Update readme and other textfiles to 3.8.

Signed-off-by: Achim Kraus <[email protected]>

README.md

@@ -21,7 +21,7 @@ $ mvn clean install
 
 Executable JARs of the examples with all dependencies can be found in the `demo-apps/run` folder.
 
-The build-process in branch `main` is tested for jdk 7, jdk 8, jdk 11, jdk 15, jdk 16 and jdk 17. 
+The build-process in branch `main` is tested for jdk 7, jdk 8, jdk 11 and jdk 17. 
 For jdk 7 the revapi maven-plugin is disabled, it requires at least java 8.
 
 To generate the javadocs, add "-DcreateJavadoc=true" to the command line and set the `JAVA_HOME`.
@@ -40,7 +40,7 @@ To (re-)build versions before that date the unit tests must therefore be skipped
 $ mvn clean install -DskipTests
 ```
 
-Earlier versions (3.0.0-Mx, 2.6.5 and before) may also fail to build with newer JDKs, especially, if java 16 or 17 is used! That is cause by the unit test dependency to a deprecated version of "mockito". If such a (re-)build is required, the unit tests must be skipped (which is in the meantime anyway required caused by the "non-existing.host").
+Earlier versions (3.0.0-Mx, 2.6.5 and before) may also fail to build with newer JDKs, especially, if java 17 is used! That is cause by the unit test dependency to a deprecated version of "mockito". If such a (re-)build is required, the unit tests must be skipped (which is in the meantime anyway required caused by the "non-existing.host").
 
 In combination with the "non-existing.host" now existing, the build with unit test only works for the current heads of the branches `2.6.x`, `2.7.x` and `main`!
 
@@ -78,7 +78,7 @@ $ mvn clean install -DuseToolchainJavadoc=true
 
 ## Build with jdk11 and EdDSA support
 
-To support EdDSA, either java 15, java 16, java 17 or java 11 with [ed25519-java](https://github.com/str4d/ed25519-java) is required at runtime. Using java 15 (or newer) to build Californium, leaves out `ed25519-java`, using java 11 for building, includes `ed25519-java` by default. If `ed25519-java` should **NOT** be included into the californium's jars, add `-Dno.net.i2p.crypto.eddsa=true` to maven's arguments.
+To support EdDSA, either java 17 or java 11 with [ed25519-java](https://github.com/str4d/ed25519-java) is required at runtime. Using java 17 (or newer) to build Californium, leaves out `ed25519-java`, using java 11 for building, includes `ed25519-java` by default. If `ed25519-java` should **NOT** be included into the californium's jars, add `-Dno.net.i2p.crypto.eddsa=true` to maven's arguments.
 
 ```sh
 $ mvn clean install -Dno.net.i2p.crypto.eddsa=true
@@ -96,7 +96,7 @@ In that case, it's still possible to use `ed25519-java`, if the [eddsa-0.3.0.jar
 
 ## Run unit tests using Bouncy Castle as alternative JCE provider
 
-With 3.0 a first, experimental support for using Bouncy Castle (version 1.69, bcprov-jdk15on, bcpkix-jdk15on, and, for tls, bctls-jdk15on) is implemented. With 3.3 the tests are using the updated version 1.70 (for tls also  bcutil-jdk15on is used additionally) and with 3.8 version 1.71.1 is used.
+With 3.0 a first, experimental support for using Bouncy Castle (version 1.69, bcprov-jdk15on, bcpkix-jdk15on, and, for tls, bctls-jdk15on) is implemented. With 3.3 the tests are using the updated version 1.70 (for tls also  bcutil-jdk15on is used additionally) and with 3.8 version 1.72 is used.
 
 To demonstrate the basic functions, run the unit-tests using the profile `bc-tests`
 
@@ -122,7 +122,7 @@ With that, it gets very time consuming to test all combinations. Therefore, if y
 
 # Using Californium in Maven Projects
 
-We are publishing Californium's artifacts for milestones and releases to [Maven Central](https://search.maven.org/search?q=g:org.eclipse.californium%20a:parent%20v:3.7.0).
+We are publishing Californium's artifacts for milestones and releases to [Maven Central](https://search.maven.org/search?q=g:org.eclipse.californium%20a:parent%20v:3.8.0).
 To use the latest released version as a library in your projects, add the following dependency
 to your `pom.xml` (without the dots):
 
@@ -132,7 +132,7 @@ to your `pom.xml` (without the dots):
     <dependency>
             <groupId>org.eclipse.californium</groupId>
             <artifactId>californium-core</artifactId>
-            <version>3.7.0</version>
+            <version>3.8.0</version>
     </dependency>
     ...
   </dependencies>
@@ -156,7 +156,7 @@ You will therefore need to add the Eclipse Repository to your `pom.xml` first:
     ...
   </repositories>
 ```
-You can then simply depend on `3.8.0-SNAPSHOT`.
+You can then simply depend on `3.9.0-SNAPSHOT`.
 
 # Eclipse
 
@@ -179,7 +179,7 @@ In IntelliJ, choose *[File.. &raquo; Open]* then select the location of the clon
 
 A test server is running at <a href="coap://californium.eclipseprojects.io:5683/">coap://californium.eclipseprojects.io:5683/</a>
 
-It is an instance of the [cf-plugtest-server](https://repo.eclipse.org/content/repositories/californium-releases/org/eclipse/californium/cf-plugtest-server/3.7.0/cf-plugtest-server-3.7.0.jar) from the demo-apps.
+It is an instance of the [cf-plugtest-server](https://repo.eclipse.org/content/repositories/californium-releases/org/eclipse/californium/cf-plugtest-server/3.8.0/cf-plugtest-server-3.8.0.jar) from the demo-apps.
 The root resource responds with its current version.
 
 More information can be found at [http://www.eclipse.org/californium](http://www.eclipse.org/californium) and technical details at [https://projects.eclipse.org/projects/iot.californium](https://projects.eclipse.org/projects/iot.californium).
@@ -232,7 +232,7 @@ OSCORE Key Rederivation:
 For some systems (particularly when multicasting), it may be necessary to specify/restrict californium to a particular network interface, or interfaces. This can be
  achieved by setting the `COAP_NETWORK_INTERFACES` JVM parameter to a suitable regex, for example:
 
-`java -DCOAP_NETWORK_INTERFACES='.*wpan0' -jar target/cf-helloworld-server-3.7.0.jar MulticastTestServer`
+`java -DCOAP_NETWORK_INTERFACES='.*wpan0' -jar target/cf-helloworld-server-3.8.0.jar MulticastTestServer`
 
 # Contact
 

SECURITY.md

@@ -14,9 +14,9 @@ For more details, please look at [https://www.eclipse.org/security](https://www.
 
 | Version | Supported          |
 | ------- | ------------------ |
-| 3.8.0-SNAPSHOT (main) | :heavy_check_mark: |
-| 3.7.0   | :heavy_check_mark: |
-| 3.6.0, 3.5.0, 3.4.0, 3.3.1, 3.2.0, 3.1.0, 3.0.0 | :question: |
+| 3.9.0-SNAPSHOT (main) | :heavy_check_mark: |
+| 3.8.0   | :heavy_check_mark: |
+| 3.8.0, 3.6.0, 3.5.0, 3.4.0, <br/> 3.3.1, 3.2.0, 3.1.0, <br/> 3.0.0 | :question: |
 | 2.7.4   | :question: |
 | 2.7.3, 2.6.6, 2.5.0, 2.4.1, <br/> 2.3.1, 2.2.3, 2.1.0, <br/> 2.0.0 | :question: |
 | before 2.0.0   | :x: |

cf-utils/cf-nat/README.md

@@ -6,7 +6,7 @@ In order to test NAT and LoadBalancer specific situations, this module contains
 
 # Download
 
-[Eclipse Release Repository](https://repo.eclipse.org/content/repositories/californium-releases/org/eclipse/californium/cf-nat/3.7.0/cf-nat-3.7.0.jar)
+[Eclipse Release Repository](https://repo.eclipse.org/content/repositories/californium-releases/org/eclipse/californium/cf-nat/3.8.0/cf-nat-3.8.0.jar)
 
 #Usage
 

demo-apps/cf-android/app/build.gradle

@@ -55,7 +55,7 @@ android {
 
 
 dependencies {
-    def californiumVersion = '3.7.0'
+    def californiumVersion = '3.8.0'
 
     implementation fileTree(include: ['*.jar'], dir: 'libs')
     implementation 'org.eclipse.californium:californium-core:' + californiumVersion

demo-apps/cf-extplugtest-client/benchmark.sh

@@ -84,13 +84,13 @@ echo
 # cat /proc/sys/vm/max_map_count
 # prlimit
 
-CF_JAR=cf-extplugtest-client-3.8.0.jar
+CF_JAR=cf-extplugtest-client-3.9.0.jar
 CF_JAR_FIND="cf-extplugtest-client-*.jar"
 CF_EXEC="org.eclipse.californium.extplugtests.BenchmarkClient"
 #CF_OPT="-XX:+UseG1GC -Xmx6g -Xverify:none"
 CF_OPT="-XX:+UseZGC -Xmx10g"
 
-export CALIFORNIUM_STATISTIC="3.8.0"
+export CALIFORNIUM_STATISTIC="3.9.0"
 
 if [ -z "$1" ]  ; then
      CF_HOST=localhost

demo-apps/cf-extplugtest-client/hono-benchmark.sh

@@ -52,12 +52,12 @@ echo
 # cat /proc/sys/vm/max_map_count
 # prlimit
 
-CF_JAR=cf-extplugtest-client-3.8.0.jar
+CF_JAR=cf-extplugtest-client-3.9.0.jar
 CF_JAR_FIND='cf-extplugtest-client-*.jar'
 CF_EXEC="org.eclipse.californium.extplugtests.BenchmarkClient"
 CF_OPT="-XX:+UseG1GC -Xmx6g -Xverify:none"
 
-export CALIFORNIUM_STATISTIC="3.8.0-hono"
+export CALIFORNIUM_STATISTIC="3.9.0-hono"
 
 # store psk credentials in "hono.psk"
 #   format:

demo-apps/cf-extplugtest-server/README.md

@@ -106,7 +106,7 @@ To see the set of options and arguments.
 Requires to start the server with 
 
 ```sh
-java -Xmx6g -XX:+UseG1GC -jar cf-extplugtest-server-3.7.0.jar --benchmark --no-plugtest
+java -Xmx6g -XX:+UseG1GC -jar cf-extplugtest-server-3.8.0.jar --benchmark --no-plugtest
 ```
 
 The performance with enabled deduplication for CON requests depends a lot on heap management. Especially, if the performance goes down after a while, that is frequently caused by an exhausted heap. Therefore using explicit heap-options is recommended. Use the benchmark client from "cf-extplugtest-client", normally started with the shell script "benchmark.sh" there.
@@ -453,21 +453,21 @@ The current build-in cluster comes with three modes:
 Start node 1 on port 15784, using `localhost:15884` as own cluster-management-interface. Provide `localhost:25884` as static cluster-management-interface for node 2:
 
 ```sh
-java -jar target/cf-extplugtest-server-3.7.0.jar --dtls-cluster ":15784;localhost:15884;1,---;localhost:25884;2"
+java -jar target/cf-extplugtest-server-3.8.0.jar --dtls-cluster ":15784;localhost:15884;1,---;localhost:25884;2"
 ```
 
 Start node 2 on port 25784, using `localhost:25884` as own cluster-management-interface. Provide `localhost:15884` as static cluster-management-interface for node 1:
 
 ```sh
-java -jar target/cf-extplugtest-server-3.7.0.jar --dtls-cluster "---;localhost:15884;1,:25784;localhost:25884;2"
+java -jar target/cf-extplugtest-server-3.8.0.jar --dtls-cluster "---;localhost:15884;1,:25784;localhost:25884;2"
 ```
 
 In that mode, the `address:cid` pairs of the other/foreign nodes are static.
 
 To use that setup, a basic udp-load-balancer may be used in front. The [Cf-NAT](https://github.com/eclipse/californium/tree/main/cf-utils/cf-nat) offers such a function:
 
 ```sh
-java -jar cf-nat-3.7.0.jar :5784 <host>:15784 <host>:25784
+java -jar cf-nat-3.8.0.jar :5784 <host>:15784 <host>:25784
 ```
 
 Replace `<host>` by the host the `cf-extplugtest-server` has been started.
@@ -477,19 +477,19 @@ Replace `<host>` by the host the `cf-extplugtest-server` has been started.
 Start node 1 on port 15784, using `localhost:15884` as own cluster-management-interface. Provide `localhost:25884,localhost:35884` as cluster-management-interfaces for the other nodes of this cluster group:
 
 ```sh
-java -jar target/cf-extplugtest-server-3.7.0.jar --dtls-cluster ":15784;localhost:15884;1" --dtls-cluster-group="localhost:25884,localhost:35884"
+java -jar target/cf-extplugtest-server-3.8.0.jar --dtls-cluster ":15784;localhost:15884;1" --dtls-cluster-group="localhost:25884,localhost:35884"
 ```
 
 Start node 2 on port 25784, using `localhost:25884` as own cluster-management-interface. Provide `localhost:15884,localhost:35884` as cluster-management-interfaces for the other nodes of this cluster group:
 
 ```sh
-java -jar target/cf-extplugtest-server-3.7.0.jar --dtls-cluster ":25784;localhost:25884;2" --dtls-cluster-group="localhost:15884,localhost:35884"
+java -jar target/cf-extplugtest-server-3.8.0.jar --dtls-cluster ":25784;localhost:25884;2" --dtls-cluster-group="localhost:15884,localhost:35884"
 ```
 
 Start node 3 on port 35784, using `localhost:35884` as own cluster-management-interface. Provide `localhost:15884,localhost:25884` as cluster-management-interfaces for the other nodes of this cluster group:
 
 ```sh
-java -jar target/cf-extplugtest-server-3.7.0.jar --dtls-cluster ":35784;localhost:35884;3" --dtls-cluster-group="localhost:15884,localhost:25884"
+java -jar target/cf-extplugtest-server-3.8.0.jar --dtls-cluster ":35784;localhost:35884;3" --dtls-cluster-group="localhost:15884,localhost:25884"
 ```
 
 In that mode, the `address:cid` pairs of the other/foreign nodes are dynamically created using additional messages of the cluster-management-protocol.
@@ -504,13 +504,13 @@ In that mode, the `address:cid` pairs of the other/foreign nodes are dynamically
 This cluster internal management traffic could be optionally encrypted using DTLS with PSK (all nodes share the same identity and secret).
 
 ```sh
-java -jar target/cf-extplugtest-server-3.7.0.jar --dtls-cluster ":25784;localhost:25884;2" --dtls-cluster-group="localhost:15884,localhost:35884 --dtls-cluster-group-security=topSecret!"
+java -jar target/cf-extplugtest-server-3.8.0.jar --dtls-cluster ":25784;localhost:25884;2" --dtls-cluster-group="localhost:15884,localhost:35884 --dtls-cluster-group-security=topSecret!"
 ```
 
 To use that setup, a basic udp-load-balancer may be used in front as for the mode before. Just add the new third destination.
 
 ```sh
-java -jar cf-nat-3.7.0.jar :5784 <host>:15784 <host>:25784 <host>:35784
+java -jar cf-nat-3.8.0.jar :5784 <host>:15784 <host>:25784 <host>:35784
 ```
 
 ### k8s Nodes
@@ -521,7 +521,7 @@ java -jar cf-nat-3.7.0.jar :5784 <host>:15784 <host>:25784 <host>:35784
 Start nodes in a container using port `5784`, and `<any>:5884` as own cluster-management-interface. Additionally provide the external port of the cluster-management-interface also with `5884`.
 
 ```
-CMD ["java", "-XX:+UseContainerSupport", "-XX:MaxRAMPercentage=75", "-jar", "/opt/app/cf-extplugtest-server-3.7.0.jar", "--no-plugtest", "--no-tcp", "--diagnose", "--benchmark", "--k8s-dtls-cluster", ":5784;:5884;5884"]
+CMD ["java", "-XX:+UseContainerSupport", "-XX:MaxRAMPercentage=75", "-jar", "/opt/app/cf-extplugtest-server-3.8.0.jar", "--no-plugtest", "--no-tcp", "--diagnose", "--benchmark", "--k8s-dtls-cluster", ":5784;:5884;5884"]
 ```
 
 Example `CMD` statement for docker (":5884" for "<any>:5884", "5884" for just port 5884, see [Dockerfile](service/Dockerfile)).
@@ -566,7 +566,7 @@ Using a k8s local-setup, the "StatefulSet" comes with a "in-cluster load balanci
 To test the dtls-cid-cluster a coap-client can be used. For the k8s approach, start it with
 
 ```sh
-java -jar cf-client-3.7.0.jar --method GET coaps://<host>:30784/mycontext
+java -jar cf-client-3.8.0.jar --method GET coaps://<host>:30784/mycontext
 
 ==[ CoAP Request ]=============================================
 MID    : 12635
@@ -615,15 +615,15 @@ If you execute the client multiple times, you will see different `node-id`s, whe
 For the other two variants above, `Static Nodes` or `Dynamic Nodes`, the `cf-nat` may be used as load-balancer. In that cases, just use the address of the `cf-nat` as destination, e.g.
 
 ```sh
-java -jar cf-client-3.7.0.jar --method GET coaps://<nat>:5784/mycontext
+java -jar cf-client-3.8.0.jar --method GET coaps://<nat>:5784/mycontext
 ```
 
 ### Test the dtls-cid-cluster with Cf-NAT 
 
-To test, that the dtls-cid-cluster even works, if the client's address is changed, such a address change can be simulated using [Cf-NAT](https://github.com/eclipse/californium/tree/main/cf-utils/cf-nat) (download available in the [Eclipse Release Repository](https://repo.eclipse.org/content/repositories/californium-releases/org/eclipse/californium/cf-nat/3.7.0/cf-nat-3.7.0.jar)).
+To test, that the dtls-cid-cluster even works, if the client's address is changed, such a address change can be simulated using [Cf-NAT](https://github.com/eclipse/californium/tree/main/cf-utils/cf-nat) (download available in the [Eclipse Release Repository](https://repo.eclipse.org/content/repositories/californium-releases/org/eclipse/californium/cf-nat/3.8.0/cf-nat-3.8.0.jar)).
 
 ```sh
-java -jar cf-nat-3.7.0.jar :5784 <host>:30784
+java -jar cf-nat-3.8.0.jar :5784 <host>:30784
 ```
 
 Starts a NAT at port `5784`, forwarding the traffic to `<host>:30784`.
@@ -641,7 +641,7 @@ remove <host:port> - remove destination from load balancer
 reverse (on|off) - enable/disable reverse address updates.
 ```
 
-Start two [cf-browser-3.7.0](https://repo.eclipse.org/content/repositories/californium-releases/org/eclipse/californium/cf-browser/3.7.0/cf-browser-3.7.0.jar) instances. Enter as destination `coaps://<nat-host>:5784/mycontext` and execute a `GET` in both clients. Do they show different `node-ids`? If not, restart one as long as you get two different `node-id`s. Also check, if the line with `read-cid` is missing. If so, the DTLS Connection ID support is not enabled. Check, if `DTLS_CONNECTION_ID_LENGTH` is set in "Californium3.properties" to a number. Even `0` will enable it. But a empty value disables the DTLS Connection ID support!
+Start two [cf-browser-3.8.0](https://repo.eclipse.org/content/repositories/californium-releases/org/eclipse/californium/cf-browser/3.8.0/cf-browser-3.8.0.jar) instances. Enter as destination `coaps://<nat-host>:5784/mycontext` and execute a `GET` in both clients. Do they show different `node-ids`? If not, restart one as long as you get two different `node-id`s. Also check, if the line with `read-cid` is missing. If so, the DTLS Connection ID support is not enabled. Check, if `DTLS_CONNECTION_ID_LENGTH` is set in "Californium3.properties" to a number. Even `0` will enable it. But a empty value disables the DTLS Connection ID support!
 
 ```
 ip: ?.?.?.?
@@ -655,7 +655,7 @@ write-cid:
 ext-master-secret: true
 newest-record: true
 message-size-limit: 1399
-server: Cf 3.7.0
+server: Cf 3.8.0
 ```
 
 Now, press `<enter>` on the console of the NAT.
@@ -687,7 +687,7 @@ write-cid:
 ext-master-secret: true
 newest-record: true
 message-size-limit: 1399
-server: Cf 3.7.0
+server: Cf 3.8.0
 ```
 
 You may retry that, you should see the same ip-address/port (5-tuple), if you retry it within the NATs timeout (30s).
@@ -709,7 +709,7 @@ write-cid:
 ext-master-secret: true
 newest-record: true
 message-size-limit: 1399
-server: Cf 3.7.0
+server: Cf 3.8.0
 ```
 
 You may even restart the NAT, the coaps communication will still work.
@@ -829,7 +829,7 @@ An idea to improve that, is not to backward the records and instead send them di
 The communication is routed through NATs/LoadBalancer. A entry for `IPa => IPb` can usually not be used to send a record back from `IPc`. The simple load-balancer `cf-nat` offers therefore the "reverse address update feature". With that, sending back a message with `IPc => IPa` is not only possible, it updates the load-balancer destination to the right `IPc` node for this client's traffic. This works for the first two setups `Static Notes` and `Dynamic Notes`, if the `cf-nat`is used as load-balancer and started with
 
 ```sh
-java -jar cf-nat-3.7.0.jar :5784 <host>:15784 <host>:25784 -r
+java -jar cf-nat-3.8.0.jar :5784 <host>:15784 <host>:25784 -r
 ```
 
 To check, if reverse address update is enabled, press `<enter>` on the console of the NAT.
@@ -846,13 +846,13 @@ When starting the nodes, add `--no-dtls-cluster-backward`.
 Node 1
 
 ```sh
-java -jar target/cf-extplugtest-server-3.7.0.jar --dtls-cluster ":15784;localhost:15884;1" --dtls-cluster-group="localhost:25884" --no-dtls-cluster-backward
+java -jar target/cf-extplugtest-server-3.8.0.jar --dtls-cluster ":15784;localhost:15884;1" --dtls-cluster-group="localhost:25884" --no-dtls-cluster-backward
 ```
 
 Node 2
 
 ```sh
-java -jar target/cf-extplugtest-server-3.7.0.jar --dtls-cluster ":25784;localhost:15884;2" --dtls-cluster-group="localhost:15884" --no-dtls-cluster-backward
+java -jar target/cf-extplugtest-server-3.8.0.jar --dtls-cluster ":25784;localhost:15884;2" --dtls-cluster-group="localhost:15884" --no-dtls-cluster-backward
 ```
 
 You may try out the benchmark above and `clear` the NAT during execution. The 20% penalty is gone! The cluster adjusts very fast the load-balancers NAT entries with the right address.

demo-apps/cf-extplugtest-server/service/Dockerfile

@@ -16,11 +16,11 @@
 #
 # usage: docker build . -t <tag> service/Dockerfile
 
-FROM eclipse-temurin:17.0.2_8-jre
+FROM eclipse-temurin:17-jre-focal
 
 RUN mkdir /opt/app
 COPY ./service/build ./CaliforniumReceivetest3.properties /opt/app/
-COPY ./target/cf-extplugtest-server-3.8.0-SNAPSHOT.jar /opt/app/cf-extplugtest-server.jar
+COPY ./target/cf-extplugtest-server-3.9.0-SNAPSHOT.jar /opt/app/cf-extplugtest-server.jar
 
 #EXPOSE 5683/udp
 #EXPOSE 5683/tcp