CHANGELOG.txt in rubycas-server-0.6.0 vs CHANGELOG.txt in rubycas-server-0.7.0

- old
+ new
@@ -1,186 +2 @@
-=== 0.6.0 :: 2008-03-28
-
-* Much of the supporting functionality that makes RubyCAS-Server
-  act as a well-behaved Linux service has been abstracted out
-  into its own library. This new library is called Picnic and is
-  now a gem dependency for RubyCAS-Server. You can find out more about
-  it at http://code.google.com/p/camping-picnic/.
-* The logout action will now accept a 'destination' parameter in lieu of
-  'service'. This means that if a 'destination' parameter is given with
-  some URL, the logout action will show the login form, allowing the user
-  to immedietly log back in to the service specified by 'destination'.
-* The logout action will now accept a 'url' parameter. If given, the logout
-  page will show a message indicating that the CAS session has been terminated
-  and instructing the user to click on a link to follow the given URL. If the
-  'url' parameter is given, the login form will NOT be shown on the logout
-  page (see above).
-* When an authentication failure occurs (because the user submitted
-  invalid credentials or the login ticket is missing), the server
-  now returns a 401 (Unauthorized) response instead of 200.
-* An encryption-enabled version of the SQL authenticator is now
-  available. For more info have a look at:
-  http://code.google.com/p/rubycas-server/wiki/UsingTheSQLEncryptedAuthenticator
-* Better compatibility with Oracle databases. The database migration 
-  no longer tries to create tables with long names when long
-  table names are not supported by the underlying database connector
-  (issue #15).
-* The server now automatically removes leading and trailing whitespace from
-  the username entered by users. Passwords however are left intact, with no
-  whitespace removed.
-* The server can now be configured to automatically downcase the
-  username entered by users (dowcase_username option). So if a user
-  enters "JSmith", the system will convert it to "jsmith" if the
-  downcase_username option is set to true.
-* The server can now be made to bind to a specific address. See the
-  :bind_address option in the config.example.yml file.
-* Fixed bug with ActiveRecord 2.0.2 where service tickets were not
-  being given a type (issue #37).
-
-=== 0.5.1 :: 2007-12-20
-
-* Tickets generated by the server should now be a lot more secure.
-  The random string generator used for generating tickets now uses
-  Crypt::ISAAC. Tickets have also been extended in length; STs, PTs
-  and LTs can now extend up to 32 characters, and PGTs and PGT-IOUs 
-  up to 64.
-
-=== 0.5.0 :: 2007-09-20
-
-* Gateway requests should now be handled correctly. When the request to the
-  login page is made with gateway=true as one of the parameters, the CAS
-  server will immediately redirect back to the target service along with
-  a service ticket if an SSO session exists for the user (or without a
-  service ticket if there is no pre-existing SSO session). 
-  Note that if you are using RubyCAS-Client and want gatewaying, you will 
-  need to upgrade it to 1.1.0 as gatewaying was broken in prior versions.
-* If gateway=true is specified as part of the logout URI, the server will
-  log the user out and immediately redirect them back to the specified
-  service. In other words, you can now do "gatewayed logouts" as well
-  as logins.
-* A login ticket can now be remotely requested from the server by placing
-  a POST request to '/loginTicket'.
-* The login view can now be made to return only the login form. This is
-  done by adding the 'onlyLoginForm' parameter to the '/login' request.
-  Optionally, a 'submitToURI' parameter can be supplied to force the login
-  form to submit to the given URI (otherwise the server will try to figure
-  out the full URI to its own login controller). This functionality may be
-  useful when you want to embed the login form in some external page, as
-  an IFRAME otherwise.
-* Custom views can now be used to override the default Markaby templates
-  by specifying a 'custom_views_file' option in the configuration. See
-  custom_views.example.rb. [jzylks]
-* Table names have been shortened to work with Oracle. A migration has
-  been added that should do the shortening for you the first time you run
-  this new RubyCAS-Server version.
-* Multiple authenticators can now be specified. During authentication,
-  credentials are presented to the first authenticator, then the second,
-  and so on, until the user is validated by any one authenticator or fails 
-  validation for all of them. [jzylks]
-* When using webrick, you can now run with SSL disabled by omitting the 
-  ssl_cert and ssl_key parameters.
-* Changed incorrect MySQL example database configuration -- option should
-  be 'host:' not 'server:' (issue #22).
-
-=== 0.4.2 :: 2007-07-26
-
-* The LDAP/AD authenticator has been largely re-written. The code is a bit
-  cleaner now, and should work better with non-Active Directory LDAP servers
-  (although this has yet to be tested since I don't have access to a non-AD
-  LDAP server).
-* The validate() method in your authenticators now receives a :service element
-  (in addition to :username, and :password). This is simply the service
-  url (if any) specified in the user's CAS request. If you call 
-  read_standard_credentials(credentials) at the top of your validator, the value
-  will also be available as @service along with @username and @password.
-* By request, a :username_prefix option has been added to the ldap 
-  configuration. If entered, this string will be automatically prefixed to 
-  the username entered by the user.
-* A bug having to do with handling authenticator errors has been fixed.
-  Any authenticator error messages should now be correctly shown on the
-  login page.
-* Minor improvements to error messages having to do with login tickets.
-  They're a bit more prescriptive now, explaining to the user what steps
-  they should take to correct the error.
-
-=== 0.4.1 :: 2007-06-07
-
-* This release restores compatiblity with older versions of rubygems
-  (pre-0.9.0). To achieve this, we alias the 'gem' method to the old 
-  'require_gem' if 'gem' is not already defined.
-* rubycas-server-ctl will now quiety delete an orphaned .pid file 
-  instead complaining loudly and refusing to start up.
-* Fixed minor bug in rubycas-server-ctl that sometimes incorrectly reported
-  startup problems when in fact the server had started just fine.
-
-
-=== 0.4.0 :: 2007-06-05
-
-* Added rubycas-server-ctl script for controlling daemonized server.
-* rubygems-0.9.0 or later is now required.
-* Added system startup script to be used in /etc/init.d on Linux systems.
-* Authenticator can now be loaded from an external file using the 'source'
-  configuration option.
-* Better preemptive detection of startup problems with mongrel.
-* User now sees an error message if the service URI is not a valid URI (i.e.
-  if it's not URI-encoded or otherwise malformed).
-
-
-=== 0.3.0 :: 2007-03-29
-
-* Fixed glaring security problem with LDAP/AD Authenticator where under some
-  circumstances blank passwords were accepted as valid.
-* Autocomplete has been turned off on the password field for better security.
-  In the future we may allow autocomplete to be re-enabled using a
-  configuration setting.
-* When the user visits the login page and is already authenticated (i.e. they
-  have a valid ticket granting cookie), a message is shown at the top 
-  indicating that they are already logged in.
-* sqlite3-ruby is no longer required by the gem as a dependency.  The user 
-  must now install it manually prior to installing rubycas-server. The
-  building of sqlite3 native extensions appears to be somewhat flakey
-  and probably defeats the original purpose of using it (which was
-  to have a CAS server up and running with no additional DB configuration).
-  We will use MySQL as the default database adapter instead, since it does
-  not require additional libraries and many users will have a MySQL server
-  already available.
-* Fixed bug that was causing all proxy-granting tickets to be deleted whenever
-  any user logged out. Only the PGTs for the user that is logging out are now
-  being deleted.
-* Trailing slashes in service URLs are now ignored when validating service
-  and proxy tickets (e.g. "http://www.google.com" and "http://www.google.com/"
-  are now considered to be the same service URL).
-* Authenticators now raise AuthenticatorError exceptions when encountering
-  a problem/error. This makes it easier to send feedback to the user.
-  However, other exceptions should still be raised when errors ought
-  not be recoverable (i.e. programming errors).
-* Fixed serious vulnerability in LDAP authenticator where under some
-  cirumstances the user could just enter '*' as their username to match 
-  any username. The LDAP authenticator will now refuse to process logins 
-  with usernames that contain the characters * ( ) \ / and the NULL 
-  character \0.
-* Views are no longer xhtml-validated. Markaby's auto-validation was turned
-  off to allow for use of the autocomplete property on inputs, since this is
-  the only viable way of turning off password storage in IE and Firefox at
-  the page level.
-* You can now limit the maximum length of a login session by setting the
-  expire_sessions config setting to true.
-* Fixed some minor bugs in the login view.
-
-
-=== 0.2.0 :: 2007-03-20
-
-* ruby-casserver now behaves more like a real command-line app, accepting
-  various command line arguments including -h (help), -v (version), -c (use
-  an alternate config.yml), and -d (daemonize, when using webrick or mongrel 
-  mode).
-* Special characters in CAS XML responses are now properly encoded into XML
-  entities
-* CAS XML responses are no longer auto-indented... Markaby's indentation
-  seemed to be causing problems with the PHP CAS client.
-* Misc minor bug fixes/cleanup.
-
-
-=== 0.1.0 :: 2007-03-01
-
-* First public release.
-
+See History.txt
\ No newline at end of file