With Open Liberty 18.104.22.168 you can now make use of the new
nbfOffset attribute, allowing for "not-before" timed payloads via JWT Builder. Also included is new behaviour for HTTP redirects that permits the use of fully relative linking.
In Open Liberty 22.214.171.124:
Run your apps using 126.96.36.199
If you’re using Maven, here are the coordinates:
Or for Gradle:
libertyRuntime group: 'io.openliberty', name: 'openliberty-runtime', version: '[188.8.131.52,)'
Or if you’re using Docker:
Or take a look at our Downloads page.
Scheduled payloads with JWT Builder
New in Open Liberty 184.108.40.206, the
jwtBuilder element has been enhanced with a new attribute called
nbfOffset which can be used to configure an NBF claim for a JWT payload. The time set for the
nbfOffset will be added to the current time and the result will determine when Json Web Tokens will start to be accepted for processing.
To configure the "not-before" claim using
jwtBuilder, add the following to your
sever.xml configuration file.
<jwtBuilder nbfOffset="1800s" />
If the JWT was issued at the current time, then the token can only be used after 1800 seconds have passed from the current time.
jwtBuilder is a part of the
jwt-1.0 feature, to add the feature to your project add the following to the
For more information:
Relative linking for HTTP Redirects
Included in Open Liberty 220.127.116.11 is an enhancement for the
servlet-4.0 feature, within Open Liberty the
sendRedirect() is used to direct a client to a new page or location away from the original page. Previously, Open Liberty would always convert the provided relative URL in the
sendRedirect() function to an absolute URL. This could lead to problems for applications that took advantage of reverse proxy servers.
To solve the problems presented, Open Liberty 18.104.22.168 has introduced a new
redirecttorelativeurl web container property that will tell the application whether or not to construct absoulte URLs from relative redirect links. This property can be set in the
For more information:
Notable bugs fixed in this release
We’ve spent some time fixing bugs in 22.214.171.124, including the following issues:
An external contributor reported a flaw in Open Liberty’s detection of changes to the JARs that compose the server implementation. When such changes were detected Liberty would force the JAR to be uninstalled and installed again. In most cases this allowed the runtime to recover and function properly. In specific cases, where some core component was re-installed, Liberty would not properly recover and it would result in some Java packages to be unavailable for class loading. For example, on Java 11 the package
javax.xml.soapwould become unavailable to the application class loaders.
The most common environment where this occurred was running Open Liberty in OpenShift. This behavior has now been corrected for Open Liberty 126.96.36.199.
In previous releases, a flaw existed where a previously authenticated user’s
Subjectmight not be found in the authentication cache during an OAuth authentication flow, when using a custom user registry. The cache key used to retrieve user claims from the authentication cache was based on the realm and username, but the correct cache key might be a combination of the OAuth provider name and the OAuth token object itself. The behavior has been corrected and the appropriate cache key should now be used.
For more information visit the Open Liberty Documentation.
It was previously possible for the HTTP/2 channel to throw a
NullPointerExceptionwhen it attempted to write out HTTP headers on a connection that had been terminated due to a connection error. Beginning in Open Liberty 188.8.131.52, the HTTP/2 channel will now throw a more informative
IOExceptionfor this scenario. Read more about Open Liberty’s support for HTTP/2.
Starting from Open Liberty 184.108.40.206, JSON logs created by the
logstashCollector-1.0feature do not properly reflect the value set for the environment variable
CONTAINER_NAME. The value set for
CONTAINER_NAMEshould be reflected in the
serverNamefield of the JSON logs, but the default server name from
wlp.server.nameis shown instead. This behaviour has been corrected for Open Liberty 220.127.116.11, visit the Logstash Collector Documentation for more information.
Support for the Automatic Certificate Management Environment (ACME) protocol was added in Open Liberty 18.104.22.168, enabling automatic fetching of browser-trusted TLS certificates from an ACME certificate authority. This release resolves a bug where the background task scheduled to check for expiring or revoked certification remains scheduled after the server enters quiesce phase. The task is now cancelled when the server is stopping. Read more about Open Liberty’s support for the ACME protocol.
An external user discovered that the initialization of a
distributedMapfails with a NullPointerException if the
idelement is not present in the
distributedMapconfiguration. A clearer message should have been displayed to indicate the required
idelement is missing. To address this the
distributedMapdefinition has been modified to mark the
idelement as required.
The configuration runtime will now issue an error message:
CWWKG0058E: The element distributedMap with the unique identifier default-0 is missing the required attribute id.
distributedMapwill not be put into service. This new behaviour is introduced in Open Liberty 22.214.171.124.
Get Open Liberty 126.96.36.199 now
Available through Maven, Gradle, Docker, and as a downloadable archive.