changes.txt

===========
Changes log
===========

- 2.3.12 (10/02/2017)
    - Bugs fixed
       - XEE injection security in XML extension.
         Reported by Man Yue Mo.

- 2.3.11 (09/28/2017)
    - Bugs fixed
       - Fixed NPE in JAX-RS backend when request's entity has no media type. Issue #1271.
         Reported by Thomas Mortagne.
       - XEE injection security fix in Jax-rs extension. Issue #1286.
         Reported by Man Yue Mo.
    - Enhancements
       - Added support of Header Origin and Origin dimension. Issue #1275.
         Reported and contributed by adolski.

- 2.3.10 (05/28/2017)
    - Bugs fixed
       - Invalid max-age value for cookie settings replaced by Integer.MAX_VALUE constant. Issue #1251.
         Reported by Chad Gatesman.
       - Fixed parsing of If-Match header in case it contains an invalid tag. Issue #1258.
         Reported by Guillaume Blondeau.
       - Make the internal server connector listening to specific IP address, if provided. Issue #1256.
         Reported by Juan Manuel de Blas.
       - Fixed resolution of variables f* and h*. Issue #1260.
       - Fixed agent.properties typo resulting in unnecessary log warning. Issue #1262.
         Reported By Arjohn Kampman.
    - Enhancements
       - Add literal conversion support for the Boolean, Byte, Int16, Int32, Int64, Decimal, Single and Double 
         Edm types in the OData extension.
         Reported and contributed by Serge Sozonoff.

- 2.3.9 (12/19/2016)
    - Bugs fixed
       - In IE 10 and seq., request without body are sent with an "undefined" body. Issue #1252.
         Reported by Etienne Griette.
       - Fixed potential NPE when a queue returns null in PipeStream. Issue #1246.
         Reported and contributed by Grégoire Juge. 

- 2.3.8 (12/10/2016)
    - Bugs fixed
       - Fixed NullPointerException when requesting a Directory with a query string. Issue #1206.
         Reported by Ralph van Etten.
       - Fixed support of non-bytes ranges. Issue #1132.
       - Fixed encoding issue when using CookieAuthenticator. Issue #1159.
         Reported by Arjohn Kampman.
       - Added support of 'Access-Control-Max-Age'. Issue #1109.
         Reported by Tal Liron.
       - Fixed potential NullPointerException when copying Servlet's request attributes.
         Reported and contributed by Colin Puy.
       - Fixed computation of the agent name in case Safari browser. Issue #1238.
         Reported by Abhishek Nandi.
       - Fixed potential dead lock when compating two instances of WrapperList. Issue #1243.
         Contributed by Tim Peierls.
    - Enhancements
       - Added overload to OAuthParameters.toReference which accepts an existing Reference.
         Contributed by Ryan O'Meara.

- 2.3.7 (03/14/2016)
    - Bugs fixed
       - Fixed invalid Class-Path header in manifest of the org.restlet.jar. Issue #698.
         Reported by Marcin Zajączkowski and Christopher Dancy.
       - Fixed computation of request#originalRef when behind a proxy. Issue #1191.
    - Enhancements
       - Upgraded org.json to version 20160212. Issue #1195.

- 2.3.6 (01/26/2016)
    - Bugs fixed
       - Fixed current application thread constant when issuing internal calls. Issue #1183.
       - Fixed StringIndexOutOfBoundsException in HeaderReader when reading header with empty value. Issue #1167.
         Reported by Timur Gasrataliev.
       - Fixed StatusService.toStatus(Status, Request, Response) is not called. Issue #1156.
       - Fixed issue with case sensitivity of query parameters with JAX-RS. Issue #1163.
       - Fixed method value caching broken. Issue #1130.
         Reported and contributed by Andreas Wundsam.
       - Prevented NPE if using Redirector.MODE_SERVER_INBOUND. Issue #1182.
    - Enhancements
       - Upgraded Jetty connector to version 9.2.14. Issue #1180.

- 2.3.5 (10/03/2015)
    - Bugs fixed
       - Added check for jar class path resources if the inputstream is empty.
         Reported and contributed by Gernot Pansy.
       - Fixed Jetty server connector that sends the Date header twice. Issue #1141.
       - Fixed ResourceException constructor calling incorrect Status constructor. Issue #1139.
         Reported by Chad Gatesman.
       - Fixed support of encoding inside the DecodeRepresentation, and the Jetty client connector.
         Issue #1146.
       - Fixed handling of header Access-Control-Expose-Headers. Issue #1147.
         Reported and contributed by Ralph van Etten.
       - Fixed issue when setting header Access-Control-Expose-Headers. Issue #1145.
         Reported by Ralph van Etten.
       - Removed useless log trace for HTTP_OAUTH_BEARER request with raw value. Issue #1152.
       - Cors filter does not take into account PATCH method. Issue #1178.
    - Enhancements
       - Added Request and response attributes to the ResourceException class.
       - ServerResource traces Exception in the doCatch method with SEVERE log
         level, in case of 5xx errors.
       - Added Guice extension to GAE edition. Issue #1136.
       - Upgraded Jetty connector to version 9.2.14. Issue #1180.
    - API changes
       - Added ResourceException#resource attribute and ResourceException#getRequest()
         and ResourceException#getResponse() shortcut methods.

- 2.3.4 (07/16/2015)
    - Bugs fixed
       - LOCK and UNLOCK methods are not safe. Issue #1112.
         Reported by Zsolt Szloboda.
       - Fixed APISpark introspection when application name is not set.

- 2.3.3 (06/21/2015)
    - Bugs fixed
       - Redirector does not translate response's entity location reference.
         Issue #1069.
       - Fixed tunnelFilter. + symbol (%2b) converted incorrectly when media
         query parameter is used. Issue #804.
         Reported by Rob Elsner.
       - Fixed never ending call when an exception happens while writing the
         response's entity using the internal HTTP server connector.
         Issue #1061. Reported by Gernot Pansy.
       - Prevented insertion of query params into POST request for JAX-RS client.
         Issue #1072. Reported by Edouard Mercier.
       - Fixed NPE when OAuth refresh token request when no scope is provided.
         Issue #1080. Reported by Gernot Pansy.
       - Internal HTTP client doesn't fail anymore with null values in headers.
       - Improved robustness of Swagger translation code (import/export).
       - Fixed security scheme issue in RAML translator.

    - Enhancements
       - Allowed spaces in the values of the Java methods annotations. Issue #1099.
       - Added support for Chromium browser when extracting user agent info.
       - Added Swagger 2.0 import support in Swagger and APISPark extensions.

- 2.3.2 (05/01/2015)
    - Bugs fixed
       - Fix CORS header name Access-Control-Allow-Credentials. Issue #1030.
       - Fixed malformed JSON in the JsonpRepresentation.
         Reported by Wagner Correa Ramos.
       - When catching a 405 status, make sure to update allowed methods inside
         a ServerResource. Issue #1034.
         Reported by Jeremy Gustie.
       - Fixed wrong Reference.getRemainingPart(boolean decode). Issue #1041.
         Reported by Tal Liron.
       - Authorization header is not sent by GWT client, for authentication scheme other
         than HTTP Basic. Issue #1040.
       - Jetty client connector duplicates User-Agent header. Issue #1055.
         Reported by Charlie Mason.
       - Fixed Restlet JAX-RS encoding problem when using @FormParam annotation.
         Issue #1038.
       - Fixed Tomcat shutdown due to TaskService that did not instantiate
         threads as daemon threads. Issue #1053.
       - Made a public field private in JaxRs extension which lead some
         containers to stop the application. Issue #1058.
         Reported by Constantin Gruber.
       - Fixed duplication of headers (jaxrs). Issues #944, #948.

    - Misc
       - Completed the Javadocs for query parameter declarations inside
         HTTP method annotations such as @Get("json?param=val).

    - Enhancements
      - Allowed to turn off header cleaning in Redirector for server-side
        redirects. Issue #799.
        Suggested by Tal Liron.
      - Upgraded swagger-models library to 1.5.3-M1.

- 2.3.1 (02/03/2015)
    - Bugs fixed
      - Reintroduced registration by default of the internal HTTP server
        connectors in JEE edition.
      - FormDataSet not properly serializing text/plain files. Issue #1006.
        Reported by johnjaylward.
      - Fixed fileupload extension for GAE and JEE editions.
      - Fixed potential NPE. Issue #1004.
        Reported by Philippe Perrault.
      - Reference scheme reverts to http when using https. Issue #998.
        Reported by Stephen C. Pope.
      - Fixed bug that prevented client code to properly consume error
        responses #1004 and #1018.
        Reported by Philippe Perrault and spraguep.

    - Enhancements
      - Added support of JAX-RS extension for the Android edition.
        Contributed by Kiran Rao.

- 2.3.0 (12/17/2014)
    - Bugs fixed
      - Fixed usage of custom Component with ServerServlet (issue #926).
        Reported by Graham Smith.
      - StatusService didn't copy the contactEmail and homeRef property
        to the internal serialized status object.
      - JacksonRepresentation fields are now thread safe.
        Reported by Tim Peierls.
      - Removed XML serialization using Jackson extension from Android edition as
        it depends on classes not supported by Android SDK (issue #964).
        Reported by Ralph van Etten.
      - Fixed OutputRepresentation in the GAE edition (issue #954).
        Reported by Edouard Mercier.

    - Enhancements
      - Upgraded Google App Engine API to version 1.9.15.
      - Upgraded Jackson to version 2.4.4.
      - Upgraded Woodstox to version 4.3.0.
      - Upgraded GSon to version 2.3.1.
      - Upgraded Jetty to version 9.2.6.

- 2.3 Release Candidate 2 (12/08/2014)
    - Bugs fixed
      - Restored HTML variant of error status representations returned by default.
        Now handled by the ConverterService via a StatusInfoHtmlConverter in engine.
      - Fixed bug in OData extension when looping through a multi pages collection.
        Reported by Vishnu Perabathini.

    - Deprecations
      - Deprecated org.restlet.Component XML configuration.
        Usage of XML support in Spring extension is recommended instead.
      - Deprecated e4 extension.
        Usage of Guice or Spring extensions is recommended instead.
      - Deprecated JDBC extension.
        Use a persistence technology such as Mybatis or Hibernate instead.
      - Deprecated JiBX and XStream extensions.
        Use an XML serialization technology such as Jackson instead.
      - Deprecated jSSLUtils, ROME, XDB extensions.
        Libraries not actively developed anymore.
      - Deprecated Apache HTTP Client and Simple extensions.
        Will be removed to favor lower-level network extensions such as
        Jetty and Netty, allowing more control at the Restlet API level.
      - Deprecated SIP, WebDAV extensions.
        Will be removed to focus on Web APIs.

    - Misc
      - Removed the Tanuki's Java Service Wrapper library.
      - Removed the CDDL and LGPL licences, kept Apache License, Version 2.0 and
        Eclipse Public License -v 1.0.

- 2.3 Release Candidate 1 (11/21/2014)
    - Enhancements
      - Upgraded Jetty to version 9.2.4
      - Added support for SPDY via the Jetty extension.
        Contributed by Tal Liron.
      - 422 unprocessable entity status returned when errors happens when
        deserializing a representation.
      - Exceptions annotated with @Status are now automatically serialized
        using ConverterService on both client-side and server-side.
        Client-side resource proxy automatically re-throw the de-serialized
        exception back to the API call invoker. Note that when the application
        is not in debugging mode, the stacktrace is cleared before
        serialization and a warning is triggered if a cause is available in
        the exception.

    - API changes
      - Deprecated protected LogService#debugging property.
      - Added Application#debugging Boolean property and a start message
        indicating in which mode your application is.
      - Added getName() and getDescription() methods in ServerResource for
        documentation purpose. Note that this could conflict with existing
        subclasses.

    - Bugs fixed
      - Prevent potential security issue with Directory class.
        Contributed by Andrew Hughes.

    - Misc
      - Remove the outdated example based on the O'Reilly's book
        "RESTful Web Services" and the related db4o dependency.
        Issue reported by Thomas Munz.

- 2.3 Milestone 5 (11/07/2014)
    - Enhancements
      - Added support of GWT 2.7. Contributed by Koen Maes.
      - Enhanced introspection of Restlet and JAX-RS based applications in
        conjunction with Swagger and Raml annotations.
      - Added APISpark agent service.

    - API changes
      - Jackson representation now ignore null values by default in the
        JSON/XML/CSV/YAML produced, leading to more compact representations.
      - Added additional constructors to Status and ResourceException for convenience
        purpose. Suggested by Kristoffer Gronowski.

- 2.3 Milestone 4 (10/31/2014)
    - Enhancements
      - Unified the HTTP client connector parameters (socket connection to 15s,
        idle socket to 60s, socket stop to 60s, max connections per host to 10,
        max total connections to 20). Suggested by Kristoffer Gronowski.
      - Upgraded Jackson to version 2.4.3.
      - Jackson representation now ignore empty value (null or empty collections)
        by default in the JSON/XML/CSV/YAML produced, leading to more compact
        representations.
     - Fixed log level (issue #777). Reported by Marcus NL.

    - API changes
      - Deprecated statusService property in Component to keep it only in Application.
      - Added connegService, metadataService and converterService properties to StatusService
        and pass them via the constructor instead of the toRepresentation and toStatus methods.
      - Renamed @Status#serializeProperties (default to false) into serialize (default to true).
      - Deprecated Component#statusService in favor of the Application#statusService property.

    - Bugs fixed
      - @Status now works with annotated methods on the server-side.
      - Securing JaxRepresentation by default (issue #785).
        Reported by Jim Trainor.
      - OData Edm.DateTime properties are sometimes parsed as null (issue #946).
        Reported and contributed by Emmanuel Liossis.

- 2.3 Milestone 3 (09/18/2014)
    - New features
      - Added API firewall feature to the APISpark extension.
      - Added RAML support in dedicated extension.

    - Enhancements
      - Added targetRef support to templates, allow reference variables to
        resolve to the full reference (issue #935).
        Contributed by Jeremy Gustie.
      - Updated agent.properties file with recent Opera user agent signature.
      - Added Resource#toRepresentation(Object, MediaType) convenience method.
      - Added ConverterService#toRepresentation(Object, MediaType) convenience method.
      - Added ConverterService#toRepresentation(Object, Variant) convenience method.
      - Added static Resource#toInteger, toFloat, toByte, toLong, toDouble, toBoolean
        methods accepting 'null' string values to facilitate the processing of path
        variables and query parameters.
      - Renamed StatusService methods from getRepresentation(...) and getStatus(...) to
        toRepresentation(...) and toStatus(...), added throwable parameters to allow
        access to throwable and converter service if available.
      - Aligned behavior of StatusService (underlying StatusFilter) with the behavior of
        the ServerResource#doCatch() method in case a throwable is intercepted.
      - Added org.restlet.resource.@Status annotation type to automatically convert
        Throwable Java classes between HTTP statuses and error response entities.
        NOTE: implementation is in progress.
      - StatusService.toStatus(Throwable, ...) methods now support @Status annotations
        to set the proper code.

    - Bugs fixed
      - ObjectRepresentation wasn't closing a Decoder in case reading exceptions occured.
      - ServerResource#doCatch() method wasn't invoking StatusService to set the error
        representation if empty.
      - Fixed potential NPE in odata extension when schema ComplexType in a
        document does not declare a schema attribute (issue #932).
      - Uncaught exceptions may cause LogFilter to fail, with dire consequences.
        Issue #931. Reported and contributed by Tal Liron.
      - The Restlet internal connector only serves from one thread. #937
      - Fixed dependencies for Swagger extension. #956

- 2.3 Milestone 2 (05/06/2014)
    - New features
      - APISpark extension now includes an Introspector service (see main method) that
        can analyze a Restlet Application, introspect its web API definition and push
        it to APISpark.com PaaS for online and intuive documentation. Added user guide
        page to describe the process and parameters. API contract can be created or
        updated (replaced) remotely.

    - Enhancements
      - Added HTTPS support to Jetty connector. Issue #793.
        Contributed by Tal Liron.
      - ServletWarEntity and ZipEntryEntity ignore the timeToLive parameter. Issue #866.
        Reported and contributed by Jeremy Gustie.
      - ServletWarEntity is limited to file system modification dates. Issue #868.
        Reported and contributed by Jeremy Gustie.

    - Bugs fixed
      - Added copy of Servlet request parameters to the Restlet request attributes. Issue #741.
        Reported by Steve Rowe and contributed by Jeremy Gustie.
      - Stripped Servlet container generated "jsessionid" matrix parameter. Issue #770
        Reported and contributed by Jeremy Gustie.
      - Fixed CompositeHelper.handle fails when Component has no inbound filters. Issue #865.
        Reported and contributed by Jeremy Gustie.
      - Fixed missing internal FTP client connector registration.
      - Fixed missing internal HTTPS server isn't properly registered.
        Reported by Roy Olsen.
      - Fixed forgotten traces to the console #911, #905, #904.
        Reported by Emanuele Massara.
      - Fixed missing default values for DefaultSslContextFactory attributes, issue #903.
      - Prevented NPE in org.httpclient.internal.HttpMethodCall.getStatusCode, issue #871.
        Reported by Claus Ibsen.
      - Stabilized Swagger documentation for JAX-RS applications. Issue #827.

    - Misc
      - Removed unecessary ".properties" files from the distributions, issue #892.
      - Added mention of edition and version in Javadoc header.
      - Lowered trace level from 'info' to 'fine' for OBAP pseudo client.

- 2.3 Milestone 1 (03/27/2014)
    - New features
      - Added initial APISpark extension. Issue #875.
      - Added Jetty client for HTTP and HTTPS. Issue #512.
        Contributed by Tal Liron.

    - Enhancements
      - Upgraded project to Java 7. Issue #874.
      - Upgraded Jetty connector to version 9.1.3. Issue #793.
        Contributed by Tal Liron.
      - Upgraded Servlet API to version 3.1.
      - Upgraded JAX-RS API to version 2.0.
      - Added JBoss RESTEasy library version 3.0.6.
      - Added Reference constructor taking two URI instances.
      - Added Message#getHeaders() method to facilitate raw HTTP
        headers manipulation. Issue #879.
        Suggested by Robert Fischer, Jack Jones and others.
      - Moved Header class to org.restlet.util package.
      - Integration of new Guice extension, issue #489.
        Reported and contributed by Tim Peierls.

    - Misc
      - Refactored test cases to test all combinations of connectors
        including server (Internal, Jetty, NIO, Simple) and
        client (Apache, Internal, Jetty, NIO)
      - Started integration of Restlet JAX-RS extension with RESTEasy.
      - Removed AJP (Tomcat protocol) support from the Jetty extension.
        Not supported anymore by Eclipse Jetty 9.1.