diff --git a/README.md b/README.md index 9427923..04a8108 100644 --- a/README.md +++ b/README.md @@ -69,6 +69,11 @@ config.app_port = '80'; // Port where the HTTP server is running sudo npm start ``` +> **ATTENTION!!!** + +>There is an existing security exploit in all versions older than 2.15 of Log4J. Although not using this software currently, the older 7.x.x versions of PEP-Proxy used to use Log4j for logging. Prior to the release 8.0.0, older versions of this software were affected by this exploit as well. +Logging was updated to use Debug and Morgan in March 2021. We released a new version 8.0.0 on dockerhub. Also latest is updated already. If still using 7.x.x please update as soon as possible. + ### Docker We also provide a Docker image to facilitate you the building of this GE. diff --git a/roadmap.md b/roadmap.md index 8161334..8af2ef6 100644 --- a/roadmap.md +++ b/roadmap.md @@ -11,38 +11,19 @@ order given. The development team will be doing their best to follow the propose in mind that plans to work on a given feature or task may be revised. All information is provided as a general guidelines only, and this section may be revised to provide newer information at any time. -## Short term +## Short and medium term -The following list of features are planned to be addressed in the short term, and incorporated in the next release of -the product: +The following list of features are planned to be addressed in the short/medium term, and incorporated in the next releases of +the GE: -- There are no new features planned for the next release. - -- OpenID Connect: Keyrock GE will implement support to OpenID Connect for creating _id_tokens_. Wilma will support - these tokens for validating users identity. - -## Medium term - -The following list of features are planned to be addressed in the medium term, typically within the subsequent -release(s) generated in the next 9 months after next planned release: - -- Unit tests: to be run in CI +- Support to multiple PDP - Integration with Alastria identity, Hyperledger Indy: for supporting blockchain-based authentication mechanisms. -- Integration with Context Broker Service Path: to support a better integration of authorization mechanisms with - Context Broker, requests will take into account the CB service path in HTTP headers. - ## Long term The following list of features are proposals regarding the longer-term evolution of the product even though development of these features has not yet been scheduled for a release in the near future. Please feel free to contact us if you wish to get involved in the implementation or influence the roadmap -- Integration with API management tools: in the same way the logic of Wilma is available in API Umbrella, the - implementation in other tools such us KONG and/or Proxy42 will be studied. - -- COAP compatibility: supporting this protocol as an alternative of HTTP could improve the performance of IoT devices - authentication process. - - Analysis/Improvement Keyrock Production performance