.8 release notes] - -For more information about Spring Boot support with the Liberty Maven plug-in, see link:https://github.com/OpenLiberty/ci.maven/blob/main/docs/spring-boot-support.md[ci.maven: Spring Boot Support]. -For more information about Spring Boot support with the Liberty Gradle plug-in, see link:https://github.com/OpenLiberty/ci.gradle/blob/main/docs/spring-boot-support.md[ci.gradle: Spring Boot Support]. - - -// DO NOT MODIFY THIS LINE. - -// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // -// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/27086 -// Contact/Reviewer: yeekangc -// // // // // // // // - -[#lt] -== Liberty Tools 23.0.12 for Eclipse IDE, IntelliJ IDEA, and Visual Studio Code - -Liberty Tools now support the latest available releases of Eclipse IDE, IntelliJ IDEA, and Visual Studio Code. Various issues and improvements are included too. - -Update to the latest release of the Liberty Tools from the IDE you are working with or download the latest version from the marketplace of your IDE. - -* Liberty Tools for Eclipse IDE - link:https://marketplace.eclipse.org/content/liberty-tools[Eclipse Marketplace] -* Liberty Tools for IntelliJ IDEA - link:https://plugins.jetbrains.com/plugin/14856-liberty-tools[JetBrains Marketplace] -* Liberty Tools for Visual Studio Code - link:https://marketplace.visualstudio.com/items?itemName=Open-Liberty.liberty-dev-vscode-ext[Visual Studio Marketplace] - -For more information, see the following release notes: - -* link:https://github.com/OpenLiberty/liberty-tools-eclipse/releases[Release notes for Liberty Tools for Eclipse IDE] -* link:https://github.com/OpenLiberty/liberty-tools-intellij/releases[Release notes for Liberty Tools for IntelliJ IDEA] -* link:https://github.com/OpenLiberty/liberty-tools-vscode/releases[Release notes for Liberty Tools for Visual Studio Code] - // DO NOT MODIFY THIS LINE. // // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // @@ -460,7 +408,7 @@ For more information, see this link:https://github.com/OpenLiberty/open-liberty/ // // // // // // // // [#oidc] -== Obtain the Role Information from the Access Token / OIDC Configuration +== Obtain the role information from the OpenID Connect access token For authentication and authorization, a token is a digital object that contains information about the identity of the principal that made the request and what kind of access they are authorized for. Generally, these tokens fall into one of two types: access tokens or ID tokens. @@ -475,6 +423,57 @@ A check was added to attempt to get the role information from access token, if i For more information, see xref:/docs/latest/reference/feature/openidConnectClient-1.0.html#access-token[Check the access token for user and group information]. +// ------ ------ + +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/27087 +// Contact/Reviewer: yeekangc +// // // // // // // // +[#maven] +== Liberty Maven plug-in 3.10 and Liberty Gradle plug-in 3.8 + +New releases for Liberty Maven and Gradle plug-ins are now available. The following notable new features are included: + +* Support for deploying Spring Boot 3 applications to Liberty by using the build plug-ins through Liberty's springBoot-3.0 feature +* Support for running the plug-ins with Java 21 + + +To use the new Maven plug-in version, specify the 3.10 release in your Maven `pom.xml` file. +For Gradle, specify the 3.8 release in your `build.gradle` file. + +For more information about these plug-ins, see the following resources: + +* link:https://github.com/OpenLiberty/ci.maven/releases[Liberty Maven plug-in 3.10 release notes] +* link:https://github.com/OpenLiberty/ci.gradle/releases[Liberty Gradle plug-in 3.8 release notes] + +For more information about Spring Boot support with the Liberty Maven plug-in, see link:https://github.com/OpenLiberty/ci.maven/blob/main/docs/spring-boot-support.md[ci.maven: Spring Boot Support]. +For more information about Spring Boot support with the Liberty Gradle plug-in, see link:https://github.com/OpenLiberty/ci.gradle/blob/main/docs/spring-boot-support.md[ci.gradle: Spring Boot Support]. + + +// DO NOT MODIFY THIS LINE. + +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/27086 +// Contact/Reviewer: yeekangc +// // // // // // // // + +[#lt] +== Liberty Tools 23.0.12 for Eclipse IDE, IntelliJ IDEA, and Visual Studio Code + +Liberty Tools now support the latest available releases of Eclipse IDE, IntelliJ IDEA, and Visual Studio Code. Various issues and improvements are included too. + +Update to the latest release of the Liberty Tools from the IDE you are working with or download the latest version from the marketplace of your IDE. + +* Liberty Tools for Eclipse IDE - link:https://marketplace.eclipse.org/content/liberty-tools[Eclipse Marketplace] +* Liberty Tools for IntelliJ IDEA - link:https://plugins.jetbrains.com/plugin/14856-liberty-tools[JetBrains Marketplace] +* Liberty Tools for Visual Studio Code - link:https://marketplace.visualstudio.com/items?itemName=Open-Liberty.liberty-dev-vscode-ext[Visual Studio Marketplace] + +For more information, see the following release notes: + +* link:https://github.com/OpenLiberty/liberty-tools-eclipse/releases[Release notes for Liberty Tools for Eclipse IDE] +* link:https://github.com/OpenLiberty/liberty-tools-intellij/releases[Release notes for Liberty Tools for IntelliJ IDEA] +* link:https://github.com/OpenLiberty/liberty-tools-vscode/releases[Release notes for Liberty Tools for Visual Studio Code] + [#CVEs] == Security vulnerability (CVE) fixes in this release [cols="5*"] From ae2b5f6867db1d8e5e013c3f3dabd9f06ca189f1 Mon Sep 17 00:00:00 2001 From: David Mueller Date: Fri, 8 Dec 2023 14:30:52 -0500 Subject: [PATCH 05/20] Update 2023-12-12-23.0.0.12.adoc --- posts/2023-12-12-23.0.0.12.adoc | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/posts/2023-12-12-23.0.0.12.adoc b/posts/2023-12-12-23.0.0.12.adoc index b64d29415..0bb105b2b 100644 --- a/posts/2023-12-12-23.0.0.12.adoc +++ b/posts/2023-12-12-23.0.0.12.adoc @@ -252,7 +252,7 @@ https://openliberty.io/docs/latest/docs/latest/microprofile-telemetry.html[Enabl [#mpoa] == MicroProfile OpenAPI 3.1: OpenAPI doc endpoint path configuration -MicroProfile OpenAPI generates and serves OpenAPI documentation for JAX-RS applications that are deployed to the Open Liberty server. The OpenAPI documentation is served from the `/openapi` endpoint and a user interface for browsing this documentation is served from the `/openapi/ui`endpoint. +MicroProfile OpenAPI generates and serves OpenAPI documentation for JAX-RS applications that are deployed to the Open Liberty server. The OpenAPI documentation is served from the `/openapi` endpoint and a user interface for browsing this documentation is served from the `/openapi/ui` endpoint. With MicroProfile OpenAPI 3.1, you can configure the paths for these endpoints by adding configuration to your `server.xml`, as shown in the following example: @@ -295,8 +295,9 @@ You might use the following `server.xml` configuration to ensure that the OpenAP When `uiPath` is not set, it defaults to the value of `docPath` with `/ui` appended. -For more information about MicroProfile OpenAPI, see: +For more information about MicroProfile OpenAPI, see the following resources: +* link:{url-prefix}/docs/latest/reference/feature/mpOpenAPI-3.1.html#_configure_microprofile_openapi_documentation_endpoints[Configure MicroProfile OpenAPI documentation endpoints] * link:https://github.com/eclipse/microprofile-open-api[MicroProfile OpenAPI repo] * link:{url-prefix}/docs/latest/documentation-openapi.html[API documentation with OpenAPI] @@ -369,6 +370,8 @@ Specifying validation keys in this way can be combined with enabling the monitor ---- +For more information, see link:{url-prefix}/docs/latest/reference/feature/appSecurity-5.0.html#validationkeys[Rotate LTPA keys without requiring users to reauthenticate]. + === UpdateTrigger attribute added to LTPA element LTPA keys files can be reloaded by the server if the `updateTrigger` attribute is set to `polled` or `mbean`. It is `polled` by default. If set to `polled`, then the server monitors the keys files for changes based on the rate set in the `monitorInterval` attribute. If the `updateTrigger` attribute is set to `mbean`, the server reloads the keys files when it receives notification from the `WebSphere:service=com.ibm.ws.kernel.filemonitor.FileNotificationMBean` MBean, as shown in the following example: @@ -434,7 +437,7 @@ For more information, see xref:/docs/latest/reference/feature/openidConnectClien New releases for Liberty Maven and Gradle plug-ins are now available. The following notable new features are included: -* Support for deploying Spring Boot 3 applications to Liberty by using the build plug-ins through Liberty's springBoot-3.0 feature +* Support for deploying Spring Boot 3 applications to Liberty by using the build plug-ins through Liberty's `springBoot-3.0` feature * Support for running the plug-ins with Java 21 @@ -460,7 +463,7 @@ For more information about Spring Boot support with the Liberty Gradle plug-in, [#lt] == Liberty Tools 23.0.12 for Eclipse IDE, IntelliJ IDEA, and Visual Studio Code -Liberty Tools now support the latest available releases of Eclipse IDE, IntelliJ IDEA, and Visual Studio Code. Various issues and improvements are included too. +Liberty Tools now support the latest available releases of Eclipse IDE, IntelliJ IDEA, and Visual Studio Code. This release also includes various enhancements and fixes. Update to the latest release of the Liberty Tools from the IDE you are working with or download the latest version from the marketplace of your IDE. From 9c94767b26dff9dc62c03a786d3ad14530299431 Mon Sep 17 00:00:00 2001 From: David Mueller <48686014+dmuelle@users.noreply.github.com> Date: Fri, 8 Dec 2023 14:35:50 -0500 Subject: [PATCH 06/20] Update posts/2023-12-12-23.0.0.12.adoc Co-authored-by: mbroz2 --- posts/2023-12-12-23.0.0.12.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/posts/2023-12-12-23.0.0.12.adoc b/posts/2023-12-12-23.0.0.12.adoc index 0bb105b2b..32c443489 100644 --- a/posts/2023-12-12-23.0.0.12.adoc +++ b/posts/2023-12-12-23.0.0.12.adoc @@ -334,7 +334,7 @@ Enable the `monitorValidationKeysDir` and `monitorInterval` attributes. For exam ---- + -The `monitorValidationKeysDir` attribute monitors the directory of the primary keys file for any `.keys` extension files. By default, this directory is `${server.config.dir}/resources/security/` but it can be configured. The Open Liberty server loads these LTPA keys and uses them as validation keys. +The `monitorValidationKeysDir` attribute monitors the directory of the primary keys file for any `.keys` extension files. By default, this directory is `${server.config.dir}/resources/security/` but it can be configured. The Liberty server loads these LTPA keys and uses them as validation keys. + Monitoring is enabled only when the `updateTrigger` is set to `polled` and the `monitorInterval` is set to a duration greater than 0. The default value of `updateTrigger` is `polled` and the default value of `monitorInterval` is `0`. + From 02d71c509a1778e04cd6e54a7546a61d706af441 Mon Sep 17 00:00:00 2001 From: David Mueller <48686014+dmuelle@users.noreply.github.com> Date: Fri, 8 Dec 2023 14:36:01 -0500 Subject: [PATCH 07/20] Update posts/2023-12-12-23.0.0.12.adoc Co-authored-by: mbroz2 --- posts/2023-12-12-23.0.0.12.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/posts/2023-12-12-23.0.0.12.adoc b/posts/2023-12-12-23.0.0.12.adoc index 32c443489..55535ca49 100644 --- a/posts/2023-12-12-23.0.0.12.adoc +++ b/posts/2023-12-12-23.0.0.12.adoc @@ -327,7 +327,7 @@ Two ways are available to enable LTPA keys rotation without a planned outage: mo Monitor the directory of the primary keys file for any new validation keys files:: + -Enable the `monitorValidationKeysDir` and `monitorInterval` attributes. For example, add the following configurations to the server.xml: +Enable the `monitorValidationKeysDir` and `monitorInterval` attributes. For example, add the following configurations to the `server.xml` file: + [source,xml] ---- From e0ebe949e522942f004a29099f96f819cd2c1588 Mon Sep 17 00:00:00 2001 From: David Mueller <48686014+dmuelle@users.noreply.github.com> Date: Fri, 8 Dec 2023 14:36:14 -0500 Subject: [PATCH 08/20] Update posts/2023-12-12-23.0.0.12.adoc Co-authored-by: mbroz2 --- posts/2023-12-12-23.0.0.12.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/posts/2023-12-12-23.0.0.12.adoc b/posts/2023-12-12-23.0.0.12.adoc index 55535ca49..c75186756 100644 --- a/posts/2023-12-12-23.0.0.12.adoc +++ b/posts/2023-12-12-23.0.0.12.adoc @@ -319,7 +319,7 @@ For more information about MicroProfile OpenAPI, see the following resources: Open Liberty can now automatically generate new primary LTPA keys files while it continues to use validation keys files to validate LTPA tokens. With this update, you can rotate LTPA keys without any disruption to the application user experience. Previously, application users had to log in to their applications again after the Liberty server LTPA keys were rotated, which is no longer necessary. -Primary Keys are LTPA keys in the specified keys default `ltpa.keys` file. Primary keys are used both for generating new LTPA tokens and for validating LTPA tokens. One one primary keys file is permitted per Liberty runtime. +Primary Keys are LTPA keys in the specified keys default `ltpa.keys` file. Primary keys are used both for generating new LTPA tokens and for validating LTPA tokens. Only one primary keys file is permitted per Liberty runtime. Validation keys are LTPA keys in any `.keys` files other than the primary keys file. The validation keys are used only for validating LTPA tokens. They are not used for generating new LTPA tokens. All validation keys must be located in the same directory as the primary keys file. From 22071d2de8ab40b024492a8689b8ea276a962414 Mon Sep 17 00:00:00 2001 From: David Mueller <48686014+dmuelle@users.noreply.github.com> Date: Fri, 8 Dec 2023 14:37:10 -0500 Subject: [PATCH 09/20] Update posts/2023-12-12-23.0.0.12.adoc Co-authored-by: mbroz2 --- posts/2023-12-12-23.0.0.12.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/posts/2023-12-12-23.0.0.12.adoc b/posts/2023-12-12-23.0.0.12.adoc index c75186756..23bee37db 100644 --- a/posts/2023-12-12-23.0.0.12.adoc +++ b/posts/2023-12-12-23.0.0.12.adoc @@ -188,7 +188,7 @@ Additionally, the `@RegistryScope` annotation is now a CDI qualifier. For more information about MicroProfile Metrics, see: -* link:https://github.com/eclipse/microprofile-telemetry[MicroProfile Metrics repo] +* link:https://github.com/eclipse/microprofile-metrics[MicroProfile Metrics repo] * link:{url-prefix}/docs/latest/introduction-monitoring-metrics.html[Monitoring with metrics documentation] // DO NOT MODIFY THIS LINE. From db7dd124350556736582c7ed491ef62257353db5 Mon Sep 17 00:00:00 2001 From: David Mueller <48686014+dmuelle@users.noreply.github.com> Date: Fri, 8 Dec 2023 14:37:26 -0500 Subject: [PATCH 10/20] Update posts/2023-12-12-23.0.0.12.adoc Co-authored-by: mbroz2 --- posts/2023-12-12-23.0.0.12.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/posts/2023-12-12-23.0.0.12.adoc b/posts/2023-12-12-23.0.0.12.adoc index 23bee37db..365e983d6 100644 --- a/posts/2023-12-12-23.0.0.12.adoc +++ b/posts/2023-12-12-23.0.0.12.adoc @@ -137,7 +137,7 @@ a| - When percentile-histogram is enabled for a histogram, this property defines |=== Some properties can accept multiple values for a given metric name while some can only accept a single value. -You can use an asterisk (such as *) as a wildcard at the end of the metric name. +You can use an asterisk (`*`) as a wildcard at the end of the metric name. For example, the `mp.metrics.distribution.percentiles` can be defined as: [source] From d3e92dead834742e8b500df1d6892f2efff2493d Mon Sep 17 00:00:00 2001 From: David Mueller <48686014+dmuelle@users.noreply.github.com> Date: Fri, 8 Dec 2023 14:39:38 -0500 Subject: [PATCH 11/20] Update posts/2023-12-12-23.0.0.12.adoc Co-authored-by: mbroz2 --- posts/2023-12-12-23.0.0.12.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/posts/2023-12-12-23.0.0.12.adoc b/posts/2023-12-12-23.0.0.12.adoc index 365e983d6..ec1c86bc5 100644 --- a/posts/2023-12-12-23.0.0.12.adoc +++ b/posts/2023-12-12-23.0.0.12.adoc @@ -26,7 +26,7 @@ In link:{url-about}[Open Liberty] 23.0.0.12: ** <> ** <> ** <> -* <> + * <> * <> * <> * <> From b7c4dfecfd7f52cd700b92f07668525895074237 Mon Sep 17 00:00:00 2001 From: David Mueller Date: Fri, 8 Dec 2023 14:39:50 -0500 Subject: [PATCH 12/20] Update 2023-12-12-23.0.0.12.adoc --- posts/2023-12-12-23.0.0.12.adoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/posts/2023-12-12-23.0.0.12.adoc b/posts/2023-12-12-23.0.0.12.adoc index 0bb105b2b..56fbb48ad 100644 --- a/posts/2023-12-12-23.0.0.12.adoc +++ b/posts/2023-12-12-23.0.0.12.adoc @@ -6,8 +6,8 @@ categories: blog author_picture: https://avatars3.githubusercontent.com/dmuelle author_github: https://github.com/dmuelle seo-title: MicroProfile 6.1, Liberty Tools updates, and more in Open Liberty 23.0.0.12 - OpenLiberty.io -seo-description: Open Liberty 23.0.0.12 introduces MicroProfile 6.1, a minor release with updates for MicroProfile Metrics and MicroProfile Telemetry. This release also coincides with new versions of the Liberty Maven and Gradle plug-ins, and includes enhancements for OpenID Connect, LTPA key management, and more. -blog_description: Open Liberty 23.0.0.12 introduces MicroProfile 6.1, a minor release with updates for MicroProfile Metrics and MicroProfile Telemetry. This release also coincides with new versions of the Liberty Maven and Gradle plug-ins, and includes enhancements for OpenID Connect, LTPA key management, and more. +seo-description: Open Liberty 23.0.0.12 introduces MicroProfile 6.1, which includes updates for MicroProfile Metrics and MicroProfile Telemetry. This release also coincides with new versions of the Liberty Maven and Gradle plug-ins, and includes enhancements for OpenID Connect, LTPA key management, and more. +blog_description: Open Liberty 23.0.0.12 introduces MicroProfile 6.1, which includes updates for MicroProfile Metrics and MicroProfile Telemetry. This release also coincides with new versions of the Liberty Maven and Gradle plug-ins, and includes enhancements for OpenID Connect, LTPA key management, and more. open-graph-image: https://openliberty.io/img/twitter_card.jpg open-graph-image-alt: Open Liberty Logo --- @@ -18,7 +18,7 @@ David Mueller :url-about: / //Blank line here is necessary before starting the body of the post. -Open Liberty 23.0.0.12 introduces MicroProfile 6.1, a minor release with updates for MicroProfile Metrics and MicroProfile Telemetry. This release also coincides with new versions of Liberty Tools and the Liberty Maven and Gradle plug-ins, and includes enhancements for OpenID Connect, LTPA key management, and more. +Open Liberty 23.0.0.12 introduces MicroProfile 6.1, which includes updates for MicroProfile Metrics and MicroProfile Telemetry. This release also coincides with new versions of Liberty Tools and the Liberty Maven and Gradle plug-ins, and includes enhancements for OpenID Connect, LTPA key management, and more. In link:{url-about}[Open Liberty] 23.0.0.12: From c14691fdc2a11d3aa2a1aa7e7bbc08d9e0d76dc6 Mon Sep 17 00:00:00 2001 From: David Mueller Date: Fri, 8 Dec 2023 14:46:45 -0500 Subject: [PATCH 13/20] apply suggestions from review --- posts/2023-12-12-23.0.0.12.adoc | 40 ++++++++++++++++----------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/posts/2023-12-12-23.0.0.12.adoc b/posts/2023-12-12-23.0.0.12.adoc index fe8a9fa4f..3f2bdcc6e 100644 --- a/posts/2023-12-12-23.0.0.12.adoc +++ b/posts/2023-12-12-23.0.0.12.adoc @@ -156,7 +156,7 @@ The following example expands on the previous example to define histogram bucket mp.metrics.distribution.timer.buckets=alpha.timer=100ms,200ms,1s ---- -This configuration tells the metrics runtime to track and output the count of durations that fall within 0-100ms, 0-200ms, and 0-1 seconds. These values are ranges because the histogram buckets work _cumulatively. +This configuration tells the metrics runtime to track and output the count of durations that fall within 0-100ms, 0-200ms, and 0-1 seconds. These values are ranges because the histogram buckets work cumulatively. The corresponding Prometheus output for the `alpha.timer` metric at the `/metrics` REST endpoint is: @@ -200,9 +200,10 @@ For more information about MicroProfile Metrics, see: [#mpt11] === Expanded Java EE and Jakarta EE support in MicroProfile Telemetry 1.1 -MicroProfile Telemetry 1.1 provides you with the latest Open Telemetry technology as the feature now consumes OpenTelemetry-1.29.0, which is updated from 1.19.0. Therefore, many of the dependencies are now stable. +MicroProfile Telemetry 1.1 provides you with the latest Open Telemetry technology as the feature now consumes OpenTelemetry-1.29.0, which is updated from 1.19.0. The feature is compatible with the following programming model combinations: + * Java EE 7 paired with MicroProfile 1.4 * Java EE 8 paired with MicroProfile 4.1 * Jakarta EE 9 paired with MicroProfile 5.0 @@ -233,9 +234,8 @@ Also in Open Liberty 23.0.0.12, the MicroProfile Telemetry 1.0 and 1.1 features For more information about MicroProfile Telemetry, see the following links: -* link:https://github.com/eclipse/microprofile-telemetry -https://github.com/open-telemetry/opentelemetry-specification/blob/v1.20.0/specification/trace/api.md[Tracing API] -https://openliberty.io/docs/latest/docs/latest/microprofile-telemetry.html[Enable distributed tracing with MicroProfile Telemetry]. +* link:https://github.com/open-telemetry/opentelemetry-specification/blob/v1.20.0/specification/trace/api.md[Tracing API] +* link:https://openliberty.io/docs/latest/docs/latest/microprofile-telemetry.html[Enable distributed tracing with MicroProfile Telemetry] // DO NOT MODIFY THIS LINE. @@ -426,6 +426,21 @@ A check was added to attempt to get the role information from access token, if i For more information, see xref:/docs/latest/reference/feature/openidConnectClient-1.0.html#access-token[Check the access token for user and group information]. +[#CVEs] +== Security vulnerability (CVE) fixes in this release +[cols="5*"] +|=== +|CVE |CVSS Score |Vulnerability Assessment |Versions Affected |Notes + +|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487[CVE-2023-44487] +|7.5 +|Denial of service +|18.0.0.2 - 23.0.0.11 +|Affects the link:{url-prefix}/docs/latest/reference/feature/servlet-3.1.html[servlet-3.0], link:{url-prefix}/docs/latest/reference/feature/servlet-4.0.html[servlet-4.0], link:{url-prefix}/docs/latest/reference/feature/servlet-5.0.html[servlet-5.0] and link:{url-prefix}/docs/latest/reference/feature/servlet-6.0.html[servlet-6.0] features +|=== + +For a list of past security vulnerability fixes, reference the link:{url-prefix}/docs/latest/security-vulnerabilities.html[Security vulnerability (CVE) list]. + // ------ ------ // // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // @@ -477,21 +492,6 @@ For more information, see the following release notes: * link:https://github.com/OpenLiberty/liberty-tools-intellij/releases[Release notes for Liberty Tools for IntelliJ IDEA] * link:https://github.com/OpenLiberty/liberty-tools-vscode/releases[Release notes for Liberty Tools for Visual Studio Code] -[#CVEs] -== Security vulnerability (CVE) fixes in this release -[cols="5*"] -|=== -|CVE |CVSS Score |Vulnerability Assessment |Versions Affected |Notes - -|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487[CVE-2023-44487] -|7.5 -|Denial of service -|18.0.0.2 - 23.0.0.11 -|Affects the link:{url-prefix}/docs/latest/reference/feature/servlet-3.1.html[servlet-3.0], link:{url-prefix}/docs/latest/reference/feature/servlet-4.0.html[servlet-4.0], link:{url-prefix}/docs/latest/reference/feature/servlet-5.0.html[servlet-5.0] and link:{url-prefix}/docs/latest/reference/feature/servlet-6.0.html[servlet-6.0] features -|=== - -For a list of past security vulnerability fixes, reference the link:{url-prefix}/docs/latest/security-vulnerabilities.html[Security vulnerability (CVE) list]. - [#run] == Develop and run your apps using 23.0.0.12 From 645f6b36cfb4aab5a3909dad2bf234189819c8a8 Mon Sep 17 00:00:00 2001 From: David Mueller Date: Fri, 8 Dec 2023 14:51:33 -0500 Subject: [PATCH 14/20] Update 2023-12-12-23.0.0.12.adoc --- posts/2023-12-12-23.0.0.12.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/posts/2023-12-12-23.0.0.12.adoc b/posts/2023-12-12-23.0.0.12.adoc index 3f2bdcc6e..ff6e71fe9 100644 --- a/posts/2023-12-12-23.0.0.12.adoc +++ b/posts/2023-12-12-23.0.0.12.adoc @@ -252,7 +252,7 @@ For more information about MicroProfile Telemetry, see the following links: [#mpoa] == MicroProfile OpenAPI 3.1: OpenAPI doc endpoint path configuration -MicroProfile OpenAPI generates and serves OpenAPI documentation for JAX-RS applications that are deployed to the Open Liberty server. The OpenAPI documentation is served from the `/openapi` endpoint and a user interface for browsing this documentation is served from the `/openapi/ui` endpoint. +MicroProfile OpenAPI generates and serves OpenAPI documentation for RESTful Web Services (or JAX-RS) applications that are deployed to the Liberty server. The OpenAPI documentation is served from the `/openapi` endpoint and a user interface for browsing this documentation is served from the `/openapi/ui` endpoint. With MicroProfile OpenAPI 3.1, you can configure the paths for these endpoints by adding configuration to your `server.xml`, as shown in the following example: From 9acd808caea198a39e4492757af24ac6aee6a380 Mon Sep 17 00:00:00 2001 From: David Mueller <48686014+dmuelle@users.noreply.github.com> Date: Mon, 11 Dec 2023 11:35:16 -0500 Subject: [PATCH 15/20] Update posts/2023-12-12-23.0.0.12.adoc Co-authored-by: Andrew Rouse --- posts/2023-12-12-23.0.0.12.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/posts/2023-12-12-23.0.0.12.adoc b/posts/2023-12-12-23.0.0.12.adoc index ff6e71fe9..6924c48b0 100644 --- a/posts/2023-12-12-23.0.0.12.adoc +++ b/posts/2023-12-12-23.0.0.12.adoc @@ -250,7 +250,7 @@ For more information about MicroProfile Telemetry, see the following links: // // // // // // // // [#mpoa] -== MicroProfile OpenAPI 3.1: OpenAPI doc endpoint path configuration +== MicroProfile OpenAPI: OpenAPI doc endpoint path configuration MicroProfile OpenAPI generates and serves OpenAPI documentation for RESTful Web Services (or JAX-RS) applications that are deployed to the Liberty server. The OpenAPI documentation is served from the `/openapi` endpoint and a user interface for browsing this documentation is served from the `/openapi/ui` endpoint. From 92c9909c8907d28ec8ed101072d9a15858568bb3 Mon Sep 17 00:00:00 2001 From: David Mueller <48686014+dmuelle@users.noreply.github.com> Date: Mon, 11 Dec 2023 11:35:33 -0500 Subject: [PATCH 16/20] Update posts/2023-12-12-23.0.0.12.adoc Co-authored-by: Andrew Rouse --- posts/2023-12-12-23.0.0.12.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/posts/2023-12-12-23.0.0.12.adoc b/posts/2023-12-12-23.0.0.12.adoc index 6924c48b0..485d001b2 100644 --- a/posts/2023-12-12-23.0.0.12.adoc +++ b/posts/2023-12-12-23.0.0.12.adoc @@ -254,7 +254,7 @@ For more information about MicroProfile Telemetry, see the following links: MicroProfile OpenAPI generates and serves OpenAPI documentation for RESTful Web Services (or JAX-RS) applications that are deployed to the Liberty server. The OpenAPI documentation is served from the `/openapi` endpoint and a user interface for browsing this documentation is served from the `/openapi/ui` endpoint. -With MicroProfile OpenAPI 3.1, you can configure the paths for these endpoints by adding configuration to your `server.xml`, as shown in the following example: +When using any of the MicroProfile OpenAPI features on Open Liberty, you can now configure the paths for these endpoints by adding configuration to your `server.xml`, as shown in the following example: [source,xml] ---- From 54b74d6df35f0587a30d0a058562068df236f7cd Mon Sep 17 00:00:00 2001 From: David Mueller <48686014+dmuelle@users.noreply.github.com> Date: Mon, 11 Dec 2023 11:39:56 -0500 Subject: [PATCH 17/20] Update posts/2023-12-12-23.0.0.12.adoc --- posts/2023-12-12-23.0.0.12.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/posts/2023-12-12-23.0.0.12.adoc b/posts/2023-12-12-23.0.0.12.adoc index 485d001b2..6f603e898 100644 --- a/posts/2023-12-12-23.0.0.12.adoc +++ b/posts/2023-12-12-23.0.0.12.adoc @@ -26,7 +26,7 @@ In link:{url-about}[Open Liberty] 23.0.0.12: ** <> ** <> ** <> - * <> + * <> * <> * <> * <> From 0074c9bd26bbee426100fa27d6bcffb7d7751a15 Mon Sep 17 00:00:00 2001 From: David Mueller Date: Tue, 12 Dec 2023 08:58:33 -0500 Subject: [PATCH 18/20] Update 2023-12-12-23.0.0.12.adoc --- posts/2023-12-12-23.0.0.12.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/posts/2023-12-12-23.0.0.12.adoc b/posts/2023-12-12-23.0.0.12.adoc index 6f603e898..6c4212605 100644 --- a/posts/2023-12-12-23.0.0.12.adoc +++ b/posts/2023-12-12-23.0.0.12.adoc @@ -478,7 +478,7 @@ For more information about Spring Boot support with the Liberty Gradle plug-in, [#lt] == Liberty Tools 23.0.12 for Eclipse IDE, IntelliJ IDEA, and Visual Studio Code -Liberty Tools now support the latest available releases of Eclipse IDE, IntelliJ IDEA, and Visual Studio Code. This release also includes various enhancements and fixes. +Liberty Tools now support newer releases of Eclipse IDE, IntelliJ IDEA, and Visual Studio Code. This release also includes various enhancements and fixes. Update to the latest release of the Liberty Tools from the IDE you are working with or download the latest version from the marketplace of your IDE. From 6a5d2cc0e34b54dcbe91ed4b44e8b931b89f11b8 Mon Sep 17 00:00:00 2001 From: David Mueller <48686014+dmuelle@users.noreply.github.com> Date: Tue, 12 Dec 2023 10:12:04 -0500 Subject: [PATCH 19/20] Update posts/2023-12-12-23.0.0.12.adoc Co-authored-by: mbroz2 --- posts/2023-12-12-23.0.0.12.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/posts/2023-12-12-23.0.0.12.adoc b/posts/2023-12-12-23.0.0.12.adoc index 6c4212605..331f0edcc 100644 --- a/posts/2023-12-12-23.0.0.12.adoc +++ b/posts/2023-12-12-23.0.0.12.adoc @@ -393,7 +393,7 @@ For more information on `ltpa` server configuration options see link:https://ope // // // // // // // // [#auth] -== Liberty can send the resource parameter with an authorization request that uses the authorization code flow +== Send the resource parameter with an authorization request that uses the authorization code flow Authorization requests can be made by using either the implicit flow or the authorization code flow. When requests use the implicit flow, all tokens are returned from the authorization endpoint and the token endpoint is not used. When requests use the authorization code flow, all tokens are returned from the token endpoint. From 2a205ccd5a3da568bc58507ce6752fdefb9ded8b Mon Sep 17 00:00:00 2001 From: David Mueller Date: Tue, 12 Dec 2023 10:49:39 -0500 Subject: [PATCH 20/20] Update blog_tags.json --- blog_tags.json | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/blog_tags.json b/blog_tags.json index 6802c45bc..c2709273e 100644 --- a/blog_tags.json +++ b/blog_tags.json @@ -2,7 +2,7 @@ "blog_tags": [ { "name": "announcements", - "posts": ["23.0.0.12-beta", + "posts": ["23.0.0.12", "23.0.0.12-beta", "23.0.0.11", "23.0.0.11-beta", "23.0.0.10", "23.0.0.10-beta", "23.0.0.9", "23.0.0.9-beta", @@ -73,7 +73,7 @@ "featured": "true" },{ "name": "MicroProfile", - "posts": ["23.0.0.11", + "posts": ["23.0.0.12", "23.0.0.11", "23.0.0.11-beta", "23.0.0.10-beta", "liberty-ide-tools-maven-gradle-plugins-for-java-developers", "23.0.0.6", "rapid-startup-instanton", "23.0.0.5", @@ -148,7 +148,8 @@ }, { "name": "release", - "posts": ["23.0.0.11", + "posts": ["23.0.0.12", + "23.0.0.12-beta","23.0.0.11", "23.0.0.11-beta", "23.0.0.10", "23.0.0.10-beta", "23.0.0.9", "23.0.0.9-beta", "23.0.0.8", @@ -229,7 +230,7 @@ }, { "name": "Maven", - "posts": ["liberty-ide-tools-maven-gradle-plugins-for-java-developers", + "posts": ["23.0.0.12", "liberty-ide-tools-maven-gradle-plugins-for-java-developers", "23.0.0.6", "liberty-tools-eclipse-deep-dive", "microprofile-serverless-ibm-code-engine", "develop-user-feature", "liberty-tools-eclipse", @@ -242,7 +243,8 @@ }, { "name": "security", - "posts": ["23.0.0.10", "23.0.0.10-beta", + "posts": ["23.0.0.12", + "23.0.0.10", "23.0.0.10-beta", "23.0.0.9", "23.0.0.8", "23.0.0.6-beta", "22.0.0.13", "22.0.0.13-beta", "22.0.0.12", @@ -269,7 +271,7 @@ }, { "name": "Spring", - "posts": ["23.0.0.10-beta", + "posts": ["23.0.0.12", "23.0.0.10-beta", "23.0.0.9", "23.0.0.9-beta", "23.0.0.8-beta", "running-spring-boot-3", "build-and-push-spring-boot-docker-images", "optimizing-spring-boot-apps-for-docker", @@ -292,7 +294,7 @@ }, { "name": "Gradle", - "posts": ["liberty-ide-tools-maven-gradle-plugins-for-java-developers", + "posts": ["23.0.0.12", "liberty-ide-tools-maven-gradle-plugins-for-java-developers", "23.0.0.6", "liberty-tools-eclipse-deep-dive", "microprofile-serverless-ibm-code-engine","liberty-tools-eclipse", "dev-mode-with-eclipse","feature-generation-tech-preview", @@ -304,7 +306,8 @@ }, { "name": "metrics", - "posts": ["23.0.0.11", "23.0.0.11-beta", + "posts": ["23.0.0.12", + "23.0.0.11", "23.0.0.11-beta", "23.0.0.10-beta","23.0.0.3", "22.0.0.12-beta", "logrecordcontext-22007", "liberty-deep-dive", "request-timing-21006", @@ -411,7 +414,8 @@ }, { "name": "developer experience", - "posts": ["23.0.0.8", "23.0.0.7", + "posts": ["23.0.0.12", + "23.0.0.8", "23.0.0.7", "liberty-ide-tools-maven-gradle-plugins-for-java-developers", "23.0.0.6", "rapid-startup-instanton", "running-spring-boot-3", "kotlin-with-open-liberty", "devnexus",