forked from apache/knox
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGES
2310 lines (2253 loc) · 157 KB
/
CHANGES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
------------------------------------------------------------------------------
Release Notes - Apache Knox - Version 2.0.0
------------------------------------------------------------------------------
** New Feature
* [KNOX-2631] - KnoxSSO for Secure Shell Access
* [KNOX-2703] - Make acceptable JWT types configurable
* [KNOX-2776] - Concurrent Session Limit for UIs
** Improvement
* [KNOX-1462] - Migrate from Log4j 1.x to 2.x
* [KNOX-1608] - Remove gateway-adapter module
* [KNOX-1609] - Remove Livy /v1/ from service definition
* [KNOX-1675] - Migrate to URLEncodingUtils from HttpUtils
* [KNOX-1961] - KnoxPamRealm and KnoxCacheManager are not compatible
* [KNOX-2364] - Extend KnoxShell Filesystem Command to be able to put Strings as Files
* [KNOX-2482] - Bump version dependencies December 2020
* [KNOX-2680] - Centralized Source of Cluster Configuration Details for Discovery
* [KNOX-2689] - Avoid redeploying an unchanged topology
* [KNOX-2692] - Topology redeployment should be configurable
* [KNOX-2699] - Expired tokens should not be enabled/disabled
* [KNOX-2711] - Add trino ui support in service definition
* [KNOX-2712] - Adding arbitrary metadata to a Knox Token
* [KNOX-2713] - Improve user limit handling when fetching Knox Tokens
* [KNOX-2714] - Adding doAs support for KnoxToken service
* [KNOX-2727] - spring4shell CVE means spring upgrades needed
* [KNOX-2734] - Exclude token passcode from KnoxToken responses when server-managed state is disabled.
* [KNOX-2737] - Make maxFormContentSize and maxFormKeys configurable in Knox's embedded Jetty server
* [KNOX-2740] - Impersonation-related fields should be displayed only if that's enabled in the topology for the KnoxToken service
* [KNOX-2742] - CM service discovery retry may be needed
* [KNOX-2746] - Add presto and presto ui support in service definition
* [KNOX-2771] - Log HTTP client config parameters such as socket timeouts with info level
* [KNOX-2773] - Log replay buffer size with info level
* [KNOX-2798] - Add a trim method to KnoxShellTable to trim all values in a Column
* [KNOX-2806] - Implement a new DoS security provider
* [KNOX-2808] - Log proxyuser authentication outcome for Knox Tokens
* [KNOX-2833] - Ozone integration for Apache Knox
* [KNOX-2834] - Take care of existing javascript upgrades by dependabot
* [KNOX-2864] - Make TLS protocol and cipher suites configurable with CM service discovery
* [KNOX-2874] - Typos in JDBC token state service config docs
** Bug
* [KNOX-1423] - Document Zookeeper URL Manager behaviour for HA services
* [KNOX-2019] - Documentation update for new config 'gateway.websocket.max.wait.buffer.count' in gateway-site.xml
* [KNOX-2531] - Kill Application button in YARN does not work through KNOX
* [KNOX-2540] - “NoSuchMethodErrors” due to multiple versions of org.apache.curator:curator-client
* [KNOX-2684] - Getting 500 error after clicking logout link
* [KNOX-2693] - When topology is updated twice consecutively with 275ms delay then redeployed topology doesnt have 2nd updates
* [KNOX-2701] - Knox topology for Impala includes non-coordinator hosts
* [KNOX-2705] - Make sure correlation id is passed down in gateway.log
* [KNOX-2708] - HeaderPreAuthFederationDispatch should extend ConfigurableDispatch
* [KNOX-2709] - Documentation of knox should be updated for ha provider
* [KNOX-2717] - upgrade shiro due to security issue
* [KNOX-2718] - upgrade xmlsec due to security issue
* [KNOX-2721] - upgrade jetty to 9.4.45 due to cves
* [KNOX-2722] - upgrade commons-compress due to CVEs
* [KNOX-2724] - Add HBase UI proxying for Named Queue Logs
* [KNOX-2733] - Support configurable value for saml.keyStoreType property in pac4j
* [KNOX-2738] - On Fresh install JDBCTokenStateService initiation failed
* [KNOX-2750] - upgrade gson due to security issue
* [KNOX-2753] - upgrade mina due to security issue
* [KNOX-2756] - NPE occurred while getting service discovery types
* [KNOX-2757] - Mutually exclusive filter params in the HadoopGroupProvider identity-assertion provider
* [KNOX-2761] - KnoxShell does not reflect KNOX-2661
* [KNOX-2762] - Whitespaces around delimiters in composite provider names gives NullPointerException
* [KNOX-2766] - "disableLoadBalancingForUserAgents" property for HA dispatch cannot be set.
* [KNOX-2767] - Bump @angular/core from 5.2.11 to 11.0.5
* [KNOX-2770] - KnoxToken doAs won't work with HadoopAuth filter
* [KNOX-2774] - "usage: sleep seconds" messages in terminal after starting knox
* [KNOX-2782] - Knox CLI user-auth-test command failure
* [KNOX-2800] - Knox tokens created for impersonated user doesn't honor configured per user limit value
* [KNOX-2804] - HadoopXmlResource parser should handle unescaped XML entries
* [KNOX-2805] - getUserTokens api should return all tokens which are matching either of the same metadata name passed as query param
* [KNOX-2807] - Restart of HIVE_ON_TEZ causes a Knox topology redeploy
* [KNOX-2825] - Only add "Default" provider iff it is found in the provider contributor map
* [KNOX-2827] - isDispatchAllowed should cut off path segments from the URL
* [KNOX-2837] - Document KnoxShell Feature
* [KNOX-2841] - Oozie "root" rewrite rule's pattern is too open
* [KNOX-2857] - Fix proxyuser impersonation config in homepage
* [KNOX-2860] - Cannot build knox-webshell-ui
* [KNOX-2861] - Upgrade cloudera manager api
* [KNOX-2863] - LB does not work when session cookie is not the first cookie
* [KNOX-2869] - Possible NPE at CM cluster configuration monitor startup
* [KNOX-2872] - Webshell does not work with loadbalancer
** Test
* [KNOX-2840] - SecureKnoxShellTest broken
* [KNOX-2845] - GatewayAdminTopologyFuncTest#testPutTopology failing
** Task
* [KNOX-2346] - Remove unused maxRetryAttempts and retrySleep
* [KNOX-2665] - Knox redirecting.jsp parsing error
* [KNOX-2682] - Switch to 2.0.0-SNAPSHOT in pom.xml
* [KNOX-2685] - Hide token management on Home Page
* [KNOX-2702] - Upgrade Log4j to 2.17.1
* [KNOX-2741] - Upgrade to velocity 2.3 due to CVE-2020-13936
* [KNOX-2751] - Make service dispatches configurable
* [KNOX-2802] - Document Service Definition management on Admin UI
* [KNOX-2811] - Rewrite Knox tokengen in Angular
* [KNOX-2812] - Document the new Rate Limiting filter in Knox's webappsec provider
* [KNOX-2814] - Run shellcheck in Github Actions
* [KNOX-2815] - Document smolnar's changes in 2.0.0
* [KNOX-2829] - Change the default value of knox.token.impersonation.enabled
* [KNOX-2830] - Remove TravisCI integration from Apache Knox
* [KNOX-2831] - Knox token impersonation in multiple topologies
* [KNOX-2832] - Convert JettyDOS provider to a rate limiting option in webappsec
* [KNOX-2838] - Document KNOX-2726
* [KNOX-2839] - Refactor impersonation from KnoxToken service
* [KNOX-2850] - Take care of existing java upgrades by dependabot
* [KNOX-2851] - Support additional username/password settings in PostgeSQL
* [KNOX-2852] - Bump decode-uri-component from 0.2.0 to 0.2.2 in Knox UIs
* [KNOX-2853] - Bumps hsqldb from 2.4.0 to 2.7.1.
* [KNOX-2856] - Document changes in KNOX-2839
* [KNOX-2865] - Accessing parameters of a x-www-form-urlencoded request consumes the request body
* [KNOX-2871] - Refine should perform discovery check
* [KNOX-2873] - Upgrade curator version to 5.4.0 and zookeeper to 3.8.1
* [KNOX-2879] - pty4j depends on log4j1
** Sub-task
* [KNOX-2668] - Documentation for Log4j2 changes and migration guide
* [KNOX-2777] - Implement concurrent session verifier
* [KNOX-2778] - Enforce concurrent session limit in KnoxSSO
* [KNOX-2788] - Implement deleting expired tokens and make Verifier disableable
* [KNOX-2789] - Refine privileged/non-privileged group settings
* [KNOX-2790] - Split ConcurrentSessionVerifier.verifySessionForUser
* [KNOX-2792] - New Knox service to add custom auth headers in the response
* [KNOX-2793] - New Knox service to populate Bearer token in response
* [KNOX-2794] - Add cookie auth support in JWT federation provider
* [KNOX-2803] - Document the changes in KNOX-2791
* [KNOX-2817] - Document KNOX-2736 Knox clients should support retry/failover
* [KNOX-2818] - Document KNOX-2752 knoxcli should support batch alias creation
* [KNOX-2843] - Document SQL DB based topology monitor
------------------------------------------------------------------------------
Release Notes - Apache Knox - Version 1.6.1
------------------------------------------------------------------------------
** Security fixes
* [KNOX-2697] - Upgrade Log4j2 to 2.16
** Bug
* [KNOX-2665] - Knox redirecting.jsp parsing error
------------------------------------------------------------------------------
Release Notes - Apache Knox - Version 1.6.0
------------------------------------------------------------------------------
** New Feature
* [KNOX-1031] - Apache Hadoop Timeline Server REST API support
* [KNOX-1033] - Apache Tez UI support
* [KNOX-1641] - Separate <policy> and <dispatch> elements in service.xml controlled by a secure flag
* [KNOX-2187] - Add metadata to service definitions
* [KNOX-2527] - Support HMAC signature/verification in JWT token authority
* [KNOX-2570] - Support for JWKS endpoint
* [KNOX-2571] - Knox Homepage Profiles
* [KNOX-2579] - Make token passcode secure in DB token state backend
* [KNOX-2555] - Add a Token Generation Page for Acquiring JWT Tokens for integration
* [KNOX-2624] - Introducing token management page
** Improvement
* [KNOX-1080] - Custom dispatch for NiFi should be moved to its own package
* [KNOX-1237] - Knox DSL should support HBase Stateless Scanner
* [KNOX-1920] - KnoxSSOut for SSO through Proxy with SSOCookieProvider
* [KNOX-2095] - Many errors (E.G. 504s) being masked as 500 errors
* [KNOX-2252] - Use newly added `context` to calculate the routes in service.xml
* [KNOX-2470] - Bump version dependencies November 2020
* [KNOX-2530] - Support qualifying service params for CM discovery control
* [KNOX-2533] - Qualifying service params for discovery improvements
* [KNOX-2539] - Enhance JWTProvider to accept token via HTTP Basic
* [KNOX-2542] - Token-based providers should check expiration before verifying tokens
* [KNOX-2544] - Token-based providers should cache successful token verifications
* [KNOX-2547] - Token-based providers should perform signature verification last
* [KNOX-2551] - Token state management improvements
* [KNOX-2556] - Enhance JWTProvider to accept knox.id as Passcode Token
* [KNOX-2559] - Adding functionality to append headers in Configurable Dispatch
* [KNOX-2575] - Add `kid` and `jku` claims to JWT tokens issues by Knox
* [KNOX-2594] - Add includeSubDomains to HSTS Support in WebAppSec Provider
* [KNOX-2595] - Create KNOX_TOKENS table if not exists
* [KNOX-2599] - Improve tokengen UI
* [KNOX-2600] - Configure PostgreSQL datasource with JDBC URL
* [KNOX-2602] - Add token status in JDBC token state management
* [KNOX-2603] - Passcode token verification event should be cached
* [KNOX-2613] - The Knox Token Generation UI should validate 'comment' length.
* [KNOX-2617] - Copy-to-clipboard icons needed on Token Generation page
* [KNOX-2618] - Need to add INFO level eviction logs for debugging
* [KNOX-2622] - Support Deflate Encoding for the Inbound Response
* [KNOX-2623] - Token generation page improvements
* [KNOX-2625] - Enhance KnoxSSO to Support Session Timeout and Logout
* [KNOX-2627] - Limiting the number of Knox tokens per user
* [KNOX-2653] - Update Atlas Service definition for knox logout/timeout in KNOX-2625
* [KNOX-2662] - Show TLS certs on Knox Home page using the token profile
* [KNOX-2664] - Users should revoke their own tokens
* [KNOX-2667] - Update Ranger Service definition for knox logout/timeout in KNOX-2625
* [KNOX-2672] - Handle gateway-level aliases in Hadoop authentication filter
* [KNOX-2675] - Oozie Console URL on the web UI should be a Knox URL
** Test
* [KNOX-2474] - RemoteConfigurationRegistryJAASConfigTest fails due to invalid auth
** Task
* [KNOX-2552] - Add the tokenid to the JSON response payload for KnoxToken service
* [KNOX-2553] - Add token management flag in generated JWT tokens
* [KNOX-2554] - Implement JDBC TokenStateService
* [KNOX-2557] - Add username and comment into token state metadata
* [KNOX-2596] - Change supported DB type for Postgres SQL
* [KNOX-2597] - Fallback to AliasBasedTokenStateService in case of DB errors
* [KNOX-2598] - Add SSL support to JDBCTokenStateService
* [KNOX-2637] - New Knox CLI command to generate a valid JWK secret
* [KNOX-2640] - Remove hibernate dependency
* [KNOX-2657] - Token generation page improvements
* [KNOX-2658] - JDBCTokenStateService is not HA-compatible
* [KNOX-2661] - Consolidate HTTP methods in TokenResource
** Bug
* [KNOX-755] - retry logic for replayBuffer limit errors is incorrect.
* [KNOX-1334] - Knox Service Defs for UIs in AWS EMR Deployments
* [KNOX-1361] - Path rewrites for websockets not being handled correctly
* [KNOX-1586] - YARN v1 and v2 UI - Handle http vs https for node links
* [KNOX-2456] - SHS links sometimes broken on FINISHED jobs page
* [KNOX-2475] - url creation failure caused by spaces in url
* [KNOX-2476] - Incorrect URLs produced for failover when accessing NiFi UI
* [KNOX-2478] - Cleanup HA Dispatch Implementation
* [KNOX-2479] - set-cookie headers broken when spaces between attributes are missing
* [KNOX-2529] - Update pom versions to 1.6.0-SNAPSHOT
* [KNOX-2532] - Unable to set 'None' for the SwitchCase identity provider on the Admin UI.
* [KNOX-2538] - JSESSIONID cookie missing when Zeppelin UI proxied via Knox
* [KNOX-2541] - Typo in gateway-site.xml
* [KNOX-2543] - Intermittent NoHttpResponseException errors
* [KNOX-2545] - The new configuration enableStickySession should not loadbalance requests.
* [KNOX-2548] - ConcurrentModificationException while verifying JWT token
* [KNOX-2549] - Knox CM discovery may lose relevant audit events
* [KNOX-2550] - Spark3 UI is missing from Knox Home page
* [KNOX-2560] - Add support for KnoxCLI to be able to query/persist alias from remote ZK instance
* [KNOX-2562] - TokenStateService getTokenMetadata method should throw UnknownTokenException
* [KNOX-2566] - JWT Token Signature Verification Caching NPE
* [KNOX-2572] - Unique token identifiers still being logged in entirety
* [KNOX-2573] - Service discovery should support HiveServer2 transport mode all
* [KNOX-2577] - [Livy Service] Application and container log links should point to YARN UI v2
* [KNOX-2578] - TokenResource logging token UUIDs
* [KNOX-2582] - Unauthenticated paths support for authentication providers
* [KNOX-2601] - ZeppelinUI created multiple sessions when going via Knox
* [KNOX-2605] - Knox Token Generation UI should have Validation checks for invalid lifetimes
* [KNOX-2606] - Knox Token Generation fails to generate token with lifetime of 1year(365 days)
* [KNOX-2608] - JWT tokens issues by Knox should have `kid` and `jku` as part of JOSE Headers
* [KNOX-2616] - Trailing slashes added in service URLs on the Knox Home page
* [KNOX-2620] - Signature algorithm mismatch in JWKS resource
* [KNOX-2621] - Consolidate HTTP error codes in JWT federation filter
* [KNOX-2628] - AliasBasedTokenStateService does not revoke all aliases
* [KNOX-2632] - Copy-to-clipboard does not work on Token Generation page with Firefox
* [KNOX-2633] - Knox token client data parsing does not handle multiple '=' signs
* [KNOX-2634] - ODBC connection broken when HA Loadbalancing config is enabled
* [KNOX-2647] - [Spark History UI Service] Executor logs (stdout/stderr) links are broken with JobHostory Service
* [KNOX-2666] - Add support for gateway name in rewrite rules
* [KNOX-2669] - Account for samesite property in Knox logout
* [KNOX-2670] - AliasBasedTokenStateService does not throw UnknownTokenException at revocation time
* [KNOX-2671] - From knox homepage clicking logout returns 500 error code
* [KNOX-2673] - Clean up cookies after logout
* [KNOX-2678] - Expired tokens are not removed from the in-memory cache
* [KNOX-2679] - Trim Pac4j entitlements to avoid cookie too large issue.
** Upgrades
* [KNOX-2283] - Upgrade curator to 5.1.0 and zookeeper to 3.6.2
* [KNOX-2483] - Upgrade hibernate to 5.4.18.Final+
* [KNOX-2485] - Upgrade testcontainers to 1.15.1
* [KNOX-2486] - Upgrade rest-assured to 4.3.3
* [KNOX-2487] - Upgrade json-path to 2.5.0
* [KNOX-2488] - Upgrade spring-vault to 2.2.3.RELEASE
* [KNOX-2489] - Upgrade netty to 4.1.55.Final
* [KNOX-2490] - Upgrade spring to 5.3.2
* [KNOX-2491] - Upgrade caffeine to 2.8.8
* [KNOX-2492] - Upgrade groovy to 3.0.7
* [KNOX-2493] - Upgrade jackson to 2.11.4
* [KNOX-2494] - Upgrade httpcore to 4.4.14
* [KNOX-2495] - Upgrade httpclient to 4.5.13
* [KNOX-2496] - Upgrade junit to 4.13.1
* [KNOX-2497] - Upgrade dependency-check-maven to 6.0.3
* [KNOX-2498] - Upgrade jacoco-maven-plugin to 0.8.6
* [KNOX-2499] - Upgrade asm to 9.0
* [KNOX-2500] - Upgrade commons-net to 3.7.2
* [KNOX-2501] - Upgrade spotbugs-maven-plugin to 4.1.4
* [KNOX-2502] - Upgrade joda-time to 2.10.8
* [KNOX-2503] - Upgrade findsecbugs to 1.11.0
* [KNOX-2504] - Upgrade bcprov-jdk15on to 1.67
* [KNOX-2505] - Upgrade log4j to 2.14.0
* [KNOX-2506] - Upgrade protobuf-java to 3.14.0
* [KNOX-2507] - Upgrade metrics to 4.1.16
* [KNOX-2508] - Upgrade frontend-maven-plugin to 1.11.0
* [KNOX-2512] - Upgrade cors-filter to 2.9.1
* [KNOX-2513] - Upgrade checkstyle to 8.38
* [KNOX-2514] - Upgrade spotbugs to 4.2.0
* [KNOX-2516] - Upgrade pac4j to 4.3.0
* [KNOX-2518] - Upgrade spring-vault to 2.3.0
* [KNOX-2519] - Upgrade eclipselink to 2.7.8
* [KNOX-2520] - Upgrade netty to 4.1.56.Final
* [KNOX-2521] - Upgrade glassfish jaxb to 2.3.3
* [KNOX-2522] - Upgrade hibernate to 5.4.26.Final
* [KNOX-2523] - Upgrade java-support to 7.5.2
* [KNOX-2524] - Upgrade lang-tag to 1.5
* [KNOX-2525] - Upgrade stax2-api to 4.2.1
------------------------------------------------------------------------------
Release Notes - Apache Knox - Version 1.5.0
------------------------------------------------------------------------------
** New Features
* [KNOX-843] - Load Balancing to Proxied Services for HA (disabled by default) (#380)
* [KNOX-2412] - Add Logout Link to Home Page for Select Authentication Providers and KNOXSESSION service (#372)
* [KNOX-2392] - Simple file-based TokenStateService implementation (#350)
* [KNOX-2386] - Added CM service discovery support for Apache Flink (#344)
* [KNOX-2385] - Flink Dashboard (History Server) Support (#343)
* [KNOX-2354] - An HBASEJARS service which can proxy HBase jars hosted by t… (#325)
** Improvements
* [KNOX-2469] - Fixing Knox keystore path directory creation for symlinks (#383)
* [KNOX-2468] - Improve ConfigurableDispatch set cookies (#385)
* [KNOX-2401] - Extend ClientCert Authentication Provider for CN as PrimaryPrincipal (#384)
* [KNOX-2462] - Make credential store type configurable (#381)
* [KNOX-2467] - Enable Jetty's X-Forwarded Header Support (#382)
* [KNOX-2461] - Move JWT token display utility to module shared by server and client modules (#379)
* [KNOX-2459] - KNOX-METADATA, KNOXSSOUT and KNOX-SESSION services do not need any URL or param to be added in the generated topology (#377)
* [KNOX-2453] - Fix Host header handling in websockets (#374)
* [KNOX-2437] - The request url does not have to be coded (#370)
* [KNOX-2408] - Improved AliasBasedTokenState service and house-keeping (#371)
* [KNOX-2402] - Adding Gateway performance testing (#365)
* [KNOX-2413] - Added JWT support in HadoopAuth provider (#367)
* [KNOX-2436] - Add new service for replacing resourceManager property during Oozie usage (#369)
* [KNOX-2435] - Fix NiFi and NiFi Registry UI links in Knox UI (#368)
* [KNOX-2434] - Knox should fallback to JDK default keystore/truststore type instead of hardcoding JKS (#366)
* [KNOX-2397] - knox failed to start with error "java.lang.NoSuchMethodError: org.eclipse.persistence.internal.oxm.mappings.Field.setNestedArray(Z)V" (#357)
* [KNOX-2410] - Handling the new 'RestartWaitingForStalenessSuccess' CM audit event (#364)
* [KNOX-2406] - Use dependency bom for dependency management (#363)
* [KNOX-2399] - Implemented ZookeeperTokenStateService (#361)
* [KNOX-2395] - Make Gateway Services Pluggable (#358)
* [KNOX-2343] - Enhanced API services' display on the Knox Home page (#355)
* [KNOX-2255] - Setting HTTP client connection/socket timeout to 5m for certain services as well as replayBufferSize to 65 bytes for RANGER and useTwoWaySsl to true for NIFI/NIFI-REGISTRY by default (#354)
* [KNOX-2344] - Rename gateway-cm-integration module and related resources (#353)
* [KNOX-2382] - Logging token identifier for easier error debugging (#352)
* [KNOX-2393] - Update the property name to 'sso.unauthenticated.path.list' to be in-line with other property names (#351)
* [KNOX-2393] - Add a configurable list of paths that SSOCookieProvider can ignore (#349)
* [KNOX-2390] - Let end-users configure SAML2 client configuration using Pac4J provider parameters (#348)
* [KNOX-2387] - SameSite fix for hadoop-jwt cookie (#347)
* [KNOX-2389] - AliasBasedTokenStateService stops processing persisted journal entries if one is malformed (#346)
* [KNOX-2377] - Address potential loss of token state (#345)
* [KNOX-2381] - racking UI of flink session is broken in YARNUIV2 (#340)
* [KNOX-2383] - Checking token expiration in cache should not depend on the validate flag (#341)
* [KNOX-2384] - Token Service should return expiration from token when renewal disabled (#342)
* [KNOX-2378] - AliasBasedTokenStateService log message is misleading (#339)
* [KNOX-2376] - Ensure all HBASEJARS IN rules are for /hbase/jars and not /hbase/maven (#338)
* [KNOX-2375] - Token state eviction should access the keystore file less frequently (#337)
* [KNOX-2371] - DefaultTopologyService may skip cluster config change processing of valid descriptors (#336)
* [KNOX-2366] - Pinned topologies are expanded and general proxy information section is collapsed on HomePage by default (#335)
* [KNOX-2369] - Fix IllegalStateException in case of expired or invalid token (#334)
* [KNOX-2368] - CM Cluster Configuration Monitor Does Not Support Rolling Restart Events
* [KNOX-2367] - Fix rewrite rules for HDFS UI fonts and bootstrap.min.css.map (#332)
* [KNOX-2348] - Fix knoxcli when kerberos auth is used (#331)
* [KNOX-2365] - Knox parses shared provider configuration from Hadoop XML type configuration files (#330)
* [KNOX-2356] - Added a 50px high div before the footer to prevent overflow from resource detail panel (#329)
* [KNOX-2360] - Add .asf.yaml to link Jira and Github
* [KNOX-2357] - Descriptor handler should not default discovery type to Ambari unless there is discovery configuration (#326)
* [KNOX-2359] - Knox src zip should not include node_modules folder (#328)
* [KNOX-2351] - Catching any errors while monitoring CM configuration changes (#324)
* [KNOX-2355] - Update Atlas rewrite.xml/service.xml for new Atlas UI changes (#323)
* [KNOX-2352] - Knox Token State Eviction Should Be Based on Expiration and Extended Default Grace Period (#321)
* [KNOX-2353] - Disabled CM descriptor monitoring and advanced service discovery changes monitoring by default (#322)
* [KNOX-2350] - Handling event types w/o COMMAND and/or COMMAND_STATUS attributes when polling CM events (#318)
* [KNOX-2346] - Remove unused maxRetryAttempts and retrySleep (#316)
* [KNOX-2347] - Disable shellcheck for github actions (#317)
* [KNOX-2345] - KnoxShellTable must handle NULL cols
* [KNOX-2342] - CommonIdentityAssertionFilter calling mapGroupPrincipals Twice - add testing
* [KNOX-2342] - CommonIdentityAssertionFilter calling mapGroupPrincipals Twice
** Upgrades
* [KNOX-2431] - Upgrade rest-assured to 4.3.1
* [KNOX-2424] - Upgrade protobuf-java to 3.12.4
* [KNOX-2426] - Upgrade groovy to 3.0.5
* [KNOX-2425] - Upgrade checkstyle to 8.35
* [KNOX-2430] - Upgrade caffeine to 2.8.5
* [KNOX-2429] - Upgrade bcprov-jdk15on to 1.66
* [KNOX-2427] - Upgrade aspectj to 1.9.6
* [KNOX-2423] - Upgrade commons-io to 2.7
* [KNOX-2417] - Upgrade log4j to 2.13.3
* [KNOX-2415] - Upgrade joda-time to 2.01.6
* [KNOX-2418] - Upgrade jetty to 9.4.30.v20200611
* [KNOX-2419] - Upgrade jackson to 2.11.1
* [KNOX-2416] - Upgrade frontend-maven-plugin to 1.10.0
* [KNOX-2414] - Upgrade dom4j to 2.1.3
* [KNOX-2422] - Upgrade commons-text to 1.9
* [KNOX-2421] - Upgrade commons-lang3 to 3.11
* [KNOX-2221] - Upgrade shiro to 1.5.3 (#360)
* [KNOX-2404] - Update AdminUI and Homepage NodeJS dependencies (#359)
* [KNOX-2454] - Upgrade jetty to 9.4.31.v20200723
* [KNOX-2447] - Upgrade testcontainers to 1.14.3
* [KNOX-2452] - Upgrade netty to 4.1.52.Final
* [KNOX-2451] - Upgrade protobuf-java to 3.13.0
* [KNOX-2450] - Upgrade maven-bundle-plugin to 5.1.1
* [KNOX-2449] - Upgrade jna to 5.6.0
* [KNOX-2448] - Upgrade exec-maven-plugin to 3.0.0
* [KNOX-2446] - Upgrade jackson to 2.11.2
* [KNOX-2445] - Upgrade spring to 5.2.8.RELEASE
* [KNOX-2443] - Upgrade spotbugs to 4.1.2
* [KNOX-2428] - Upgrade metrics to 4.1.12.1
* [KNOX-2440] - Upgrade dependency-check-maven to 6.0.0
* [KNOX-2444] - Upgrade commons-net to 3.7
* [KNOX-2441] - Upgrade commons-codec to 1.15
* [KNOX-2442] - Upgrade checkstyle to 8.36
* [KNOX-2439] - Upgrade commons-io to 2.8.0 and forbiddenapis to 3.1
* [KNOX-2472] - Upgrade jetty to 9.4.34.v2020110
* [KNOX-2471] - Upgrade Shiro to 1.7.0
* [KNOX-2405] - Upgrade transitive Netty to 4.1.51.Final (#362)
* [KNOX-2432] - and KNOX-2433 - Upgrade spotbugs to 4.0.6 and spotbugs-maven-plugin to 4.0.4
* [KNOX-2455] - Upgrade Shiro to 1.6.0 (#378)
* [KNOX-2458] - KnoxAuth - Upgrade to JQuery 3.5.1 (#376)
* [KNOX-2337] - Upgrade pac4j to 4.0.3 and opensaml to 3.4.5 (#308)
------------------------------------------------------------------------------
Release Notes - Apache Knox - Version 1.4.0
------------------------------------------------------------------------------
** New Feature
* [KNOX-2153] - CM discovery - Monitor Cloudera Manager (#239)
* [KNOX-2002] - Add a KnoxShellTable to Represent and Render Output in Tabular Format
* [KNOX-2224] - KnoxLine and KnoxShell DataSource and Select Command Alignment (#255)
* [KNOX-2341] - KnoxShell Custom Commands need Description and Usage Details (#313)
* [KNOX-2310] - Add aggregate method to KnoxShellTable (#302)
* [KNOX-2308] - Add sortNumeric to KnoxShellTable for Cols that are numeric but values are String (#300)
* [KNOX-2307] - CSVKnoxShellTableBuilder must support quoted strings and embedded commas (#301)
* [KNOX-2240] - KnoxShell Custom Command for WEBHDFS Use (#296)
* [KNOX-2299] - Fixed Hive JDBC URL on Knox Home page (#293)
* [KNOX-2296] - Passing down the service URL field when building up a service model (#290)
* [KNOX-2298] - ClouderaManager cluster config monitor should stop monitoring unreferenced clusters (#291)
* [KNOX-2295] - UI services improvement on Knox Home page (#289)
* [KNOX-2269] - The Knox Home page is available as a regular app via the homepage topology (#281)
* [KNOX-2066] - Composite Authz Provider
* [KNOX-2067] - KnoxToken service support for renewal and revocation
* [KNOX-2024] - KnoxShellTable - Case Insensitive Operations with Col Names (#160)
* [KNOX-2018] - KnoxShellTable Filtering needs greaterThan and lessThan, equals Methods (#158)
* [KNOX-2027] - Need a reverse order sort on a table based on a column. (#159)
* [KNOX-2060] - Extend KnoxShellTable statistics methods to work with columns of Strings (#168)
* [KNOX-2057] - Unique ID is set when creating a new instance of KnoxShellTable instead of setting it in the builder/filter (#165)
* [KNOX-2063] - KnoxShellTable javadoc failures (#167)
* [KNOX-2052] - KnoxShellTable mean, median, and mode methods (#163)
* [KNOX-2023] - Recording KnoxShellTable builder/filter chain and providing rollback/replay capabilities using the call history as well as allowing end-users to export JSON without data (in this case only the call history will be serialized) (#162)
* [KNOX-2022] - KnoxShellTable contains Comparables instead of Strings
* [KNOX-2022] - Splitting up KnoxShellTable and do minor cleanup
* [KNOX-1740] - Add Trusted Proxy Support to Knox (#106)
* [KNOX-2056] - Adding Service Definitions management into Admin UI (#169)
* [KNOX-2053] - New REST API to create/read/update/delete service definitions (#164)
* [KNOX-2226] - Add home page to Knox (#263)
* [KNOX-1742] - add knoxline to knoxshell usage rendering
* [KNOX-1410] - Knox Shell support for remote Alias management (#210)
* [KNOX-2210] - Gateway-level configuration for server-managed Knox token state (#259)
** Improvement
* [KNOX-2339] - Add Github Actions for CI (#311)
* [KNOX-2321]. /LogLevel with knox not working for Hdfs web ui endpoints. (#314)
* [KNOX-2340] - Fix DefaultTokenStateServiceTest timeouts (#312)
* [KNOX-2338] - Upgrade apacheds.directory.server.version to 2.0.0.AM26 (#309)
* [KNOX-2332] - Upgrade spotbugs-maven-plugin to 4.0.0
* [KNOX-2331] - Upgrade spotbugs to 4.0.1
* [KNOX-2330] - Upgrade spring-core to 5.2.5.RELEASE
* [KNOX-2333] - Upgrade rest-assured to 4.3.0
* [KNOX-2322] - Upgrade nimbus-jose-jwt to 8.14.1
* [KNOX-2324] - Upgrade metrics to 4.1.6
* [KNOX-2334] - Upgrade maven-dependency-plugin to 3.1.2
* [KNOX-2335] - Upgrade java-support to 8.0.0
* [KNOX-2336] - Upgrade httpclient to 4.5.12
* [KNOX-2323] - Upgrade groovy to 3.0.3
* [KNOX-2329] - Upgrade dependency-check-maven to 5.3.2
* [KNOX-2327] - Upgrade commons-lang3 to 3.10
* [KNOX-2328] - Upgrade checkstyle to 8.31
* [KNOX-2326] - Upgrade bcprov-jdk15on to 1.65
* [KNOX-2325] - Upgrade asm to 8.0.1
* [KNOX-2304] - CM discovery cluster config monitor needs to be aware of … (#307)
* [KNOX-2320] - Upgrade xmlsec to 2.1.5
* [KNOX-2319] - Upgrade commons-compress to 1.20
* [KNOX-2315] - Fix zookeeper Kerberos Auth (#304)
* [KNOX-2316] - Knox Token State Eviction Must Consider Maximum Token Lifetime (#306)
* [KNOX-2317] - Open UI services from Knox Home page on new tabs (#305)
* [KNOX-2287] - KnoxCLI convert topology to provider and descriptor (#292)
* [KNOX-2305] - Blacklist Maven 3.6.2 and move cloudera repository to child pom (#295)
* [KNOX-2300] - Livy and Solr handled as both API and UI services (#294)
* [KNOX-2289] - Passing GatewayServer.getGatewayServices() to SimpleDescriptorHandler.handle() as it needs it to provision encryption query string password (#288)
* [KNOX-2286] - Cleaner log messages about monitoring topologies/providers/descriptors (#287)
* [KNOX-2285] - Change gateway.server.header.enabled default to false
* [KNOX-2284] - Handling CM descriptors after Knox shared-provider/descriptor/topology monitors are started (#285)
* [KNOX-2266] - Tokens Should Include a Unique Identifier (#284)
* [KNOX-2267] - Ambari/CM discovery - Needs to point to configured truststore
* [KNOX-2282] - Upgrade curator to 4.3.0
* [KNOX-2275] - Upgrade woodstox-core to 6.1.1
* [KNOX-2270] - Upgrade testcontainers to 1.13.0
* [KNOX-2277] - Upgrade spring-vault to 2.2.2.RELEASE
* [KNOX-2279] - Upgrade spring-core to 5.2.4.RELEASE
* [KNOX-2274] - Upgrade log4j2 to 2.13.1
* [KNOX-2276] - Upgrade metrics to 4.1.4
* [KNOX-2271] - Upgrade nimbus-jose-jwt to 8.9
* [KNOX-2278] - Upgrade jetty to 9.4.27.v20200227
* [KNOX-2272] - Upgrade jackson to 2.10.3
* [KNOX-2281] - Upgrade eclipselink to 2.7.6
* [KNOX-2280] - Upgrade cors-filter to 2.9
* [KNOX-2273] - Upgrade checkstyle to 8.30
* [KNOX-2243] - Upgrade groovy to 3.0.1
* [KNOX-2247] - Upgrade zookeeper to 3.5.7
* [KNOX-2244] - Upgrade spotbugs to 4.0.0
* [KNOX-2246] - Upgrade protobuf-java to 3.11.4
* [KNOX-2241] - Upgrade nimbus-jose-jwt to 8.8
* [KNOX-2242] - Upgrade metrics to 4.1.3
* [KNOX-2245] - Upgrade maven-checkstyle-plugin to 3.1.1
* [KNOX-2248] - Upgrade cryptacular to 1.2.4
* [KNOX-2220] - Upgrade nimbus-jose-jwt to 8.5
* [KNOX-2218] - Upgrade easymock to 4.2
* [KNOX-2219] - Upgrade checkstyle to 8.29
* [KNOX-2217] - Upgrade apache pom to 23
* [KNOX-2191] - Upgrade testcontainers to 1.12.5
* [KNOX-2194] - Upgrade spring-vault to 2.2.1.RELEASE
* [KNOX-2199] - Upgrade spring-core to 5.2.3.RELEASE
* [KNOX-2193] - Upgrade rest-assured to 4.2.0
* [KNOX-2195] - Upgrade jetty to 9.4.26.v20200117
* [KNOX-2192] - Upgrade httpclient to 4.5.11
* [KNOX-2198] - Upgrade groovy to 2.5.9
* [KNOX-2197] - Upgrade dependency-check-maven to 5.3.0
* [KNOX-2196] - Upgrade caffeine to 2.8.1
* [KNOX-2178] - Upgrade woodstox-core to 6.0.3
* [KNOX-2181] - Upgrade testcontainers to 1.12.4
* [KNOX-2183] - Upgrade spring-core to 5.2.2.RELEASE
* [KNOX-2175] - Upgrade slf4j to 1.7.30
* [KNOX-2180] - Upgrade protobuf-java to 3.11.1
* [KNOX-2173] - Upgrade nimbus-jose-jwt to 8.4
* [KNOX-2179] - Upgrade metrics to 4.1.2
* [KNOX-2184] - Upgrade maven-enforcer-plugin to 3.0.0-M3
* [KNOX-2177] - Upgrade log4j to 2.13.0
* [KNOX-2170] - Upgrade junit to 1.14
* [KNOX-2174] - Upgrade jetty to 9.4.25.v20191220
* [KNOX-2169] - Upgrade jackson to 2.10.2
* [KNOX-2165] - Upgrade httpcore to 4.4.13
* [KNOX-2172] - Upgrade guava to 28.2-jre
* [KNOX-2167] - Upgrade frontend-maven-plugin to 1.9.1
* [KNOX-2185] - Upgrade dependency-check-maven to 5.2.4
* [KNOX-2168] - Upgrade commons-codec to 1.14
* [KNOX-2176] - Upgrade cloudera-manager-api to 7.0.3
* [KNOX-2171] - Upgrade checkstyle to 8.28
* [KNOX-2182] - Upgrade aspectj to 1.9.5
* [KNOX-2164] - Upgrade asm to 7.3.1
* [KNOX-2166] - Upgrade apache pom to 22
* [KNOX-2143] - Upgrade shiro to 1.4.2 (#209)
* [KNOX-2135] - Fix YARNUIV2 RM Logs sub-links (#204)
* [KNOX-2142] - Upgrade jetty to 9.4.24.v20191120 (#208)
* [KNOX-2140] - RequestUpdateHandler.ForwardedRequest#getRequestURL needs to return a valid URL (#206)
* [KNOX-2074]: Tracking UI of flink session is broken in YARNUI (#174)
* [KNOX-2004] - Adding changes for handling Ping/Pong message from backend server on websocket connection (#200)
* [KNOX-2133] - Ensure that Knox always validates TLS (#203)
* [KNOX-2238] - CM discovery - Add TLS support to Phoenix auto discovery (#267)
* [KNOX-2120] - Upgrade easymock to 4.1
* [KNOX-2119] - Upgrade jackson to 2.10.1
* [KNOX-2118] - Upgrade checkstyle to 8.26
* [KNOX-2117] - Upgrade testcontainers to 1.12.3
* [KNOX-2116] - com.nimbusds:lang-tag needs a fixed version
* [KNOX-2115] - Improve .travis.yml (#187)
* [KNOX-2113] - Upgrade mina-core to 2.0.21 (#185)
* [KNOX-2114] - Add OWASP suppression for cas-client-core
* [KNOX-2098] - OWASP Add Nov 2019 suppressions for false positives (#184)
* [KNOX-2100] - Make sure knoxshell initializes logging by using the 'launcher' framework like other products (gateway, cli, ldap) do (#181)
* [KNOX-2112] - Upgrade dom4j to 2.1.1 (#183)
* [KNOX-2111] - Upgrade java-support to 7.5.1
* [KNOX-2110] - Upgrade xmlsec to 2.1.4
* [KNOX-2109] - Upgrade nimbus-jose-jwt to 8.2.1
* [KNOX-2108] - Upgrade pac4j to 3.8.3
* [KNOX-2107] - Upgrade spring-vault to 2.2.0.RELEASE
* [KNOX-2106] - Upgrade spring-core to 5.2.1.RELEASE
* [KNOX-1842] - Upgrade httpclient to 4.5.10 (#176)
* [KNOX-2075] - Druid coordinator ui is broken (#175)
* [KNOX-2094] - Upgrade httpcore to 4.4.12
* [KNOX-2081] - Upgrade zookeeper to 3.5.6
* [KNOX-2088] - Upgrade spring-vault to 2.1.4.RELEASE
* [KNOX-2077] - Upgrade spring-core to 5.2.0.RELEASE
* [KNOX-2093] - Upgrade slf4j to 1.7.29
* [KNOX-2078] - Upgrade rest-assured to 4.1.2
* [KNOX-2084] - Upgrade nimbus-jose-jwt to 8.2
* [KNOX-2085] - Upgrade metrics to 4.1.1
* [KNOX-2089] - Upgrade joda-time to 2.10.5
* [KNOX-2092] - Upgrade jna to 5.5.0
* [KNOX-2087] - Upgrade jetty to 9.4.22.v20191022
* [KNOX-2090] - Upgrade javax.inject to 2.4.0
* [KNOX-2079] - Upgrade jacoco-maven-plugin to 0.8.5
* [KNOX-2083] - Upgrade hamcrest to 2.2
* [KNOX-2080] - Upgrade forbiddenapis to 2.7
* [KNOX-2091] - Upgrade findsecbugs to 1.10.1
* [KNOX-2086] - Upgrade eclipselink to 2.7.5
* [KNOX-2082] - Upgrade dockerfile-maven-plugin to 1.4.13
* [KNOX-2064] - KnoxSSO knoxsso.token.ttl should not default to -1
* [KNOX-1981] - Upgrade spring-core to 5.1.9.RELEASE
* [KNOX-1977] - Upgrade spotbugs-maven-plugin to 3.1.12.2
* [KNOX-1974] - Upgrade protobuf-java to 3.9.1
* [KNOX-1979] - Upgrade dockerfile-maven-plugin to 1.4.12
* [KNOX-1983] - Upgrade commons-codec to 1.13
* [KNOX-1982] - Upgrade testcontainers to 1.12.0
* [KNOX-1975] - Upgrade slf4j to 1.7.27
* [KNOX-1978] - Upgrade nimbus-jose-jwt to 7.7
* [KNOX-1984] - Upgrade jna to 5.4.0
* [KNOX-1985] - Upgrade javax.annotation-api to 1.3.2
* [KNOX-1972] - Upgrade groovy to 2.5.8
* [KNOX-1976] - Upgrade dependency-check-maven to 5.2.1
* [KNOX-1973] - Upgrade cloudera-manager-api 6.2.0 to 6.3.0
* [KNOX-1980] - Upgrade checkstyle to 8.23
* [KNOX-1971] - Upgrade Hashicorp Vault test to vault:1.2.1
* [KNOX-2065] - Upgrade nimbus-jose-jwt to 8.1
* [KNOX-2061] - ConfigurableHADispatch needs to be wired up
* [KNOX-2059] - Upgrade bcprov-jdk15on to 1.64
* [KNOX-2058] - Upgrade commons-compress to 1.19
* [KNOX-2026] - Accept Impala's authentication cookies (#161)
* [KNOX-2051] - Upgrade asm to 7.2
* [KNOX-2050] - Upgrade jackson to 2.10.0
* [KNOX-2015] - Allow end-users to exclude only certain directives of the SET-COOKIE HTTP header (#154)
* [KNOX-2024] - Fix testNameMethod test
* [KNOX-1996] - Adding changes to remove extra / while generating backedn … (#142)
* [KNOX-2048] - Upgrade pac4j to 3.8.2
* [KNOX-2047] - Upgrade dependency-check-maven to 5.2.2
* [KNOX-2046] - Upgrade hadoop to 3.2.1
* [KNOX-2045] - Upgrade joda-time to 2.10.4
* [KNOX-2044] - Upgrade protobuf-java to 3.10.0
* [KNOX-2043] - Upgrade bcprov-jdk15on to 1.63
* [KNOX-2042] - Upgrade testcontainers to 1.12.1
* [KNOX-2041] - Upgrade rest-assured to 4.1.1
* [KNOX-2040] - Upgrade commons-text to 1.8
* [KNOX-2039] - Upgrade checkstyle to 8.24
* [KNOX-2038] - Upgrade guava to 28.1-jre
* [KNOX-2037] - Upgrade nimbus-jose-jwt to 7.8
* [KNOX-2029] - Upgrade log4j2 to 2.12.1
* [KNOX-2030] - Upgrade frontend-maven-plugin to 1.8.0
* [KNOX-2031] - Upgrade slf4j to 1.7.28
* [KNOX-2032] - Upgrade cglib to 3.3.0
* [KNOX-2033] - Upgrade commons-beanutils to 1.9.4
* [KNOX-2034] - Upgrade jetty to 9.4.20.v20190813
* [KNOX-2035] - Upgrade maven-bundle-plugin to 4.2.1
* [KNOX-2036] - Upgrade cors-filter to 2.8
* [KNOX-2028] - Upgrade jackson to 2.9.10
* [KNOX-1939] - Upgrade jackson-databind to 2.9.9.1
* [KNOX-1950] - YARN v2 UI - Tools - Yarn Daemon Logs - /logs/stacks link broken
* [KNOX-1949] - CM discovery - Improve efficiency of discovery
* [KNOX-1938] - Upgrade nimbus-jose-jwt to 7.5.1
* [KNOX-1945] - Upgrade spring-vault to 2.1.3.RELEASE
* [KNOX-1944] - Upgrade protobuf-java to 3.9.0
* [KNOX-1942] - Upgrade spotbugs-maven-plugin to 3.1.12.1
* [KNOX-1937] - Upgrade testcontainers to 1.11.4
* [KNOX-1936] - Upgrade log4j2 to 2.12.0
* [KNOX-1941] - Upgrade joda-time to 2.10.3
* [KNOX-1943] - Upgrade dependency-check-maven to 5.2.0
* [KNOX-1940] - Upgrade commons-text to 1.7
* [KNOX-1924] - Upgrade org.abstractj.libpam4j 1.9.1 to org.kohsuke.libpam4j 1.11 (#116)
* [KNOX-1923] - Upgrade nodejs to latest LTS v10.16.0 (#117)
* [KNOX-2010] - Upgrade zookeeper to 3.5.5 (#152)
* [KNOX-2203] - Upgrade admin-ui npm dependencies (#245)
* [KNOX-1969] - Upgrade jackson-databind to 2.9.9.3
* [KNOX-1966] - Upgrade jackson-databind to 2.9.9.2
* [KNOX-1885] - Upgrade jetty to 9.4.19.v20190610
* [KNOX-2301] - Trigger discovery for descriptors at gateway start time
* [KNOX-2302] - Skip re-deployment of generated topology if the topology has not changed (#297)
* [KNOX-2265] - Checking CM configs by their related names and read hive.server2.use.SSL from the service configuration (#280)
* [KNOX-2263] - Docker - make sure not to put anything except version in the tag (#279)
* [KNOX-2258] - Add filter for Location header (#277)
* [KNOX-2258] - Add new rewrite rule in Livy service for handling redirect requests to /ui (#276)
* [KNOX-2212] - Token permissiveness (#274)
* [KNOX-2249] - Add Spark 3 History Server definition (#270)
* [KNOX-2250] - maven-antrun-plugin use target instead of tasks (#273)
* [KNOX-2239] - Websocket use the configured truststore in gateway-site config file (#269)
* [KNOX-2230] - Token State Service should throw UnknownTokenException instead of IllegalArgumentException (#268)
* [KNOX-2237] - CM service discovery should default the http path of Hive URLs when the associated property is not set (#266)
* [KNOX-2161] - CM generated descriptors are read-only on Admin UI (#265)
* [KNOX-2233] - DefaultKeystoreService getCredentialForCluster uses cache without synchronization (#264)
* [KNOX-2189] - KnoxShellTable.select() must handle whitespace (#256)
* [KNOX-2214] - Periodic job to evict expired tokens (#257)
* [KNOX-2228] - JWTFilter should handle unknown token exception from token state service (#260)
* [KNOX-2227] - Strip Leading and Trailing Whitespace from Headers in KnoxShellTable (#258)
* [KNOX-2222] - Fix HBase UI Proxying for HBCK Report page (#254)
* [KNOX-2207] - TokenStateService revocation should remove persisted token state (#252)
* [KNOX-2215] - Token service should return a 403 response when the renewer is not white-listed (#251)
* [KNOX-2213] - Service Discovery Support for CM UI, API (#249)
* [KNOX-2209] - Improve logging for Knox token handling (#250)
* [KNOX-2206] - Log exclusion of a discovered service due to configuration issues (#248)
* [KNOX-2208] - AclsAuthorizationFilter should log access at DEBUG level (#247)
* [KNOX-2204] - KnoxLine NPE list datasources when directories don't exist (#246)
* [KNOX-2202] - Knox should use UTF-8 as default encoding instead of ISO-8859-1 (#244)
* [KNOX-2190] - Processing advanced service discovery configuration on topology level (#242)
* [KNOX-2188] - Handling discovery details via advanced configuration (#240)
* [KNOX-1742] - Simple SQL Client in KnoxShell for access to JDBC sources (#241)
* [KNOX-2186] - Advanced service discovery configuration handling (#238)
* [KNOX-2128] - fix javadoc warnings/errors
* [KNOX-2128] - Custom DataSource and SQL Commands for KnoxShell and KnoxShellTable (#231)
* [KNOX-2160] - Introducing Hadoop XML type descriptor format (#236)
* [KNOX-2162] - Log no rewrite rule found at DEBUG level
* [KNOX-1951] - Service Discovery Support for NiFi and NiFi Registry UI (#235)
* [KNOX-718 ] - KnoxSSO login page doesn't display any feedback on error (#234)
* [KNOX-2157] - Verifying the server's state in addition to PID check at gateway start and registering shutdown hook in order to stop the server gracefully. (#230)
* [KNOX-2149] - Added JWT OIDC Verification based on JWKS Urls and extract custom claim
* [KNOX-2101] - knoxshell doesn't handle invalid TLS well (#232)
* [KNOX-2148] - ZEPPELINUI service definition should pass query parameters for API
* [KNOX-2156] - CM discovery - KUDUUI discovery (#228)
* [KNOX-2155] - KnoxSSO should handle multiple cookies with the same name
* [KNOX-2154] - Allow KNOX service during topology generation without URLs and parameters (#226)
* [KNOX-2147] - Mask username/password in case we display call history and keep them safely (by setting proper file permissions) in JSON file (#217)
* [KNOX-2152] - Disable Ambari cluster configuration monitoring by default (#225)
* [KNOX-2151] - HIVE_ON_TEZ HS2 Discovery doesn't work (#224)
* [KNOX-1970] - CM discovery - Add Impala HS2 to auto discovery (#223)
* [KNOX-2134] - Checking if password/alias is available via local alias service before going to fetch it from remote ZK server (#218)
* [KNOX-1932] - CM discovery - WEBHCAT URLs not discovered (#222)
* [KNOX-1921] - CM discovery - Hue Load balancer HTTP/HTTPS scheme (#221)
* [KNOX-2123] - Setting requestURI using the given servletRequest in case the service is unavailable and logging it with the appropriate action outcome (#219)
* [KNOX-1935] - CM discovery - Hue should not have both LB and non LB (#220)
* [KNOX-2136] - Caching credentials in DefaultKeystoreService when an alias is being added or loaded from keystore and using a different cache implementation (#213)
* [KNOX-1962] - CM discovery - Avoid reading krb5 login config multiple t… (#215)
* [KNOX-2132] - JDBCKnoxShellTableBuilder should have optional username and password fields
* [KNOX-2144] - Alias API KnoxShell support should provide response types better than raw JSON (#211)
* [KNOX-2145] - WhitelistUtils should have an HTTPS_ONLY template (#212)
* [KNOX-2131] - Fixed sonarcloud bugs (#201)
* [KNOX-2127] - ZooKeeperAliasService mishandles mixed-case alias keys properly (#202)
* [KNOX-2053] - Ensure secure XML processing
* [KNOX-2122] - Use static base class constants
* [KNOX-2130] - Handle InterruptedException better (#199)
* [KNOX-2122] - Misc code cleanup (#198)
* [KNOX-2129] - Improve deprecated javadoc (#197)
* [KNOX-1997] - Fix diamond operator compiliation error
* [KNOX-1997] - Adding changes to buffer messages from backend in onMessag… (#143)
* [KNOX-2122] - Remove deprecated API usages (#194)
* [KNOX-2103] - Fix javadoc errors
* [KNOX-1718] - Hide org.apache.directory.api.ldap.model.entry.Value errors (#193)
* [KNOX-2122] - Use ThreadLocalRandom
* [KNOX-2103] - Make responseExcludeHeaders parameter in ConfigurableDispatch case insensitive (#192)
* [KNOX-2122] - Code cleanup from static code analysis (#191)
* [KNOX-2121] - Zookeeper - Reduce amount of resources required to run tests (#190)
* [KNOX-2099] - Using the default port of the protocol when no port is declared in the URL when building truststore. (#189)
* [KNOX-2104] - Removing redundant resource cleanup so that data table can keep track of its activePage/rowsOnTable attributes (#179)
* [KNOX-2105] - KnoxShell support for token renewal and revocation (#180)
* [KNOX-1878] - Enforce single version of dependencies (#102)
* [KNOX-2071] - Configurable maximum token lifetime for TokenStateService (#178)
* [KNOX-2025] - KnoxShellTable - Join Builder on Method should accept Col Names (#172)
* [KNOX-2068] - Let end-users add a new service definition from scratch (#173)
* [KNOX-2072] - Kudu web UI service definition (#171)
* [KNOX-2070] - SSOCookieFederationFilter NPE (#170)
* [KNOX-2066] - pom clean up
* [KNOX-2014] - Make sure ATLASSESSIONID cookie is set (#150)
* [KNOX-2013] - CM discovery - Add Phoenix to auto discovery (#148)
* [KNOX-1914] - New admin API to be used by the UI to fetch available service discovery types (#147)
* [KNOX-2017] - Making Cloudera repository available in Knox's parent POM so that Cloudera dependencies are available in every children project (#149)
* [KNOX-2016] - KnoxShellTable SQL Builder, Col Select, Sort
* [KNOX-1998] - WebHDFS rewrite.xml does not have rewrite rule for Location field in json (#138)
* [KNOX-1994] - Update Ranger API service definition to allow separate URL patterns
* [KNOX-2007] - Ensure wait for vault to start on exposed port
* [KNOX-1788] - New XSS Provider is added to Web Application Security Provider List (#141)
* [KNOX-2005] - Improvements to KnoxShellTable
* [KNOX-2001] - KnoxSession should log a warning message when useSubjectCredsOnly is false
* [KNOX-2000] - KnoxSession should not set javax.security.auth.useSubjectCredsOnly
* [KNOX-1999] - Make WEBHDFS rule that rewrites hdfs:// local (#139)
* [KNOX-1992] - Add a service definition for Impala's debug web pages (#137)
* [KNOX-1994] - Update Ranger API service definition to allow separate URL patterns (#136)
* [KNOX-1934] - Setting the default value of knoxsso.cookie.secure.only based on ssl.enabled flag in gateway-site.xml (#134)
* [KNOX-1990] - Testing non-existing/non-parsable JAAS configuration in sequential order even if parallel test execution is enabled (#133)
* [KNOX-1957] - Optional APP_JAVA_OPTS are handled properly (#131)
* [KNOX-1952] - Add NiFi Registry service definition (#128)
* [KNOX-1988] - In Spark History Server UI, make links for Executor logs point to YARN UI v2 (#132)
* [KNOX-1986] - Do not attempt to rewrite empty payload (#129)
* [KNOX-1967] - Add a service definition for Impala Hiveserver2 (#127)
* [KNOX-1694] - Prevent port mapped topologies from being exposed to gateway port (#126)
* [KNOX-1963] - Ranger API service should proxy xusers/users and and xusers/groups
* [KNOX-1959] - HadoopAuthCookieStore should not read krb5 login config each time
* [KNOX-1956] - Improve AdminUI development by using angular proxy conf (#122)
* [KNOX-1948] - If no rules are defined don't rewrite (#121)
* [KNOX-1588] - YARN v2 UI - Make sure that Spark and MR Job history links are handled
* [KNOX-1927] - CM discovery - ZEPPELINUI / ZEPPELINWS urls are not discovered
* [KNOX-1928] - CM discovery - Multiple of same url are added to descriptor
* [KNOX-1593] - YARN v2 UI - Application - View logs for running application
* [KNOX-1925] - KnoxPamRealm code cleanup
* [KNOX-1922] - Processing a DNSName only if the hostname starts with a letter (#115)
* [KNOX-1816] - Added shellcheck validation to our build optionally and fixed issues shellcheck already found (#114)
* [KNOX-1919] - Taking gateway.path into consideration when processing redirectToUrl provider param with the OOTB knoxsso.xml sample (#113)
* [KNOX-1917] - DefaultKeystoreService should use a shared read lock (#110)
* [KNOX-1916] - Provide default configuration for Hue in topology (#109)
* [KNOX-1911] - Support ClouderaManager Service Discovery in Admin UI
** Bug
* [KNOX-2262] - Accessing hbase logs through knox exposes hbase endpoint url instead of routing through knox
* [KNOX-2314] - NPE from topology Service equals implementation when no URLs (#303)
* [KNOX-2008] - Fix Broken RM Home Link in YARN UI.
* [KNOX-2007] - TestHashicorpVaultAliasService fails if a process is already bound to port 8200
* [KNOX-1590] - YARN v2 UI - Application - ApplicationMaster link is broken
* [KNOX-1915] - X509CertificateUtil SAN should contain fully qualified hostname
* [KNOX-1918] - Atlas API - prevent global HDFS rules from triggering (#111)
* [KNOX-1933] - Add rewrite rules to fix Yarn RM application and logs URL (#119)
* [KNOX-1744] - Add rewrite rules to fix executor stdout/stderr links in Spark History Server UI (#120)
* [KNOX-1929] - CM discovery - HIVE URLs not discovered when HIVE_ON_TEZ is deployed
* [KNOX-1930] - CM discovery - JOBTRACKER URLs not discovered
* [KNOX-1964] - YARN v1 UI - ContainerLogs link broken for Running Jobs
* [KNOX-1955] - Admin UI should handle gateway.path change (#123)
* [KNOX-1968] - YARN UI V2 proxied via Knox does not rewrite Spark stderr/stdout links
* [KNOX-1995] - If a rule doesn't match, shouldn't error. Need to handle null case
* [KNOX-2259] - KNOX-2260 KNOX-2261 - Fixed Impala/Kudu/HBase UI context path in service metadata (#282)
* [KNOX-1958] - YARN v2 UI - internal links of History and ApplicationMaster Pages.
* [KNOX-2021] - Fix typo in gateway-docker/README.md (#155)
* [KNOX-2012] - Fix an issue where multiple sessions are created during Ranger login (#146)
* [KNOX-2011] - Don't block SET-COOKIE response header for Ranger UI (#144)
* [KNOX-1987] - knox failed to start because knoxcli failed with "java.lan…g.NoSuchFieldError: DEFAULT_XML_TYPE_ATTRIBUTE" (#130)
* [KNOX-2231] - Fix KnoxSSO OIDC integration (#262)
* [KNOX-2229] - Knox shouldn't exclude Kerby since it is used by Hadoop
* [KNOX-2200] - DefaultKeystoreService can lose entries under concurrent access (#243)
* [KNOX-2002] - Fix KnoxShellTableTest build errors
* [KNOX-1742] - Fix javadoc warning
* [KNOX-2350] - Handling event types w/o COMMAND and/or COMMAND_STATUS attributes when polling CM events (#318) (#319)
* [KNOX-2353] - Disabled CM descriptor monitoring and advanced service discovery changes monitoring by default (#320)
* [KNOX-2347] - Disable shellcheck for github actions (#317)
* [KNOX-2345] - KnoxShellTable must handle NULL cols
------------------------------------------------------------------------------
Release Notes - Apache Knox - Version 1.3.0
------------------------------------------------------------------------------
** New Feature
* [KNOX-1880] - Support doAs for Cloudera Manager service discovery API interactions
* [KNOX-1862] - Add Service Definition for Hue UI (#97)
* [KNOX-1875] - Cloudera Manager service discovery
* [KNOX-1855] - Add Service Definition for Cloudera Manager API (#88)
* [KNOX-1774] - Introduce environment variables in gateway/knoxcli/ldap/knoxshell scripts for customization (#65)
* [KNOX-1687] - Hashicorp Vault RemoteAliasService provider
* [KNOX-1418] - Add KnoxShell command to build truststore using the gateway server's public certificate (#60)
* [KNOX-1285] - Create Apache Knox Dockerfile and image
** Improvement
* [KNOX-1912] - X509CertificateUtil should set CN and SAN
* [KNOX-1905] - Upgrade maven-pmd-plugin to 3.12.0
* [KNOX-1886] - Upgrade spotbugs-maven-plugin to 3.1.12
* [KNOX-1910] - Upgrade rest-assured to 4.0.0
* [KNOX-1909] - Upgrade javax.annotation-api to 1.3.1
* [KNOX-1908] - Upgrade checkstyle to 8.22
* [KNOX-1890] - Upgrade testcontainers to 1.11.3
* [KNOX-1907] - Upgrade pac4j to 3.7.0
* [KNOX-1884] - Upgrade spring-core to 5.1.8.RELEASE
* [KNOX-1899] - Upgrade shiro to 1.4.1
* [KNOX-1882] - Upgrade protobuf-java to 3.8.0
* [KNOX-1883] - Upgrade nimbus-jose-jwt to 7.3
* [KNOX-1897] - Upgrade metrics to 4.1.0
* [KNOX-1898] - Upgrade maven-compiler-plugin to 3.8.1
* [KNOX-1891] - Upgrade maven-checkstyle-plugin to 3.1.0
* [KNOX-1903] - Upgrade frontend-maven-plugin to 1.7.6
* [KNOX-1895] - Upgrade joda-time to 2.10.2
* [KNOX-1902] - Upgrade maven-bundle-plugin to 4.2.0
* [KNOX-1885] - Upgrade jetty to 9.4.19.v20190610
* [KNOX-1904]- Upgrade jna to 5.3.1
* [KNOX-1887]- Upgrade dependency-check-maven to 5.0.0
* [KNOX-1888] - Upgrade bcprov-jdk15on to 1.62
* [KNOX-1901] - Upgrade jansi to 1.18
* [KNOX-1893] - Upgrade jacoco-maven-plugin to 0.8.4
* [KNOX-1892] - Upgrade jackson to 2.9.9
* [KNOX-1906] - Upgrade guava to 28.0-jre
* [KNOX-1894] - Upgrade groovy to 2.5.7
* [KNOX-1900] - Upgrade commons-lang3 to 3.9
* [KNOX-1889] - Upgrade checkstyle to 8.21
* [KNOX-1896] - Upgrade cglib to 3.2.12
* [KNOX-1881] - DefaultKeystoreService should use Java NIO API locking as well
* [KNOX-1877] - Atlas service definitions should default to trusted proxy
* [KNOX-1876] - Zeppelin should default to trusted proxy for service definition (#100)
* [KNOX-1874] - Ignore irrelevant files in service definition directories (#99)
* [KNOX-1872] - Update Ranger service definitions to support trusted proxy
* [KNOX-1848] - Default to 'zookeeper' as remote alias configuration type in case it is not set in gateway-site.xml (#93)
* [KNOX-1858] - Add service name to X-Forwarded-Context header (#90)
* [KNOX-1859] - Improve alias lookup for HadoopAuthProvider (#89)
* [KNOX-1861] - KnoxSession should support configurable useSubjectCredsOnly system property setting
* [KNOX-1857] - YARNUIV2 fails with Authentication Required with kerberos authentication type (Prabhu Joseph via Kevin Risden)
* [KNOX-1827] - Knox Fails to Rewrite WebFonts for Zeppelin (#76)
* [KNOX-1851] - remove the unnecessary instanceof check (#87)
* [KNOX-1841] - Upgrade zookeeper to 3.4.14
* [KNOX-1846] - Upgrade testcontainers to 1.11.1
* [KNOX-1845] - Upgrade spring-core to 5.1.6.RELEASE
* [KNOX-1840] - Upgrade protobuf-java to 3.7.1
* [KNOX-1847] - Upgrade findsecbugs to 1.9.0
* [KNOX-1843] - Upgrade dependency-check-maven to 5.0.0-M2
* [KNOX-1850] - KnoxSession should honor the current subject for Kerberos login
* [KNOX-1849] - Start the Java process with 'exec' when running the app in foreground (#85)
* [KNOX-1844] - Upgrade checkstyle to 8.19
* [KNOX-1819] - Ensure services are started and stopped in the correct order (#82)
* [KNOX-1837] - Remove jersey-common from top level pom
* [KNOX-1836] - Migrate from commons-lang to commons-lang3
* [KNOX-1837] - Remove ServiceTestResource glassfish Base64 dependency
* [KNOX-1835] - Jupyter Enterprise Gateway - KERNEL_USERNAME should be added when not present (#79)
* [KNOX-1832] - KnoxSession handling of JAAS config for kerberos auth is not deterministic
* [KNOX-1828] - Fix javadoc warning for test
* [KNOX-1804] - Moving copy-pasted bash functions to knox-function.sh (#71)
* [KNOX-1824] - Upgrade guava to 27.1-jre
* [KNOX-1823] - Upgrade protobuf-java to 3.7.0
* [KNOX-1822] - Upgrade dependency-check-maven to 5.0.0-M1
* [KNOX-1814]- Moving conf/data folder checking to Java layer from bash (#68)
* [KNOX-1812] - The Knox Gateway truststore should be configurable (#69)
* [KNOX-1815] - Removed Windows scripts (#67)
* [KNOX-1111] - 2-way SSL Truststore and Keystore Improvements (#74)
* [KNOX-1820] - Cleanup KeystoreService implementations and add unit tests (#72)
* [KNOX-1804] - Fix variable *_FOREGROUND_* defaults
* [KNOX-1826] - Replace zip4j with ShrinkWrap
* [KNOX-1810] - Upgrade frontend-maven-plugin to 1.7.5
* [KNOX-1811] - Upgrade pac4j to 3.6.1
* [KNOX-1809] - Upgrade spotbugs to 3.1.12
* [KNOX-1807] - Upgrade curator to 4.2.0
* [KNOX-1808] - Upgrade asm to 7.1
* [KNOX-1803] - Stop redirecting stderr & stdout to a file when the server runs in the foreground (#64)
* [KNOX-1801] - Master secret is incorrectly assumed when a custom truststore is not specified when clientauth is enabled (#63)
* [KNOX-1802] - Ranger /service/plugins and healthcheck endpoint needs to be exposed through Knox.
* [KNOX-474] - Improve Kerberos config validation and diagnostics at startup (#62)
* [KNOX-1789] - Refactor RemoteAliasService to use service loading (#59)
* [KNOX-1793] - DefaultKeystoreService should not validate the signing key on initialization (#61)
* [KNOX-1799] - Upgrade nimbus-jose-jwt to 7.0.1
* [KNOX-1800] - Upgrade mina-core to 2.0.20
* [KNOX-1798] - Upgrade checkstyle to 8.18
* [KNOX-1791] - MasterService should be a field on GatewayServices - replace "Master Service" with (new) constant, reordered constants in GatewayServices (#58)
* [KNOX-1756] - Knox Gateway TLS Keystore and Alias Should be Configurable (#56)
* [KNOX-1787] - Use same SecureRandom that DefaultAliasService used
* [KNOX-1787] - Create PasswordUtils class in gateway-util-common
* [KNOX-1786] - Use mocking to simplify DefaultRemoteConfigurationMonitorTest
* [KNOX-1162] - Logging stacktrace for FATAL messages and displaying a meaningful error message in case of missing/non-parsable JAAS configuration (#55)
* [KNOX-1784] - Upgrade bootstrap to 3.4.1
* [KNOX-1780] - Upgrade slf4j to 1.7.26
* [KNOX-1781] - Upgrade commons-codec to 1.12
* [KNOX-1782] - Upgrade jetty to 9.4.15.v20190215
* [KNOX-1777] - Move pac4j version/dependencies to top level pom.xml
* [KNOX-1778] - Update Copyright year to 2019
* [KNOX-1709] - Limit parallelism for slower laptops
* [KNOX-1760] - Created Pull Request template (#51)
* [KNOX-1775] - Cleanup test timeout handling
* [KNOX-1773] - Docker start gateway/ldap in the foreground
* [KNOX-1771] - Upgrade spotbugs-maven-plugin to 3.1.11
* [KNOX-1769] - Upgrade nimbus-jose-jwt to 7.0
* [KNOX-1767] - Upgrade log4j2 to 2.11.2
* [KNOX-1770] - Upgrade groovy to 2.5.6
* [KNOX-1768] - Upgrade bcprov-jdk15on to 1.61
* [KNOX-1772] - Upgrade angular-cli to 1.7.4
* [KNOX-1709] - Allow tests to run in parallel
* [KNOX-1758] - New Ant target to ease starting test servers enabling remote debugging
* [KNOX-1757] - Increasing test timeout from 1 second to 3 seconds (Sandor Molnar via Kevin Risden)
* [KNOX-1755] - Revert upgrade httpclient to 4.5.7 due to HTTPCLIENT-1968
* [KNOX-1754] - Upgrade pac4j to 3.5.0
* [KNOX-1753] - Upgrade jacoco-maven-plugin to 0.8.3
* [KNOX-1752] - Upgrade httpclient to 4.5.7
* [KNOX-1751] - Upgrade checkstyle to 8.17
* [KNOX-1792] - AliasService start should only be called once in DefaultGatewayServices
* [KNOX-1750] - Unable to view descriptor service params
* [KNOX-1559] - Create Dispatch implementation that is configurable via service.xml file
* [KNOX-1747] - Upgrade spotbugs to 3.1.11
* [KNOX-1746] - Upgrade httpcore to 4.4.11
* [KNOX-1748] - Upgrade eclipselink to 2.7.4
* [KNOX-1745] - Upgrade hadoop to 3.2.0
* [KNOX-1738] - Upgrade nimbus-jose-jwt to 6.7
* [KNOX-1739] - Upgrade spring-core to 5.1.4.RELEASE
* [KNOX-1737] - Remote configuration monitor start should not be attempted if config is not defined
* [KNOX-1736] - Upgrade rest-assured to 3.3.0
* [KNOX-1735] - Upgrade admin-ui bootstrap to 3.4.0
* [KNOX-1710] - Reuse JAXBContext since they are thread safe
* [KNOX-1731] - Gateway Admin UI should not include external js/css
* [KNOX-1728] - Allow custom parameters to be passed to dispatches
* [KNOX-1727] - Values should not be forced in query parameters when proxying through Knox
* [KNOX-1721]- Upgrade dependency-check-maven to 4.0.2
* [KNOX-1724] - Upgrade rat plugin to 0.13
* [KNOX-1723] - Upgrade dropwizard metrics to 4.0.5
* [KNOX-1722] - Upgrade checkstyle to 8.16
* [KNOX-1716] - Upgrade hamcrest to 2.1
* [KNOX-1717] - Enable PMD incremental analysis
* [KNOX-1715] - Upgrade jna to 5.2.0
* [KNOX-1712] - Upgrade spotbugs-maven-plugin to 3.1.10
* [KNOX-1713] - Upgrade dropwizard metrics to 4.0.4
* [KNOX-1714] - Upgrade groovy to 2.5.5
* [KNOX-1711] - Provide Endpoint Public Cert for KnoxToken
* [KNOX-1679] - Add Alias API service
* [KNOX-1679] - Review fixes
* [KNOX-1708] - Cleanup admin-ui lint errors
* [KNOX-1707] - Gateway Admin UI should have the right version
* [KNOX-1705] - Fix including gateway-admin-ui module
* [KNOX-1679] - Add Alias API service
* [KNOX-1705] - Integrate gateway-admin-ui into Maven build
* [KNOX-1703] - Cleanup old System.out debugging lines
* [KNOX-1702]- Use Boolean.parseBoolean instead of true.equals
* [KNOX-1701] - Use hamcrest assertThat instead of junit
* [KNOX-1700] - Tests should not extend org.junit.Assert
* [KNOX-1696] - Upgrade nimbus-jose-jwt to 6.5.1
* [KNOX-1697] - Upgrade curator to 4.1.0
* [KNOX-1690] - Update pom.xml with new git url
* [KNOX-1691] - Update doap_Knox with gitbox location
* [KNOX-1686] - XmlFilterReader - Ensure XPath and XPathFactory thread safety
* [KNOX-1684] - Avoid NPE for deployments in GatewayServer
* [KNOX-1685] - MockServlet - avoid mutable instance variables
* [KNOX-1683] - Ensure truststorePass is set in KnoxSession
* [KNOX-1682] - Upgrade dependency-check-maven to 4.0.1
* [KNOX-1681] - Upgrade spotbugs to 3.1.10
* [KNOX-1663] - Checkstyle - Enable EqualsAvoidNullCheck and don't instantiate Boolean
* [KNOX-1768] - Upgrade Jackson to 2.9.8
* [KNOX-1677] - Use try-with-resources to ensure that resources are closed
* [KNOX-1527] - Bump apacheds dependency version to 2.0.0-AM25
* [KNOX-1676] - Enable PMD for tests
* [KNOX-1638] - Migrate from apacheds-all to specific apacheds dependencies
* [KNOX-1673] - Upgrade cglib to 3.2.10
* [KNOX-1568] - Upgrade nimbus-jose-jwt to 6.5
* [KNOX-1672] - Cleanup deprecated API usage
* [KNOX-1671] - Cleanup misc logic errors identified by Sonarqube
* [KNOX-1669] - Enable PMD code style rules
* [KNOX-1668] - Enable PMD multithreading ruleset
* [KNOX-1667] - Enable PMD error prone ruleset
* [KNOX-1666] - Enable PMD best practices ruleset
* [KNOX-503] - Tests which include expected unreachable hosts fail with wildcard DNS records (Kristopher Kane, Kevin Risden)
* [KNOX-1615] - Enable PMD for source analysis
* [KNOX-1664] - Miscellaneous code cleanup
* [KNOX-1663] - Enforce more Checkstyle rules
* [KNOX-1618] - Add dropwizard metrics-jvm support
* [KNOX-1623] - Fix jenkins build - 2
* [KNOX-1364] - Cookie scoping path should contain the topology name (Laszlo Nardai via Kevin Risden)
* [KNOX-1662] - Avoid GatewayTestDriver NPE on ldap stop
* [KNOX-1659] - Upgrade spring-core to 5.1.3.RELEASE
* [KNOX-1656] - Upgrade checkstyle to 8.15
* [KNOX-1658] - Upgrade spotbugs-maven-plugin to 3.1.9
* [KNOX-1657] - Upgrade easymock to 4.0.2