Merge branch 'master' into enh-domain

# Conflicts:
#	docker/pom.xml
#	onejar/pom.xml
#	pom.xml
#	server/pom.xml
#	server/src/main/java/password/pwm/util/java/StringUtil.java

README.md

@@ -51,7 +51,7 @@ Official project page is at [https://github.com/pwm-project/pwm/](https://github
 # Build Information
 
 Build pre-requisites:
-* Java 1.8 JDK or newer
+* Java 1.11 JDK or newer
 * Maven 3.2 or newer
 
 Build execution:
@@ -66,6 +66,8 @@ Alternatively, an executable JAR file is created in `onejar\target`.  This JAR f
 
 The executable will show additional options that may be required.
 
+# Docker
+
 A docker image is created in `docker/target` as jib-image.tar.  You can import this docker image using a command similar to:
 
 `docker load --input=jib-image.tar`
@@ -74,17 +76,9 @@ Create docker container and run using:
 
 `docker run -d --name <container name> -p 8443:8443 pwm/pwm-webapp`
 
-This will expose the https port to 8443.  If you want the configuration to persist to you can also exposed configuration volume of `/config` using the docker `-v` option during the container
+This will expose the https port to 8443.  If you want the configuration to persist to you can also expose
+the configuration volume of `/config` using the docker `-v` option during the container
 creation and map it to a directory on the docker host or use a docker volume container.  
-The PWM docker container will place all of it's configuration and runtime data in the `/config` volume.
-
-# PWM Source Code License Update 2019
-
-* Previous License: GPL v2.0
-* New License: Apache 2.0
-* Update Date: June 17, 2019
+The PWM docker container will place all of it's configuration and runtime data in the `/config` volume.  If you do not use 
+a separate configuration volume, the config will be deleted when you delete the container.
 
-This project is licensed using Apache 2.0 License (https://www.apache.org/licenses/LICENSE-2.0).  Previous versions 
-of this source code were licensed under GPL v2.0 License (https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html).
-New submissions to this code base are made under the Apache 2.0 License.  The GPL branch of the source code contains the 
-previously licensed GPL v2.0 code.

client/angular/package.json

@@ -29,7 +29,7 @@
         "textangular": "1.5.16"
     },
     "devDependencies": {
-        "@types/angular": "^1.6.57",
+        "@types/angular": "^1.8.1",
         "@types/angular-mocks": "1.5.11",
         "@types/angular-translate": "2.15.2",
         "@types/angular-ui-router": "1.1.40",
@@ -59,7 +59,7 @@
         "karma-webpack": "3.0.5",
         "moment": "2.21.0",
         "ngtemplate-loader": "2.0.1",
-        "node-sass": ">=4.13.1",
+        "node-sass": "^6.0.0",
         "phantomjs": "2.1.7",
         "phantomjs-prebuilt": "2.1.16",
         "postcss-loader": "2.1.1",
@@ -75,7 +75,7 @@
         "typescript": "2.7.2",
         "uglifyjs-webpack-plugin": "1.2.3",
         "url-loader": "1.0.1",
-        "webpack": "^4.41.2",
+        "webpack": "^4.46.0",
         "webpack-cli": "^3.3.10",
         "webpack-dev-server": "3.1.14",
         "webpack-merge": "4.1.2",

client/pom.xml

@@ -80,7 +80,7 @@
             <plugin>
                 <groupId>com.github.eirslett</groupId>
                 <artifactId>frontend-maven-plugin</artifactId>
-                <version>1.11.0</version>
+                <version>1.11.3</version>
                 <configuration>
                     <nodeVersion>${node.version}</nodeVersion>
                     <npmVersion>${npm.version}</npmVersion>

data-service/pom.xml

@@ -135,7 +135,7 @@
         <dependency>
             <groupId>com.sun.mail</groupId>
             <artifactId>jakarta.mail</artifactId>
-            <version>2.0.0</version>
+            <version>2.0.1</version>
         </dependency>
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>

pom.xml

@@ -43,7 +43,7 @@
         <skipTests>false</skipTests>
 
         <!-- git.commit.time is populated via git-commit-id-plugin and results in a (hopefully) reproducible maven build -->
-        <project.build.outreportservreportservputTimestamp>${git.commit.time}</project.build.outreportservreportservputTimestamp>
+        <project.build.outputTimestamp>${git.commit.time}</project.build.outputTimestamp>
     </properties>
 
     <modules>
@@ -361,8 +361,11 @@
                         </configuration>
                     </execution>
                 </executions>
+                <configuration>
+                    <!-- put your configurations here -->
+                </configuration>
             </plugin>
-            <plugin>
+            <plugin> <!-- checks owsp vulnerability database -->
                 <groupId>org.owasp</groupId>
                 <artifactId>dependency-check-maven</artifactId>
                 <version>6.1.2</version>
@@ -396,7 +399,7 @@
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
-            <version>4.13.2</version>
+            <version>4.13.1</version>
             <scope>test</scope>
         </dependency>
         <dependency>

server/pom.xml

@@ -233,7 +233,7 @@
         <dependency>
             <groupId>com.sun.mail</groupId>
             <artifactId>jakarta.mail</artifactId>
-            <version>2.0.0</version>
+            <version>2.0.1</version>
         </dependency>
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
@@ -275,11 +275,21 @@
             <artifactId>jaxen</artifactId>
             <version>1.2.0</version>
         </dependency>
+        <dependency>
+            <groupId>org.jdom</groupId>
+            <artifactId>jdom2</artifactId>
+            <version>2.0.6</version>
+        </dependency>
         <dependency>
             <groupId>org.xeustechnologies</groupId>
             <artifactId>jcl-core</artifactId>
             <version>2.8</version>
         </dependency>
+        <dependency>
+            <groupId>net.iharder</groupId>
+            <artifactId>base64</artifactId>
+            <version>2.3.9</version>
+        </dependency>
         <dependency>
             <groupId>com.google.code.gson</groupId>
             <artifactId>gson</artifactId>
@@ -288,7 +298,7 @@
         <dependency>
             <groupId>com.blueconic</groupId>
             <artifactId>browscap-java</artifactId>
-            <version>1.3.3</version>
+            <version>1.3.5</version>
         </dependency>
         <dependency>
             <groupId>org.jetbrains.xodus</groupId>
@@ -309,12 +319,12 @@
         <dependency>
             <groupId>com.github.ben-manes.caffeine</groupId>
             <artifactId>caffeine</artifactId>
-            <version>3.0.0</version>
+            <version>3.0.1</version>
         </dependency>
         <dependency>
             <groupId>com.nulab-inc</groupId>
             <artifactId>zxcvbn</artifactId>
-            <version>1.4.0</version>
+            <version>1.5.0</version>
         </dependency>
         <dependency>
             <groupId>com.github.ziplet</groupId>

server/src/main/java/password/pwm/util/secure/BCrypt.java

@@ -30,6 +30,7 @@ import java.io.UnsupportedEncodingException;
 import java.security.SecureRandom;
 
 @SuppressWarnings( "all" )
+@SuppressFBWarnings( "DMI_RANDOM_USED_ONLY_ONCE" )
 public class BCrypt
 {
     private static final PwmLogger LOGGER = PwmLogger.forClass( BCrypt.class );

server/src/main/java/password/pwm/util/secure/SecureEngine.java

@@ -20,6 +20,7 @@
 
 package password.pwm.util.secure;
 
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import password.pwm.PwmConstants;
 import password.pwm.error.ErrorInformation;
 import password.pwm.error.PwmError;
@@ -502,6 +503,7 @@ public class SecureEngine
         }
     }
 
+    @SuppressFBWarnings( "DMI_RANDOM_USED_ONLY_ONCE" )
     public static void benchmark( final Writer outputData ) throws PwmUnrecoverableException, IOException
     {
         final int testIterations = 10 * 1000;

server/src/main/resources/password/pwm/i18n/PwmSetting.properties

@@ -734,7 +734,7 @@ Setting_Description_sms.gatewayPassword=Specify the user password for the SMS ga
 Setting_Description_sms.gatewayURL=Specify the URL for the SMS gateway.
 Setting_Description_sms.gatewayUser=Specify the user name for the SMS gateway.
 Setting_Description_sms.helpdesk.token.message=Specify the message text of the SMS @PwmAppName@ sends during the Help Desk token verification process.
-Setting_Description_sms.httpRequestHeaders=Specify any additional HTTP request headers for the SMS request. For example: SOAPAction for SOAP messages.
+Setting_Description_sms.httpRequestHeaders=Specify any additional HTTP request headers for the SMS request. For example: SOAPAction for SOAP messages.  Header should be a name/value pair delimitted by a colon (e.g. MyHeader:SomeValue).
 Setting_Description_sms.maxTextLength=Specify the maximum length for the SMS text. Some services allow texts longer than one message (generally 140 bytes). If the text is longer than the configured maximum, @PwmAppName@ makes multiple requests.
 Setting_Description_sms.newUser.token.message=Specify the text of the SMS @PwmAppName@ sends during the new user verification process.
 Setting_Description_sms.phoneNumberFormat=Select the format that @PwmAppName@ uses for the mobile phone number.

webapp/pom.xml

@@ -299,22 +299,22 @@
         <dependency>
             <groupId>org.webjars.npm</groupId>
             <artifactId>dojo</artifactId>
-            <version>1.16.3</version>
+            <version>1.16.4</version>
         </dependency>
         <dependency>
             <groupId>org.webjars.npm</groupId>
             <artifactId>dijit</artifactId>
-            <version>1.16.3</version>
+            <version>1.16.4</version>
         </dependency>
         <dependency>
             <groupId>org.webjars.npm</groupId>
             <artifactId>dojox</artifactId>
-            <version>1.16.3</version>
+            <version>1.16.4</version>
         </dependency>
         <dependency>
             <groupId>org.webjars.npm</groupId>
             <artifactId>dgrid</artifactId>
-            <version>1.3.1</version>
+            <version>1.3.3</version>
         </dependency>
         <dependency>
             <groupId>org.webjars.bower</groupId>