Skip to content

CHANGELOG.md

Latest commit

 

History

History
189 lines (117 loc) · 7.95 KB

CHANGELOG.md

File metadata and controls

189 lines (117 loc) · 7.95 KB

Release History

2.12.0-beta.1 (Unreleased)

Features Added

Breaking Changes

Bugs Fixed

  • Fixed an issue where the internal HTTP client did not honor JVM proxy system properties. (#28801)

Other Changes

2.11.0 (2026-02-28)

Features Added

  • Added support for Azure Workload Identity authentication for Azure Kubernetes Service (AKS) workloads.
    • Automatically detects and uses federated token authentication when AZURE_FEDERATED_TOKEN_FILE, AZURE_CLIENT_ID, and AZURE_TENANT_ID are set (via environment variables or system properties azure.keyvault.client-id and azure.keyvault.tenant-id).
    • Provides credential-free authentication for AKS pods configured with Workload Identity-enabled service accounts.
  • Added support for bearer token authentication via the azure.keyvault.access-token system property. This allows users to provide a pre-obtained access token for authentication, enabling multi-factor authentication scenarios without requiring client ID and client secret. Authentication priority order is: Managed Identity > Access Token > Client Credentials.

Bugs Fixed

  • Fixed the NPE where the token object was not returned when the credential information was incorrect.
  • Fixed an issue where release-specific classes from BouncyCastle were not properly shaded for Java 9 and above, leading to potential class loading issues in multi-release JARs. (#47127)

2.10.1 (2025-05-12)

Bugs Fixed

  • Fixed bug: Missing logging for abnormal http status codes when processing HTTP responses. #42859.

Other Changes

Dependency Updates

  • Replaced org.apache.httpcomponents:httpclient:4.5.14 with org.apache.httpcomponents.client5:httpclient5:5.4.3.
  • Updated com.azure:azure-json:1.3.0 to com.azure:azure-json:1.5.0.

2.10.0 (2024-11-26)

Bugs Fixed

  • Fixed bug: Intermediate certificate not loaded. #39715.
  • Fixed bug: Failed to get cert name when key vault name include "certificates". #42162.
  • Fixed bug: JsonParseException and ServiceConfigurationError exceptions when acquiring access token. #42860.

2.9.0 (2024-10-15)

Features Added

  • Added the new system property azure.keyvault.disable-challenge-resource-verification, which can be set to true to disable challenge resource verification when authenticating against the Azure Key Vault service. For more information, please refer to this link. (#40560)
  • Added support for obtaining a Managed Identity access token on a Container App, which is achieved by setting the system properties IDENTITY_ENDPOINT and IDENTITY_HEADER. For more information, see here. (#42024).

Bugs Fixed

  • Fix bug: AccessTokenUtil does not URL-encode its parameters when getting an access token. (#40616)
  • Changed the authentication mechanism to allow for discovering the login URI for a given Azure Key Vault instance by requesting an authentication challenge from the service, as opposed to using a hard-coded list of URIs to choose from depending on a vault's URI. This should add support for customers using Azure Stack instances, for example.

Other Changes

Dependency Updates

  • Upgraded conscrypt-openjdk-uber from 2.2.1 to version 2.5.2.
  • Upgraded jackson-databind from 2.13.5 to version 2.17.2.

2.9.0-beta.2 (2024-07-09)

Features Added

  • Added the new system property azure.keyvault.disable-challenge-resource-verification, which can be set to true to disable challenge resource verification when authenticating against the Azure Key Vault service. For more information, please refer to this link.

Breaking Changes

  • Removed support for providing a custom login URI to get access tokens from via the system property azure.login.uri.

Bugs Fixed

  • Fix bug: AccessTokenUtil does not urlencode its parameters when getting an access token. (#40616)
  • Changed the authentication mechanism to allow for discovering the login URI for a given Azure Key Vault instance by requesting an authentication challenge from the service, as opposed to using a hard-coded list of URIs to choose from depending on a vault's URI. This should add support for customers using Azure Stack instances, for example.

2.9.0-beta.1 (2024-05-15)

Features Added

  • Added support for providing a custom login URI to get access tokens from via the system property azure.login.uri.

Other Changes

Dependency Updates

  • Upgraded conscrypt-openjdk-uber from 2.2.1 to version 2.5.2.

2.8.1 (2023-12-04)

Other Changes

Dependency Updates

Regular updates for dependency versions.

2.8.0 (2023-09-28)

Features Added

  • Support key type of RSA-HSM and EC-HSM in JCA #36648.

2.7.1 (2023-03-01)

Other Changes

Dependency Updates

  • Upgraded httpclient from 4.5.13 to version 4.5.14.
  • Upgraded jackson-databind from 2.13.2.2 to version 2.13.5.

2.7.0 (2022-05-24)

Dependency Upgrades

Regular updates for dependency versions.

2.6.0 (2022-02-25)

Dependency Upgrades

Regular updates for dependency versions.

2.5.0 (2022-01-25)

Dependency Upgrades

Regular updates for dependency versions.

2.4.0 (2021-12-24)

Dependency Upgrades

Regular updates for dependency versions.

2.3.0 (2021-11-25)

Dependency Upgrades

Regular updates for dependency versions.

2.2.0 (2021-11-02)

Features Added

  • Support connect to multi keyvault for keyless. (24718)

2.1.0 (2021-09-26)

Features Added

  • Enable access token cache. (23847)

Bugs Fixed

  • Fix bug about dead loop. (23923)

2.0.0 (2021-08-25)

New Features

  • Support key less certificate. (#22105)

1.0.1 (2021-07-01)

Bug Fixes

  • Fixed bug: Not get certificates from Key Vault when azure.keyvault.jca.certificates-refresh-interval is not set. #22666

1.0.0 (2021-06-23)

New Features

  • Load JRE key store certificates to AzureKeyVault key store. (#21845)
  • Support properties of azure.cert-path.well-known and azure.cert-path.custom to support load cert from file system. (#21947)

1.0.0-beta.7 (2021-05-24)

New Features

  • Add "module-info.java".

1.0.0-beta.6 (2021-04-19)

Breaking Changes

  • Remove configurable property of azure.keyvault.aad-authentication-url which is configured according to azure.keyvault.uri automatically #20530

1.0.0-beta.5 (2021-03-22)

1.0.0-beta.4 (2021-03-03)

1.0.0-beta.3 (2021-01-20)

Key Bug Fixes

  • Fix NullPointerException in KeyVaultKeyManagerFactory.

New Features

  • Support properties named in hyphens style, like "azure.keyvault.tenant-id".

1.0.0-beta.2 (2020-11-17)

New Features

  • Add support for PEM based certificates.

1.0.0-beta.1 (2020-10-21)

  • First release.