# AMP Release 6.0.0

* [Introduction](#introduction)
* [Alert of Future Changes](#alert-of-future-changes)
* [Major New Features](#major-new-features)
* [Other Enhancements](#other-enhancements)
* [Bug And Vulnerability Fixes](#bug-and-vulnerability-fixes)
* [Deprecation Announcements](#deprecation-announcements)
* [Known Issues](#known-issues)
* [Backwards Compatibility](#backwards-compatibility)
* [Upgrade Instructions](#upgrade-instructions)

## Introduction

Thank you to our community who have contributed a lot of improvements and feedback!
Thanks also go to Brooklyn's commercial users who have funded this development and
made some major contributions.

For more information, please visit https://cloudsoft.io/amp, https://docs.cloudsoft.io
and https://brooklyn.apache.org

This is a major upgrade from AMP version 5.6.0.

## Alert of Future Changes

* TOSCA 1.1 support has now been deprecated and will no longer be supported by Cloudsoft AMP after this release.  All TOSCA blueprints should be upgraded to OASIS TOSCA v1.3.
  In most cases changes will be minor and new TOSCA capabilities will make blueprints simpler.

## Major New Features

* Cloudsoft AMP now provides first-class support for v1.3 of the TOSCA spec from OASIS, including a TOSCA YAML editor and the ability to see TOSCA items in the Catalog.  TOSCA 1.1 is available on request.

* The all-new logbook lets you query and view logs directly in the UI, to track task activity for a longer duration, identify server problems, and track the lifecycle of historic applications and entities that are no longer deployed. These can be read directly from the the current log file or from an Elasticsearch compatible aggregated log store, for example as Elasticsearch itself or OpenSearch.

* Global initializers can be specified to automatically provide information, enforce constraints, or attach policies when applications are deployed. This is used for the AMP Dashboard sensors to show, among other details, who deployed an application.

* WinRM4j now supports NTLM encryption.

* VSphere location support has been improved in many ways, including IPv6 support.

* Entitlements can be attached to LDAP or AD groups using the `LdapGroupsResolver`, with enhanced audit logging.

## Other Enhancements

* New roles added -- poweruser, blueprintAuthor, logviewer -- and new entitlements for handling HA administration and log visibility

* New blueprints, including Tomcat 9

* Enhanced information about the HA management nodes and capability to control some properties and import/migrate persisted state

* The AMP UI has been updated in-line with Cloudsoft's brand.

* AMP can be configured to use a login form instead of browser login support for all username/password based login methods e.g. basic auth and LDAP.

* Relationship names displayed as labels on arcs in the blueprint composer.

* Values of sensitive keys password, passwd, credential, secret and private masked with a string "<suppressed>" and MD5 hash of it in parentheses in the env stream, under activities tab in app inspector of deployed application.

## Bug and Vulnerability Fixes

* AMP is now stricter about persisting lambdas e.g. within a config key or part of an effector so that it will fail fast.  Default is to FAIL if we attempt to write a lambda which will be treated as null, and WARN otherwise.  This can be configured in brooklyn.cfg using the keys in LambdaPreventionMapper.  In addition this adds a delta-persistence synchronously as part of application/entity creation, so if a problem is detected the creation will fail.  FIXME Alex

* JSESSIONID marked as httpOnly by default

* Version updates due to vulnerabilities:
    * xstream to 1.4.18
    * Jetty to 9.4.39.v20210325
    * Freemaker to 2.3.31

* Add checkForwardedHeaders=true to handle reverse proxy redirections

* CLI - The help was failing due to some fields aren't defined in the app/command model

* JAVA_MAX_MEM ignored so add to EXTRA_JAVA_OPTS

* Vault doesn't need to be initialised prior to AMP starting

## Deprecation Announcements

* [Deprecate AggregationJob.java](https://github.com/apache/brooklyn-server/pull/1220)
  This was an experimental feature but nothing is using it. The logic is also very primitive and not fully baked in hence the deprecation

* The enpoint GET /icon/{itemId}/{version} has now been deprecated - use /catalog/types/.../icon endpoint instead
  No other api endpoints have been deprecated however the API docs have been updated to better show which endpoints are currently deprecated.

* TOSCA 1.1 support has now been deprecated.  1.3 is now the default OASIS TOSCA version.

## Backwards Compatibility

* TOSCA 1.1 is not included by default due to the release of the newly available TOSCA 1.3 support. This is available on request.

* Lambdas are prevented from going in to persisted state, as per above.

## Installation and Upgrade Instructions

To install see https://docs.cloudsoft.io/operations/production-installation.html

To upgrade existing installations see https://docs.cloudsoft.io/operations/upgrades/