4.0.0

Major new release aligned with Jakarta EE 11. Jakarta Security defines a standard for creating secure Jakarta EE applications in modern application paradigms.

What's Changed

• Initial commit for TCK by @arjantijms in #220
• Clarifications about using EL in property values by @OndroMih in #225
• Migrate the security tests from jakartaee-tck repo by @alwin-joseph in #230
• Test fix: set bean-discovery-mode to all for empty beans in Old security TCK by @alwin-joseph in #232
• Migrate Security TCK documentation from jakartaee-tck by @alwin-joseph in #233
• Organised old tck into a source, build and run module. by @arjantijms in #234
• Add assembly file to zip entire TCK by @arjantijms in #237
• Set PATH and ANT_HOME when building old TCK by @arjantijms in #238
• Migrate security tck signature test from jakartaee-tck by @alwin-joseph in #226
• Add aggregate failsafe report for TCK run by @arjantijms in #240
• Update reporting plugin by @arjantijms in #241
• Add site plugin version to build old, and add skipIts to more plugins by @arjantijms in #242
• Revert previous unnecessary update to speclicense by @arjantijms in #243
• Update copyright by @arjantijms in #244
• Fix link to website by @pzygielo in #245
• Stabilized tomcat tests by @dmatej in #246
• Update versions in pom by @arjantijms in #247
• Add signature module to main pom by @arjantijms in #248
• Move distribution to separate folder by @arjantijms in #249
• Update common dependency to use project placeholder by @arjantijms in #250
• FISH-6084 Added payara-ci-managed profile to tck/pom.xml by @jGauravGupta in #251
• Merge 3.0.0 release branch into master by @arjantijms in #253
• Remove the WildFly profiles from the TCK. by @darranl in #261
• fix typo in authentication dialog section by @jimmy1wu in #257
• update mock OP to use SignedJWT and return preferred_username in user info by @jimmy1wu in #278
• Resolves #263 The HttpMessageContextWrapper should return itself from fluent method call. by @darranl in #264
• Resolves #267 Update the decorator mechanism to use a HttpMessageContextWrapper by @darranl in #268
• Bump jsoup from 1.15.1 to 1.15.3 in /tck by @dependabot[bot] in #271
• Next version of TCK is 3.0.1 by @arjantijms in #279
• Update various versions of dependencies and plugins by @arjantijms in #280
• Fix copy paste errors in app names by @arjantijms in #281
• Add nimbus jar to deployed war for OpenID app by @arjantijms in #282
• change userinfoEndpoint in OpenIdProviderMetadata to optional by @jimmy1wu in #272
• Fix ldap issues in TCK by @arjantijms in #283
• OpenId apps use TLS (HTTPS) as asked for in challenge #273 by @arjantijms in #284
• Allow profile to specify https port for issue #277 by @teddyjtorres in #285
• Update keytool-maven-plugin to 1.7 by @arjantijms in #290
• Update versions in pom, next version is 4.0.0 by @arjantijms in #298
• Require transitive for servlet, authentication and json in module-info by @arjantijms in #299
• Add missing serialVersionUID for LoginToContinue.Literal by @arjantijms in #300
• Remove references to SecurityManager as per #301 by @arjantijms in #302
• Add method to get all declared roles as per #203 by @arjantijms in #303
• Provide a simple in-memory identity store as per #289 by @arjantijms in #304
• Set TCK to 4.0 and JDK for the entire project to JDK 17 by @arjantijms in #306
• Add conveniences by @arjantijms in #308
• Introduce HttpAuthenticationMechanismHandler for #309 by @arjantijms in #310
• Add qualifiers to build-in authentication mechanism beans by @arjantijms in #312
• Add tests for interaction between a Policy and Jakarta Security by @arjantijms in #313
• Make the custom principal Serializable. by @arjantijms in #314
• Fix javadoc error by @arjantijms in #315
• Clarify the mandated behaviour of the mechanism handler. by @arjantijms in #316
• Take qualifiers into account for decoration, add qualifier Any by @arjantijms in #317
• Add new test modules to main pom by @arjantijms in #318
• Update versions in API pom by @arjantijms in #319
• Update to authorization m2, copyright to 2024, and OSGi to Java SE 17 by @arjantijms in #321
• On branch edburns-msft-jea-339-absorb-assertions-from-cdi-integration Built-in beans from CDI integration spec. by @edburns in #323
• Fixes #262: Clarify using hasAccessToWebResource with no methods by @OndroMih in #322
• Update poms by @arjantijms in #324
• Update old tck to run again by @arjantijms in #325
• Update signature test by @arjantijms in #326
• Update list with excluded JDK classes so we can pass on JDK 21 too by @arjantijms in #327
• Tidying up API before proposed final by @arjantijms in #328
• Update spec for 40 by @arjantijms in #329
• Update TCK signature file to align with latest API updates by @arjantijms in #330
• Update EFSL from 1.0 to 1.1 by @arjantijms in #331
• Add missing annotation to list of defined annotations for concepts by @arjantijms in #332

New Contributors

• @OndroMih made their first contribution in #225
• @alwin-joseph made their first contribution in #230
• @pzygielo made their first contribution in #245
• @jGauravGupta made their first contribution in #251
• @darranl made their first contribution in #261
• @jimmy1wu made their first contribution in #257
• @teddyjtorres made their first contribution in #285
• @edburns made their first contribution in #323

Full Changelog: 3.0.0-RELEASE...4.0.0-RELEASE