[BUG] Changelog for 2.12.0 does not mention switching of libraries

opensearch-project / security

🔐 Secure your cluster with TLS, numerous authentication backends, data masking, audit logging as well as role-based access control on indices, documents, and fields

https://opensearch.org/docs/latest/security-plugin/index/

Apache License 2.0

188 stars 272 forks source link

[BUG] Changelog for 2.12.0 does not mention switching of libraries #4617

Open jarkko-rantavuori-vincit opened 1 month ago

jarkko-rantavuori-vincit commented 1 month ago

Changelog for 2.12.0 (https://github.com/opensearch-project/opensearch-build/blob/main/release-notes/opensearch-release-notes-2.12.0.md) does not mention switch from org.apache.cxf.rs.security.jose to com.nimbus.jose.jwk (https://github.com/opensearch-project/security/pull/3595). This slowed us down considerably when trying to find out what was the breaking change between 2.11.1 and 2.12.0.

cwperks commented 1 month ago

[Triage] @jarkko-rantavuori-vincit Thank you for filing this issue. I think the release notes should be retroactively updated to reflect that a change in the JWT library was made in 2.12.