------------------------------------------------------------------------------
Release Notes - Apache Knox - Version 0.4.0
------------------------------------------------------------------------------

** Improvements
    * [KNOX-193] - document configuration to use AD as authentication source
    * [KNOX-211] - Add classes KnoxLdapRealm, KnoxLdapContextFactory
    * [KNOX-212] - provide sample topology files to work with KnoxLdapRealm
    * [KNOX-214] - ShiroSubjectIdentityAdapter needs to map ldap groups looked up by shiro to java subject principals
    * [KNOX-215] - enhance AbstractIdentityAssertionFilter to make use of ldap groups looked up by shiro
    * [KNOX-216] - add functional tests to test ldap group lookup and usage
    * [KNOX-217] - enhance KnoxLdapGroupRealm to accept password alias in place of plain text password
    * [KNOX-221] - provide sample ldif file to work with KnoxLdapRealm
    * [KNOX-225] - update sample ldif file with ldapgroups to work with apache ds 2
    * [KNOX-230] - provide ldap schema file to allow creation of daynamic groups in apache ds
    * [KNOX-231] - shiro realm implementation to support ldap dynamic groups
    * [KNOX-232] - add automation test case for ldap dynamic group support
    * [KNOX-233] - add a topology template file to illustrate the use of dynamic groups
    * [KNOX-234] - add documentation for dynamic groups
    * [KNOX-268] - document work around for Knox to Hadoop SPNego authn problem
    * [KNOX-21] - Utilize knox.auth cookie to prevent re-authentication for every request from end user
    * [KNOX-105] - Command line tooling for CMF provisioning
    * [KNOX-165] - Stress testing
    * [KNOX-166] - Improve diagnosability of connectivity issues
    * [KNOX-167] - Knox passes down incorrect Host header to Hadoop service
    * [KNOX-188] - encryptQueryString Password is Recreated when Topology is Changed.
    * [KNOX-199] - ExampleHBase.groovy fails with HBase 0.96 due to empty column qualifier REST API incompatibility
    * [KNOX-203] - Gateway fails to start when {GATEWAY_HOME}/bin not writable
    * [KNOX-205] - Launcher script (gateway.sh) not working when gateway installed via RPM
    * [KNOX-206] - User should be able to run gateway.sh script under its own but not root account
    * [KNOX-209] - Fix the Location of KEYS File
    * [KNOX-213] - Reame PostAuthenticationFilter to ShiroSubjectIdentityAdapter
    * [KNOX-219] - Fix NOTICE file for Releases
    * [KNOX-220] - Fix JWT POC Code for HSSO
    * [KNOX-222] - Remove hadoop-examples.jar from source tree
    * [KNOX-223] - generated shiro.ini file does not preserve property order
    * [KNOX-226] - Need more Linux friendly installation layout
    * [KNOX-229] - some properties of KnoxLdapRealm need to be renamed
    * [KNOX-235] - Pre-authenticated SSO/Federation Provider
    * [KNOX-244] - Knox run from the directory with spaces in Windows OS
    * [KNOX-245] - Knox is missing rewrite rule for WebHCat root path.
    * [KNOX-246] - Knox is missing authorization filter for HBase root path.
    * [KNOX-247] -  Exception in Oozie workflow definition response rewrite
    * [KNOX-249] - Fix issues with shell scripts and home directory
    * [KNOX-251] - knoxcli.sh reports NullPointerException if not given arguments
    * [KNOX-253] - log error message for exception  ldapContextFactory.getSystemLdapContext()
    * [KNOX-254] - use system password set using knoxcli in KnoxLdapContextFactory
    * [KNOX-269] - Set JSSESSIONID cookie as HttpOnly and Secure.
    * [KNOX-270] - service level authorization should return 403 on deny
    * [KNOX-271] - Audit records duplication when no matching filter was found for requested resource
    * [KNOX-280] - Topology undeploy is broken
    * [KNOX-281] - Fix the typo in user's guide
    * [KNOX-282] - document configuration to look up group membership from ldap
    * [KNOX-287] - Update documentation to be consistent with Hive 0.12 configuration
    * [KNOX-289] - Remove incubating/incubator from source and build
    * [KNOX-292] - Invalid command line arguments don't print usage.
    * [KNOX-294] - Add -version support to gateway.sh
    * [KNOX-297] - Should not send Knox stack trace to client in error responses
    * [KNOX-298] - add a topology template for using Active Directroy as authentication back end
    * [KNOX-299] - Cannot update existing master via knoxcli
    * [KNOX-301] - Unit tests unstable on different platforms
    * [KNOX-306] - Change linux scripts to use /bin/bash
    * [KNOX-308] - Windows .cmd scripts not passing parameters to java correctly.
    * [KNOX-309] - Attempt to reparse topology files to recover from overlapping write
    * [KNOX-311] - Parameters not passed to java properly by knoxcli.sh on Ubuntu.
    * [KNOX-312] - PID File Created For Failed Deployments
    * [KNOX-313] - WebHdfs service broken for HDFS 2.4.0
    * [KNOX-314] - JDBC/HTTP for Hive Requires Specialized Dispatch
    * [KNOX-318] - HBase demo scripts fail against recent HBase versions
    * [KNOX-319] - Build fails on windows
    * [KNOX-322] - Incomplete Documentation for Quick Start
    * [KNOX-323] - Update Apache Knox Details Doc
    * [KNOX-324] - Obsolete Knox Directory Layout Doc
    * [KNOX-325] - Obsolete Docs for Services Supported
    * [KNOX-326] - Obsolete Docs for Sandbox Config
    * [KNOX-327] - Incomplete/Obsolete Docs for Gateway Details
    * [KNOX-328] - Obsolete Docs for Configuration
    * [KNOX-329] - Obsolete Docs for KnoxCLI
    * [KNOX-330] - Consolidate Authentication, GroupLookup and Shiro Docs
    * [KNOX-331] - Obsolete Docs for Secure Clusters
    * [KNOX-332] - Clarifications in Docs for Preauth SSO
    * [KNOX-333] - Incomplete Docs for HBase
    * [KNOX-334] - Obsolete Docs for Hive
    * [KNOX-335] - Obsolete Docs for Limitations
    * [KNOX-336] - Obsolete Disclaimer in Export Controls Page
    * [KNOX-337] - Knox not authenticating with HBase 0.98 in secure mode
    * [KNOX-342] - Document configuration for enabled HBase Access Control
    * [KNOX-344] - Update documentation/samples to be consistent with Hive 0.13.
    * [KNOX-345] - WebHDFS and Oozie not specifying dispatch provider and end up with HiveDispatchProvider
    * [KNOX-346] - The knox-env.sh script should prefer JAVA_HOME over java on path.
    * [KNOX-347] - Fix Knox DSL documentation
    * [KNOX-139] - Move hostmap provider configuration from a rewrite function provider to real provider config
    * [KNOX-140] - Support a forced redeploy of topologies
    * [KNOX-161] - Support Hive 0.11.0 via JDBC+ODBC/Thrift/HTTP
    * [KNOX-174] - support service specific cap for buffering request entities for replay against WWW-authenticate challenge
    * [KNOX-202] - Diagnosability/troubleshooting when wrong protocol (http vs https) used
    * [KNOX-240] - Update Hadoop dependencies to 2.x
    * [KNOX-257] - add a template topology file to illustrate preauth provider
    * [KNOX-261] - Better env checking and error messages in gateway.sh
    * [KNOX-262] - Improve JRE detection in scripting
    * [KNOX-263] - Docs - User Guide list of Services missing straight MapReduce?
    * [KNOX-265] - Add master secret generation to knoxcli
    * [KNOX-275] - Add topology template file to illustrate use of staticgroup and SLA
    * [KNOX-296] - Provide a command line tools to redeploy all topologies
    * [KNOX-300] - create a topology file that uses openldap as authen back end
    * [KNOX-315] - Add support for service params in topology file
    * [KNOX-316] - Create windows service template file for LDAP server.
    * [KNOX-320] - Simplify scripts for using Knox on windows
    * [KNOX-341] - Knox needs to work with secure Hive asserting authenticated user as doAs
    * [KNOX-4] - Extend Shiro Provider to Include Groups
    * [KNOX-23] - Generate audit log of all gateway activity
    * [KNOX-33] - Provide support for hosting Jersey services for the purposes of protocol mediation of non-REST services
    * [KNOX-48] - Cluster topology must not be exposed in datanode redirect query parameters
    * [KNOX-54] - Support horizontal scalability of gateway via clustering
    * [KNOX-172] - Support ~ to represent user's home directory in WebHDFS
    * [KNOX-179] - Simple way to introduce new provider/servlet filters into the chains
    * [KNOX-194] - Document Knox HA with Apache HTTP Server + mod_proxy + mod_proxy_balancer
    * [KNOX-198] - CSRF header support
    * [KNOX-228] - Knox should support dynamic LDAP Groups
    * [KNOX-243] -  bat/cmd script for the gateway 
    * [KNOX-248] - XML configuration file to describe how to launch Knox as Windows service
    * [KNOX-90] - Support HBase/Stargate for Kerberized cluster
    * [KNOX-92] - Support Hive/JDBC/HTTP for Kerberized cluster
    * [KNOX-208] - Upgrade ApacheDS for demo LDAP server to ApacheDS 2
    * [KNOX-290] - Upgrade Shiro dependency to 1.2.3
    * [KNOX-210] - Create functional test template

------------------------------------------------------------------------------
Release Notes - Apache Knox - Version 0.3.0
------------------------------------------------------------------------------

** New Feature
    * [KNOX-8] - Support HBase via HBase/Stargate
    * [KNOX-9] - Support Hive via JDBC+ODBC/Thrift/HTTP
    * [KNOX-11] - Access Token Federation Provider
    * [KNOX-27] - Access Kerberos secured Hadoop cluster via gateway using basic auth credentials
    * [KNOX-31] - Create lifecycle scripts for gateway server
    * [KNOX-50] - Ensure that all cluster topology details are rewritten for Oozie REST APIs
    * [KNOX-61] - Create RPM packaging of Knox
    * [KNOX-68] - Create start/stop scripts for gateway
    * [KNOX-70] - Add unit and functional testing for HBase
    * [KNOX-71] - Add unit and functional tests for Hive
    * [KNOX-72] - Update site docs for HBase integration
    * [KNOX-73] - Update site docs for Hive integration
    * [KNOX-82] - Support properties file format for topology files
    * [KNOX-85] - Provide Knox client DSL for HBase REST API
    * [KNOX-98] - Cover HBase in samples
    * [KNOX-99] - Cover Hive in samples
    * [KNOX-116] - Add rewrite function so that authenticated username can be used in rewrite rules
    * [KNOX-120] - Service Level Authorization Provider with ACLs
    * [KNOX-131] - Cleanup noisy test PropertyTopologyBuilderTest
    * [KNOX-169] - Test issue for patch test automation via PreCommit-Knox-Build job

** Improvement
    * [KNOX-40] - Verify LDAP over SSL
    * [KNOX-42] - Change gateway URLs to match service URLs as closely as possible
    * [KNOX-45] - Clean up usage and help output from server command line
    * [KNOX-49] - Prevent Shiro rememberMe cookie from being returned
    * [KNOX-55] - Support finer grain control over what is included in the URL rewrite
    * [KNOX-56] - Populate RC directory with CHANGES on people.a.o
    * [KNOX-75] - make Knox work with Secure Oozie
    * [KNOX-97] - Populate staging and release directories with KEYS
    * [KNOX-100] - document steps to make Knox work with secure hadoodp cluster
    * [KNOX-101] - Use session instead of hadoop in client DSL samples
    * [KNOX-117] - Provide ServletContext attribute access to RewriteFunctionProcessor via UrlRewriteEnvironment
    * [KNOX-118] - Provide rewrite functions that resolve service location information
    * [KNOX-129] - Document topology file
    * [KNOX-141] - Diagnostic debug output when generated SSL keystore info doesn't match environment
    * [KNOX-143] - Change "out of the box" setup to use sandbox instead of sample
    * [KNOX-153] - Document RPM based install process
    * [KNOX-155] - Remove obsolete module gateway-demo
    * [KNOX-164] - document hostmap provider properties
    * [KNOX-168] - Complete User's Guide for 0.3.0 release

** Bug
    * [KNOX-47] - Clean up i18n logging and any System.out or printStackTrace usages
    * [KNOX-57] - NPE when GATEWAY_HOME deleted out from underneath a running gateway instance
    * [KNOX-58] - NameNode endpoint exposed to gateway clients in runtime exception
    * [KNOX-60] - getting started - incorrect path to gateway-site.xml
    * [KNOX-69] - Branch expansion for specdir breaks on jenkins
    * [KNOX-76] - users.ldif file bundled with knox should not have hadoop service principals
    * [KNOX-77] - Need per-service outbound URL rewriting rules
    * [KNOX-78] - spnego authorization to cluster is failing
    * [KNOX-79] - post parameters are lost while request flows from knox to secure cluster
    * [KNOX-81] - Fix naming of release artifacts to include the word incubating
    * [KNOX-83] - do not use mapred as end user prinicpal in examples
    * [KNOX-84] - use EXAMPLE.COM instead of sample.com in template files for kerberos relam
    * [KNOX-89] - Knox doing SPNego with Hadoop for every client request is not scalable
    * [KNOX-102] - Update README File
    * [KNOX-106] - The Host request header should be rewritten or removed
    * [KNOX-107] - Service URLs not rewritten for WebHDFS GET redirects
    * [KNOX-108] - Authentication failure submitting job via WebHCAT on Sandbox
    * [KNOX-109] - Failed to submit workflow via Oozie against Sandbox HDP2Beta
    * [KNOX-111] - Ensure that user identity details are rewritten for Oozie REST APIs
    * [KNOX-124] - Fix the OR semantics in AclAuthz
    * [KNOX-126] - HiveDeploymentContributor uses wrong external path /hive/api/vi
    * [KNOX-127] - Sample topology file (sample.xml) uses inconsistent internal vs external addresses
    * [KNOX-128] - Switch all samples to use guest user and home directory
    * [KNOX-130] - Throw exception on credential store creation failure
    * [KNOX-132] - Cleanup noisy test GatewayBasicFuncTest.testOozieJobSubmission()
    * [KNOX-136] - Knox should support configurable session timeout
    * [KNOX-137] - Log SSL Certificate Info
    * [KNOX-142] - Remove Templeton from user facing config and samples and use WebHCat instead
    * [KNOX-144] - Ensure cluster topology details are rewritten for HBase/Stargate REST APIs
    * [KNOX-146] - Oozie rewrite rules for NN and JT need to be updated to use hostmap
    * [KNOX-147] - Halt Startup when Gateway SSL Cert is Expired
    * [KNOX-148] - Add cluster topology details rewrite for XML responses from HBase/Stargate REST APIs
    * [KNOX-149] - Changes to AclsAuthz Config and Default Mode
    * [KNOX-150] - correct comment on session timeout  in sandbox topology file
    * [KNOX-151] - add documentation for session timeout configuration
    * [KNOX-152] - Dynamic redeploy of topo causes subsequent requests to fail
    * [KNOX-154] - INSTALL file is out of date
    * [KNOX-156] - file upload through Knox broken
    * [KNOX-157] - Knox is not able to process PUT/POST requests with large payload
    * [KNOX-158] - EmptyStackException while getting webhcat job queue in secure cluster
    * [KNOX-159] - oozie job submission thorugh knox fails for secure cluster
    * [KNOX-162] - Support Providing Your own SSL Certificate
    * [KNOX-163] - job submission through knox-webchat results in NullPointerException

------------------------------------------------------------------------------
Release Notes - Apache Knox - Version 0.2.0
------------------------------------------------------------------------------
HTTPS Support (Client side)
Oozie Support
Protected DataNode URL query strings
Pluggable Identity Asserters
Principal Mapping
URL Rewriting Enhancements
KnoxShell Client DSL

