Current status since last release:

Additional features:

policy enforcement over nested attributes, i.e. credentials.dropbox
support for the enforcement of strict json schema tdegrunt/jsonschema#173
Dropbox authentication
change the console-based script to generate users and clients to use the API without enforcement to ensure that policies were created for every entity
hash users' passwords
endpoints to reset passwords for own and other users if admin
endpoints to fetch and write attribute's policies
initial mockup of pdp for actions in the AGILE API (for initial integration)
add endpoint to delete an attribute
add endpoint to list all users, and groups

fix non-deterministic behaviour during login (sometimes another user was chosen).
fix group issue reported in agile-idm-entity-storage: groups now can be deleted without removing entities first. Before there was an inconsistency when this was the case.
fix issue when the same user logs is with different clients: when the same user used different clients simultaneously, there was only one session valid.
fix to ensure that the client id is propagated to the provider strategies. This allows strategies to create tokens for a particular oauth2 flow and for a particular client, to ensure that there are no race conditions.
fix add expiration time, and deletion of tokens that expired (when they are queried). Also a general cleanup of the token db happens whenever tokens are iterated, so we keep only tokens that are valid.
fix session sync issue between passport and tokens stored in the db (this was generating an error when integrated with OS.js from which the only way to recover is to delete cookies from the browser)