From 7802876c78247c37281b0e3715748062eec2cfc4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lvaro=20Alonso?= Date: Wed, 24 Nov 2021 09:43:25 +0100 Subject: [PATCH 1/2] Update roadmap.md --- roadmap.md | 27 ++++----------------------- 1 file changed, 4 insertions(+), 23 deletions(-) diff --git a/roadmap.md b/roadmap.md index 8161334..8af2ef6 100644 --- a/roadmap.md +++ b/roadmap.md @@ -11,38 +11,19 @@ order given. The development team will be doing their best to follow the propose in mind that plans to work on a given feature or task may be revised. All information is provided as a general guidelines only, and this section may be revised to provide newer information at any time. -## Short term +## Short and medium term -The following list of features are planned to be addressed in the short term, and incorporated in the next release of -the product: +The following list of features are planned to be addressed in the short/medium term, and incorporated in the next releases of +the GE: -- There are no new features planned for the next release. - -- OpenID Connect: Keyrock GE will implement support to OpenID Connect for creating _id_tokens_. Wilma will support - these tokens for validating users identity. - -## Medium term - -The following list of features are planned to be addressed in the medium term, typically within the subsequent -release(s) generated in the next 9 months after next planned release: - -- Unit tests: to be run in CI +- Support to multiple PDP - Integration with Alastria identity, Hyperledger Indy: for supporting blockchain-based authentication mechanisms. -- Integration with Context Broker Service Path: to support a better integration of authorization mechanisms with - Context Broker, requests will take into account the CB service path in HTTP headers. - ## Long term The following list of features are proposals regarding the longer-term evolution of the product even though development of these features has not yet been scheduled for a release in the near future. Please feel free to contact us if you wish to get involved in the implementation or influence the roadmap -- Integration with API management tools: in the same way the logic of Wilma is available in API Umbrella, the - implementation in other tools such us KONG and/or Proxy42 will be studied. - -- COAP compatibility: supporting this protocol as an alternative of HTTP could improve the performance of IoT devices - authentication process. - - Analysis/Improvement Keyrock Production performance From d620c6e63d8439f5d7ed16c155036862afca7368 Mon Sep 17 00:00:00 2001 From: Alejandro Pozo Huertas Date: Thu, 23 Dec 2021 10:39:21 +0100 Subject: [PATCH 2/2] Update README.md --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 9427923..04a8108 100644 --- a/README.md +++ b/README.md @@ -69,6 +69,11 @@ config.app_port = '80'; // Port where the HTTP server is running sudo npm start ``` +> **ATTENTION!!!** + +>There is an existing security exploit in all versions older than 2.15 of Log4J. Although not using this software currently, the older 7.x.x versions of PEP-Proxy used to use Log4j for logging. Prior to the release 8.0.0, older versions of this software were affected by this exploit as well. +Logging was updated to use Debug and Morgan in March 2021. We released a new version 8.0.0 on dockerhub. Also latest is updated already. If still using 7.x.x please update as soon as possible. + ### Docker We also provide a Docker image to facilitate you the building of this GE.