changes.txt

# next

# 1.114

[nrtm] NRTMv4 Key Rotation (#1484)
[update] Return an error if an email address is longer than 80 characters (#1492)
[update] DoS Filter for Update Requests (#1495)
[update] Block IP Filter (#1498)
[update] Use transaction manager per datasource (#1501)
[update] "text" Content Type processed as "text/plain" for Mail Messages (#1515)
[update] Add Warning When Password Authentication is used in Mailupdates (#1511)
[query] Mp-member Attribute is clickable (#1506)

# 1.113.2

[update] Handle multipart/mixed Bounces and Auto-submitted Messages (#1490)

# 1.113.1

[update] validate max references (#1486)

# 1.113

[all] Inetnum AGGREGATED-BY-LIR status (#1467)
[api] Enable Client Auth Certificate for Lookup (#1475)
[api] ROA Overlapping INVALID ROA and VALID ROA fix (#1470)
[all] Java 21 Support (#1440)

# 1.112.1

[update] validate max references (#1486)

# 1.112

[all] NWI-4: Add ALLOCATED-ASSIGNED PA inetnum status (#1432)
[query] Set Charset Flag (#1450)
[update] Don't allow "mnt-lower" on assignments (#1452)
[api] Fixed Syncupdates HELP Bug (#1453)
[rdap] RDAP Link Title is a String not List<String> (#1445)
[mail] Remove Message If Bounce Detection Or Unsubscribe Fails (#1418)
[mail] Handle Multiple Delivery Status Notification Failure Responses for the Same Email Address (#1417)
[mail] Final-Recipient: RFC822 is case insensitive (#1423)
[mail] Refactor Mail Sender to allow multiple recipients (#1411)
[all] Route ROA checker (#1416)
[all] Schedule ROA load each 15 minutes (#1444)
[query] Allow inverse query for e-mail from trusted addresses (#1435)
[query] Allow inverse query for sponsoring-org from all addresses (#1431)
[nrtm] Return 404 on invalid NRTMv4 notification file path (#1422)

# 1.111

[update] Don't send email to undeliverable addresses (#1404)
[update] Add email unsubscribe support (#1404)

# 1.110

[rdap] Implemented RDAP Extension for Geofeed Data (draft-ietf-regext-rdap-geofeed-01) (#1366)
[rdap] Improve RDAP documentation (#1373, #1388)
[rdap] Implement RDAP RIR Search - Basic Search Features (#1379)
[rdap] Enable e-mail in RDAP entity responses (in top level vcard) (#1384)
[rdap] Add geofeed as a link to conform with v1 draft (#1374)
[api] Separate secure connector for Client Certificate authentication (#1390)
[api] Use clientip flag as remote address from trusted source (#1391)
[api] Redirect HTTP(S) requests to whois.ripe.net to the DB web application query page (#1396)
[api] Elasticsearch refreshed after update/create (#1367)
[api] Document inet6num assignment-size maximum prefix (#1375)
[all] Daily limit is configurable (#1401)

# 1.109.1

[rdap] Organisation RDAP Object is Assumed to be an IP on Country Attribute (#1362)

# 1.109

[rdap] Rdap redaction (#1317)
[rdap] Removed organisation "e-mail" from RDAP and added to redactions (#1333)
[update] Removed geofeed prefix validation (#1326)
[api] Added HTTPS Support to Whois Backend (#1329)
[api] Support HTTP Basic authentication (#1342)
[api] Support HTTPS Client Certificate Authentication (#1343)
[nrtm] Initialize nrtm from command-line (JMX) (#1310)
[nrtm] Use parallel stream to generate NRTMv4 snapshots (#1309)
[all] Include AS-SET in NONAUTH dump (#1352)

# 1.108

[nrtm] Use base64 instead of Hex (#1302)
[nrtm] JSON Text Sequences (#1304)
[rdap] Add multi mnt-by error (#1301)
[rdap] Add remarks (#1278)
[update] Warn when http (#1292)
[api] Remove Lucene support (#1285)
[api] Elasticsearch do not rebuild from scratch (#1294)
[api] Elasticsearch use phrase without prefix due to bug (#1298)
[api] Elasticsearch scape colons (#1299)
[all] Jakarta / EE9 (#744)

# 1.107

[nrtm] NWI-14 add mnt-ref to additional object types (#1243)
[nrtm] Sign NRTMv4 notifications (#1241)
[nrtm] Separate job for NRTMv4 snapshot file (#1219)
[api] Truncate long fields while indexing in Elasticsearch (#1236)
[api] Elasticsearch filters inconsistence (#1231)
[rdap] Limit resource lookups in RDAP organisation entity requests (#1220)
[update] Allow any characters in local part of SSO auth email addresses (#1237)
[update] LIR country attribute bug
[all] Include country: in Organisation Split File (#1251)

# 1.106.1

[nrtm] NWI-12 NRTMv4 changes 
[update] Updated Zonemaster client to match API Changes (#1206, #1207)
[update] Add all warnings to update with override response (#1189)
[rdap] Handle expected servlet exceptions in RDAP exception mapper (#1193)
[rdap] Redirect Inverse Domain queries to the Authoritative Source (#1213)
[api] Fix hightlight issue with dot in Elasticsearch (#1194)
[api] UnmappedType warning for Elasticsearch (#1191)
[all] Updated dependencies

# 1.106

[update] NWI-19 Implement AS_SET NONAUTH (#1169)
[rdap] Implement "networks" and "autnums" elements in RDAP entity response (#1103)
[rdap] Flat model, don't return as-block (#1125)
[rdap] Refactor rdap errors (#1124)
[rdap] Events and notices (#1112)
[nrtm] NRTMv4 changes (#1166, #1156)
[nrtm] initialise the nrtmv4 database (#1099)
[all] Improve AS-SET documentation (#1147)

# 1.105

[update] NWI-19: Change to AS-SET object naming rules

# 1.104

[api] Allow Grouping (-G) flag in Whois Search API (#1077)
[rdap] cidr0 notation for rdap response (#1068)
[query] Remove whois tags (#1059)
[api] Added text/plain to Search and REST APIs (#1054)
[update] Add comment not NOOP (#1052)
[update] Do not allow comments in managed attributes (#1045)
[all] Use documentation prefix 192.0.2.0/24 (#1044)
[update] Organisation country: is modifiable for end-user orgs without RIPE NCC resources (#1041)
[api] Do not return deleted versions (#1015)
[api] Redirect empty requests to syncupdates help (#1011)

# 1.103

[update] Fixed "goefeed:" validation when reading object containing multiple remarks: attributes (#975)
[all] Removed WHITEPAGES org type. (#1003)
[update] Better Error Message when Changing "mnt-by:" on Allocations (#988)
[update] Allow user "mnt-by:" when creating inet6num allocations (already allowed for inetnums) (#982)
[update] Disallow weak keys and hash algorithms (#642, #974)
[update] Abuse-c is Required for End User Organisations With Resources (#955, #969)
[update] Domain overlap validator (#956)
[api] Increase HTTP idle timeout from 30s to 60s (#998)
[grs] Lacnic GRS import was incorrectly treated as UTF-8 (should have been latin-1). (#958)
[update] Updated Zonemaster client to match API Changes (#1005)
[query] Implemented Elasticsearch (#944, #989, #993, #997)
[all] Updated dependencies

# 1.102.2

[all] Update log4j to 2.17.0 from 2.15.0 (#965)

# 1.102.1

[all] Update log4j to 2.15.0 to address CVE-2021-44228 (#959)

# 1.102

[all] NWI-13: Added support for the "geofeed:" attribute (#937)
[Update] Support base64 encoded signed update messages (sent by Thunderbird 78+) (#942)
[all] Updated "geoloc:" help text (#929)
[api] Log client IP correctly in HTTP request log (#908)
[api] Filter passwords in HTTP request log (#919)
[update] Support IDN in outgoing mail update notifications (#888)
[all] Added graceful shutdown to healthcheck (#896)
[grs] Fixed APNIC GRS mirror HTTPS download (#871)
[all] Removed AWS-specific changes
[all] Require UTC timezone at startup (#857)
[all] Updated dependencies

# 1.101

[all] Switch RIPE database to UTC timezone
[nrtm] Display an error on NRTM if client is blocked by ACL limit (#812)
[api] Added rewrite rules to embedded Jetty (#801)
[rdap] RDAP nameserver queries always return Not Implemented (#811)
[update] Don't use sso as reply-to when override was used. (#818)
[all] Updated dependencies

# 1.100

[query] Use AWS instance name (#781)
[update] Use status index during validation (#725)
[api] Fixed aut-num attribute managed flag (#749)
[api] Added client flag to API for proxying requests (#728)
[all] Java 11 support (#673)
[rdap] nameserver not implemented (#711)
[update] Delete object bug (#723)
[all] Removed Travis integration (#724)
[all] Updated dependencies
[all] Merged AWS profile (#721)
[update] Separate email address and leading/trailing space during Punycode conversion (#782)

# 1.99

[update] Require -mnt suffix when creating an MNTNER object (#667)
[nrtm] Enable TCP_NODELAY in NRTM and query connections (#693)
[api] Filter out sensitive information in API response on exception (#664)
[query] Return 'invalid option supplied' on invalid version number given to --diff-version (#662)
[rdap] Allow *any* CORS origin on RDAP GET requests by default (as recommended by RFC7480). (#661)
[all] New dummifier for RC environment
[all] Updated dependent libraries
[all] Java 11 support

# 1.98

[update] NWI-11 Punycode Internationalized Domain Names in email addresses. (#643)
[all] Prevent race condition when updating authoritative resources. (#652)
[rdap] Return remark in rdap response when abuse mailbox validation has failed. (#651)
[rdap] Rdap CORS changes (#648)
[rdap] Rdap invalid syntax exception (#647)
[rdap] An deleted object may be matched by an RDAP lookup (#645)
[api] An deleted object may not be removed from the fulltextsearch index and matched in a search (#644)
[all] Refresh legacy autnums list every 15 minutes (#641)

# 1.97.2

[api] Client cert authentication (#637)
[query] ignore case in RDAP query (#638)
[query] Optimised finding first managed resource. (#635)
[update] Cleanup status hierarchy (#633)
[update] Fixed 500 internal error on domain object update (#636)
[api] Fulltext search optimize (#631)
[all] Add daily scheduled job for reloading legacy autnums. (#634)
[all] More frequent ripe authoritative resource refresh (#627)
[update] Poetic form should be maintained by RIPE-DBM-MNT (#629)


# 1.97.1

[query] Detect a CTRL-C and interrupt (interpret as a delimiter) (#442)
[update] Fix support for Signed messages with Elliptic Curve Algorithm (#605)
[all] Updated dependencies


# 1.97

[all] Use CI build for releases (#610)
[nrtm] Apply ACL limit in NRTM (#612)
[api] Added rate-limiting filter (#609)
[nrtm] NRTM connection limit (#594)
[update] Don't allow inconsistent "org-name:" values on create (#607)
[api] Include build timestamp and commit id in Whois lookup and search responses (#598)
[nrtm] Open NRTM to non-members (#596)
[update] Restrict maximum size of object (#601)
[query] Related irt objects are not returned by default
[api] Use https in URLs (#604)
[query] Use local datasource for abuse-c finder (#600)


# 1.96.3

[all] Also use grs.import.enabled to disable authoritative resource downloading. (#597)
[query] Increase maximum pool size per datasource, to allow for spikes in long-running queries.

# 1.96.2

[rdap] Rdap fixes to output UTC time and to support additional roles.

# 1.96.1

# 1.96

[all] Refactor SSO auth pattern matching (#588)
[all] Rebuild index status sponsoring org (#590)
[all] Added country code to organisation. (#589)
[all] Fixed bug in Ipv6Resource.parseFromStrings() (#593)

# 1.95.6

[all] Deprecate mnt-lower in autnum (#585)
[query] Abuse-c validation comment must refer to the LIR organisation (#573)
[query] Don't allow more than maximum result rows in fulltextsearch request (#580)
[update] Use trusted ip instead of override for changing mntner sso attribute (#576)

[all] Update Mariadb JDBC dependency to latest. (#583)
[all] Update Jetty Dependency to Latest (#579)
[all] Update Jackson Dependency to Latest (#578)
[all] Gitlab (#582)

# 1.95.5

# 1.95.4
[all] Updated commons-compress to 1.19 to mitigate CVE-2019-12402.
[all] Replace Guava methods with (built-in) Java 8 Alternatives (#577)
[query] Use slave datasource for query (#581)
[all] Create status index (#586)

# 1.95.3
[api] Jetty request log
[all] Support optional milliseconds in Crowd response. (#571)

# 1.95.2
[all] Refactored refreshing main and grs sources. (#574)
[api] Apply ACL for version queries (#572)

# 1.95.1
[update] Don't perform SSO auth translation in Batch API
[all] Use a Timestamp class (#569)

# 1.95

[update] Don't allow inet6nums smaller than a /64 to be created. (#562)
[query] Normalise query input. (#565)
[all] Separate integration from unit tests (#564)
[scheduler] Removed custom DailyScheduler, use standard Spring scheduler and ShedLock (#563)
[update] NWI-8: don't allow SSO credentials to be updated by the user, if the maintainer is synchronised with the LIR Portal (#568)
[all] Replaced Joda Time with Java Time (#566)

# 1.94.2

[query] Filter personal data (address, email and notify attributes) from historical object versions (#556)
[query] Filter personal data from historic versions (#553)
[update] Support custom delete reason in Batch API. (#558)
[rdap] Return IP parent handle as pkey (#554)
[rdap] Return org contact (#557)
[rdap] Return correct entity (muliple objects of different type have same pkey) (#552)
[all] Upgrade to Spring 5 (#560)
[all] Replace Joda Time with Java Time (#559)

# 1.94.1

[update] Character Substitutions (#536)
[update] Do not write UTF8 into Index Tables (#547)
[rdap] Support multiple country codes in RDAP response, always return first. (#538)
[rdap] Don't return start/end address in RDAP response in cidr notation. (#539)
[rdap] Return as-block in case autnum is not found (#542)
[rdap] RDAP mntner entity query (#543)
[rdap] Support multiple languages (#544)
[rdap] RDAP help response (#549)
[rdap] jCard adr text correction (#550)
[rdap] Include abuse mailbox (#551)
[query] Reaching ACL limit in Fulltext search will return 429 Too Many Requests.
[api] Return "500 internal server error" from the REST API on unexpected error.
[rpsl] Leave the specification of an actual logging-impl to the user. (#545)

# 1.94
[api] Full text search acl (#529)
[all] Suspect abuse-c validation (#530)
[update] Abuse-c reference can also be from a resource (#531)
[api] Do not return null elements in Full text search response. (#533)
[update] Validate email address (do not allow local-only addresses, i.e. missing @domain part). (#532)

# 1.93.2
[api] Impose a limit on the maximum number of concurrent fulltext searches to prevent memory exhaustion.
[all] Increase limit in sanity check during GRS import.

# 1.93.1
[all] Rebuilt release to fix JavaMail dependency.

# 1.93
[all] Updated to Bouncy Castle 1.60 (supports Curve 25519)
[all] Updated dependencies
[update] Bogons (#519)
[update] Warn the user if the resource abuse-c is identical to the organisation abuse-c (#520)
[query] Filter out comment in Autocomplete response (#518)

# 1.92.15
[all] Abuse-c Validation schema changes.

# 1.92.14
[all] Test elliptic curve algorithms.
[all] Updated inetnum placeholder for transfers (#516)

# 1.92.13
[all] Abuse-c Validation schema changes.
[update] Only validate reserved words on create, so existing objects can be updated.

# 1.92.12
[all] Abuse-c Validation schema changes.

# 1.92.11
[all] Abuse-c Validation schema changes.

# 1.92.10
[all] Abuse-c Validation schema changes.

# 1.92.9
[all] Updated Spring version (#513)
[all] Updated JavaMail version.
[all] Improved Email address validation (#481)

# 1.92.8
[all] Schema changes for 2017-02 Abuse-c validation.

# 1.92.7
[all] Removed remaining pending update code (NWI-5)
[all] Schema changes for 2017-02 Abuse-c validation.
[api] Upgrades to libraries (#505)

# 1.92.6
[api] Make source comparison case-insensitive (fixes lookup bug for object with lowercase source value).
[query] Make source attribute comparison case-insensitive.

# 1.92.5
[all] Removed references to the RPSL maintainer.

# 1.92.4
[api] Refactored redirect for objects with nonauth source.
[query] Added nonauth source to "--list-sources" response.
[nrtm] Removed empty line between sources in "-q sources" response.

# 1.92.3
[api] Fixed URL path in REST API redirect for objects with nonauth source.

# 1.92.2
[all] Added nonauth source to database dump and split files for NWI-5.

# 1.92.1
[nrtm] Added separate sources for NWI-5.
[update] Replace short-format attribute names on update (#501)
[all] Fixed rtr-set members and mp-members syntax (#499)

# 1.92
[all] Initial NWI-5 release

# 1.91.6
[all] Updated Spring framework to 4.3.18.
[update] Validate reserved words and prefixes.

# 1.91.5
[all] Specify database latin1 character set and collation for testing.

# 1.91.4
[update] Non-break spaces not handled properly by REST API and Syncupdates.
[rdap] RDAP related contact information is filtered.
[all] Added wait loop to Database dummifier task.


# 1.91.3
[update] Don't return internal Zonemaster errors.
[update] Fixed Syncupdates compressed response.
[all] Updated Apache Velocity from 1.7 to 2.0.

# 1.91.2
[all] Jackson 2.9.5

# 1.91.1
[nrtm] Only write NRTM end of stream comment in keepalive mode
[update] Add dry-run for batch updates
[all] Updated SSO API

# 1.91

[update] Added clearer message for which LIR organisation attributes the user can update in the LIR portal
[update] Don't allow multiple spaces, any tabs, or multiple lines, in the organisation org-name attribute.
[update] Exclude certain email addresses in abuse-mailbox,e-mail,irt-nfy,mnt-nfy,notify,ref-nfy,upd-to attributes
[update] Convert non-break spaces in mailupdates to regular spaces
[nrtm] Added "end of stream" comment to NRTM responses in keepalive mode
[query] Fixed inconsistent newlines in --list-versions response
[update] Remove the "changed:" attribute from the database on update
[all] Updated dependencies

# 1.90.1
[api] Renamed Whois Search comaintained to managed.
[all] Removed "abuse-mailbox:" attribute from person,mntner,organisation,irt object types.
[update] Added Batch API

# 1.90
[update] Make org-name validation case-sensitive
[update] only allow assignment-size attribute on inet6num objects with AGGREGATED-BY-LIR status
[api] Improved REST API response if an attribute value is omitted
[all] Remove generated autnum remarks regarding legacy status
[api] Check if attribute not in object template, when deleting an object with references.
[rdap] Set "parentHandle" field on RDAP ip responses, using the parent netname. (#440)
[update] Allow whitespace in dsrdata digest (#439)
[api] Refactored transfer code (#426)
[api] Improved Search API (#441)
[update] Removed dnscheck data source
[grs] Set connect and read timeouts when downloading GRS mirror dumps
[update] Allow adding an "abuse-c:" attribute to INET(6)NUM and AUT-NUM objects
[update] Disallow adding "abuse-c:" to object types other than ORGANISATION, INET(6)NUM and AUT-NUM
[update] Disallow adding "abuse-mailbox:" to any object type other than ROLE

# 1.89.2
[update] Fix Zonemaster configuration

# 1.89.1
[api] Fix Abuse Contact lookup with matching as-block (filter by object type using key argument).

# 1.89
[update] Include who changed information in update responses for SSO and PGPKEY authentication
[update] Replaced dnscheck with Zonemaster service for domain updates
[api] Added abuse-c nic-hdl as key attribute in abuse-contact API response
[nrtm] Fixed NRTM client bugs #279 and #294
[grs] Fixed Lacnic GRS mirror download
[all] Mis-match between resource mask and value no longer possible
[api] Set worst-case timeouts for Whois REST client
[api] Merged RDAP feature
[api] Added JSON response to Fulltext Search
[update] Updated notification text to https://www.ripe.net/s/notify

# 1.88.1
[update] Handle "missing crc check" in PGP signed update message. (#423)

# 1.88
[api] DBF-71 delete syntactically incorrect objects with delete referenced objects call
[api] DBF-70 fixed substitution for multiple identical references in delete referenced objects call

# 1.87.6
[all] increased ARIN mirror sanity check to 30M objects
[all] removed legacy Unreferenced Cleanup job
[api] added reason to delete referenced objects call
[all] Bouncycastle 1.55

# 1.87.5
[all] separate the RPSL parsing in a separate module.
[update] apply an transform pipepline to unify RPSL object processing before the actual update
[all] add 'default_maintainer_history' table
[all] delete power mntners and use alloc mntners instead
[update] allow NOT-SET status to be changed or deleted
[update] catch database errors when calling dnscheck
[api] support override in delete referenced objects call
[all] fixed mntner reference in mnt-routes attribute
[all] Jetty 9.3.10
[all] Spring Framework 4.3.2

# 1.87.4
[update] bugfix allow adding mnt-lower attribute for inet(6)nums
[update] bugfix allow updates to netname attribute for inet(6)nums, unless it has the RIPE-NCC-HM-MNT

# 1.87.3
[update] Allow first description line to be editable in inet(6)num and aut-num objects
[update] bugfix allow ASSIGNED-PIs to updated netname attribute for inet(6)num and aut-num

# 1.87.2
[update] Restrict changing mnt-by,org,org-type,abuse-mailbox attributes by user maintainer
[update] Restrict adding, changing, removing first descr: attribute on allocations
[update] Added tests
[nrtm] Increased thread pool size for NRTM server

# 1.87.1
[update] Do not allow LIR edits to the netname attribute on top-level allocations
[update] Do not allow LIR edits to the organisation object mnt-by attribute(s)
[update] Allow RS maintainer to update LIR organisation user attributes with a password

# 1.87
[api] Restrict LIR edits to the organisation object
[api] 'mp-import:' attribute parsing (github bug: #305)
[api] validation of nserver attribute glue record for ENUM (e164.arpa) domains.
[api] improve error responses for invalid REST requests.
[api] special case for signed multipart/mixed parts (generated by Thunderbird)
[api] remove timestamps when rpsl has double generated attribute

# 1.86
[all] The descr-attribute is now optional for all object types
[update] prevent RIPE-NCC-RPSL-MNT to be used as mnt-by, because it is used for hierarchical authorisation
[api] improved auto-complete api

# 1.85
[all] changed phase 3 (changed attribute is configurable: either optional or invalid)

## 1.84.1
[update] Fixed database went away bug

## 1.84
[all] upgrade to MariaDB
[nrtm] removed new (unused) dummifier

## 1.83.1
[update] Fixed database went away bug

## 1.83
[all] better error message for syntax error in organisation attribute
[update] fixed bug where SyncUpdates POST without content type header results in an Internal Server Error
[api] removed unnecessary logging during full text search indexing
[api] fixed bug in delete with references to return the deleted objects.
[api] fixed bug in REST delete for unsuccessful response.

## 1.82
[update] necessary changes to accommodate inter-RIR transfer requests.

## 1.81
[api] Added Autocomplete API
[api] Added References API to allow creation and deletion of related objects
[all] The sponsoring-org attribute is now optional and not generated
[all] The mnt-by attribute is now multiple not single in as-block
[update] Fixed email validation in auth sso attribute
[all] Corrected mp-peering attribute syntax text
[update] Fixed #275, delete does not fail with object mismatch if the difference is in generated attributes
[update] Fixed bug where created and last-modified attributes are re-ordered on modify.
[update] Fixed loading objects using bootstrap

## 1.80.1
[update] Add warning if update fails, and password(s) were removed from mntner due to insecure hashes

## 1.80
[update] remove passwords from audit log
[all] removed referral-by attribute
[all] changed attribute is optional (phase 2)

## 1.79.2
[update] Fixed issue with updates with no changes marked as MODIFY instead of NOOP


## 1.79.1
[all] allow sponsoring-org on inetnums of status legacy
[all] bugfix allow delete object in old mode with database in new mode
[all] dependency updates


## 1.79
[all] dependency updates
[all] added attributes created and last-modified
[all] added switch for recognising created/last-modified
[all] batch script to add created/last-modified for all current db objects
[update] added flag for override to prevent updating last-modified
[update] #275 Some key-cert objects with multiple owners cannot be deleted
[all] made attribute referral-by optional



## 1.78
[update] Fixed concurrency issue with LoggerContext (log REST API)
[update] Added dry-run query parameter to REST API
[update] #286 Pending Create Route requests are not Removed when the Route is Created
[update] Improved error message when creating organisation without AUTO primary key
[all] Added maintenance mode to scheduler
[all] Fixed concurrency issue with REST client
[all] Improved lex/yacc compilation

## 1.77
[update] policy 2012-07: Legacy holder organisations cannot change their organisation name in their org object
            if it is referenced by an INETNUM or AUTNUM that is maintained by RIPE-NCC-LEGACY-MNT.
[update] #285 warning if conversion to latin-1 (ISO-8859-1) causes attribute value to change.
[web] A banner is displayed if user is in a non-production environment (RC, Ripe Academy)
[web] Support for RIPE Academy training environment
[web] #274 Full Text Search - Advanced Search - OR Operator
[nrtm] #267 AUTO_INCREMENT in whois_schema.sql causes out-of-range serials
[nrtm] #265 Missing reference breaks NRTM
[nrtm] added end to end comparison testing for NRTM
[query] Stockholm resiliency project: performed load tests targeting the query server in Stockholm
            - Performed an average load test
            - Performed an stress test with about 10x more than average load.
            Apache Jmeter was used to perform the load testing and Logstash, Elasticsearch and Kibana to visualise results.
            Configuration files for the above tooling can be found in the whois source code.
[update] REST API Delete on a nonexistent object isn't logged correctly

## 1.76.1
[update] #284 If a blank line (containing only spaces and/or tabs) is found in an attribute, convert to a '+' continuation character.

## 1.76
[all] #271 RipeGrsSource: uses APNIC value for download instead of RIPE
[api] #269 Syncupdates does not return 403 Forbidden on Failed Authorisation
[rc] #268 Not all maintainers in RC have a dummified password
[all] #266 Undefined SERVICE in whois.init prevents Jetty to start
[api] #264 REST Client gets stuck on Error from Streaming Search
[web] #262 passwords with '%'
[api] #261 WHOIS public REST API truncates long URL encoded parameters
[all] #260 'ASSIGNED ANYCAST' and "sponsoring-org:"
[api] #259 REST API - Unformatted Flag adds whitespace padding to response
[web] #256 Abuse Contact information not displayed on web lookups
[update] #254 PGP signed mailupdate with non-latin1 encoding fails
[query] #253 Query with too many parameters
[update] #252 Unexpected Error when Updating Domain Object
[api] #243 Returning 404 on rest api is misleading

## 1.75
[update] Suballocations smaller than /24 is now allowed
[update] Reverse domain objects with single IP address now allowed

## 1.74
[all] Fixed issues listed in GitHub: https://github.com/RIPE-NCC/whois/issues?milestone=12&state=closed
[update] Users can now remove the remarks about status in an aut-num object
[update] Users cannot remove abuse-c from an organisation if it's referenced from RIPE resources
[all] Role attribute now has a more permissive syntax


## 1.73.1
[all] Fixed issues listed in GitHub: https://github.com/RIPE-NCC/whois/issues?milestone=11&state=closed
[all] Created script to remove references to reserved AS numbers
[all] Created script to find emails for legacy resources
[all] Created script to turn multiple abuse-mailbox attributes into remarks
[all] Auth table cleanup patch (whois-1.73-3.sql) - fixes case-sensitivity regression in 1.73
[all] Crowd connect/read timeout decrease

## 1.73
[all] Implemented policy 2012-07: added "legacy" status to inetnum, and added (generated) status attribute to autnum
[all] Implemented policy 2012-08: attribute "sponsoring-org" added to inetnum, inet6num and aut-num
[all] Fixed issues listed in GitHub: https://github.com/RIPE-NCC/whois/issues?milestone=10&page=1&state=closed
[DEPLOY] merge and deploy web application feature-1.73 branch
[DEPLOY] run the following scripts for this release:
	- internals-1.73-1.sql
	- whois-1.73-1.sql
	- whois-1.73-2.sql
	- legacy_autnums.sql
Also run whois scripts in all MIRROR datasources.
[DEPLOY] when deploying the web application, change access.hostname to access.url.

## 1.72
[web, api] Better integration with other Ripe services:
Introduced Single Sign On (SSO) for Ripe Database web interface.
Objects can be created/modified when appropriate using the SSO account.

[api] #158 source element
[api] #152 Improve logging
[api] #150 restclient streamSearch returns url as an errormessage when no object is found
[api] #140 --no-personal does not work on web queries
[api] #130 JSON output is weird
[api] #114 REST API JSON response duplicate declaration for 'object' property
[api] #119 in case of noop, rest update returns the new object instead of the one in database.
[api] #148 primary-key element incorrect for route(6)
[api] #145 Empty/unused element in JAXB objects
[query] #121 The built-in help message (-v) contains outdated information about syntax rules of person and role object names
[update] #149 Cannot Update Maintainer with Multiple Passwords
[update] #141 Undelete JMX command unreliable
[web] #179 inverse web query does not find some objects
[web] #177 update a PERSON from result list selects wrong object
[web] #172 After sign out in webupdates, user is not redirected to webupdates.
[web] #164 RIPE # Filtered not shown on filtered objects
[web] #161 web query start page needs some more '?' text
[web] #160 web query 'General Info' text change
[web] #125 no error with wrong type on lookup
[web] #123 dbweb - search results should be streamed
[web] #122 Person objects have incorrect lookup links in search form results
[web] #124 dbweb does not pass on the X-Forwarded-for header to whois backend
[web] #144 Lookup page is missing RIPEStat link
[web] #138 syntax error in link to aut-num in route object in web query
[web] #132 selecting Types on web query returns wrong types
[web] #131 inverse web query does not find aut-num objects

## 1.71
[all] byacc, flex and generator files are not part of deployable whois.jar
[update] No attribute sanitation of object on delete
[api] All RestClient lookups are unfiltered
[oneshot] Dummification for database on RC environment
[update] Call Dnschecker once for all objects before beginning the per-object update cycle
[api] allow for delete reason in rest client
[all] allow for multiple owner attributes in keycert object
[web] #102 webupdates permanent link
[web] #99 webupdates new organisation startup existing maintainer
[web] #98 webupdates create page error formatting
[web] #93 webupdates doesn't display non-ASCII characters correctly
[web] #16 webupdates mixes up extracting errors from acknowledgement message
[api] #112 - return a user friendly message when creating an inetnum with invalid parent.
[api] #110 SQL statements and results are not logged in audit log
[api] #109 A mntner object is returned filtered in look up, if the password for the mnt_by mntners is supplied
[api] #108 RestClient does not return comments in the attributes of an rpsl object
[api] #97 REST calls should return error messages
[api] #95 REST /search should not accept query flags in 'query-string'
[api] #92 Uniform use to flag names in error messages
[api] #91 REST API /search puts flags in <Parameters> section in the same format as they were received in the request
[api] #87 Fixed error on NOOP update via REST API
[api] #86 Fixed email address filtering
[api] #89 Maintenance mode should return error on Syncupdates and REST API
[api] Created REST Client module
[api] Added authentication support for REST lookups
[api] log HTTP headers in update audit log
[update] Allow import-via/export-via rpsl attributes - Job Snijders <job@atrato.com>
[commons] Fixed logging of daily scheduled jobs
[oneshot] Added Default Abuse Contact script
[deploy] remove logger=... from whois.properties/master datasource definition

## 1.70.1 (deployed on 2013-11-21)
[all] Fixed MySQL replication issue

## 1.70 (deployed on 2013-11-14)
[update] DIFF keyword no longer supported
[api] added service element in responses
[api] added GETter for the abuse contact creation service
[update] mail updates not processed if they have an invalid email address, notifications failing loggingly for the same reason
[logsearch] switched to lucene 4.4 from 4.1.
[query] added option --valid-syntax and --no-valid-syntax
[query] added comment if no abuse contact registered.
[oneshot] added autnum cleanup
[api] renamed abuse-finder to abuse-contact (also changed references on DbWebWar abusefinder branch)
[api] added abuse contact creation helper rest call
[api] moved apikeys from properties to acl database
[api] Updated to Lucene 4.4
[api] removed xml-related 'xlink:' prefix from locators in JSON output
[api] normalize ip addresses
[api] dropped external/internal notion of servers; config port.api replaces port.api.*
[all] removed useless thread_id, prev_serial, serial fields and dropped unused tables from SQL schema
[all] merged pending and scheduler databases into internals
[all] added table authoritative_data to interals database
[all] dailyscheduledtasks now runs distributed in the cluster
[all] sanitize source attribute into uppercase letters
[all] specifying type filter is now allowed with version queries
[DEPLOY] remove leftover wsearch.* from properties file
[DEPLOY] change api.rest.lookup.baseurl to api.rest.baseurl
[DEPLOY] specify port.api instead of port.api.* in properties
[DEPLOY] run internals-1.70.sql on master
[DEPLOY] adjust properties to reflect new internals database
[DEPLOY] run whois-1.70.sql and whois-1.70-2.sql on master (warning: blocks updates & takes a long time!) (65 mins on pre-production)
[DEPLOY] run acl-1.70.sql on master (to normalise all ACL prefixes).
[DEPLOY] delete var/idx before starting 1.70 (to rebuild Lucene index @ v4.4, will take 20 mins to complete)
[DEPLOY] execute JMX call DailyScheduler.runDailyScheduledTask net.ripe.db.whois.common.grs.AuthoritativeResourceImportTask, on the first server only
[DEPLOY] run JMX call AuthoritativeResources.refreshCache on all servers (after import finished)
[DEPLOY] deploy DbWebWar abusefinder branch
[DEPLOY] run whois-1.70.sql on all GRS databases, too
[DEPLOY] add /abuse-contact to mod_proxy config

## 1.69 (deployed on 2013-09-23)
[update] enable dry-run
[api] changed rest API create: POST supports '/ripe/person' format only
[api] adjust mod_proxy config for POST accordingly
[api] added unfiltered queryparam to lookup (adjust documentation on deployment!)
[grs] dummifier comments are now per-source (massive update expected on deployment)
[grs] expand AS Number ranges in ARIN GRS delegated stats
[query] adjusted hierarchical lookup of direct route object keys
[query] fixed search on mixed-case domain postfix

## 1.68.1 (deployed on 2013-08-29)
[api] revamped API to follow the REST paradigm more closely

## 1.67.7
[api] added api.rest.lookup.baseurl to properties
[query] added option to directly lookup route object by specifying search key '10.0.0.0/24AS123'
[api] fully revamped REST API

## 1.67.5
[update] Allow 2-10 letters in nic-hdl suffix.
[update] Allow SHA384 hashes in ds-rdata attribute in domain objects.
[update] Improved update logging.
[api] Create JAXB marshaller instance per thread.
[api] Updated embedded Jetty server from 8.1.8 to 8.1.12.

## 1.67.4 (deployed on 2013-08-07)
[update] removed unused and incorrect text aliases for specifying ds-rdata digest/algorithm
[query] fixed verbose help for route-set member: attribute
[update] ds-rdata: attribute is now sanitized before persisting in database
[update] fixed incorrect syntax rules for as-block
[api] removed {source} pathparam where not needed

## 1.67.3
[all] Added support for graceful shutdown for layer 2 load balancers
[query] Configure a list of default sources to query (contributed by APNIC)
[all] Whois REST API has /whois root URI

## 1.67.2
[api] /grs-search and /grs-lookup removed
[api] tags included in /search
[api] completing rest api documentation
[update] disable diff keyword for this release
[update] disable pending updates for this release
[update] generated changed attribute value shown in notification and dry-run

## 1.67.1
[api] support for long options
[update] reserved words for mntner attributes no longer allowed
[query] --show-version and -B cannot be used together
[query] filter auth and email attributes from --diff-versions output
[all] added maintenance mode (-Dmaintenance=none,none)
[all] fixes for index regeneration (pre-production tests)
[query] All GRS sources are now filtered on AuthoritativeResource regardless of --resource flag
[query] --resource now enables --no-referenced by default

## 1.67
[update] added pending auth support for route(6) creation
[update] added dry-run support for a single object update via the 'dry-run: reason' pseudo-attribute
[update] display diff instead of original object in update notifications
[query] added svn-style diff support option '--diff-versions n:m'
[all] added JMX call for online regeneration of index tables
[all] dropped fallbacks in failed index lookup; need to regenerate indexes on deployment!

## 1.66.3 (deployed on 2013-06-05)
[query] --all-sources now correctly returns results from RIPE + (all GRS except RIPE-GRS)

## 1.66.2
[update] added validation for incoming email addresses
[api] moved api doc root from / to /api-doc

## 1.66
[nrtm] added nrtm client to allow users run a local copy of the RIPE DB
[query] fix bug that resulted in 'no results found' when -K or -b were used

## 1.65.10
[query] Change "--no-taginfo" to "--no-tag-info" and "--show-taginfo" to "--show-tag-info"
[grs] Tag resources for sources with {SOURCE}-REGISTRY-RESOURCE and {SOURCE}-USER-RESOURCE

## 1.65.9
[wsearch] Improve log file indexing
[update] Do not fail unreferenced object cleanup on invalid object in history
[grs] Interpret sources correctly when loading authoritative resource data

## 1.65.8
[query] Make sources to dummify configurable
[query] --resource added for global authoritative internet resources

## 1.65.3
[wsearch] Improve import logging

## 1.65.2
[grs] Fix JPIRR GRS import

## 1.65.1
[query] Fix response object type order

## 1.65
[update] Add syntax check before calling dnscheck
[wsearch] Separate domain part of email addresses to make it searchable
[wsearch] Handle ipv6 addresses with prefix length correctly
[rest api] Report tags at object level (rather than global)
[rest api] Stream search query results
[rest api] Update documentation to replace labs article

## 1.64
[nrtm] added property port.nrtm.legacy
[nrtm] implemented new dummification alongside the legacy one
[dump] added new-style export in dbase_new directory
[dump] added properties dir.rpsl.export.* to control export directories

## 1.63
[update] End of line comment on source attribute is no longer allowed
[rest api] Tags supported
[rest api] Version (history) supported
[query] Long option --filter-types renamed to --select-types
[grs] data is now dummified on-the-fly (existing databases will need to be regenerated)

## 1.62
[query] Invalid combination of query flags only reported once
[query] Log api in query log
[all] Test data anonymised

## 1.61
[all] Easy-whois phase 1
[update] Disallow too large route and route6 object creations

## 1.60.2
[update] Log exceptions when verifying PGP-signed messages
[update] Fixed issue verifying signed message with DSA key and RIPEMD160 hash
[query] Also filter CRYPT-PW auth: lines in the historical objects
[query] Blocked users can still perform non-search queries like help
[all] Merged into single jar

## 1.59.5
[query] Store IPv4 ACL entries in standard format (including prefix length)
[update] More verbose error messages for abuse-c attributes.

## 1.59.4
[all] JMX callable operations should not throw Exceptions.

## 1.59.3
[query] Fixed grs base url in whois.properties
[all] Fixed startup locking slowness

## 1.59.2
[all] Added rpsl.export.enabled option

## 1.59.1
[all] delegate java.util.logging to SLF4J

## 1.59
[all] Allow running query, nrtm and updates in a single JVM
[update] Filter override password in logfile search
[query] Enable long option spec
[update] Simplified update re-attempt logic
[update] Use more verbose error messages for abuse-c attributes

## 1.58.1
[all] Run all whois services in a single JVM
[all] Tagging of objects
[all] Do not use Hazelcast for scheduling
[all] Less verbose logging for known issues
[query] Show message
[query] Support --types query
[query] Only allow --long options with double dashes
[update] Do not check order for changed attributes
[search] Fix exception on some queries
[wsearch] Fix indexing problem due to different file ordering on production systems
[wsearch] Filter override password

## 1.58.1
[all] Improved logging

## 1.58
[update] No longer forward to legacy
[update] No longer use redirect.prefixes, but rely on IpRange (redirect.prefixes can be dropped)

## 1.57.2
[query] Generate help message based on actual query options
[query] Support long query --options
[query] Fixes for --version-list
[query] Do not display abuse-c comment for query with brief output flag

## 1.57.1
[query] Do not show "no abuse contacts found" message when querying

## 1.57
[update] WSearch indexes all update folders after daily log rollover
[update] Only show warning when abuse-mailbox is added
[update] Allow removal of abuse-c on all organisations
[update] Role attributes admin-c and tech-c are optional
[update] Role attributes admin-c and tech-c can no longer be self references
[update] Option to load addition text dumps in test database
[query] Roles with abuse-mailbox are excluded from ACL
[all] Abuse roles are not excluded in dummify process

## 1.56.2
[update] Properly index tarred logs

## 1.56.1
[query] Disable Latest versions of objects shown message

## 1.56
[query] Version info in queries
[query] Abuse-c and abuse-mailbox documentation
[query] Change output for abuse-c contact info
[query] When encountering an object maintained by rs, show abuse contacts for that one if available and stop looking in hierarchy
[query] Look only for referenced organisations that have the abuse-c attribute
[query] Do not show warning if inetnum range is entered which can be written in CIDR notation
[update] Creating or modifying organisation, role adding abuse-c or abuse-mailbox renders warnings
[update] Free-text search does not return duplicates
[update] Free-text search uses AND logic for multiple search terms
[update] Added WSearch

## 1.55.5
[update] Free-text search: Also index the object-type field (required for filtering by object-type).
[update] Removed redundant Full Text Search integration test, added tests for facet search and subwords.
[update] Don't return a stack trace on an invalid parameter value when calling the REST API.

## 1.55.4
[update] Free-text search

## 1.55.3
[update] Only validate adding/deleting/updating an inetnum mnt-lower attribute with an 'ASSIGNED ANYCAST' status.

## 1.55.2
[update] Perform update database operation based on objectId, rather than type and pkey
[update] Don't support octet-streams for now

## 1.55.1
[update] Also sanitize object when override id is used, fixes comparison object with override options.

## 1.55
[update] For now allow all first description changes because current implementation breaks compatibility
[update] Allow override options to allow fixing some corrupted objects in the database

## 1.54.2
[update] Index with mntRoutes writes in mnt_routes table only

## 1.54.1
[update] Fail on circular AUTO-nnn references
[update] Fallback to index lookup if pkey cannot be found fixes duplicate inet6num issue
[update] Fix logging of sync updates
[update] Verify PGP signed message using subkeys (check the subkey has been signed by the master key, and that the subkey is a signing key).
[query] RIPE-GRS uses RIPE datasource and radix trees and is dummified on the fly

## 1.54
[all] Warn about unapplied database patched on startup
[query] Generate verbose RPSL documentation
[update] Warn on invalid existing key-cert objects used for authentication
[update] Convert multipart pgp-signed data into canonical (CRLF) format, according to RFC2015
[update] AUTO-nnnABC placeholders are considered to refer the same object when nnn is equal
[update] Internal software errors on individual object update does not cause entire update to fail

## 1.53
[update] ACL REST API for CS
[update] Deploy route 6
[query] Cleanup ACL events after 3 months

## 1.52.11
[query] Only show abuse-c message when abuse contact found

## 1.52.10
[update] Concurrently perform DNS check for all updates
[query] Other sources than ripe or test will not show abuse-c information + no abuse-c information for root objects

## 1.52.9
[query] JmxSupport bugfix.

## 1.52.8
[update] Business rules for abuse-c
[query] Brief output shows abuse-c information
[query] Queries for autnums and inet(6)num shows abuse-c information

## 1.52.7
[update] When sending raw update to legacy, remove LGC keyword

## 1.52.6
[update] Abort unref cleanup when there are too many errors
[update] Pass update to legacy when LGC appears in mail subject

## 1.52.5
[update] INETNUM SUB-ALLOCATED PA status, object cannot be smaller than /24

## 1.52.4
[update] Wrap up aut-num and enable in production

## 1.52.3
[update] GRS import performs syntax checks on type attribute when importing

## 1.52.2
[update] Wrap up inet6num and enable in production
[update] Resolve ASSIGNED_PA validation issues for inetnum

## 1.52.1
[update] Fail update when keyword DIFF is used
[update] Fail update when no updates are found in request
[update] Unreferenced object cleanup for irt, keycert, maintainer, organisation, person, role

## 1.52
[update] Inetnum fixes and enabling on production

## 1.51
[update] GRS import

## 1.50.9
[update] Unreferenced object cleanup for person, role

## 1.50.2
[update] Fix exception when checking PGP credential with a X09 key-cert
[update] Update log with authentication info

## 1.50.1
[update] Update log

## 1.50
[update] Handle multipart, including X509 and PGP support

## 1.49
[update] Filter auth lines when sending notifications
[query] Filter auth lines even when no filtering behaviour option (-B) is specified

## 1.48
[update] JMX command to load text dumps ("split files")

## 1.47.3
[update] send updates with dangling overrides to legacy

## 1.47.2
[update] handle spaces and tabs following PGP header lines

## 1.47.1
[update] disabled signed message support

## 1.47
[nrtm] placeholder for dummy role, used to be person
[query] database dump / split files
[update] handle multiple updates
[update] override support
[update] allow no more than 20 passwords in an update message
[update] added support for domain, irt, poem, poetic-form object types
[update] added support for all set object types
[update] The nserver attribute is now a mandatory field in the domain object type
[update] address space holder authentication using RS maintainter
[update] added more specific syntax error message
[update] allow spaces and tabs in separator line between objects

## 1.44
[update] added support for inetnum, inet6num, route, route6, inet-rtr and key-cert object types
[update] Create inetnum with status EARLY REGISTRATION is not allowed
[update] Address prefix range n cannot be lower than prefix length (e.g. 192.168.0.0/16^8 is invalid)
[update] Messages in the update response are formatted consistently
[update] Report country code errors at the attribute level

## 1.43.1
[update] properly handle Windows new lines
[update] prevent radix tree update error on corrupt IP object

## 1.43
[update] MD5-PW token on auth line is case insensitive
[update] fix occasional deadlock when handling mailupdates
[update] handle corrupt data (due to incorrectly deleted objects in 2004)
[update] allow nic-handles without suffix
[update] when logging address ranges remove trailing '/'
[update] set RIPE ipv4 range to 193/19

## 1.42
[update] proper handling of '+' in continuation lines

## 1.41
[update] key attributes are always transformed to lower case
[update] pretty print RPSL output
[update] migrate person, role, organisation and maintainer handling to new system
[update] don't process messages without valid reply-to address
[update] changed attribute can not be too far in the future
[update] override attribute affects entire update
[query] pretty print RPSL output
[query] update hazelcast to 2.4