2.0.

...

8 (

...

March 13th,

...

2018)

The brand new Apache Syncope 2.0.4 Jazz keeps bringing fixes, new features and improvements8 Jazz is a maintenance release.

Security advisories

• CVE-2018-1321
• CVE-2018-1322

New and noteworthy

Netbeans Plugin

Besides the consolidated Eclipse IDE Plugin, a new plugin is now available for Apache Netbeans, with similar features.

Elasticsearch-based Search Engine

Admin Console

New language translation available: Japanese.

Image Added

New feature: schema search.

Image Added

Enduser UI

New language translation available: Japanese.

Image Added

OpenAPI 3.0 / Swagger UI 3.0

The existing support for Swagger 2.0 specification was upgraded to OpenAPI 3.0.

Additionally, Swagger UI 2.0 was replaced by Swagger UI 3.0.

Image Added

Issues

Bug

• [SYNCOPE-1257] - USER search by GROUP does not work if group name has spaces
• [SYNCOPE-1261] - When starting with empty database and no ConnInstances in Content.xml no bundles are reported as available
• [SYNCOPE-1263] - REST invocation with invalid JWT string returns 500
• [SYNCOPE-1265] - SAML 2.0 IdP cache empty until either new is imported or SAML2IdPService#list is invoked
• [SYNCOPE-1266] - Multivalue binary attributes leads to OutOfMemory exception
• [SYNCOPE-1269] - Cannot specify validator for Configuration Parameters
• [SYNCOPE-1272] - Export of the report always returns the result of the last execution
• [SYNCOPE-1275] - Add the possibiliy to delete a job
• [SYNCOPE-1276] - Link or assign Group from External Resource resets dynamic membership conditions

New Feature

• [SYNCOPE-1259] - Japanese translation for Admin console & Enduser UI
• [SYNCOPE-1279] - Provide live updates from running tasks and reports

Improvement

• [SYNCOPE-1225] - Search funcionality in Schemas
• [SYNCOPE-1267] - Provide check of mimetypes before generate a binary attribute preview
• [SYNCOPE-1274] - Report required and read-only payload properties in OpenApi spec
• [SYNCOPE-1280] - Better job interrupt

Task

• [SYNCOPE-1262] - Upgrade to Swagger UI 3.0

2.0.7 (December 22nd, 2017)

Apache Syncope 2.0.7 Jazz is a maintenance release.

New and noteworthy

SCIM 2.0

The SCIM extension is now available, allowing to provision users and groups through the new /scim REST endpoint according to the SCIM (System for Cross-domain Identity Management) 2.0 specifications.

Issues

Bug

• [SYNCOPE-1222] - Unwanted delete from External Resources on Membership removal
• [SYNCOPE-1223] - Cannot search for values containing comma
• [SYNCOPE-1224] - CLI: user "all" operations limited to 25 users
• [SYNCOPE-1226] - List the attributes to be displayed show deleted attributes
• [SYNCOPE-1227] - Password template not nullable after setting
• [SYNCOPE-1229] - Pull task execution bulk delete fails
• [SYNCOPE-1230] - Bad toggle handling during task execution delete
• [SYNCOPE-1231] - Hidden columns in bulk action resul modal page
• [SYNCOPE-1232] - AnyType removal does not check for existing AnyObjects
• [SYNCOPE-1233] - NullPointerException in Topology after creating a connector with no displayName using pure REST call
• [SYNCOPE-1235] - Unlink or unassign Group from External Resource resets dynamic membership conditions
• [SYNCOPE-1236] - Pagination error for executed tasks
• [SYNCOPE-1239] - Missing specified plain attr values if plain attr step is the last one of the any management wizard
• [SYNCOPE-1241] - Under high load propagation after pull might fail
• [SYNCOPE-1244] - Error creating bean with name 'logicInitializer' on startup related to quartz clustering
• [SYNCOPE-1246] - Group membership search stucks with several thousands of groups
• [SYNCOPE-1247] - Group search and auto-completion does not work with several thousands of groups
• [SYNCOPE-1248] - Password policy history error when the user is updated before being approved
• [SYNCOPE-1250] - Missing attributes layout order
• [SYNCOPE-1251] - UserTO variable is not updated during Update Activiti Task
• [SYNCOPE-1252] - Search failing for non-string attributes from Admin Console
• [SYNCOPE-1253] - Pulled users have password set even if no mapping was provided

Improvement

• [SYNCOPE-1138] - Update RelationshipTO to also report the "left" end of a relationship
• [SYNCOPE-1228] - Parent should be passed once for Realm create
• [SYNCOPE-1234] - SyncDelta pre-processing
• [SYNCOPE-1237] - Copy table row element key to clipboard by clicking on its name in toggle menu
• [SYNCOPE-1238] - Terminate Topology background checks once completed
• [SYNCOPE-1242] - Simple way to see elements full text value in Palette Panels
• [SYNCOPE-1243] - Add information to GroupTO about user and AnyObject membership counts
• [SYNCOPE-1255] - Dynamic group/role create/update can result in timeout error in case of a great number of members

New Feature

• [SYNCOPE-152] - Support SCIM REST API
• [SYNCOPE-1249] - Support for mustChangePassword mapping

2.0.6 (October 9th, 2017)

Apache Syncope 2.0.6 Jazz is a maintenance release.

Issues

Bug

• [SYNCOPE-1205] - Serialization exception in the logs when editing users pending approval
• [SYNCOPE-1206] - Dynamic membership updates not considered for provisioning during update
• [SYNCOPE-1207] - Audit: incorrect output element reported for Pull Tasks
• [SYNCOPE-1210] - Random password generation fails for push tasks
• [SYNCOPE-1211] - syncope migration 1.2 to 2.0 users blocked to 200
• [SYNCOPE-1213] - Syncope console should advice user about exceeded file size
• [SYNCOPE-1214] - Error when sorting Users by Realm
• [SYNCOPE-1215] - Multivalue readonly fields allow frontend deletion
• [SYNCOPE-1217] - Using the JAVA API is possible to create a Realm with the same name in the same parent realm

Improvement

• [SYNCOPE-1212] - Allow for easier Pull / Push processes customization

Task

• [SYNCOPE-1186] - Remove copy of SAMLSSOResponseValidator and SSOValidatorResponse when CXF 3.1.13 is out

2.0.5 (September 6th, 2017)

One year after 2.0.0, here it comes Apache Syncope 2.0.5 Jazz bringing fixes, new features and improvements.

New and noteworthy

SAML 2.0 Service Provider improvements

The SAML 2.0 Service Provider extension - e.g. the ability to SSO into Admin Console, Enduser UI and any other Java EE application properly enabled - was provided with several enhancements:

1. allow to define complete mapping between Syncope Schema and SAML 2.0 attributes
2. allow to specify custom IdP Actions - which can be used, among other things, for flexible Role assignment based on SAML 2.0 statements
3. consent to on-the-fly creation of unmatched SAML 2.0 users, allowing users not pre-existing in a given Apache Syncope deployment to be created in case of SAML 2.0 SSO
4. strict validation of SAML 2.0 payloads
5. signature of the generated Service Provider Metadata
6. support for IdP-initiated SSO

Realm provision enhancements

Introduced in earlier versions, Realm provisioning is now feature-equivalent to Users, Groups and Any Objects provisioning, with complete mapping, resource exploration and more.

Audit Appenders

It is now possible to configure Audit Appenders, which allow to route audit messages, with optional transformation (rewrite), to files, queues, sockets, syslog, etc.

Delegated Administration for Connectors and External Resources

Connectors now requires to specify a Realm, which is then used to evaluate the entitlements owned by administrators when performing management operations on Connectors and their External Resources.

Moreover, changes in Connectors and External Resources configuration are now tracked by default and allow to revert unwanted / breaking changes at hand.

Issues

Bug

• [SYNCOPE-1139] - StackOverflowError while serializing AuditEntry after propagation
• [SYNCOPE-1140] - Error when trying to assign a relationship
• [SYNCOPE-1141] - Error when getting /numbers with application/xml
• [SYNCOPE-1149] - Access token still required for the third party JWT SSO integration scenario
• [SYNCOPE-1150] - Invalid property set for propagation task modal page header
• [SYNCOPE-1151] - Glinch in the root realm information
• [SYNCOPE-1158] - Misleading Push Task reports
• [SYNCOPE-1162] - Change to Connector's display name not reflected by contextual menu
• [SYNCOPE-1163] - External Resource priority is never NULL
• [SYNCOPE-1166] - No propagation task is created for resources where the password is not propagated
• [SYNCOPE-1168] - Encryptor pads short secret keys with "0" instead of random characters
• [SYNCOPE-1169] - Operation not supported error when trying to run a bulk action for users
• [SYNCOPE-1170] - Can't remove a "Dynamic USER assignment"
• [SYNCOPE-1174] - NPE in AccessTokenDataBinderImpl if no 'jwt.lifetime.minutes' schema is present
• [SYNCOPE-1175] - Password Reset Token Generation Not Working After Upgrading to 2.0.4
• [SYNCOPE-1178] - PlainSchema page empty while self update on Enduser
• [SYNCOPE-1179] - JWT "Date" claims are interpreted using milliseconds instead of seconds
• [SYNCOPE-1180] - No e-mail debug output
• [SYNCOPE-1184] - In the "Attributes to be displayed" sellection show the ones already displayed by default
• [SYNCOPE-1188] - NPE Message while saving Dynamic Realm with empty key
• [SYNCOPE-1189] - Realms page not accessible when user has permissions on dynamic realms
• [SYNCOPE-1190] - Username not refreshed on toggle menu after user update
• [SYNCOPE-1193] - Add the option to update a user via REST by using the username as key
• [SYNCOPE-1199] - Syncope performance: AnyObjectTO's creation time grows with it's quantity
• [SYNCOPE-1203] - Not possible to add provision rules for "Realm" type

Improvement

• [SYNCOPE-1096] - Download button should be disabled while populating for the first time a binary attribute
• [SYNCOPE-1097] - Downloaded file for binary attribute better naming
• [SYNCOPE-1115] - Display attributes for propagation tasks
• [SYNCOPE-1143] - Fine-grained administration rights for Connector and Resources
• [SYNCOPE-1146] - On-the-fly creation of unmatched users logging via SAML 2.0
• [SYNCOPE-1147] - Extend SAML 2.0 IdP mapping to Roles
• [SYNCOPE-1152] - Clear out unneeded anonymous authenticated services
• [SYNCOPE-1153] - Push Tasks result to show "no operation" when operation is not enabled
• [SYNCOPE-1154] - Edit resource to show always in the same order in list of object provision rules
• [SYNCOPE-1155] - Hard-coded /syncope-enduser HTTP subcontext
• [SYNCOPE-1159] - Allow to set Realm for Push Tasks
• [SYNCOPE-1164] - Complete mapping for Realm provisioning
• [SYNCOPE-1167] - Preliminary AnyType selection when adding new provision rule
• [SYNCOPE-1171] - Skip Relationships page when no relationship types exist
• [SYNCOPE-1172] - Error message of "Malformed Path" could be made a little clearer
• [SYNCOPE-1173] - Replace List<String> dynGroups with List<MembershipTO> dynMemberships
• [SYNCOPE-1176] - Edit provisioning rules menu is flat and not toggle
• [SYNCOPE-1177] - Configuration Parameter deletion should ask for confirmation
• [SYNCOPE-1182] - Use Remote Key in the Mapping to fetch external entities
• [SYNCOPE-1183] - Realm attribute available (as a detail) to use as a column in the "realm view" object list
• [SYNCOPE-1185] - Further validate SAML responses with CXF's SAMLSSOResponseValidator
• [SYNCOPE-1192] - Provide latest GIT commit hash alongside with version number
• [SYNCOPE-1194] - Sign the SAML SSO Service Provider Metadata
• [SYNCOPE-1196] - Binary previewer also for configuration parameters
• [SYNCOPE-1197] - Enduser console doesn't specify "SAML 2.0" as per the admin console
• [SYNCOPE-1198] - Make the signature algorithm configurable for SAML SSO
• [SYNCOPE-1200] - Allow to update user data during approval
• [SYNCOPE-1201] - Allow AnyType-based conditions for DynRealms
• [SYNCOPE-1202] - Support IdP Initiated SAML SSO

New Feature

• [SYNCOPE-1144] - Customizable Audit appender
• [SYNCOPE-1145] - Connector and Resource configuration versioning

Task

• [SYNCOPE-1195] - Remove copy of OpenSAMLUtil when WSS4J 2.1.11 is out

Wish

• [SYNCOPE-1161] - Option to clone a resource

2.0.4 (July 3rd, 2017)

The brand new Apache Syncope 2.0.4 Jazz keeps bringing fixes, new features and improvements.

New and noteworthy

Netbeans Plugin

Besides the consolidated Eclipse IDE Plugin, a new plugin is now available for Apache Netbeans, with similar features.

Elasticsearch-based Search Engine

Especially suitable for large deployments, a new search engine relying on an external Elasticsearch cluster is provided, dramatically improving Especially suitable for large deployments, a new search engine relying on an external Elasticsearch cluster is provided, dramatically improving the overall search performance when the number of managed entities (Users, Groups and Any Objects) raises above tens of thousands.

...

With the increasing number of potential actions, this mechanism proved to be poor: now, instead, a contextual menu will appear after clicking on any row, reporting all the available actions for the selected entity. 

...

New and noteworthy

SAML 2.0 Service Provider features

...

Moreover, with SYNCOPE-1015 it is now possible to configure which user attribute(s) can be passed as login name for authentication, besides username (default).

Issues

Bug

• [SYNCOPE-1003] - Error when accessing notification tasks for a given user
• [SYNCOPE-1004] - Notification tasks generated for self read event not linked to user
• [SYNCOPE-1007] - NPE in Console when on an empty search term for user assignment
• [SYNCOPE-1008] - Maven home directory not trimmed of whitespace
• [SYNCOPE-1010] - Some PushActions methods not invoked even if assigned
• [SYNCOPE-1012] - Security answer not recognized during password reset
• [SYNCOPE-1013] - Password reset link generated by default notification template does not trigger Enduser UI features
• [SYNCOPE-1014] - The list of security questions is not refreshed after creating new one
• [SYNCOPE-1016] - Last change date not updated for users when attributes are updated via pull
• [SYNCOPE-1022] - UTF-8 characters in security questions not correctly encoded by Enduser UI
• [SYNCOPE-1023] - Maven projects from archetype deploy test content with 'all' profile
• [SYNCOPE-1024] - Enduser does not manages properly ENUM schema labels
• [SYNCOPE-1025] - SYNCOPEAUDIT table not populated
• [SYNCOPE-1026] - Cannot remove group owner once set
• [SYNCOPE-1027] - Mapping errors cannot be fixed when defining provision rules for a new resource
• [SYNCOPE-1030] - Invalid DefaultAccountRule definition from Admin Console
• [SYNCOPE-1032] - Role key must be not modifiable during edit from Admin Console
• [SYNCOPE-1033] - NPE in Admin Console when working with Reconciliation Report
• [SYNCOPE-1034] - Assigned Auxiliary classes disappear in the Type Extensions panel when click on cancel
• [SYNCOPE-1036] - Notification icon does not refresh on new approval event
• [SYNCOPE-1037] - Pending approvals list is clickable
• [SYNCOPE-1038] - User create: finish button should remain clickable if the last step is reached
• [SYNCOPE-1039] - User attributes in user edit/create form are reset after validation error
• [SYNCOPE-1040] - Membership derived attributes cannot reference own plain attributes
• [SYNCOPE-1042] - Removal of all executed pull tasks via bulk action returns a missing resource exception
• [SYNCOPE-1043] - Improve JWT token expiration handling
• [SYNCOPE-1044] - By editing the provisioning rules, modal footer is not disabled
• [SYNCOPE-1045] - Activiti Modeler: log out from Admin Console in case of error
• [SYNCOPE-1046] - Console: task execution sort not working properly
• [SYNCOPE-1048] - Into the connector configuration page the same bundle appear more then once if different versions exist
• [SYNCOPE-1049] - Console returns an error if you try to explore Syncope as a remote object
• [SYNCOPE-1051] - It is possible to schedule task execution in the past
• [SYNCOPE-1052] - Enduser CAPTCHA not reloading
• [SYNCOPE-1057] - Type extensions cleared after group update during pull
• [SYNCOPE-1060] - Date in membership attribute is propagated as timestamp
• [SYNCOPE-1062] - Changes pulled from one resource not propagated externally

Improvement

• [SYNCOPE-991] - Improve user password management / resource management

• [SYNCOPE-1005] - Schema sorting should be done on JS side

• [SYNCOPE-1009] - Enduser must provide an easy way to enable/disable visualization and sorting of USER attributes
• [SYNCOPE-1020] - Support for BPMN call activity
• [SYNCOPE-1028] - Improve usability of the modal window for provision rules
• [SYNCOPE-1029] - Change modal window title and button bars background
• [SYNCOPE-1031] - Hide key when creating / editing Security Questions from Admin Console
• [SYNCOPE-1050] - Allow easier extension of REST interface exposed to AngularJS
• [SYNCOPE-1058] - Do not show time picker and values for date-only schemas
• [SYNCOPE-1059] - Remove final landing page after user create/update
• [SYNCOPE-1061] - Support SAML 2.0 Redirect profile
• [SYNCOPE-1063] - Incomplete title for modal windows from Topology
• [SYNCOPE-1064] - Improve security of customization mechanism

New Feature

• [SYNCOPE-1015] - User Authentication using email

• [SYNCOPE-1035] - JWT-based access to REST services

• [SYNCOPE-1041] - SAML 2.0 Service Provider feature
• [SYNCOPE-1055] - Provide Flowable 5.X-based workflow adapter

...

• [SYNCOPE-984] - Errors when building on Windows for archetype and Eclipse plugin
• [SYNCOPE-985] - org.apache.syncope.client.cli.commands.MigrateTest Fails on Windows

Bug

• [SYNCOPE-965] - Cron expression for scheduled job is not saved from the console
• [SYNCOPE-966] - Exception reported when looking at propagation task details from user list
• [SYNCOPE-970] - On logout, page translation doesn't reset to default settings.
• [SYNCOPE-974] - Incorrect error reported when creating notification with missing events
• [SYNCOPE-975] - Search case insensitive ilike operator triggers search validation
• [SYNCOPE-976] - Duplicated events shown by admin console for notifications and audit
• [SYNCOPE-977] - style missing for captcha buttons in responsive template (under 800px width)
• [SYNCOPE-979] - resource id is missing in user propagation task table
• [SYNCOPE-980] - AnyObject search filter not honored with inGroups condition
• [SYNCOPE-981] - Oracle/SQLServer configuration does not work
• [SYNCOPE-982] - Notification tasks modal window does not provide access to actual HTML and TEXT e-mail body
• [SYNCOPE-987] - Build issues on Windows
• [SYNCOPE-990] - Explore resource detailed view always shows empty left column
• [SYNCOPE-992] - Date not registered in self registration
• [SYNCOPE-993] - Footer buttons positioning and resizing
• [SYNCOPE-994] - Character encoding not being respected
• [SYNCOPE-997] - Angular transition errors
• [SYNCOPE-999] - REST exception mapper overwrites Spring Security response
• [SYNCOPE-1000] - CSVDir connector unclear about required attributes/columns
• [SYNCOPE-1001] - Closing the Activiti Modeler popup does not make the spinner to disappear
• [SYNCOPE-1002] - Updating any objects' name via console is ineffective

Improvement

• [SYNCOPE-773] - Allow in-place edit in Job dashboard widget
• [SYNCOPE-779] - Use Kendo UI Boostrap DateTimePicker
• [SYNCOPE-967] - Enduser test update
• [SYNCOPE-971] - Case insensitive search
• [SYNCOPE-972] - Make Syncope Enduser template responsive
• [SYNCOPE-978] - Add sample REST external resource
• [SYNCOPE-983] - Search performance improvement with mandatory schemas only
• [SYNCOPE-989] - Upgrade FOP to 2.1
• [SYNCOPE-996] - Replace Angular Bootstrap DateTimePicker with Kendo UI DateTimePicker

New Feature

• [SYNCOPE-882] - Log viewer

Task

• [SYNCOPE-962] - Upgrade to Wicket 7.5.0

...

Upgrading from 2.0.0? There are some notes about this process.

Bug

• [SYNCOPE-937] - Security question not loaded while resetting the user password
• [SYNCOPE-940] - Handle authorization issues more gracefully in the console
• [SYNCOPE-942] - Bug in changing security answer in the Enduser UI
• [SYNCOPE-944] - Cannot manually assign groups provided with dynamic assignment rules
• [SYNCOPE-946] - Encrypted attribute values not managed as password values
• [SYNCOPE-947] - Missing quotes defining realm (JEXL) expression in user/group/anyobject templates for realms
• [SYNCOPE-950] - Self-registration / self-update not working
• [SYNCOPE-953] - Enduser shows groups of the selected realm rather than groups assignable to users in the selected realm

Improvement

• [SYNCOPE-948] - Optionally provide schema information with attribute values
• [SYNCOPE-949] - Leave WebApplicationException to default processing
• [SYNCOPE-952] - Provide realm management to enduser
• [SYNCOPE-958] - Enduser improvements
• [SYNCOPE-959] - Specify working domain in enduser.properties
• [SYNCOPE-960] - Make the breadcrumb in creation navigable only when the Finish page has been reached

...

Bug

• [SYNCOPE-738] - Startup errors with Wildfly due to Camel route loading
• [SYNCOPE-929] - Braces are ignored for FIQL strings
• [SYNCOPE-930] - Exception when dropping the last "Base Contexts to Synchronize" from LDAP connector
• [SYNCOPE-931] - Error in Camel route causes subsequent failures
• [SYNCOPE-933] - Dashboard: status COMPLETE is reported for running jobs
• [SYNCOPE-934] - Bad form (including login) appearance with IE 11
• [SYNCOPE-935] - Attribute 'type' shouldn't be available to create a group filter
• [SYNCOPE-936] - Sync token reset to NULL when no SyncDelta items are available

Improvement

• [SYNCOPE-853] - Add AngularJS tests for enduser
• [SYNCOPE-926] - Syncope 2.x startup improvements
• [SYNCOPE-932] - Search UI improvements

New Feature

• [SYNCOPE-880] - Identity Recertification

...

• [SYNCOPE-809] - Eclipse plugin

Bug

• [SYNCOPE-872] - Type extensions not considered for user form
• [SYNCOPE-878] - Failure on bulk deletion of users
• [SYNCOPE-879] - Auto-completion not working for internal and external attribute names
• [SYNCOPE-881] - Users not removed from transitive external resources when deleted
• [SYNCOPE-883] - Can't access REST API via browser
• [SYNCOPE-884] - Error in REST API when specifying application/xml accept header
• [SYNCOPE-886] - Error enablig/disabling user on a single resource
• [SYNCOPE-887] - Hidden password in pull task user template
• [SYNCOPE-888] - No error thrown if resource mapping internal attribute doesn't exist
• [SYNCOPE-891] - Resource Provisioning Error
• [SYNCOPE-892] - RuntimeException when resizing tables
• [SYNCOPE-893] - International characters in group name
• [SYNCOPE-898] - Cannot set realm in user / group / any object templates for pull task
• [SYNCOPE-899] - neighborhood relationship type has no description
• [SYNCOPE-900] - Can't edit Camel routes in Console
• [SYNCOPE-901] - Syncope 2.0.0.X maven source artifacts missing
• [SYNCOPE-905] - Wrong entitlement evaluation
• [SYNCOPE-907] - Creating any object with relationship to another results in self-relationship
• [SYNCOPE-908] - Exception when searching for any object to fill relationship
• [SYNCOPE-911] - Enduser should allow empty values on non required select fields
• [SYNCOPE-912] - Registered users receive an error message after saving their own profile
• [SYNCOPE-915] - When changing connector's display name, the topology is not refreshed
• [SYNCOPE-916] - Content exporter includes unwanted items
• [SYNCOPE-918] - When a user has been successfully updated, logout link doesn't bring back to home page.
• [SYNCOPE-921] - Approval list not reloaded after approve/reject operations
• [SYNCOPE-923] - Sync / Pull task not configured for delete causes incremental sync to prematurely stop
• [SYNCOPE-927] - User creation randomly fails if capctha check has been disabled
• [SYNCOPE-928] - Table that stores user passwords store duplicate entries

Improvement

• [SYNCOPE-700] - Documentation artifacts
• [SYNCOPE-854] - Uploaded file preview for enduser
• [SYNCOPE-894] - Allow international characters in username, group's and any object's names
• [SYNCOPE-895] - Enable Secure Processing on all DocumentBuilderFactory/TransfomerFactory instances
• [SYNCOPE-896] - Non-mandatory DropDown attributes should show a blank value when no value is specified
• [SYNCOPE-902] - Provide helper method to retrieve all the groups of a user
• [SYNCOPE-906] - Allow reference to username and group / any object name as search parameters
• [SYNCOPE-909] - Consolidate Camel Processors
• [SYNCOPE-910] - Introduce new Camel propagation component
• [SYNCOPE-913] - Add and remove buttons in multivalue fields are not aligned
• [SYNCOPE-914] - Spinner should be always in front of any other element
• [SYNCOPE-919] - Adjust activiti user workflow to be able to remove users in createApproval status
• [SYNCOPE-920] - Allow to specify recipients provider class for notifications
• [SYNCOPE-925] - Allow domain selection from Swagger UI

Wish

• [SYNCOPE-885] - Skip configuration screen if no applicable values
• [SYNCOPE-890] - Display information on "Enable Realm Provisioning"

...

The forth milestone release from the new major series Syncope 2.0 Jazz is now available, bearing a relevant number of fixes and improvements over 2.0.0-M3.

Bug

• [SYNCOPE-845] - Type extensions not considered for user and any objects forms
• [SYNCOPE-863] - Pull policy correlation rule plain attributes palette doesn't work fine
• [SYNCOPE-865] - Random ConcurrentModificationException reported in the logs
• [SYNCOPE-867] - Creating a new notification template the list of available templates are not updated after submit
• [SYNCOPE-868] - Submit and cancel button not available in create report template modal page
• [SYNCOPE-869] - Missing notification in case of success after create and update
• [SYNCOPE-875] - Can't test LDAP Connector in admin console
• [SYNCOPE-876] - Fake after object reported by propagation in case of delete

Improvement

• [SYNCOPE-827] - Allow to specify user / group / any object filters for push tasks
• [SYNCOPE-829] - Use actual pagination for resource explore
• [SYNCOPE-852] - Add a good title including report/reportlet name modal used to edit report and reportlet
• [SYNCOPE-862] - Membership and type extension improvements
• [SYNCOPE-866] - Check for existence of key before adding template
• [SYNCOPE-870] - Refer to users and groups by their names in Activiti workflow definition
• [SYNCOPE-871] - Link NumberWidgets on the dashboard to their respective pages
• [SYNCOPE-873] - Remove list() methods from User, Group and AnyObject REST APIs

New Feature

• [SYNCOPE-721] - Enduser i18n
• [SYNCOPE-859] - External Resource bulk operations
• [SYNCOPE-860] - Allow listing group / role members
• [SYNCOPE-864] - Support for Payara
• [SYNCOPE-874] - Realm provisioning

...

• [SYNCOPE-719] - UI enhancements
• [SYNCOPE-745] - Complete Configuration
• [SYNCOPE-765] - Provide approval management

Bug

• [SYNCOPE-737] - UserWizardBuilder, the store internally password flag is not set properly
• [SYNCOPE-781] - Activiti Modeler breaks deployment from installer
• [SYNCOPE-783] - DateTime fields not correctly handled in Enduser
• [SYNCOPE-792] - Improve JEXL information text for "mandatory" when creating a new schema attribute
• [SYNCOPE-793] - Password" keys missing when creating a resource mapping
• [SYNCOPE-798] - Once authenticated to enduser, "Cancel" brings nowhere
• [SYNCOPE-799] - Do not allow admin user log in to enduser
• [SYNCOPE-800] - Synchronization fails in case of accountId mapped on derived attribute starting with literal
• [SYNCOPE-801] - Provisioning mappings are not saved
• [SYNCOPE-811] - Error message "'spinner' is required"
• [SYNCOPE-812] - Remove flickering
• [SYNCOPE-813] - Remove "mandatory" field from configuration parameter creation
• [SYNCOPE-814] - MasterContent.xml configuration is broken for "main"
• [SYNCOPE-817] - Switching between Connector Configuration tabs loses information
• [SYNCOPE-823] - Workflow XML editor pops up after closing Activiti Modeler
• [SYNCOPE-825] - CSS title under Realms: bad style
• [SYNCOPE-836] - On Firefox, once logged in can't log out and viceversa if cache is not have been cleared
• [SYNCOPE-837] - Bad appearance for + / - buttons under Chrome / Chromium
• [SYNCOPE-839] - Syncope 2.0.0-M2 has a missing dependency syncope-fit-build-build-tools
• [SYNCOPE-844] - When showing propagation task details stacktrace is reported instead
• [SYNCOPE-846] - Annoying flickering
• [SYNCOPE-847] - When creating virtual schema, the new item is not shown in the list
• [SYNCOPE-849] - Task execution popup does not resize properly on Chrome
• [SYNCOPE-850] - Heart icon to check connector connectivity does not show feedback panel on Chrome

Improvement

• [SYNCOPE-791] - Update UI to display what you're adding when creating a role
• [SYNCOPE-796] - Add favicon to enduser
• [SYNCOPE-797] - Automatically select a unique version for a Connector
• [SYNCOPE-802] - Improve Connector "Capabilities" layout
• [SYNCOPE-803] - Improve explanation for on/off buttons in the Connector Configuration
• [SYNCOPE-804] - Support the explanation of the Connector Configuration properties
• [SYNCOPE-805] - Select destination realm from a drop down list when creating a task
• [SYNCOPE-806] - Validate "standalone" resource provisioning
• [SYNCOPE-807] - When editing realms, select account and password policies from combo box
• [SYNCOPE-810] - Allow generated projects to include extensions in embedded mode
• [SYNCOPE-815] - Configure standalone to log under $CATALINA_HOME/logs
• [SYNCOPE-816] - Add message when no "plain" attributes available
• [SYNCOPE-818] - Allow to optionally specify the MappingItemTransformer class, for each mapping item
• [SYNCOPE-819] - Add deletion query across all components
• [SYNCOPE-820] - Allow to optionally specify user / group / any object template(s) for pull tasks
• [SYNCOPE-821] - Allow capability override on resources
• [SYNCOPE-822] - Replace Long autogenerated keys with UUIDs
• [SYNCOPE-824] - Push/Pull task "names" not marked as mandatory in the console
• [SYNCOPE-826] - Allow to specify any templates and logic actions from realm
• [SYNCOPE-830] - Associate notification tasks to related notifications
• [SYNCOPE-834] - Single WebSocketBehavior per page
• [SYNCOPE-835] - Allow to configure groups' type extensions
• [SYNCOPE-838] - review of logging state of the syncope enduser
• [SYNCOPE-841] - Admin console small tweaks and fixes
• [SYNCOPE-842] - Use gzip compression by default
• [SYNCOPE-848] - Include provision information in VirSchemaTO
• [SYNCOPE-851] - Add title per wizard step about user/group/anyobject
• [SYNCOPE-855] - Synchronization token management enhancement in case of errors
• [SYNCOPE-857] - JEXL-based transformation for mapping items
• [SYNCOPE-858] - Ensure afterObject is provided after propagation

New Feature

• [SYNCOPE-156] - New admin UI
• [SYNCOPE-701] - New end-user UI
• [SYNCOPE-788] - Show the propagation task(s) linked to a given user / group / any object
• [SYNCOPE-789] - Browse objects on external resources
• [SYNCOPE-790] - Allow user / group / any object admin form customization
• [SYNCOPE-828] - Russian translation for admin console
• [SYNCOPE-856] - Allow to provision all group's members upon request

Task

• [SYNCOPE-753] - Settle how to migrate from 1.2
• [SYNCOPE-777] - Update IzPack to 5.0.8
• [SYNCOPE-785] - Provide demo page on website
• [SYNCOPE-786] - Automatic demo deploy upon Jenkins build
• [SYNCOPE-787] - Enable Activiti Modeler for demo

...

• [SYNCOPE-720] - Unauthenticated password reset functionality
• [SYNCOPE-743] - Complete Topology
• [SYNCOPE-744] - Provide dashboard
• [SYNCOPE-746] - Migrate console extension mechanism from 1.2
• [SYNCOPE-752] - Re-enable console tests

Bug

• [SYNCOPE-730] - Datetime picker component is not working properly with some date formats
• [SYNCOPE-756] - Relationships with USERs on the right side have to be forbidden
• [SYNCOPE-758] - Workflow diagram not updated after saving from XML editor modal window
• [SYNCOPE-759] - Creation of a new AnyTypeClass doesn't check if the key is already used
• [SYNCOPE-762] - Last execution date value is always null for Sched, Sync and Push tasks
• [SYNCOPE-768] - Missing records in case of user list ordered by nullable schema
• [SYNCOPE-769] - Sync performance decrease
• [SYNCOPE-774] - Cannot update resource mapping
• [SYNCOPE-775] - Error when adding a dynamic user membership condition to a role
• [SYNCOPE-776] - Standalone 2.0.0-M1 does not start up
• [SYNCOPE-780] - On logout session is not completely cleared out
• [SYNCOPE-782] - DateParamConverterProvider not working with Widlfly 9

Improvement

• [SYNCOPE-155] - Better way to override console pages
• [SYNCOPE-742] - Upgrade to CXF 3.1.5
• [SYNCOPE-760] - Allow dynamic reloading of mail templates
• [SYNCOPE-761] - Allow dynamic reloading of report stylesheets
• [SYNCOPE-763] - Provide sample Audit reportlet
• [SYNCOPE-767] - Password Policy: mustn't contain value of the following attributes case insensitive
• [SYNCOPE-771] - Rename Sync to Pull
• [SYNCOPE-778] - Allow admins to force users' password change at next login

New Feature

• [SYNCOPE-750] - Statistics
• [SYNCOPE-766] - Reconciliation reportlet

Task

• [SYNCOPE-764] - Replace Hibernate Validator with Apache BVal

...

The Apache Syncope team is currently producing a Getting Started guide (almost complete) and a Reference Guide with purpose of eliminating this Achilles' heel.

...and much much more

1. Several REST enhancements and increased compliance with standards and best-practices
2. Swagger UI integration
3. Code Refactoring
   Every single line of code has been ported from Syncope 1.2 to 2.0 taking into account all sorts of enhancements and optimizations; moreover, the whole code organization was reviewed in order to increase the overall quality and allow easier manageability and extendability.

Migrating from older releases

This is work-in-progress, tracked as SYNCOPE-753.

Sub-task

1. Several REST enhancements and increased compliance with standards and best-practices
2. Swagger UI integration
3. Code Refactoring
   Every single line of code has been ported from Syncope 1.2 to 2.0 taking into account all sorts of enhancements and optimizations; moreover, the whole code organization was reviewed in order to increase the overall quality and allow easier manageability and extendability.

Migrating from older releases

This is work-in-progress, tracked as SYNCOPE-753.

Sub-task

• [SYNCOPE-552] - Provide Activiti modeler installation feature to installer
• [SYNCOPE-580] - Add user services to command line interface
• [SYNCOPE-581] - Add configuration services to command line interface
• [SYNCOPE-582] - Add connector services to command line interface
• [SYNCOPE-583] - Add entitlement services to command line interface
• [SYNCOPE-584] - Add logger services to command line interface
• [SYNCOPE-585] - Add notification services to command line interface
• [SYNCOPE-586] - Add policy services to command line interface
• [SYNCOPE-587] - Add report services to command line interface
• [SYNCOPE-588] - Add resource services to command line interface
• [SYNCOPE-589] - Add role services to command line interface
• [SYNCOPE-590] - Add schema
• [SYNCOPE-552] - Provide Activiti modeler installation feature to installer
• [SYNCOPE-580] - Add user services to command line interface
• [SYNCOPE-581591] - Add configuration security question services to command line interface
• [SYNCOPE-582592] - Add connector task services to command line interface
• [SYNCOPE-583595] - Add entitlement workflow services to command line interface
• [SYNCOPE-584626] - Add logger services to command line interfacemake it possible to disallow using the username as password
• [SYNCOPE-636] - Include proper LICENSE & NOTICE in the dist artifact
• [SYNCOPE-585711] - Add notification domain services to command line interface
• [SYNCOPE-586718] - Add policy services to command line interfacemissing integrations
• [SYNCOPE-722] - CLI documentation
• [SYNCOPE-587723] - Add report services to command line interfaceCreate bash script file to wrap java command
• [SYNCOPE-588724] - Add resource services to command line interfacecreate properties file as help messages
• [SYNCOPE-589727] - Add role services to command line interfaceIntegration test
• [SYNCOPE-590728] - Add schema services to command line interfaceDelete all users
• [SYNCOPE-591] - Add security question services to command line interface740] - Website update for 2.0.0

Bug

• [SYNCOPE-592] - Add task services to command line interface532] - Installer does not pick Syncope version from POM
• [SYNCOPE-595539] - Add workflow services to command line interfaceEdit user with resources causes Ajax failure
• [SYNCOPE-626] - make it possible to disallow using the username as password540] - Console build fails on Windows
• [SYNCOPE-636] - Include proper LICENSE & NOTICE in the dist artifact543] - Role's "Inherit Attributes" does not inherit from parent role for check box attribute
• [SYNCOPE-711] - Add domain services to command line interface545] - Date field without conversion pattern specified goes in NPE if deleting date
• [SYNCOPE-718547] - Add missing integrations- Cannot send e-mails out when SMTP server requires authentication
• [SYNCOPE-722548] - CLI documentationProvide Activiti Modeler setup instructions
• [SYNCOPE-723] - Create bash script file to wrap java command549] - Activiti Modeler always show the default workflow definition
• [SYNCOPE-724] - create properties file as help messages551] - Admin console shows 24 roles at most in the role tree
• [SYNCOPE-727553] - Integration testInternal Server Error when creating account policy
• [SYNCOPE-728554] - Delete all usersClass Cast Exception when syncronization task starts
• [SYNCOPE-740] - Website update for 2.0.0

...

• 556] - Error in the enum schema when trying to add new enumeration value/label
• [SYNCOPE-532557] - Installer does not pick Syncope version from POMException during report execution when matching condition is not provided for user and role reportlets
• [SYNCOPE-539560] - Edit user with resources causes Ajax failure- build-tools classes artifact not published to Maven repository
• [SYNCOPE-540561] - Console build fails on WindowsHTML reports not displayed correctly with no external resources
• [SYNCOPE-543] - Role's "Inherit Attributes" does not inherit from parent role for check box attribute562] - Duplicated configuration parameters in the CATTR table
• [SYNCOPE-545564] - Date field without conversion pattern specified goes in NPE if deleting dateError while viewing user details in approval request workflow from Approvers login
• [SYNCOPE-547565] - Cannot send e-mails out when SMTP server requires authenticationError on ResourceModalPage when override a SpinnerField in the ConnectorModalPage
• [SYNCOPE-548] - Provide Activiti Modeler setup instructions566] - Name attribute value disappears after changing attribute type during schema manipulation
• [SYNCOPE-549] - Activiti Modeler always show the default workflow definition567] - Security question is not displayed correctly during password reset
• [SYNCOPE-551] - Admin console shows 24 roles at most in the role tree568] - Connectors configuration "check connection"
• [SYNCOPE-553] - Internal Server Error when creating account policy569] - The user status is not propagated on the resources
• [SYNCOPE-554571] - Class Cast Exception when syncronization task startsResourceConnConfPanel feedback panel does not work
• [SYNCOPE-556] - Error in the enum schema when trying to add new enumeration value/label572] - overridable resource connector properties cannot be changed
• [SYNCOPE-557] - Exception during report execution when matching condition is not provided for user and role reportlets574] - NullPointerException in ConnInstanceDataBinder with Java 8
• [SYNCOPE-560576] - build-tools classes artifact not published to Maven repositoryThe values of configuration parameters are not saved
• [SYNCOPE-561578] - HTML reports not displayed correctly with no external resourcesRole bulk delete not working
• [SYNCOPE-562596] - Duplicated configuration parameters in the CATTR tableStandalone persistence not configured for H2
• [SYNCOPE-564597] - Error while viewing user details in approval request workflow from Approvers loginwhen serializating SyncToken with byte array type during sync task from Active Directory
• [SYNCOPE-565598] - Error on ResourceModalPage when override a SpinnerField in the ConnectorModalPagePush Task fails on role with LDAP resource with rolemapping defined
• [SYNCOPE-566] - Name attribute value disappears after changing attribute type during schema manipulation600] - Approval chains do not work from second form onwards
• [SYNCOPE-567601] - Security question is not displayed correctly during password resetAD deleted object synchronization fails if a sync policy is specified on one or more attributes that can have no values on Syncope
• [SYNCOPE-603] - Remote unauthorized exception when a user makes a request to add a role to his profile
• [SYNCOPE-568605] - Connectors configuration "check connection"Impossible to update the connector capabilities
• [SYNCOPE-569] - The user status is not propagated on the resources607] - Error when adding a value to a multivalue configuration parameter of type long
• [SYNCOPE-571608] - ResourceConnConfPanel feedback panel does not workCannot configure audit for AuthenticationController
• [SYNCOPE-572610] - overridable resource connector properties cannot be changedInstaller doesn't update the console.properties with the container port
• [SYNCOPE-574] - NullPointerException in ConnInstanceDataBinder with Java 8611] - An approver displays all approval tasks including those not assigned to him
• [SYNCOPE-576613] - The values of configuration parameters are not saveddelete overridable connector configuration property of type array String in resource edit panel
• [SYNCOPE-578614] - Role bulk delete not workingNotificationJob fails with NullPointerException
• [SYNCOPE-596] - Standalone persistence not configured for H2615] - Updating properties and xml files of the installer module with the current version
• [SYNCOPE-597617] - Error when serializating SyncToken with byte array type during sync task from Active DirectoryUser/role schema attribute with minus symbol in name
• [SYNCOPE-598625] - Push Task Build fails on role with LDAP resource with rolemapping definedwith Java 6
• [SYNCOPE-600629] - Approval chains do not work from second form onwardsATTRTEMPLATE entities not exported
• [SYNCOPE-601] - AD deleted object synchronization fails if a sync policy is specified on one or more attributes that can have no values on Syncope632] - Errors during update propagation when derived attribute is configured as account id
• [SYNCOPE-638] - MAttrTemplate and RAttrTemplate sequence values are not managed in content.xml
• [SYNCOPE-603] - Remote unauthorized exception when a user makes a request to add a role to his profile639] - Notification 'recipientAttrType' and 'recipientAttrName' are not required
• [SYNCOPE-605641] - Impossible to update the connector capabilitiesConcurrency issues with multiple client threads
• [SYNCOPE-607] - Error when adding a value to a multivalue configuration parameter of type long643] - WorkflowResult provides unmodifiable collection for performed tasks
• [SYNCOPE-608] - Cannot configure audit for AuthenticationController644] - Error during synchronization of roles when using a RoleSchema as accountId
• [SYNCOPE-610] - Installer doesn't update the console.properties with the container port647] - Problem during propagation of an updated membership on a resource
• [SYNCOPE-611649] - An approver displays all approval tasks including those not assigned to himPaged lists not working properly
• [SYNCOPE-613] - delete overridable connector configuration property of type array String in resource edit panel654] - Some generic and uninformative error messages
• [SYNCOPE-614656] - NotificationJob fails with NullPointerExceptionDebian configuration files overwrittern
• [SYNCOPE-615] - Updating properties and xml files of the installer module with the current version658] - Duplicate derived attribute after sync task when it is configured as accountid for the synched resource
• [SYNCOPE-617] - User/role schema attribute with minus symbol in name659] - Wrong fasterxml.jackson, common-lang3 version in the Import-Package in the syncope-common, syncope-client
• [SYNCOPE-625664] - Build fails with Java 6Empty string values not allowed with Oracle DB
• [SYNCOPE-629668] - ATTRTEMPLATE entities not exportedJobInstanceLoader class is not able to return the correct Task id or Report id from its job name
• [SYNCOPE-632] - Errors during update propagation when derived attribute is configured as account id669] - Search filter in the notifications doesn't work properly
• [SYNCOPE-638] - MAttrTemplate and RAttrTemplate sequence values are not managed in content.xml670] - Prpagation miss all UserMod's changes performed by the Activiti update service task
• [SYNCOPE-639671] - Notification 'recipientAttrType' and 'recipientAttrName' are not requiredChanged password value is not propagated to external resources on successful password reset
• [SYNCOPE-641672] - Concurrency issues with multiple client threadsConsole doesn't display the right condition when configuring a search filter with a resource
• [SYNCOPE-643673] - WorkflowResult provides unmodifiable collection for performed tasksNull ids in SyncJob report
• [SYNCOPE-644] - Error during synchronization of roles when using a RoleSchema as accountId678] - Password generation fails with no password policy or no min / max length
• [SYNCOPE-647684] - Problem during propagation of an updated membership on a resource[SYNCOPE-649] - Paged lists not working properlyPassword not updated on external resources from self-service
• [SYNCOPE-654686] - Some generic and uninformative error messagesIndirect LDAP resource provisioning fails on missing password
• [SYNCOPE-656] - Debian configuration files overwrittern688] - JSON (de)serialization not working in Glassfish 4.1
• [SYNCOPE-658691] - Duplicate derived attribute after sync task when it is configured as accountid for the synched resourceMultivalue virtual attribute does not work
• [SYNCOPE-659] - Wrong fasterxml.jackson, common-lang3 version in the Import-Package in the syncope-common, syncope-client702] - Documentation issue on Architecture section
• [SYNCOPE-664703] - Empty string values not allowed with Oracle DBStatic WADL is missing extension services
• [SYNCOPE-668] - JobInstanceLoader class is not able to return the correct Task id or Report id from its job name706] - INTERNAL_SERVER_ERROR when authenticating with non existing username
• [SYNCOPE-669707] - Search filter in the notifications ConfigurationLogic doesn't work properlycheck the existence of key during deletion.
• [SYNCOPE-670] - Prpagation miss all UserMod's changes performed by the Activiti update service task710] - Password propagation not occuring if other updates are set on different resources
• [SYNCOPE-671717] - Changed password value is not propagated to external resources on successful password resetInconsistent double attribute value management
• [SYNCOPE-672] - Console doesn't display the right condition when configuring a search filter with a resource729] - Skipped remote update during resource assignment if connector CREATE capability is not provided
• [SYNCOPE-673733] - Null ids in SyncJob reportTable sort does not work fine in case of multi paged result
• [SYNCOPE-678] - Password generation fails with no password policy or no min / max length735] - Acitiviti history tables uncontrolled growth
• [SYNCOPE-684739] - Password not updated on external resources from self-serviceVirtual attributes are not updated after a sync task
• [SYNCOPE-686] - Indirect LDAP resource provisioning fails on missing password741] - Tasks page unusable when a task has thousand executions

Improvement

• [SYNCOPE-688120] - JSON (de)serialization not working in Glassfish 4.1Avoid duplication in console's authorization management
• [SYNCOPE-691139] - Multivalue virtual attribute does not workSupport OpenICF connector bundles
• [SYNCOPE-702141] - Documentation issue on Architecture sectionConcurrent propagation
• [SYNCOPE-703142] - Static WADL is missing extension servicesAsynchronous propagation
• [SYNCOPE-706391] - INTERNAL_SERVER_ERROR when authenticating with non existing usernameMake password management optional
• [SYNCOPE-707536] - ConfigurationLogic doesn't check the existence of key during deletion.Upgrade to Activiti 5.16
• [SYNCOPE-710] - Password propagation not occuring if other updates are set on different resources538] - Externalize all WAR configuration
• [SYNCOPE-717550] - Inconsistent double attribute value managementProvide cleaner user workflow definition for production
• [SYNCOPE-729] - Skipped remote update during resource assignment if connector CREATE capability is not provided555] - check for id != 0 in *Controller.resolveReference()
• [SYNCOPE-733570] - Table sort does not work fine in case of multi paged resultRemove usage of deprecated com.thoughtworks.selenium.Selenium
• [SYNCOPE-735575] - Acitiviti history tables uncontrolled growthChoose between stable and snapshot release
• [SYNCOPE-739] - Virtual attributes are not updated after a sync task599] - Enhance console's authorization.xml parsing
• [SYNCOPE-741] - Tasks page unusable when a task has thousand executions

...

• 602] - Make form approver available as workflow variable
• [SYNCOPE-120604] - Avoid duplication in console's authorization managementallow configuring empty connid location list
• [SYNCOPE-139612] - Support OpenICF connector bundlesexplicit configuration of Velocity logging
• [SYNCOPE-141616] - Concurrent propagationImproving the management of the xml and properties files inside the installer
• [SYNCOPE-142] - Asynchronous propagation618] - Upgrade Activiti to 5.17
• [SYNCOPE-391620] - Make password management optional- Code re-organization
• [SYNCOPE-536] - Upgrade to Activiti 5.16621] - Reduce log level of bean validation errors (in data binder)
• [SYNCOPE-538622] - Externalize all WAR configurationImprove VirAttrCache management
• [SYNCOPE-550627] - Provide cleaner user workflow definition for productionCamel provisioning manager: separate user / role route management and introduce Unit Test
• [SYNCOPE-555] - check for id != 0 in *Controller.resolveReference()630] - Eliminate duplicate Syncope WADL methods
• [SYNCOPE-570] - Remove usage of deprecated com.thoughtworks.selenium.Selenium634] - performance optimization for content loading
• [SYNCOPE-575637] - Choose between stable and snapshot releaseLet user choose extensions
• [SYNCOPE-599] - Enhance console's authorization.xml parsing640] - Allow MariaDB to be chosen with installer
• [SYNCOPE-602] - Make form approver available as workflow variable645] - Provide validation error message when add a role attribute in a user mapping as accountId
• [SYNCOPE-604646] - allow configuring empty connid location listDo not propagate password if not explicitely requested
• [SYNCOPE-612648] - explicit configuration of Velocity loggingNotification Configuration: missing some labels in events
• [SYNCOPE-616] - Improving the management of the xml and properties files inside the installer651] - SyncopeUser:checkToken() should fail if token is not set on user
• [SYNCOPE-618660] - Upgrade Activiti to 5.17Extend control over asynchronous job execution
• [SYNCOPE-620661] - Code re-organizationRemove overloaded methods from REST services
• [SYNCOPE-621] - Reduce log level of bean validation errors (in data binder)663] - Option to ignore users / roles during synchronization or push
• [SYNCOPE-622665] - Improve VirAttrCache managementIntroduce LogicActions for users and groups
• [SYNCOPE-627] - Camel provisioning manager: separate user / role route management and introduce Unit Test674] - NotificationManager should be able to return a list of created task ids
• [SYNCOPE-630676] - Eliminate duplicate Syncope WADL methodsOption for getting simplified list of users and roles
• [SYNCOPE-634679] - performance optimization for content loadingDeferred tasks
• [SYNCOPE-637680] - Let user choose extensionsRecipient provider extension class
• [SYNCOPE-640692] - Allow MariaDB to be chosen with installerList and search on external resources
• [SYNCOPE-645] - Provide validation error message when add a role attribute in a user mapping as accountId694] - PATCH and PUT update for users, groups and any objects
• [SYNCOPE-646696] - Do not propagate password if not explicitely requestedAllow to restrict task list
• [SYNCOPE-648705] - Notification Configuration: missing some labels in eventsSupport gzip compression for REST services
• [SYNCOPE-651] - SyncopeUser:checkToken() should fail if token is not set on user708] - Conform the Logger "service stack" to others
• [SYNCOPE-660709] - Extend control over asynchronous job executionVirtual attributes management refactoring
• [SYNCOPE-661713] - Remove overloaded methods from REST servicesConfTO object from ConfigurationService
• [SYNCOPE-663714] - Option to ignore users / roles during synchronization or pushAdd the possibility to override the capabilities of the connector
• [SYNCOPE-665] - Introduce LogicActions for users and groups[SYNCOPE-674] - NotificationManager should be able to return a list of created task ids715] - Configure whether password hash values should be returned via REST calls
• [SYNCOPE-676725] - Option for getting simplified list of users and rolesDerived attributes management refactoring
• [SYNCOPE-679731] - Deferred tasksFine-grained entitlements for any objects
• [SYNCOPE-680732] - Recipient provider extension classFiltered reconciliation for synchronization
• [SYNCOPE-692736] - List and search on external resourcesExchange JSON by default
• [SYNCOPE-694] - PATCH and PUT update for users, groups and any objects747] - Option to disable tasks / reports
• [SYNCOPE-696748] - Allow to restrict task listSelectively delete task and report executions
• [SYNCOPE-705749] - Support gzip compression for REST servicesHuman-readable date values for JSON payloads
• [SYNCOPE-708] - Conform the Logger "service stack" to others751] - Preview for PDF binary values

New Feature

• [SYNCOPE-709119] - Virtual attributes management refactoring[SYNCOPE-713] - Remove ConfTO object from ConfigurationServiceRealm-based authorization
• [SYNCOPE-714135] - Add the possibility to override the capabilities of the connectorPassword reset
• [SYNCOPE-715] - Configure whether password hash values should be returned via REST calls140] - Dynamic role and group memberships
• [SYNCOPE-725143] - Derived attributes management refactoringGUI Installer
• [SYNCOPE-731] - Fine-grained entitlements for any objects158] - CLI admin tool
• [SYNCOPE-558] - Ability to configure which user, role and membership attributes to display, and in which order
• [SYNCOPE-732623] - Filtered reconciliation for synchronizationProvisioning manager integration
• [SYNCOPE-736650] - Exchange JSON by defaultHandling errors for external resource operations
• [SYNCOPE-747652] - Option to disable tasks / reportsDomains
• [SYNCOPE-748666] - Selectively delete task and report executionsAny objects
• [SYNCOPE-749685] - Human-readable date values for JSON payloadsCustom Account / Password policy specifications
• [SYNCOPE-751690] - Preview for PDF binary values

New Feature

• Must change password at next login
• [SYNCOPE-119693] - Realm-based authorizationUse ConnId 1.4 pagination API
• [SYNCOPE-135695] - Password resetREST endpoints for attribute CRUD
• [SYNCOPE-140698] - Dynamic role and group membershipsPluggable transformation for resource mapping items
• [SYNCOPE-143704] - GUI InstallerSwagger extension

Task

• [SYNCOPE-158494] - CLI admin toolSet Java 7 as minimum requirement
• [SYNCOPE-558537] - Ability to configure which user, role and membership attributes to display, and in which orderUpgrade to ConnId 1.4.0.0
• [SYNCOPE-623] - Provisioning manager integration573] - Upgrade ConnId connectors to latest versions featuring ConnId 1.4.0.0
• [SYNCOPE-650633] - Handling errors for external resource operationsAdd support for MariaDB
• [SYNCOPE-652635] - DomainsUpgrade CSVDir connector bundle dependency version
• [SYNCOPE-666642] - Any objectsUpgrade to ConnId 1.4.1.0
• [SYNCOPE-685] - Custom Account / Password policy specifications653] - Upgrade Spring Security to 4.0.0.RELEASE
• [SYNCOPE-690657] - Must change password at next login- Enable build-time Checkstyle checks
• [SYNCOPE-693662] - Use ConnId 1Upgrade to OpenJPA 2.4 pagination API.0
• [SYNCOPE-695] - REST endpoints for attribute CRUD697] - Clean up ONE_PHASE / TWO_PHASES

Wish

• [SYNCOPE-698535] - Pluggable transformation for resource mapping items
• [SYNCOPE-704] - Swagger extension

...

• Provide Debian packages for Apache Syncope

Bug

• [SYNCOPE-494] - Set Java 7 as minimum requirement1205] - Serialization exception in the logs when editing users pending approval
• [SYNCOPE-537] - Upgrade to ConnId 1.4.0.01206] - Dynamic membership updates not considered for provisioning during update
• [SYNCOPE-573] - Upgrade ConnId connectors to latest versions featuring ConnId 1.4.0.01207] - Audit: incorrect output element reported for Pull Tasks
• [SYNCOPE-6331210] - Add support for MariaDBRandom password generation fails for push tasks
• [SYNCOPE-635] - Upgrade CSVDir connector bundle dependency version1211] - syncope migration 1.2 to 2.0 users blocked to 200
• [SYNCOPE-642] - Upgrade to ConnId 1.4.1.01213] - Syncope console should advice user about exceeded file size
• [SYNCOPE-653] - Upgrade Spring Security to 4.0.0.RELEASE1214] - Error when sorting Users by Realm
• [SYNCOPE-6571215] - Enable build-time Checkstyle checksMultivalue readonly fields allow frontend deletion
• [SYNCOPE-6621217] - Upgrade to OpenJPA 2.4.0Using the JAVA API is possible to create a Realm with the same name in the same parent realm

Improvement

• [SYNCOPE-6971212] - Clean up ONE_PHASE / TWO_PHASES

...

• Allow for easier Pull / Push processes customization

Task

• [SYNCOPE-535] - Provide Debian packages for Apache Syncope1186] - Remove copy of SAMLSSOResponseValidator and SSOValidatorResponse when CXF 3.1.13 is out