CHANGELOG.md

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

[10.0.0] - 2023-12-10

Changed

• Support for Play 3.0.x with Apache Pekko thanks to @MathisGuillet1 and @mkurz

[9.0.0] - 2023-12-10

Play Silhouette is now under the Playframework organisation.

Added

• Scala 3, Play 2.9.x compatibility thanks to @ahjohannessen and @MathisGuillet1
• Commit information to discord bot snapshot message from @honeycomb-cheesecake.
• Commit and version information to discord bot production release message from @honeycomb-cheesecake.

Changed

• Package names has been changed from io.github.honeycomb-cheesecake to org.playframework.silhouette
• Version to v9.0.0-SNAPSHOT for breaking change release from @honeycomb-cheesecake.
• JodaTime replaced with Java Date API from Rocketeer007.
• JWT provider from com.atlassian.jwt.jwt-core and com.atlassian.jwt.jwt-api to com.auth0.java-jwt to permit the use of signing algorithms other than HS256 from @honeycomb-cheesecake.
• Disable build failure on dependencies not being up-to-date

Removed

• JodaTime dependency from Rocketeer007.

[8.0.2] - 2022-06-11

Fixed

• sbt-sonatype configuration so that sonatypeCredentialHost points to correct location (s01.oss.sonatype.org) due to legacy host (oss.sonatype.org) is used by default which failed production release from @honeycomb-cheesecake.
• sbt-sonatype configuration so that production publishTo points to local staging repository from @honeycomb-cheesecake.
• scala.yml release pipeline so that +publishSigned is run prior to +sonatypeBundleRelease from @honeycomb-cheesecake.
• Corrected v8.0.1 by adding version information from @honeycomb-cheesecake.
• Corrected v8.0.0 by correcting date from @honeycomb-cheesecake.

Changed

• Updated scala.yml pipeline dynamic sonatype.sbt file to use environment variables rather than file from @honeycomb-cheesecake.

[8.0.1] - 2022-06-11

Security

• Upgrading Play framework version to 2.8.16 to prevent CVE-2022-31023 from @ndeverge.

Fixed

• deploy-production-artifact GitHub Action workflow from startsWith(github.ref, 'ref/tags/v') to startsWith(github.ref, 'refs/tags/v') from @honeycomb-cheesecake.

Added

• Discord messages for pipeline runs from @honeycomb-cheesecake.

Changed

• Snapshot releases not executed on tagged artifacts as the sbt-sonatype plugin will just attempt to release a production version from @honeycomb-cheesecake.

[8.0.0] - 2022-05-16

Fixed

• Code warnings from @honeycomb-cheesecake.
• Tranche of scapegoat results from @honeycomb-cheesecake.

Added

• Sbt release plugin to facilitate project releases from @honeycomb-cheesecake.
• Scapegoat stage to release process and github actions from @honeycomb-cheesecake.
• Dependency check stage to release process and github actions from @honeycomb-cheesecake.
• Dependency updates stage where build will fail with updates to release process and github actions from @honeycomb-cheesecake.
• Coveralls integration back into github actions from @honeycomb-cheesecake.
• Publishing step to github action for CI from @honeycomb-cheesecake.
• Create GitHub release step for tagged versions from @honeycomb-cheesecake.
• Publishing environment variables for CI deployment from @honeycomb-cheesecake.
• Import of GPG key step to github action for CI from @honeycomb-cheesecake.
• Disabled line for cross-build with scala 3 when supported by play from @honeycomb-cheesecake.
• Coveralls badge to README.md from @honeycomb-cheesecake.
• Discord badge to README.md from @honeycomb-cheesecake.

Changed

• Updated dependencies to latest from @honeycomb-cheesecake.
• Project build definitions from @honeycomb-cheesecake.
• Package definition from com.mohiva.silhouette.play to io.github.honeycombcheesecake.play from @honeycomb-cheesecake.
• Split github actions into build and test phases from @honeycomb-cheesecake.
• Pull request template so it points to the honeycomb-cheesecake repository from @honeycomb-cheesecake.

Removed

• Support for cross-building with scala 2.12 series as is now in maintenance mode and getting ready for scala 3 integration from @honeycomb-cheesecake.

[7.0.7] - 2022-04-11

Fixed

• Fixed LinkedInProfileParser throwing error when user has no image set from @hpolkowski.

[7.0.6] - 2022-04-08

Changed

• Upgrading Play framework version to 2.8.15 from @honeycomb-cheesecake.

[7.0.5] - 2022-04-05

Changed

• Upgrading Play framework version to 2.8.14 from @ndeverge.

[7.0.4] - 2022-02-15

Fixed

• Removing the provided for JWT API from @ndeverge.

[7.0.3] - 2022-02-07

Changed

• Updated Atlassian JWT dependencies to address CVE-2021-27568 from @lenin122
• Upgrading Play framework version to 2.8.13 from @ndeverge.

[7.0.2] - 2021-12-02

Added

• Commit steps to PUBLISHING.md from @honeycomb-cheesecake.
• Snapshot management to PUBLISHING.md from @honeycomb-cheesecake.

Changed

• Spacing to v7.0.1 sections from @honeycomb-cheesecake.
• Play framework version to 2.8.11 (note that Play 2.8.10 introduces a binary incompatibility by updating scala-java8-compat as pointed out by @zmerr) from @ndeverge.

[7.0.1] - 2021-11-27

Security

• Updated Atlassian JWT dependencies to address CVE-2019-17195 from @dspasojevic.
• Upgrading to Play 2.8.8 to address CVE-2020-12480 from @ndeverge.

Fix

• Explicit Sonatype repository publishing links for each silhouette module build.sbt file to adhere to changes outlined by Sonatype from @honeycomb-cheesecake.

Added

• Migration from TravisCI to GitHub script from @ndeverge.
• Cross compilation on CI from @ndeverge.
• Notes on running startup scripts with sbt v1.5.x from @ndeverge.
• Argon2 password hasher from @honeycomb-cheesecake.
• Argon2 password hasher tests from @honeycomb-cheesecake.
• v7.0.0 release notes to CHANGELOG.md from @ndeverge.
• PUBLISHING.md outline to explain how libraries are release from @honeycomb-cheesecake.
• Installation information to README.md from @honeycomb-cheesecake.

Changed

• CHANGELOG.md to Keep a Changelog format for new releases from @honeycomb-cheesecake.
• CONTRIBUTING.md to have up to date information and links from @honeycomb-cheesecake.
• Maven publishing information from @honeycomb-cheesecake.
• Version to 7.0.1-SNAPSHOT from @honeycomb-cheesecake.

[7.0.0]

• Update to Play 2.8.1

[6.0.1]

• Update to Play 2.7.3
• Add support for Scala 2.13

[6.0]

• Update to Play 2.7

[5.0]

• Update to Play 2.6
• Handling of OAuth2 based user state with the help of the new social state handler implementation (thanks to @Saheb)
• Implement BCryptSha256PasswordHasher to avoid password truncating issue
• Better error messages for OAuth2 based errors
• Remove Clef support

[4.0] - 2016-07-14

• Update to Play 2.5
• Removed Play Messages instance from Event, Authorization and ErrorHandler types. The I18nSupport trait should be used instead, to get the Messages instance for the current request
• Rewrite Silhouette trait to provide injectable actions (this is now the default method from Play 2.5 on)
  • Every SecuredAction can now override the global(default injected) error handler if needed
  • A controller is not bound to a single Authenticator anymore
• Remove SecuredErrorHandler in favour of injectable error handler
• Pass the auth info to the profile parsers to easier query additional data from the provider API
• Add UnsecuredRequestHandler and UnsecuredAction
• Dropped Scala 2.10 support
• Projects separated
  • silhouette-password-bcrypt -> contains BCrypt password hasher
  • silhouette-persistence -> contains base implementations for the persistence layer
  • silhouette-persistence-memory -> in-memory implementation of the persistence layer
• Use request extractors to find authenticator values in other parts of the request
• Fix overriding settings method for Providers (thanks @felipefzdz)
• Allow to override the API URL in the OAuth1 and OAuth2 providers
• Allow to override authentication provider constants
• Support for Auth0 authentication provider (thanks @lucamilanesio)
• Support for Gitlab authentication provider (thanks @ThmX)
• Support for CAS authentication provider (thanks @SBSMMO)
• Issue #435: copy customClaims when renewing JWTToken (thanks @mizerlou)
• Define meaningful interface for password re-hashing (thanks @alexmojaki)
• Play Framework independent crypto implementation

[3.0] - 2015-07-14

• Update to Play 2.4
• Stateless and non-stateless CookieAuthenticator
• Allow to customize the Gravatar service
• Use scala.concurrent.duration.FiniteDuration instead of Int for duration based values
• A lot of API enhancements

[2.0] - 2015-03-28

• Use lazy val to initialize SecureRandom, so that initialization occurs also async
• Refactor authenticators and add BearerTokenAuthenticator, JWTAuthenticator, SessionAuthenticator and DummyAuthenticator
• Better error handling for authenticators
• Authenticators now using an extra backing store instead of only the cache
• Split up SocialProvider.authenticate method into authenticate and retrieveProfile methods
• Remove authInfo from SocialProfile
• Add OAuth1 token secret implementation
• Add OAuth2 state implementation
• Documentation is now included in the repository and hosted on Read The Docs
• Renamed packages "core" to "api", "contrib" to "impl", "utils" to "util"
• Reorganized the project structure (moved all providers into the "impl" package, moved some classes/traits)
• Add request handlers
• Add request providers in combination with HTTP basic auth provider
• Add Dropbox provider
• Add Clef provider
• Add request extractors
• Better social profile builder implementation
• Add OpenID providers Steam and Yahoo
• Better error handling

[1.0] - 2014-06-12

• First release for Play 2.3

[0.9] 2014-06-12

• First release for Play 2.2