Releases: OpenIdentityPlatform/OpenAM
Releases · OpenIdentityPlatform/OpenAM
15.0.0
What's Changed
- Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20 by @vharseko in #733
- [#730] Bump xml-sec 2.1.7 -> 3.0.4 by @vharseko in #732
- ESIA signature change RSA to GOST algorithm by @maximthomas in #735
- Use generic authenticator app for OATH by @maximthomas in #736
- Build add MacOs m1 arm64 support on jdk 1.8 by @vharseko in #738
- update npm & move frontend-maven-plugin to pluginManagement in parent by @maximthomas in #739
- Bump node-notifier and karma-notify-reporter in /openam-ui/openam-ui-ria by @dependabot in #740
- Bump bl and phantomjs-prebuilt in /openam-ui/openam-ui-ria by @dependabot in #741
- Bump underscore and jsdoc in /openam-ui/openam-ui-ria by @dependabot in #742
- Bump opendj.version 4.6.3 by @vharseko in #745
- Bump json5, babel-core and karma-babel-preprocessor in /openam-ui/openam-ui-ria by @maximthomas in #748
- Bump minimist, karma-mocha and mocha in /openam-ui/openam-ui-ria by @dependabot in #746
- Bump flat and mocha in /openam-ui/openam-ui-ria by @dependabot in #749
- WebAuthn implementation for XUI by @maximthomas in #750
- webauthn.js methods encapsulation by @maximthomas in #751
Full Changelog: 14.8.4...15.0.0
14.8.4
What's Changed
- [#714] ADD RedirectUriValidatorTest by @vharseko in #715
- Rollback: Don't save AdminToken user token in CTS in server mode (access denied cross-node api calls) by @vharseko in #716
- FIX lock on java.util.Properties.getProperty v3 by @vharseko in #717
- FIX CTS: query TokenFilter: Filter: [coreTokenString13 eq "VALID"] by @vharseko in #719
- Bump org.owasp.antisamy:antisamy from 1.7.4 to 1.7.5 by @dependabot in #720
- avoid unnecessary CTS call when using noSession authentication by @maximthomas in #723
- Restore caching attributes on update in ID repo by @maximthomas in #724
- Add system property to disable cross-sites monitoring in cluster by @maximthomas in #725
- IdCachedServicesImpl dirty cache on create by @maximthomas in #727
- Lockout duration multiplication fix by @maximthomas in #729
- Add binding for LDAP & AD authentication by @maximthomas in #722
- Move CORS configuration from web.xml to console by @maximthomas in #726
Full Changelog: 14.8.3...14.8.4
14.8.3
What's Changed
- [#326] added JSONStdout audit logger by @maximthomas in #690
- [#105] Added setGroups action to the user REST endpoint by @maximthomas in #691
- DJLDAPv3Repo implement miss dnCache by @vharseko in #692
- Reset InternalSession creation time after successful authenticaion by @maximthomas in #694
- CASSANDRA disable server tracing by default org.openidentityplatform.openam.cassandra.trace.server=false by @vharseko in #695
- CachingRealmLookup fix SynchronizedMap.get performance by @vharseko in #696
- IdRepoPluginsCache performance (lock on get) by @vharseko in #697
- CASSANDRA setAttributes performance by @vharseko in #699
- [#693 #671 #650] AuthD dont use internalAppSSOToken by @vharseko in #700
- [#698] org.forgerock.openam.ldap.secure.protocol.version TLSv1 -> TLS by @vharseko in #701
- IdCachedServicesImpl.getServiceAttributes function should return only requested attributes by @maximthomas in #702
- update README.md by @maximthomas in #703
- Avoid unnecessary CTS call if debug is not enabled on session activation by @maximthomas in #704
- Don't save AdminToken user token in CTS in server mode by @vharseko in #705
- opendj.version 4.6.2 by @vharseko in #706
- CASSANDRA shared session to cluster by @vharseko in #707
- FIX lock on java.util.Properties.getProperty by @vharseko in #708
- FIX IdRepoAttributeValidatorManager don't use cache by @vharseko in #709
- Avoid unnecessary CTS call if there's no session in LoginState by @maximthomas in #710
- IdCachedServicesImpl implement getAssignedServices by @vharseko in #711
- FIX lock on java.util.Properties.getProperty v2 by @vharseko in #712
Full Changelog: 14.8.2...14.8.3
14.8.2
What's Changed
- Fix dirty cache key mismatch in IdCachedServicesImpl by @maximthomas in #677
- OAuth2 device code authorization time to refresh_token by @maximthomas in #679
- [#681] DestroyOldestAction fix hang on invalid session by @vharseko in #682
- [#671] Admin interface unresponsive after a few days by @vharseko in #683
- [#506] FIX is not active and the client sends the challenge for code by @vharseko in #685
- [#192] FIX In the ThreadLocalAMTokenCache, a session entry is being set by @vharseko in #684
- [#120] FIX don't have KeyInfo Tag: allow includeCert in saml2 signature by @vharseko in #686
- GHSA-r68h-jhhj-9jvm esapi 2.5.3.1 by @vharseko in #687
- Fix social login proxy redirect path. Closes #24 by @maximthomas in #688
Full Changelog: 14.8.1...14.8.2
14.8.1
What's Changed
- Append the IdType (membershipType/memberType) to the cache key by @sp193 in #663
- Session constraint fixes by @sp193 in #664
- [#368] Avoid NPE if the PrivateKey cannot be loaded. by @sp193 in #666
- opendj.version 4.5.10-SNAPSHOT by @vharseko in #667
- CVE-2023-5072 Denial of Service in JSON-Java by @vharseko in #669
- fix multiple access_token polling in device code flow by @maximthomas in #670
- JDK 21 support by @vharseko in #673
- [#671] Add scheduledExecutorService reference for NonExpiringSessionManager by @vharseko in #674
- Bump opendj.version 4.6.1 by @vharseko in #675
- Bump org.owasp.esapi:esapi from 2.5.0.0 to 2.5.2.0 by @dependabot in #676
Full Changelog: 14.7.4...14.8.1
14.7.4
What's Changed
- Docker Xmx UseContainerSupport by @vharseko in #626
- add missing ESAPI.properties file to fedlet.war by @maximthomas in #630
- Update build.yml fix The
set-output
command is deprecated and will be disabled soon by @vharseko in #632 - opendj.version: 4.5.6 by @vharseko in #634
- FIX cargo-maven3-plugin uberwar: java.lang.NoSuchMethodError: void org.codehaus.plexus.util.xml.Xpp3Dom. by @vharseko in #633
- fix NoClassDefFoundError in openam-clientsdk by @maximthomas in #636
- Decouple internal session class from session by @maximthomas in #638
- opendj.version: 4.5.9 by @vharseko in #639
- nexus autoReleaseAfterClose=false by @vharseko in #640
- cargo-maven3-plugin 1.10.9 by @vharseko in #641
- CVE-2023-43642 snappy-java's missing upper bound check on chunk length can lead to Denial of Service (DoS) impact by @vharseko in #648
- FIX prevent calculate AMIdentity.isMember across realms equalsIgnoreCase #347 by @vharseko in #649
- CVE-2023-4586 Netty-handler does not validate host names by default by @vharseko in #651
- FIX ClassCastException: class org.forgerock.opendj.ldap.Filter cannot be cast to class org.forgerock.openam.tokens.CoreTokenField #650 by @vharseko in #652
- Bump org.owasp.antisamy:antisamy from 1.7.1 to 1.7.4 by @dependabot in #657
- Avoid NPE by skipping attributes that are not in schema by @sp193 in #654
- Policy filter fix by @sp193 in #656
- Bump maven-surefire-plugin 3.1.2 + allow cassandra foreground by @vharseko in #658
- FIX #355 Error Cannot import the following key file: fedlet.pfx. The key file may be password protected by @vharseko in #659
- Fix inability to retrieve the token ID of the token used in the session by @sp193 in #660
- (#293) With an empty cookie domain set: add current host domain by @vharseko in #661
New Contributors
Full Changelog: 14.7.3...14.7.4
14.7.3
What's Changed
- Bump commons-fileupload from 1.4 to 1.5 by @dependabot in #590
- Add how to guides secion to readme by @maximthomas in #591
- Fix ssoadm tool JAXRPC calling error (#592) by @maximthomas in #593
- PerThread cache default 500->1024 by @vharseko in #601
- Fix infinite session cache update when reading from cache by @maximthomas in #602
- Add caching for IdRepo getMembers and getMemberships functions by @maximthomas in #605
- Bump json from 20090211 to 20230227 by @dependabot in #606
- fix getLong JSON error by @maximthomas in #607
- Fix LoginViewBean NPE by @maximthomas in #609
- Update build.yml: fail-fast: false by @vharseko in #610
- allow internal session cache invalidation by @maximthomas in #613
- internal session cache max time to seconds by @maximthomas in #616
- Bump h2 from 2.1.210 to 2.2.220 by @dependabot in #615
- FIX double encrypt/decrypt blob from CTS by @vharseko in #618
- Fix SessionNotificationSender handler NPE when internal session cache disabled by @maximthomas in #619
- Bump cassandra-all from 4.0.8 to 4.0.10 in /openam-cassandra by @dependabot in #614
- CVE-2023-34453 CVE-2023-34454 CVE-2023-34455 snappy-java's Overflow vulnerability by @vharseko in #620
- CVE-2023-34462 netty-handler SniHandler 16MB allocation by @vharseko in #621
- Bump com.datastax.oss java-driver to 4.16.0 by @vharseko in #622
- GHSL-2023-143, GHSL-2023-144, deny unsigned SAML response by @maximthomas in #624
- Bump opendj.version 4.5.5 by @vharseko in #625
Full Changelog: 14.7.2...14.7.3
14.7.2
What's Changed
- Session culler refresh session on check time by @maximthomas in #577
- NTLMv2 authentication module by @maximthomas in #578
- Fix NTLMv2 authentication module XUI errors by @maximthomas in #581
- Switch NTLMv2 auth module dependencies to maven by @maximthomas in #582
- added post process class order by @maximthomas in #583
- CVE-2022-41915 Netty vulnerable to HTTP Response splitting from assigning header value iterator by @vharseko in #586
- CVE-2022-1471 SnakeYaml Constructor Deserialization Remote Code Execution by @vharseko in #588
- Fix 500 error when open XUI console in another tab #584 by @maximthomas in #587
- CASSANDRA 4.0.8 by @vharseko in #589
Full Changelog: 14.7.1...14.7.2
14.7.1
What's Changed
- ADD support org.openidentityplatform.default_hash=CLEAR property for change default hash schema (storage without prefix) by @vharseko in #568
- replace jato library with shaded jar module by @maximthomas in #571
- Do not create session on update & split session create and update by @maximthomas in #572
- Add legacy UI integration test by @maximthomas in #573
Full Changelog: 14.7.0...14.7.1
14.7.0
What's Changed
- Bump OpenDJ to 4.5.1-SNAPSHOT by @maximthomas in #515
- Add additional user search attributes to admin console by @maximthomas in #517
- CASSANDRA disable double hash userPassword by @vharseko in #519
- OAuth user token search attribute case-insensitive by @maximthomas in #518
- Add session url notification after token restoration from persistent storage by @maximthomas in #516
- add query filter for cassandra repo by @maximthomas in #521
- CASSANDRA mask search exception with empty result (unknown index case) by @vharseko in #522
- add missing SSO Token url added event by @maximthomas in #524
- Fix recursive load guava cache error by @maximthomas in #525
- LDAP pool: shuffle by priority (round robbin) by @vharseko in #526
- FIX Throwable publishInstance error by @vharseko in #527
- Add Cassandra DS created and updated attributes. by @maximthomas in #528
- CASSANDRA disable findEntriesBlacklistedSince task by @vharseko in #529
- increase integration test timeout to complete OpenAM setup by @maximthomas in #530
- added Cassandra DataStore OR filter by @maximthomas in #532
- Modify user membership via REST API by @maximthomas in #533
- Dirty idm cache on modify membership by @maximthomas in #534
- Cassandra IdRepo date fields to unix timestamp by @maximthomas in #535
- use username instead uid by @diegogmanzanares in #531
- CVE-2021-23369 CVE-2021-23383 handlebars 4.7.7 CVE-2021-28168 jaxrs-ri 2.37 by @vharseko in #538
- snakeYAML before 1.32 vulnerable to Denial of Service by @vharseko in #539
- FIX auditCreate userpassword masking by @vharseko in #540
- FIX QuotaExhaustionActionImpl$SetBlockingQueue.add lock in LinkedBlockingQueue.contains by @vharseko in #541
- FIX QuotaExhaustionAction tasks interrupt by @vharseko in #542
- fix stack overflow when destroying sesson by quota by @maximthomas in #543
- rest auth set session id cookie by @maximthomas in #544
- FIX unit/IT test by @vharseko in #551
- FIX SessionCuller leak: prevent unscheduled task by @vharseko in #552
- CVE-2022-40153 CVE-2022-40154 CVE-2022-40156 Denial of Service by @vharseko in #553
- bump esapi to 2.5.0.0; bump antisamy to 1.7.1 by @maximthomas in #554
- WindowsDesktopSSO avoid blocking calls by @maximthomas in #558
- Windows sso write krb5 conf by @maximthomas in #559
- UPDATE github action version by @vharseko in #561
- Bump commons-net from 3.6 to 3.9.0 in /openam-authentication/openam-auth-recaptcha by @dependabot in #563
- Build java: [ '8', '11', '17', '19' ] by @vharseko in #564
- Switch Docker to jre17 LTS by @vharseko in #565
- Avoid escape pattern for privileges by @maximthomas in #566
New Contributors
- @diegogmanzanares made their first contribution in #531
Full Changelog: 14.6.6...14.7.0