centraldogma

New features

• You can specify XdsCentralDogmaBuilder#localClusterName to enable zone aware routing #1023

Breaking changes

• XdsCentralDogmaBuilder#serviceName has been removed #1023

Thank you

This release was possible thanks to the following contributors who shared their brilliant ideas and awesome pull requests:

• @jrhee17
• @ikhoon
• @minwoox
• @trustin

New features

• You can now create xDS groups to manage your xDS resources under the Central Dogma authorization system. #981
• You can now create, update and delete xDS resource through gRPC and HTTP APIs. #988
• You can now add a watcher information that retrieves the pod's endpoint information from the Kubernetes control plane. #980
• You can now use the xDS protocol to connect to Central Dogma servers when using XdsCentralDogmaBuilder #984
• You can now filter projects by their roles on the project page. #989
• You can now change the level of an access token via HTTP API. #942

Improvements:

• The project role of a request token or user is now exposed in the project API. #989
• TokenNotFoundException is now logged at the DEBUG level in the application token Authorizer. #1011
• Central Dogma servers now check for the existence of internal projects and repos before attempting to create them. #1010

Bug fixes

• The content API now returns 415 Unsupported Media Type if the content-type of a request is not application/json #999
• Invalid remote URIs are now rejected by the mirror UI and API. #1012
• Removed invalid configurations from the docker image distribution. #1003 #1010

Breaking changes

• Paths in the web application no longer contain a trailing slash. #1013

Dependencies

• Armeria 1.29.4 → 1.30.0
• Curator 5.6.0 → 5.7.0
• Dropwizard Metrics 4.2.21 → 4.2.26
• gRPC Java 1.64.0 → 1.66.0
• Jackson 2.17.1 → 2.17.2
• JGit 6.9.0 → 6.10.0
• Logback 1.5.5 → 1.5.7
• Micrometer 1.13.0 → 1.13.3
• MINA sshd 2.12.1 → 2.13.2
• SLF4J 2.0.12 → 2.0.16
• Snappy 1.1.10.4 → 1.1.10.5
• ZooKeeper 3.7.2 → 3.9.1

Thank you

This release was possible thanks to the following contributors who shared their brilliant ideas and awesome pull requests:

• @byungjunn
• @chickenchickenlove
• @jrhee17
• @ikhoon
• @minwoox
• @thomasbruggink
• @trustin

Bug fixes

• The server status is correctly reset to WRITABLE when a mirror migration job fails. #1007

Bug fixes

• (Server-side) You can now configure ControlPlanePluginConfig via configuration file properly. #996

Breaking Changes

• (Server-side)mirroringEnabled, numMirroringThreads, maxNumFilesPerMirror, and maxNumBytesPerMirror have been removed from CentralDogmaBuilder and CentralDogmaConfig. #993
  • These properties should now be specified in the plugins property:

    {
      "dataDir": "./data",
      ...
      "pluginConfigs": [
        {
          "type": "com.linecorp.centraldogma.server.mirror.MirroringServicePluginConfig",
          "enabled": true,
          "numMirroringThreads": 16,
          "maxNumFilesPerMirror": 8192
        }  
      ]
    }
    

Improvements

• The internal project can now be prefixed with @. #973
  • ‼️ Due to this change, you must update your Central Dogma server to this version before applying any later updates.

Bug fixes

• Plugins now start correctly after the internal dogma repository is created. #967

Breaking Changes

• Mirroring and credential settings have been updated to the new formats. #880
  • See Setting up a Git-to-CD mirror for more information.
  • ‼️ Before upgrading your Central Dogma server to this version, please first upgrade to 0.66.1 and then proceed to 0.67.0.

Dependencies

• Armeria 1.29.1 -> 1.29.2

Thank you

This release was possible thanks to the following contributors who shared their brilliant ideas and awesome pull requests:

• @jrhee17
• @ikhoon
• @minwoox
• @trustin

Dependencies

• Armeria 1.29.0 -> 1.29.1

New features

• You can now clone your repositories via Git clone over HTTP. #954

  git clone -c http.extraHeader="Authorization: Bearer your-token" \
    https://your-dogma.com/foo/bar.git
  

Bug fixes

• You can no longer create a repository whose suffix is .git. #956 #957

Dependencies

• Armeria 1.28.4 -> 1.29.0
• Control Plane 1.0.44 -> 1.0.45
• Jackson 2.17.0 -> 2.17.1
• Micrometer 1.12.4 -> 1.13.0
• SLF4J 2.0.7 -> 2.0.12
• Spring Boot 3.2.4 -> 3.3.0

Thank you

This release was possible thanks to the following contributors who shared their brilliant ideas and awesome pull requests:

• @jrhee17
• @ikhoon
• @minwoox
• @thachlp
• @trustin

Bug fixes

• CentralDogmaConfig will no longer fail due to configuration values with colons. #952
• Revert "Add project and repository tags to api metrics (https://github.com/line/centraldogma/issues/943)" #950
  • The commit increases in CPU and memory usage significantly.

Dependencies

• Armeria 1.28.2 -> 1.28.4

Thank you

This release was possible thanks to the following contributors who shared their brilliant ideas and awesome pull requests:

• @jrhee17
• @ikhoon
• @minwoox
• @thachlp
• @trustin

New features

• You can update the status of all servers equally using the Administrative REST API. #912 #921
  • You can now start Central Dogma servers in read-only mode.
• You can now add an ANONYMOUS permission, allowing files to be retrieved without the need for an access token. #917

Improvements

• Central Dogma metrics for REST API now provide project and repository information as tags. #943
• Central Dogma server now takes a little extra time to close after setting the server status to unhealthy. #928 #938 #947
  • This delay allows clients to redirect to another replica.
• Central Dogma server responds 304 status for watch requests when the server is shutting down. #928 #929

Bug fixes

• Central Dogma does not enter read-only mode unexpectedly under load. #941
• Korean text is now correctly inserted into a file through the UI. #915 #916
• You no longer see an excessive CPU usage by a single thread. #946

Dependencies

• Armeria 1.27.2 -> 1.28.2
• Bouncy Castle 1.77 -> 1.78.1
• Control plane 1.0.39 -> 1.0.44
• Guava 33.0.0-jre -> 33.1.0-jre
• Jackson 2.16.1 -> 2.17.0
• JGit6 6.8.0.202311291450-r -> 6.9.0.202403050737-r
• Micrometer 1.12.2 -> 1.12.4
• Mina SSHD 2.12.0 -> 2.12.1
• Spring Boot 3.2.2 -> 3.2.4

Thank you

This release was possible thanks to the following contributors who shared their brilliant ideas and awesome pull requests:

• @jaesungchris
• @jrhee17
• @ikhoon
• @minwoox
• @seonwoo960000
• @thachlp
• @trustin

Dependencies

• Armeria 1.27.1 -> 1.27.2

Dependencies

• Armeria 1.27.0 -> 1.27.1

Bug fixes

• XSS attacks through SAML RelayState are not possible now. (CVE-2024-1143)

New features

• You can now use Central Dogma as a control plane for xDS service discovery. #904
• You can now update the Central Dogma cluster status with UpdateServerStatusCommand . #899
• You can now execute ForcePushCommand to forcibly push commits in the read-only mode. #899

Improvements

• Administrators can now access the internal dogma project through both REST API and the web UI. #907

Bug fixes

• XSS attacks through SAML RelayState are not possible now. (CVE-2024-1143)
• The project creator is now correctly retrieved based on the information stored in the metadata.json file. #909
• You no longer see 503 Service Unavailable errors with RequestTimeoutException when an access token is being removed. #797 #812
• The server now correctly converts JSON requests even if jackson-module-scale exists in the classpath. #910
• Error messages resulting from Zookeeper replication failures now include reply logs to facilitate the identification of the underlying causes. #900

Dependencies

• Armeria 1.26.4 -> 1.27.0
• Bouncy Castle 1.76 -> 1.77
• Curator 5.5.0 -> 5.6.0
• futures-completable 0.3.5 -> 0.3.6
• Guava 32.1.3 -> 33.0.0
• Jackson 2.15.3 -> 2.16.1
• Javassist 3.29.2 -> 3.30.2
• JGit 5.13.2 -> 5.13.3, 6.7.0 -> 6.8.0
• JUnit 5.10.0 -> 5.10.1
• Logback 1.2.12 -> 1.2.13
• Micrometer 1.11.5 -> 1.12.2
• Mina SSHD 2.11.0 -> 2.12.0
• Snappy 1.1.10.1 -> 1.1.10.4
• Spring Boot 2.7.16 -> 2.7.18, 3.1.4 -> 3.2.2
• Zookeeper 3.7.1 -> 3.7.2

📈 Improvements

• You can now hide sensitive information in mirroring configuration using ConfigValueConverter. #895

⛓️ Dependencies

• Armeria 1.26.2 → 1.26.3

Thank you

This release was possible thanks to the following contributors who shared their brilliant ideas and awesome pull requests:

• @jrhee17
• @ikhoon
• @minwoox
• @trustin

⭐️ New features

• You can now define confidential properties using variables in the configuration file, seamlessly converted through ConfigValueConverter.
  This bolsters the security of Central Dogma configuration, mitigating the potential risk of exposing sensitive information. #890
  • For example:
    • The configuration file (dogma.json):

      {
        ...
        tls: {
          "password": "encryption:./path/to/encrypted/file"
          ...
        },
        ...
      }
      

    • The converter loaded via SPI:

      public class MyConfigValueConverter extends ConfigValueConverter {
        public List<String> supportedPrefixes() {
          return List.of("encryption");
        }
      
        public String convert(String prefix, String value) {
          if ("./path/to/encrypted/file".equals(value)) {
            // load the file and decrypt the content.
          }
          ...
        }
      }
      

  • Here is the list of confidential properties that the converter supports:
    • replication.secret
    • tls.keyCertChain
    • tls.key
    • authentication.properties.keyStore.password (when SAML is used)
    • authentication.properties.keyStore.keyPasswords (when SAML is used)

⛓️ Dependencies

• Armeria 1.26.1 → 1.26.2

Thank you

This release was possible thanks to the following contributors who shared their brilliant ideas and awesome pull requests:

• @jrhee17
• @ikhoon
• @minwoox
• @trustin

📈 Improvements

• The mirroring duration has been reduced by 50% through the addition of a logic that checks for changes in the remote head. #881

🛠️ Bug fixes

• An SSH session is terminated when an exception is raised during the execution of session.auth(). #885

⛓️ Dependencies

• Apache MINA 2.10.0 → 2.11.0
• Armeria 1.25.2 → 1.26.1
• Guava 32.1.2-jre → 32.1.3-jre
• Jackson 2.15.2 → 2.15.3
• Jgit
  • 5.13.0.202109080827-r → 5.13.2.202306221912-r
  • 6.6.0.202305301015-r → 6.7.0.202309050840-r
• Micrometer 1.11.3 → 1.11.5
• Spring Boot
  • 2.7.12 → 2.7.16
  • 3.1.2 → 3.1.4

Thank you

This release was possible thanks to the following contributors who shared their brilliant ideas and awesome pull requests:

• @jrhee17
• @ikhoon
• @minwoox
• @trustin

⛓️ Dependencies

• Cron-utils 9.2.1 → 9.2.0
  • Now centraldogma-server uses the correct SLF4J version

Thank you

This release was possible thanks to the following contributors who shared their brilliant ideas and awesome pull requests:

• @jrhee17
• @ikhoon
• @minwoox
• @trustin