Jolokia v1.5.0 release notes (2018-02-08)

« Changelog History

Release Date: 2018-02-08 // about 6 years ago

- Restrict allowed mime types to text/plain and application/json for the response.
- 🔒 Because of security reasion, the JSR-160 proxy mode is disabled by default int the Java EE agent. It can be enabled via web.xml configuration, a system property or an environment variable. In addition it is now possible to configure a whitelist with patterns which are allowed as targets in the proxy mode. See the reference manual section on "Proxy mode" for details.
- 🆕 New authMode service-any and service-all to allow to lookup an org.jolokia.osgi.security.Authenticator used for authentication. Note that this class has been changed from an abstract base class to an interface for ease of customization.