15.0.0

What's Changed

• Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20 by @vharseko in #733
• [#730] Bump xml-sec 2.1.7 -> 3.0.4 by @vharseko in #732
• ESIA signature change RSA to GOST algorithm by @maximthomas in #735
• Use generic authenticator app for OATH by @maximthomas in #736
• Build add MacOs m1 arm64 support on jdk 1.8 by @vharseko in #738
• update npm & move frontend-maven-plugin to pluginManagement in parent by @maximthomas in #739
• Bump node-notifier and karma-notify-reporter in /openam-ui/openam-ui-ria by @dependabot in #740
• Bump bl and phantomjs-prebuilt in /openam-ui/openam-ui-ria by @dependabot in #741
• Bump underscore and jsdoc in /openam-ui/openam-ui-ria by @dependabot in #742
• Bump opendj.version 4.6.3 by @vharseko in #745
• Bump json5, babel-core and karma-babel-preprocessor in /openam-ui/openam-ui-ria by @maximthomas in #748
• Bump minimist, karma-mocha and mocha in /openam-ui/openam-ui-ria by @dependabot in #746
• Bump flat and mocha in /openam-ui/openam-ui-ria by @dependabot in #749
• WebAuthn implementation for XUI by @maximthomas in #750
• webauthn.js methods encapsulation by @maximthomas in #751

Full Changelog: 14.8.4...15.0.0

14.8.4

What's Changed

• [#714] ADD RedirectUriValidatorTest by @vharseko in #715
• Rollback: Don't save AdminToken user token in CTS in server mode (access denied cross-node api calls) by @vharseko in #716
• FIX lock on java.util.Properties.getProperty v3 by @vharseko in #717
• FIX CTS: query TokenFilter: Filter: [coreTokenString13 eq "VALID"] by @vharseko in #719
• Bump org.owasp.antisamy:antisamy from 1.7.4 to 1.7.5 by @dependabot in #720
• avoid unnecessary CTS call when using noSession authentication by @maximthomas in #723
• Restore caching attributes on update in ID repo by @maximthomas in #724
• Add system property to disable cross-sites monitoring in cluster by @maximthomas in #725
• IdCachedServicesImpl dirty cache on create by @maximthomas in #727
• Lockout duration multiplication fix by @maximthomas in #729
• Add binding for LDAP & AD authentication by @maximthomas in #722
• Move CORS configuration from web.xml to console by @maximthomas in #726

Full Changelog: 14.8.3...14.8.4

14.8.3

What's Changed

• [#326] added JSONStdout audit logger by @maximthomas in #690
• [#105] Added setGroups action to the user REST endpoint by @maximthomas in #691
• DJLDAPv3Repo implement miss dnCache by @vharseko in #692
• Reset InternalSession creation time after successful authenticaion by @maximthomas in #694
• CASSANDRA disable server tracing by default org.openidentityplatform.openam.cassandra.trace.server=false by @vharseko in #695
• CachingRealmLookup fix SynchronizedMap.get performance by @vharseko in #696
• IdRepoPluginsCache performance (lock on get) by @vharseko in #697
• CASSANDRA setAttributes performance by @vharseko in #699
• [#693 #671 #650] AuthD dont use internalAppSSOToken by @vharseko in #700
• [#698] org.forgerock.openam.ldap.secure.protocol.version TLSv1 -> TLS by @vharseko in #701
• IdCachedServicesImpl.getServiceAttributes function should return only requested attributes by @maximthomas in #702
• update README.md by @maximthomas in #703
• Avoid unnecessary CTS call if debug is not enabled on session activation by @maximthomas in #704
• Don't save AdminToken user token in CTS in server mode by @vharseko in #705
• opendj.version 4.6.2 by @vharseko in #706
• CASSANDRA shared session to cluster by @vharseko in #707
• FIX lock on java.util.Properties.getProperty by @vharseko in #708
• FIX IdRepoAttributeValidatorManager don't use cache by @vharseko in #709
• Avoid unnecessary CTS call if there's no session in LoginState by @maximthomas in #710
• IdCachedServicesImpl implement getAssignedServices by @vharseko in #711
• FIX lock on java.util.Properties.getProperty v2 by @vharseko in #712

Full Changelog: 14.8.2...14.8.3

14.8.2

What's Changed

• Fix dirty cache key mismatch in IdCachedServicesImpl by @maximthomas in #677
• OAuth2 device code authorization time to refresh_token by @maximthomas in #679
• [#681] DestroyOldestAction fix hang on invalid session by @vharseko in #682
• [#671] Admin interface unresponsive after a few days by @vharseko in #683
• [#506] FIX is not active and the client sends the challenge for code by @vharseko in #685
• [#192] FIX In the ThreadLocalAMTokenCache, a session entry is being set by @vharseko in #684
• [#120] FIX don't have KeyInfo Tag: allow includeCert in saml2 signature by @vharseko in #686
• GHSA-r68h-jhhj-9jvm esapi 2.5.3.1 by @vharseko in #687
• Fix social login proxy redirect path. Closes #24 by @maximthomas in #688

Full Changelog: 14.8.1...14.8.2

14.8.1

What's Changed

• Append the IdType (membershipType/memberType) to the cache key by @sp193 in #663
• Session constraint fixes by @sp193 in #664
• [#368] Avoid NPE if the PrivateKey cannot be loaded. by @sp193 in #666
• opendj.version 4.5.10-SNAPSHOT by @vharseko in #667
• CVE-2023-5072 Denial of Service in JSON-Java by @vharseko in #669
• fix multiple access_token polling in device code flow by @maximthomas in #670
• JDK 21 support by @vharseko in #673
• [#671] Add scheduledExecutorService reference for NonExpiringSessionManager by @vharseko in #674
• Bump opendj.version 4.6.1 by @vharseko in #675
• Bump org.owasp.esapi:esapi from 2.5.0.0 to 2.5.2.0 by @dependabot in #676

Full Changelog: 14.7.4...14.8.1

14.7.4

What's Changed

• Docker Xmx UseContainerSupport by @vharseko in #626
• add missing ESAPI.properties file to fedlet.war by @maximthomas in #630
• Update build.yml fix The set-output command is deprecated and will be disabled soon by @vharseko in #632
• opendj.version: 4.5.6 by @vharseko in #634
• FIX cargo-maven3-plugin uberwar: java.lang.NoSuchMethodError: void org.codehaus.plexus.util.xml.Xpp3Dom. by @vharseko in #633
• fix NoClassDefFoundError in openam-clientsdk by @maximthomas in #636
• Decouple internal session class from session by @maximthomas in #638
• opendj.version: 4.5.9 by @vharseko in #639
• nexus autoReleaseAfterClose=false by @vharseko in #640
• cargo-maven3-plugin 1.10.9 by @vharseko in #641
• CVE-2023-43642 snappy-java's missing upper bound check on chunk length can lead to Denial of Service (DoS) impact by @vharseko in #648
• FIX prevent calculate AMIdentity.isMember across realms equalsIgnoreCase #347 by @vharseko in #649
• CVE-2023-4586 Netty-handler does not validate host names by default by @vharseko in #651
• FIX ClassCastException: class org.forgerock.opendj.ldap.Filter cannot be cast to class org.forgerock.openam.tokens.CoreTokenField #650 by @vharseko in #652
• Bump org.owasp.antisamy:antisamy from 1.7.1 to 1.7.4 by @dependabot in #657
• Avoid NPE by skipping attributes that are not in schema by @sp193 in #654
• Policy filter fix by @sp193 in #656
• Bump maven-surefire-plugin 3.1.2 + allow cassandra foreground by @vharseko in #658
• FIX #355 Error Cannot import the following key file: fedlet.pfx. The key file may be password protected by @vharseko in #659
• Fix inability to retrieve the token ID of the token used in the session by @sp193 in #660
• (#293) With an empty cookie domain set: add current host domain by @vharseko in #661

New Contributors

• @sp193 made their first contribution in #654

Full Changelog: 14.7.3...14.7.4

14.7.3

What's Changed

• Bump commons-fileupload from 1.4 to 1.5 by @dependabot in #590
• Add how to guides secion to readme by @maximthomas in #591
• Fix ssoadm tool JAXRPC calling error (#592) by @maximthomas in #593
• PerThread cache default 500->1024 by @vharseko in #601
• Fix infinite session cache update when reading from cache by @maximthomas in #602
• Add caching for IdRepo getMembers and getMemberships functions by @maximthomas in #605
• Bump json from 20090211 to 20230227 by @dependabot in #606
• fix getLong JSON error by @maximthomas in #607
• Fix LoginViewBean NPE by @maximthomas in #609
• Update build.yml: fail-fast: false by @vharseko in #610
• allow internal session cache invalidation by @maximthomas in #613
• internal session cache max time to seconds by @maximthomas in #616
• Bump h2 from 2.1.210 to 2.2.220 by @dependabot in #615
• FIX double encrypt/decrypt blob from CTS by @vharseko in #618
• Fix SessionNotificationSender handler NPE when internal session cache disabled by @maximthomas in #619
• Bump cassandra-all from 4.0.8 to 4.0.10 in /openam-cassandra by @dependabot in #614
• CVE-2023-34453 CVE-2023-34454 CVE-2023-34455 snappy-java's Overflow vulnerability by @vharseko in #620
• CVE-2023-34462 netty-handler SniHandler 16MB allocation by @vharseko in #621
• Bump com.datastax.oss java-driver to 4.16.0 by @vharseko in #622
• GHSL-2023-143, GHSL-2023-144, deny unsigned SAML response by @maximthomas in #624
• Bump opendj.version 4.5.5 by @vharseko in #625

Full Changelog: 14.7.2...14.7.3

14.7.2

What's Changed

• Session culler refresh session on check time by @maximthomas in #577
• NTLMv2 authentication module by @maximthomas in #578
• Fix NTLMv2 authentication module XUI errors by @maximthomas in #581
• Switch NTLMv2 auth module dependencies to maven by @maximthomas in #582
• added post process class order by @maximthomas in #583
• CVE-2022-41915 Netty vulnerable to HTTP Response splitting from assigning header value iterator by @vharseko in #586
• CVE-2022-1471 SnakeYaml Constructor Deserialization Remote Code Execution by @vharseko in #588
• Fix 500 error when open XUI console in another tab #584 by @maximthomas in #587
• CASSANDRA 4.0.8 by @vharseko in #589

Full Changelog: 14.7.1...14.7.2

14.7.1

What's Changed

• ADD support org.openidentityplatform.default_hash=CLEAR property for change default hash schema (storage without prefix) by @vharseko in #568
• replace jato library with shaded jar module by @maximthomas in #571
• Do not create session on update & split session create and update by @maximthomas in #572
• Add legacy UI integration test by @maximthomas in #573

Full Changelog: 14.7.0...14.7.1

14.7.0

What's Changed

• Bump OpenDJ to 4.5.1-SNAPSHOT by @maximthomas in #515
• Add additional user search attributes to admin console by @maximthomas in #517
• CASSANDRA disable double hash userPassword by @vharseko in #519
• OAuth user token search attribute case-insensitive by @maximthomas in #518
• Add session url notification after token restoration from persistent storage by @maximthomas in #516
• add query filter for cassandra repo by @maximthomas in #521
• CASSANDRA mask search exception with empty result (unknown index case) by @vharseko in #522
• add missing SSO Token url added event by @maximthomas in #524
• Fix recursive load guava cache error by @maximthomas in #525
• LDAP pool: shuffle by priority (round robbin) by @vharseko in #526
• FIX Throwable publishInstance error by @vharseko in #527
• Add Cassandra DS created and updated attributes. by @maximthomas in #528
• CASSANDRA disable findEntriesBlacklistedSince task by @vharseko in #529
• increase integration test timeout to complete OpenAM setup by @maximthomas in #530
• added Cassandra DataStore OR filter by @maximthomas in #532
• Modify user membership via REST API by @maximthomas in #533
• Dirty idm cache on modify membership by @maximthomas in #534
• Cassandra IdRepo date fields to unix timestamp by @maximthomas in #535
• use username instead uid by @diegogmanzanares in #531
• CVE-2021-23369 CVE-2021-23383 handlebars 4.7.7 CVE-2021-28168 jaxrs-ri 2.37 by @vharseko in #538
• snakeYAML before 1.32 vulnerable to Denial of Service by @vharseko in #539
• FIX auditCreate userpassword masking by @vharseko in #540
• FIX QuotaExhaustionActionImpl$SetBlockingQueue.add lock in LinkedBlockingQueue.contains by @vharseko in #541
• FIX QuotaExhaustionAction tasks interrupt by @vharseko in #542
• fix stack overflow when destroying sesson by quota by @maximthomas in #543
• rest auth set session id cookie by @maximthomas in #544
• FIX unit/IT test by @vharseko in #551
• FIX SessionCuller leak: prevent unscheduled task by @vharseko in #552
• CVE-2022-40153 CVE-2022-40154 CVE-2022-40156 Denial of Service by @vharseko in #553
• bump esapi to 2.5.0.0; bump antisamy to 1.7.1 by @maximthomas in #554
• WindowsDesktopSSO avoid blocking calls by @maximthomas in #558
• Windows sso write krb5 conf by @maximthomas in #559
• UPDATE github action version by @vharseko in #561
• Bump commons-net from 3.6 to 3.9.0 in /openam-authentication/openam-auth-recaptcha by @dependabot in #563
• Build java: [ '8', '11', '17', '19' ] by @vharseko in #564
• Switch Docker to jre17 LTS by @vharseko in #565
• Avoid escape pattern for privileges by @maximthomas in #566

New Contributors

• @diegogmanzanares made their first contribution in #531

Full Changelog: 14.6.6...14.7.0