1.1.8 (July 3rd, 2014)

This release contains a security fix for CVE-2014-3503, upgrade from previous 1.1.X versions is strongly suggested.

Please follow these instructions if you are upgrading from 1.1.7.


  • [SYNCOPE-499] - Deletion of role set as parent role in template generates exception
  • [SYNCOPE-500] - Wrong (unwanted) derived attribute insertion addition in membership modal page
  • [SYNCOPE-501] - Virtual attribute propagation not working when updating only virtual attributes
  • [SYNCOPE-504] - Sync/Push actions shouldn't be executed in dryrun
  • [SYNCOPE-509] - In Task page after change of number of rows (to display) is erroneously added a column to tasks table
  • [SYNCOPE-512] - If there are no roles in edit user modal page is possible to create membership between root (fake) role and user
  • [SYNCOPE-515] - Bad integration test causes role ownership conflicts


1.1.7 (April 11th, 2014)

This release contains a security fix for CVE-2014-0111, upgrade from previous 1.1.X versions is strongly suggested.

Please follow these instructions if you are upgrading from 1.1.6.


  • [SYNCOPE-484] - Reports and Content export fails over HTTPS connection


  • [SYNCOPE-487] - make Velocity tools available in templates for notifications

1.1.6 (February 22nd, 2014)

This sixth maintenance version fixes several important bugs and introduces few interesting improvements: more details below.

Please follow these instructions if you are upgrading from 1.1.5.


  • [SYNCOPE-452] - Generated project not starting in embedded mode
  • [SYNCOPE-453] - Propagation problem with role virtual attribute mapped in user mapping
  • [SYNCOPE-454] - Update user without password specification involving resource with "Generate password if missing" enabled, sends password out anyway
  • [SYNCOPE-455] - Role child implicit delete won't be propagated during parent delete
  • [SYNCOPE-459] - Read-only virtual attribute cannot be added for a user by admin console
  • [SYNCOPE-462] - Upgrade Spring to 3.2.7
  • [SYNCOPE-465] - Selected items lost browsing paged results
  • [SYNCOPE-466] - Server error when updating an existing policy to its global counterpart
  • [SYNCOPE-474] - forbidden error when tried to change password
  • [SYNCOPE-475] - After session expired, console shows split screen
  • [SYNCOPE-476] - NPE opening Roles tab
  • [SYNCOPE-477] - Alert popup appears through page navigation after modal window closing


  • [SYNCOPE-460] - Default datasource uses BasicDataSource
  • [SYNCOPE-468] - Add information to what components refer to a certain policy
  • [SYNCOPE-469] - Group policies and logs under configuration


1.1.5 (November 28th, 2013)

This fifth maintenance version fixes few important bugs and introduces some interesting improvements: more details below.

Please follow these instructions if you are upgrading from 1.1.4.


  • [SYNCOPE-419] - Meaningless error message when attempting to delete user owning role
  • [SYNCOPE-423] - Improve notifications
  • [SYNCOPE-426] - UserService#update and RoleService#update require entity id to be specified twice
  • [SYNCOPE-433] - Counting search results fails with MySQL when OR condition is used
  • [SYNCOPE-434] - Users can log in the admin console despite of their status
  • [SYNCOPE-435] - Password not mandatory when subscribing external resource
  • [SYNCOPE-436] - Read-only virtual attribute values not retrieved from external resource
  • [SYNCOPE-437] - Wrong ID generation for new Notification instances
  • [SYNCOPE-440] - Timestamp based synchronization miss events


  • [SYNCOPE-420] - Provide user / role pre-processing mechanism
  • [SYNCOPE-422] - Improve audit info
  • [SYNCOPE-424] - Resolve OpenJPA dependency overlap
  • [SYNCOPE-427] - Add CSV report format
  • [SYNCOPE-431] - Provide debug logging for controller methods' input and output
  • [SYNCOPE-432] - Replace role action labels with icons
  • [SYNCOPE-441] - Index on Activiti table boosts overall performance
  • [SYNCOPE-442] - Use cached virtual attribute values with offline resources


1.1.4 (September 27th, 2013)

This forth maintenance version fixes few important bugs and introduces some minor improvements: more details below.

Please follow these instructions if you are upgrading from 1.1.3.


  • [SYNCOPE-404] - LDAP Roles lose entitlement upon LDAP synchronization
  • [SYNCOPE-412] - Audit tables are reset after restart
  • [SYNCOPE-417] - Users are made active when updating in NoOpWorkflowAdapter
  • [SYNCOPE-418] - Special chars break REST URLs


  • [SYNCOPE-402] - Inconsistent status of user edit form after exception returned by bad propagation on primary resource
  • [SYNCOPE-403] - Enrich PropagationStatusTO to report possible propagation exception message
  • [SYNCOPE-408] - Add index on task.executed
  • [SYNCOPE-409] - Allow notifications with empty about field
  • [SYNCOPE-410] - Make username pattern configurable via account policy
  • [SYNCOPE-411] - Perform retries on failed notifications
  • [SYNCOPE-413] - Clean activiti history for unused variables
  • [SYNCOPE-415] - Reduce log level of bean validation errors
  • [SYNCOPE-416] - AttributableSearchDAOImpl / Avoid query construction with string concatenation

1.1.3 (July 12th, 2013)

This third maintenance version fixes few important bugs and introduces some minor improvements: more details below.

Please follow these instructions if you are upgrading from 1.1.2.


  • [SYNCOPE-370] - HTTP Status 404 adding a role to a user with IE8
  • [SYNCOPE-394] - Scheduled tasks are executed without transaction support
  • [SYNCOPE-396] - removeAll and retainAll in PropagationByResource dont evaluate correctly boolean expression
  • [SYNCOPE-397] - Double update propagation with virtual attributes on already associated resource when changing password and adding new resource
  • [SYNCOPE-398] - secretKey does not get resolved during archetype:generate
  • [SYNCOPE-399] - Role attribute mapping for user mapping item doesn't result in a multivalue property
  • [SYNCOPE-400] - Poor search performance on MySQL
  • [SYNCOPE-401] - Deploying syncope.war with MSSQL server settings to Tomcat on Windows results in Error listenerStart


1.1.2 (June 11th, 2013)

This second maintenance version fixes several bugs and introduces some minor improvements: more details below.

Please follow these instructions if you are upgrading from 1.1.1.


  • [SYNCOPE-369] - Wrong error message on failed login
  • [SYNCOPE-371] - Console RuntimeException with multiple sessions for the same user
  • [SYNCOPE-372] - Connector error before save
  • [SYNCOPE-373] - 500 when self reading admin user
  • [SYNCOPE-375] - QUARTZ tables are not written into an innodb mysql DB for an mvn generated and created project
  • [SYNCOPE-376] - Console webapp does not start on Glassfish
  • [SYNCOPE-377] - Exporting configuration via console causes exceptions to be thrown
  • [SYNCOPE-380] - Deleting a role from admin console throws an exception
  • [SYNCOPE-381] - Adding and saving roles with resources during save
  • [SYNCOPE-382] - Core hangs for a very long time (1h+ and then resumes) after a CLI role create and list
  • [SYNCOPE-383] - Failure assigning resource to an existing user
  • [SYNCOPE-384] - Issues with CXF and Glassfish
  • [SYNCOPE-385] - NPE when reading user assigned to resource with no mapping
  • [SYNCOPE-386] - Database sync (no full reconciliation) fails with "Unsupported object class"
  • [SYNCOPE-387] - Unable to synchronize deleted objects from OpenDJ


  • [SYNCOPE-374] - SyncopeUser tokens do not use secure random strings
  • [SYNCOPE-390] - Default Reportlets improvements

1.1.1 (April 29th, 2013)

This first maintenance version fixes several bugs and introduces some minor improvements: more details below.

Please follow these instructions if you are upgrading from 1.1.0.


  • [SYNCOPE-351] - Errors when editing role membership assignment in notifications (About and Recipients)
  • [SYNCOPE-352] - No connectors available on clean install
  • [SYNCOPE-353] - UserTemplate evaluation generates unjustified attributes to be removed
  • [SYNCOPE-354] - LDAP Membership propagation does not remove memberships
  • [SYNCOPE-356] - Unable to set resource for role via the console
  • [SYNCOPE-357] - When deleting role on external resource, also remove from there users with resource assigned only via that role
  • [SYNCOPE-358] - ConnectorService#list invocation with null parameter actually calls ConnectorService#readByResource
  • [SYNCOPE-360] - Removing Role mapping from External Resource fails
  • [SYNCOPE-361] - When creating new report, the modal window does not close and an exception is logged
  • [SYNCOPE-363] - ApacheDS not available since second run of the standalone distribution
  • [SYNCOPE-364] - Rejected users are anyway propagate to associated resources
  • [SYNCOPE-365] - External attribute disabled in case of schema info not available
  • [SYNCOPE-366] - Uniform constraint violation building
  • [SYNCOPE-367] - ConfigurationTestITCase#browseAccountPolicy Selenium test fails
  • [SYNCOPE-368] - Cannot add 'RoleOwnerSchema' mapping item via console


  • [SYNCOPE-359] - Ignore propagation if no schema mapping is provided
  • [SYNCOPE-362] - Disable mapping tab when the underlying connector does not support correspondent ObjectClass


  • [SYNCOPE-126] - Database import / export and related tasks


  • [SYNCOPE-340] - Translate items of Syncope UI and config files labels for Portuguese language

1.1.0 (April 5th, 2013)

The Apache Syncope team is proud to announce the general availability of Apache Syncope 1.1.0 Ad libitum.

Besides a considerable amount of fixed bugs and improvements, the major changes introduced with this release can be summarized as follows:

  1. New JAX-RS, Apache CXF based, REST interface is available. (SYNCOPE-231 and related)
    In order to maintain compatibility with 1.0.X, the Spring MVC REST services stay in place in this version and the CXF based services are added using a different base URI: this allows users of the API to already start migrating to the new service layout. For more details see REST API upgrade. In Apache Syncope 1.2.0 the Spring MVC REST services will be dropped.
  2. Role provisioning. (SYNCOPE-171 and related)
    Apache Syncope is now able to manage users (e.g. accounts) and roles (e.g. groups) on external resources. Many user-related concepts are now also available for roles: schema mapping, propagation, synchronization, workflow, and so on.

    Portions of this software are developed by the support of the SURF, the higher education and research partnership organization for Information and Communications Technology (ICT) in The Netherlands. For more information about SURF, please visit http://www.surf.nl.

  3. New standalone distribution is provided. (SYNCOPE-206).
    For helping evaluating Apache Syncope, a new standalone distribution is linked from the downloads page; instructions on how to work with it are also available.

Upgrading from 1.0.X? There are some notes about this.

We welcome your help and feedback. For more information on how to report problems, and to get involved, visit the project website.


  • [SYNCOPE-26] - Membership propagation / synchronization
  • [SYNCOPE-172] - Role propagation / synchronization
  • [SYNCOPE-173] - Role workflow
  • [SYNCOPE-227] - Role virtual attributes
  • [SYNCOPE-251] - Fix Dependency issues with ConnID Bundle deployment
  • [SYNCOPE-252] - Update LICENSE / NOTICE files for any added or removed Maven dependency
  • [SYNCOPE-256] - Update Rest exception mapper to Apache CXF
  • [SYNCOPE-282] - Implement JAX-RS exception mapper for server side
  • [SYNCOPE-287] - Information for release notes
  • [SYNCOPE-288] - Make setters of Transfer Objects (TO) compatible to CXF and JAXB
  • [SYNCOPE-289] - Prepare CXF Rest integration tests migration
  • [SYNCOPE-335] - Use correct wrapper names for returning lists


  • [SYNCOPE-182] - LICENSE & NOTICE: duplicated entries
  • [SYNCOPE-183] - 'Enforce mandatory constraints' not working
  • [SYNCOPE-185] - Could not delete an user with LDAP resource
  • [SYNCOPE-187] - When deleting an user, REST error doesn't bring error message to display
  • [SYNCOPE-191] - UI Error when sorting Synchronization Task executions
  • [SYNCOPE-192] - With trace level NONE notification tasks don't get updated
  • [SYNCOPE-193] - LDAP test connector status management does not work with synchronization
  • [SYNCOPE-194] - User attributes not sychronized properly from LDAP resource
  • [SYNCOPE-196] - Change Display Attributes button misaligned
  • [SYNCOPE-197] - TaskModalPage Refresh button misaligned
  • [SYNCOPE-202] - MySQL and Oracle integration test hangs
  • [SYNCOPE-208] - Resources: schema mapping form shows incorrect external field names for SyncopeUserId and Password
  • [SYNCOPE-211] - Test org.apache.syncope.core.persistence.relationships.derAttrFromSpecialAttrs not enabled
  • [SYNCOPE-214] - Error when trying to change readonly attribute
  • [SYNCOPE-217] - SyncopeUser.hasTokenExpired() can easily cause nullpointer exception
  • [SYNCOPE-220] - When running in embedded mode, CSVDir configuration shows unresolved ${urlencoded.csvdir.path} property
  • [SYNCOPE-224] - ActivitiWorkflowLoader called by SpringContextInitializer even when ActivitiUserWorkflowAdapter is not selected
  • [SYNCOPE-226] - Invalid passwords might fill up user's password history
  • [SYNCOPE-228] - When updating a role, assigned entitlements get lost
  • [SYNCOPE-230] - Sync user attributes using a long schema attribute as accountId
  • [SYNCOPE-232] - "Connection is read-only" during initialization
  • [SYNCOPE-233] - Authentication failure using password with special characters
  • [SYNCOPE-234] - Failures upgrading OpenJPA
  • [SYNCOPE-235] - CSVDir connector fails during check connection
  • [SYNCOPE-236] - Username and password not evaluated from user template during synchronization
  • [SYNCOPE-237] - Users with no entitlements cannot edit their own profile via console
  • [SYNCOPE-238] - With an high number of users, the admin console's 'TODO' tab is extremely slow
  • [SYNCOPE-260] - Update propagation with null virtual attribute values
  • [SYNCOPE-261] - Role visualization error
  • [SYNCOPE-262] - Create sync policy fail
  • [SYNCOPE-267] - Possible NullPointerException into SchemaMappingUtil.getAccountIdValue()
  • [SYNCOPE-269] - AES encryption key defined in source code
  • [SYNCOPE-273] - Role deletion inhibits notification update
  • [SYNCOPE-274] - Sync: during update with user template existing memberships break update
  • [SYNCOPE-284] - Broken export
  • [SYNCOPE-292] - NPE when accessing Configuration page with no global sync policy
  • [SYNCOPE-294] - User data not refreshed before edit
  • [SYNCOPE-297] - External Attributes are showing up for AccoundId/Password in Resource User Mappings
  • [SYNCOPE-301] - Status is not updated when synchronizing existing users
  • [SYNCOPE-302] - Error when accessing the Resources page as non-admin
  • [SYNCOPE-305] - Can't create Sync or Sched Task in Console
  • [SYNCOPE-306] - 'Mandatory' error in Console when propagating Virtual Attributes
  • [SYNCOPE-307] - Virtual Attributes don't propagated in case of update during synchronization
  • [SYNCOPE-308] - When trying to update an user in status 'rejected', an error 500 is returned
  • [SYNCOPE-309] - Enter key not bound to user form submit
  • [SYNCOPE-310] - Palette elements get translated
  • [SYNCOPE-312] - Introducing UserWorkflowService
  • [SYNCOPE-314] - User list sort based on username fails
  • [SYNCOPE-315] - "Persistent" feedback messages
  • [SYNCOPE-316] - Exception when creating connector instances with no bundles available
  • [SYNCOPE-317] - Error executing SyncTask twice or more
  • [SYNCOPE-318] - No way to see Connector help message for multi-valued property
  • [SYNCOPE-320] - Support synchronizing role memberships from LDAP groupOfNames
  • [SYNCOPE-321] - Wicket error adding new derived/virtual attribute
  • [SYNCOPE-322] - Can't create a new Role in Chromium
  • [SYNCOPE-323] - REST: create turns into update for some entities
  • [SYNCOPE-325] - Stacktrace when accessing the Configuration page on JBoss
  • [SYNCOPE-327] - Error messages during Tomcat shutdown
  • [SYNCOPE-328] - NPE with no global password policy defined
  • [SYNCOPE-329] - Wrong CSS deleting execution task
  • [SYNCOPE-330] - noopworkflow profile not succeeding
  • [SYNCOPE-332] - User List sorting via Derived attributes column doesn't work
  • [SYNCOPE-334] - Can't delete a role from a user in the console
  • [SYNCOPE-336] - Use a auto-complete textfield to chose for external attribute to be mapped during schema mapping creation
  • [SYNCOPE-338] - Some CXF REST services can be accessed by anonymous
  • [SYNCOPE-339] - enum schema multivalue doesn't work
  • [SYNCOPE-341] - When deleting user schema, user list attributes head don't get updated
  • [SYNCOPE-342] - Console might fail to connect when core is deployed on virtual host
  • [SYNCOPE-343] - REST methods returning implementation classes might fail when there are no available
  • [SYNCOPE-344] - Error in the console when you try to assign to an user a resource without CREATE or UPDATE capabilities
  • [SYNCOPE-347] - User schema mapping error for Username


  • [SYNCOPE-14] - Solve some warnings and verify if generated projects still work
  • [SYNCOPE-44] - Add ability to search for Roles via the REST API
  • [SYNCOPE-51] - Remove MD5 as a supported password cipher algorithm
  • [SYNCOPE-67] - Display all Execute Tasks (Propagation, Notification and Scheduled) and related Execution history items sortered in descending order
  • [SYNCOPE-79] - Simplify Maven project structure
  • [SYNCOPE-93] - Upgrade Quartz to latest 2.X stable version
  • [SYNCOPE-100] - Add more password encryption options
  • [SYNCOPE-124] - Prevent task execution request for running tasks
  • [SYNCOPE-130] - Avoid propagating useless update operations
  • [SYNCOPE-134] - User, role and membership properties for derived schemas
  • [SYNCOPE-136] - Password required for resource subscription
  • [SYNCOPE-137] - Support more than one local connector bundles directory and zero or more ConnId's connector servers
  • [SYNCOPE-144] - Provide Task entities with a name and an optional description
  • [SYNCOPE-146] - Provide asynchronous refresh of tasks and reports list
  • [SYNCOPE-147] - Provide refresh button in task and report modal windows
  • [SYNCOPE-148] - Provide cancel button for all modal windows
  • [SYNCOPE-154] - Virtual attribute cache
  • [SYNCOPE-184] - LDAP test connector should provide status information
  • [SYNCOPE-195] - Make default sorting order consistent
  • [SYNCOPE-198] - Add checkboxes to tables headers and rows
  • [SYNCOPE-199] - Refocus on user deletion page
  • [SYNCOPE-200] - Improve rat-plugin configuration
  • [SYNCOPE-201] - AbstractSchema enumerationValues and enumerationKeys too short
  • [SYNCOPE-203] - Add OSGi support
  • [SYNCOPE-206] - Create standalone distribution
  • [SYNCOPE-207] - Clear test configuration in order to avoid AccountId/Password mapping explicitely valued
  • [SYNCOPE-209] - DB Table connector does not see changes in underlying table until restart
  • [SYNCOPE-210] - Provide suggestions / help / examples for JEXL-based input fields
  • [SYNCOPE-212] - Provide Validation Error message to user
  • [SYNCOPE-215] - ReadOnly option for virtual attributes
  • [SYNCOPE-216] - NotificationJob is hardcoded to run every 2 minutes
  • [SYNCOPE-218] - User Workflow visualization
  • [SYNCOPE-221] - Let user explicitly choose to give value for AccountLink (when defining resource schema mapping)
  • [SYNCOPE-222] - Check for mandatory condition on Virtual / Derived attributes
  • [SYNCOPE-225] - Role owner
  • [SYNCOPE-229] - Allow to change the bundle version associated to an existing connector instance
  • [SYNCOPE-231] - Using Standard JAX-RS API in Syncope (Introducing Apache CXF WS Stack)
  • [SYNCOPE-241] - Move persistence and persistence impl into separate modules
  • [SYNCOPE-242] - Resolve dependency cycles between persistence and the rest of syncope core
  • [SYNCOPE-243] - Extended org.apache.rat exclude list for eclipse IDE
  • [SYNCOPE-244] - Make external property file usage possible
  • [SYNCOPE-245] - Improve UserTestITCase, RoleTestITCase and TaskTestITCase
  • [SYNCOPE-248] - Consolidate task execution in TaskTestITCase
  • [SYNCOPE-249] - Implement RoleOwnerSchema for role propagation and synchronization
  • [SYNCOPE-250] - Improve error handling in NotificationTest
  • [SYNCOPE-253] - Upgrade Activiti to 5.11
  • [SYNCOPE-254] - Provide build profile for skipping any test-related activity
  • [SYNCOPE-255] - Hide Global Password/Account/Sync policy in security resource selections
  • [SYNCOPE-257] - Schema Mapping for propagation and synchronization
  • [SYNCOPE-258] - Java class as sync policy correlation rule
  • [SYNCOPE-259] - Create transitional Service interfaces and switch tests and console to use them
  • [SYNCOPE-263] - Inject Recipient and Event variable in Velocity Email Notification Template
  • [SYNCOPE-264] - Email Notification Templates Documentation
  • [SYNCOPE-266] - Password should be provided again at resource subscription time if a "Password" schema mapping for that resource exists
  • [SYNCOPE-268] - Enable Rest IntegrationTests to run more than once (per build)
  • [SYNCOPE-275] - Upgrade Spring to 3.2.1
  • [SYNCOPE-277] - Improve archetype resource population from core and console
  • [SYNCOPE-279] - Connector instance timeout
  • [SYNCOPE-280] - Update some checked exceptions to runtime ones
  • [SYNCOPE-281] - Refactor client module: Move common classes into common module
  • [SYNCOPE-283] - website edits
  • [SYNCOPE-291] - Move NotFoundException to core.persistence.dao
  • [SYNCOPE-293] - Show information (version, license, ...)
  • [SYNCOPE-295] - If AccountId is selected when creating a Resource Mapping, then make it mandatory
  • [SYNCOPE-296] - Align search botton
  • [SYNCOPE-299] - Add "row to display" selector in resources
  • [SYNCOPE-311] - View user details during approval
  • [SYNCOPE-319] - Provide feature for reloading all connectors
  • [SYNCOPE-324] - Return User instead of Boolean from REST username + password query
  • [SYNCOPE-331] - Provide access to user / role data on external resources
  • [SYNCOPE-348] - Email address validator regexp

New Feature


  • [SYNCOPE-125] - Derived and Virtual attribute use cases
  • [SYNCOPE-127] - Workflow: concepts, how to customize and how to trace
  • [SYNCOPE-128] - Self-registration
  • [SYNCOPE-186] - Build reference flows for propagation and synchronization
  • [SYNCOPE-188] - Upgrade to Apache Wicket 1.5.8
  • [SYNCOPE-189] - Close Modal Window on keypress (ESC)
  • [SYNCOPE-190] - Automatic page refresher for task and report
  • [SYNCOPE-205] - Upgrade to latest Apache Wicket 6.X.Y
  • [SYNCOPE-265] - Ensure that Syncope test data is consistent
  • [SYNCOPE-276] - Upgrade instructions from 1.0.X to 1.1.0
  • [SYNCOPE-278] - Verify export / import
  • [SYNCOPE-326] - Check console style (CSS) on Internet Explorer
  • [SYNCOPE-350] - Provide Getting started / Standalone distribution
  • No labels