-
Release
-
Resolution: Done
-
Major
-
None
-
None
-
None
https://github.com/wildfly-security/wildfly-elytron/compare/1.15.27.Final...1.15.28.Final
commit 7a0abb6c7950c45a7a6c43031b7de1ca4abf8bd4
Author: Darran Lofthouse <darran.lofthouse@jboss.com>
Date: Thu Feb 12 12:45:36 2026 +0000
[maven-release-plugin] prepare release 1.15.28.Final
commit bab58b8557e828857afef80d3f3ce084ec434b39
Author: Darran Lofthouse <darran.lofthouse@jboss.com>
Date: Thu Feb 12 10:45:23 2026 +0000
[ELY-3011] Update WildFly Elytron to publish directly to Maven Central.
commit 1ab32f1677a9a89d2ab30e24113f30727be5303b
Author: Darran Lofthouse <darran.lofthouse@jboss.com>
Date: Tue Feb 10 10:19:30 2026 +0000
[ELY-3007] When generating HA1 errors interacting with the CBH are bypassing the mechanisms own error handling.
commit 89cbcc15a7f98e2e70ce0bdf4eac4abc372cdc22
Author: Darran Lofthouse <darran.lofthouse@jboss.com>
Date: Fri Feb 6 20:50:32 2026 +0000
[ELY-3005] We need to handle the first call as a special case.
We don't know if System.nanoTime() is returning negative values to begin
with.
commit 4ec0ecccd855995304ff662ee8115fe4e326ceef
Author: Darran Lofthouse <darran.lofthouse@jboss.com>
Date: Fri Feb 6 11:14:17 2026 +0000
[ELY-3003] Follow up work to the LRU handling.
- Increase the maximum size to 25,000
- Include the realm name in log messages and enable this to be passed
in.
- If eviction from the cache occurs due to size log a WARN, restrict
this to maximum of once every 15 minutes per realm.
commit 37731383c5115b589b5df2e78496ca60fba57a31
Author: Darran Lofthouse <darran.lofthouse@jboss.com>
Date: Thu Feb 5 19:52:51 2026 +0000
[ELY-3003] Switch to a LRU cache of sessions so we can control memory utilisation.
commit ba215b03b243a6a42043d7974a7c94098af4f981
Author: Diana Krepinska <diavilko@gmail.com>
Date: Thu Jan 29 15:37:47 2026 +0100
[ELY-2990] Update API check to 1.15.27.Final
commit f4493ed2c3a8cb69c80d8b1a9d034dda065ad708
Author: Darran Lofthouse <darran.lofthouse@jboss.com>
Date: Thu Jan 29 13:37:16 2026 +0000
[ELY-2891] Specify type of ThreadLocal.
commit 54eac76d1bd79973fd48149e34a6b4d17c0fe692
Author: Darran Lofthouse <darran.lofthouse@jboss.com>
Date: Thu Jan 29 12:58:49 2026 +0000
[ELY-2891] Update the default brute force values,
Lock after 10 failed attempts.
Lock for 15 minutes.
Keep the tracker session alive for 30 minutes.
commit 0a2461413f7dcc508783bd1e4eb971940d74cd89
Author: Darran Lofthouse <darran.lofthouse@jboss.com>
Date: Thu Jan 22 17:19:00 2026 +0000
[ELY-2891] Add some TRACE logging so we can see the events intercepted by the brute force wrapper.
commit 60e1c2382a145e8363147155d4f76a1a76377120
Author: Darran Lofthouse <darran.lofthouse@jboss.com>
Date: Thu Jan 22 13:31:53 2026 +0000
[ELY-2891] Add a mechanism so that if brute force protection is applied
multiple times the first wrapper is the only one to process
authentication events.
commit 0621637f4df732f72da405ea36ae135acae53566
Author: Darran Lofthouse <darran.lofthouse@jboss.com>
Date: Tue Jan 20 18:34:56 2026 +0000
[ELY-2891] Unwrap any Exception from the proxied call.
commit 4123f65292fee9ccec4387cca64dc6fa847d35d7
Author: Darran Lofthouse <darran.lofthouse@jboss.com>
Date: Tue Jan 20 15:31:55 2026 +0000
[ELY-2891] Add additional TRACE logging to help with diagnostics.
commit f1397d4f4c57d63b909855a306b051bbf13a2690
Author: Diana Krepinska <diavilko@gmail.com>
Date: Thu Jan 22 19:20:58 2026 +0100
[maven-release-plugin] prepare for next development iteration
commit 1c24532687c5a5e64eb2abc0bdb0c468491009da
Author: Darran Lofthouse <darran.lofthouse@jboss.com>
Date: Fri Jan 9 13:28:42 2026 +0000
[ELY-2891] Additional updates following review feedback.
commit 1c51497ead87d3eb5f65c011f1d8923473971b95
Author: Darran Lofthouse <darran.lofthouse@jboss.com>
Date: Wed Jan 7 17:02:22 2026 +0000
[ELY-2891] Add a unit test for the BruteForceTealmWrapper.
commit 1aea89dc7e8a95f55dde5241eceaba66292a4618
Author: Darran Lofthouse <darran.lofthouse@jboss.com>
Date: Wed Apr 23 18:51:18 2025 +0100
[ELY-2891] Add a SecurityRealm wrapper to add mitigations for password brute forcing.
