Releases: OpenIdentityPlatform/OpenAM
Releases · OpenIdentityPlatform/OpenAM
15.1.2
What's Changed
- CVE-2024-47535 Denial of Service attack on windows app using netty by @maximthomas in #808
- FIX java.base/sun.security.krb5 -> java.security.jgss/sun.security.krb5 by @vharseko in #803 thanks @FireBurn
- Bump cookie and swagger-client in /openam-ui/openam-ui-api by @dependabot in #807
- Bump opendj.version 4.8.2 by @vharseko in #806
- Fix documents deploy error by @maximthomas in #805
- [#810] Publish javadoc to the documentation site by @maximthomas in #811
Full Changelog: 15.1.1...15.1.2
15.1.1
What's Changed
- CVE-2024-47554 Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader by @dependabot in #799
- [#790] FIX OAuth2 realm config - updating 'scopes supported' requires a restart by @vharseko in #791
- [#795] REST APIs after upgrade use Oldest API Version without header by @vharseko in #797
- Bump org.openidentityplatform.opendj 4.8.1 by @vharseko in #796
- Bump body-parser from 1.20.2 to 1.20.3 in /openam-ui/openam-ui-ria by @dependabot in #792
- Bump dompurify and swagger-ui in /openam-ui/openam-ui-api by @dependabot in #794
- Bump cookie and socket.io in /openam-ui/openam-ui-ria by @dependabot in #802
- Add JDK 23 build support by @vharseko in #800
- ADD maven-compiler-plugin release for cross compile compatibility by @vharseko in #801
- Docs in asciidoc & deploy antora docs after build by @maximthomas in #793
- Add missing resources & fix documentation links by @maximthomas in #798
Full Changelog: 15.1.0...15.1.1
15.1.0
What's Changed
- Publish docs to https://doc.openidentityplatform.org by @maximthomas in #783
- Bump requirejs from 2.3.2 to 2.3.7 in /openam-ui/openam-ui-ria by @dependabot in #785
- ADD JDK 22 support by @vharseko in #787
- Bump axios from 1.6.8 to 1.7.5 in /openam-ui/openam-ui-api by @dependabot in #789
- Switch docker to last LTS JRE 21 by @vharseko in #788
- Bump org.openidentityplatform.opendj 4.8.0 by @vharseko in #786
Full Changelog: 15.0.4...15.1.0
15.0.4
What's Changed
- CVE-2024-41667 OpenAM FreeMarker template injection by @maximthomas in GHSA-7726-43hg-m23v (thanks @AfterSnows)
- Bump nexus-staging-maven-plugin 1.7.0 by @vharseko in #781
- Bump ajv from 4.11.8 to 8.17.1 in /openam-ui/openam-ui-ria by @dependabot in #782
Full Changelog: 15.0.3...15.0.4
15.0.3
What's Changed
- compress webhelp, xhtml and html docs after build by @maximthomas in #771
- build docs on GitHub build by @maximthomas in #772
- Update README.md by @vharseko in #773
- Stabilize UI tests on Mac by @maximthomas in #774
- Update README.md by @vharseko in #775
- Fix man pages build profile by @maximthomas in #778
- Bump opendj.version to 4.6.5 (fix upgrade error from OpenAM 13.x with embedded OpenDJ 3.x) by @vharseko in #777
Full Changelog: 15.0.2...15.0.3
15.0.2
What's Changed
- Bump ws, engine.io and socket.io-adapter in /openam-ui/openam-ui-ria by @dependabot in #761
- Bump braces from 3.0.2 to 3.0.3 in /openam-ui/openam-ui-api by @dependabot in #762
- Restore docs from community repository by @maximthomas in #764
- build documentation from source by @maximthomas in #765
- Bump braces from 3.0.2 to 3.0.3 in /openam-ui/openam-ui-ria by @dependabot in #766
- Fix docs wiki publish on release and deploy by @maximthomas in #767
- Bump opendj.version 4.6.4 by @vharseko in #768
- build man-pages on "Publish to the Maven Central Repository" step by @maximthomas in #769
- CVE-2020-36604 CVE-2019-10790 CVE-2022-0144 CVE-2018-3728 CVE-2024-29025 CVE-2023-26136 CVE-2020-15366 update vulnerable libraries by @maximthomas in #770
Full Changelog: 15.0.1...15.0.2
15.0.1
What's Changed
- [#754] Restore the Version servlet without the vulnerability by @maximthomas in #757
- [#758] fix privilege update by @maximthomas in #759
Full Changelog: 15.0.0...15.0.1
15.0.0
What's Changed
- Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20 by @vharseko in #733
- [#730] Bump xml-sec 2.1.7 -> 3.0.4 by @vharseko in #732
- ESIA signature change RSA to GOST algorithm by @maximthomas in #735
- Use generic authenticator app for OATH by @maximthomas in #736
- Build add MacOs m1 arm64 support on jdk 1.8 by @vharseko in #738
- update npm & move frontend-maven-plugin to pluginManagement in parent by @maximthomas in #739
- Bump node-notifier and karma-notify-reporter in /openam-ui/openam-ui-ria by @dependabot in #740
- Bump bl and phantomjs-prebuilt in /openam-ui/openam-ui-ria by @dependabot in #741
- Bump underscore and jsdoc in /openam-ui/openam-ui-ria by @dependabot in #742
- Bump opendj.version 4.6.3 by @vharseko in #745
- Bump json5, babel-core and karma-babel-preprocessor in /openam-ui/openam-ui-ria by @maximthomas in #748
- Bump minimist, karma-mocha and mocha in /openam-ui/openam-ui-ria by @dependabot in #746
- Bump flat and mocha in /openam-ui/openam-ui-ria by @dependabot in #749
- WebAuthn implementation for XUI by @maximthomas in #750
- webauthn.js methods encapsulation by @maximthomas in #751
Full Changelog: 14.8.4...15.0.0
14.8.4
What's Changed
- [#714] ADD RedirectUriValidatorTest by @vharseko in #715
- Rollback: Don't save AdminToken user token in CTS in server mode (access denied cross-node api calls) by @vharseko in #716
- FIX lock on java.util.Properties.getProperty v3 by @vharseko in #717
- FIX CTS: query TokenFilter: Filter: [coreTokenString13 eq "VALID"] by @vharseko in #719
- Bump org.owasp.antisamy:antisamy from 1.7.4 to 1.7.5 by @dependabot in #720
- avoid unnecessary CTS call when using noSession authentication by @maximthomas in #723
- Restore caching attributes on update in ID repo by @maximthomas in #724
- Add system property to disable cross-sites monitoring in cluster by @maximthomas in #725
- IdCachedServicesImpl dirty cache on create by @maximthomas in #727
- Lockout duration multiplication fix by @maximthomas in #729
- Add binding for LDAP & AD authentication by @maximthomas in #722
- Move CORS configuration from web.xml to console by @maximthomas in #726
Full Changelog: 14.8.3...14.8.4
14.8.3
What's Changed
- [#326] added JSONStdout audit logger by @maximthomas in #690
- [#105] Added setGroups action to the user REST endpoint by @maximthomas in #691
- DJLDAPv3Repo implement miss dnCache by @vharseko in #692
- Reset InternalSession creation time after successful authenticaion by @maximthomas in #694
- CASSANDRA disable server tracing by default org.openidentityplatform.openam.cassandra.trace.server=false by @vharseko in #695
- CachingRealmLookup fix SynchronizedMap.get performance by @vharseko in #696
- IdRepoPluginsCache performance (lock on get) by @vharseko in #697
- CASSANDRA setAttributes performance by @vharseko in #699
- [#693 #671 #650] AuthD dont use internalAppSSOToken by @vharseko in #700
- [#698] org.forgerock.openam.ldap.secure.protocol.version TLSv1 -> TLS by @vharseko in #701
- IdCachedServicesImpl.getServiceAttributes function should return only requested attributes by @maximthomas in #702
- update README.md by @maximthomas in #703
- Avoid unnecessary CTS call if debug is not enabled on session activation by @maximthomas in #704
- Don't save AdminToken user token in CTS in server mode by @vharseko in #705
- opendj.version 4.6.2 by @vharseko in #706
- CASSANDRA shared session to cluster by @vharseko in #707
- FIX lock on java.util.Properties.getProperty by @vharseko in #708
- FIX IdRepoAttributeValidatorManager don't use cache by @vharseko in #709
- Avoid unnecessary CTS call if there's no session in LoginState by @maximthomas in #710
- IdCachedServicesImpl implement getAssignedServices by @vharseko in #711
- FIX lock on java.util.Properties.getProperty v2 by @vharseko in #712
Full Changelog: 14.8.2...14.8.3