- MODLOGSAML-71 Login via SSO possible even after decryption of SAML assertions fails
- MODLOGSAML-91 Update vertx-pac4j to pac4j v5
- MODLOGSAML-104 SSO settings (configured with user property "Email") always fail to find user by email
- MODLOGSAML-110 /saml/validate NEP 400
- MODLOGSAML-122 Improve code coverage, avoid deprecated API
- MODLOGSAML-128 Update to RMB 33.2.2
- MODLOGSAML-129 Netty 4.1.72, Log4j 2.17.0, Vert.x 4.2.3, RMB 33.2.3
- MODLOGSAML-130 Pac4j 5.2.1, RMB 33.2.4, vertx-pac4j 6.0.0 fixing unsecure token (CVE-2021-44878)
- MODLOGSAML-105 Upgrade to RMB 33.1.1, Vert.x 4.1.4
- MODLOGSAML-97 Single-Sign-On (SSO) always fails
- Update RMB to 33.0.2 to fix MODLOGSAML-97, see RMB-854
FORM_ATTRIBUTE_SIZE_MAX
is too small - Update Vertx to 4.1.0
- MODLOGSAML-58 Arbitrary URL Redirection in SAML Response
- MODLOGSAML-63 Implement CSRF Prevention
- Make UrlUtilTest locale independent
- Update Vertx to 4.1.0.CR1
- Update RMB to 33.0.0
- Update RMB to include RMB-854
FORM_ATTRIBUTE_SIZE_MAX is
too small - Above RMB change will fix edge cases of MODLOGSAML-97 Single-Sign-On (SSO) always fails
- Update RMB to 33.0.1
- Update Vertx to 4.1.0
- MODLOGSAML-97 Single-Sign-On (SSO) always fails
No new functionality but Vert.x 4 + vertx-pac4j update as well as RMB.
- MODLOGSAML-88 Upgrade to RMB 33 pre-1 with Maven Plugin
- MODLOGSAML-82 Add personal data disclosure form
- MODLOGSAML-73 Upgrade raml-module-builder (RMB) from 30.0.1 to 30.2.6
- MODLOGSAML-50 Upgrade Pac4j from 2.0.0 to 3.8.3. This requires new sp-metadata.xml uploaded to the IdP, for details see MODLOGSAML-75.
This is a maintenance release focused on keeping dependencies up to date. The major version change is due to the new permission requirements on APIs which were previously unrestricted.
- MODLOGSAML-64 - Upgrade to RMB v30
- MODLOGSAML-60 - Securing APIs by default
- Rely on RMB's vertx. dependencies - in particular the Postgres driver which has been using specific versions with session usage fix
- Update to RMB 29.3.1 (#55)
- MODLOGSAML-53 Use JVM features to manage container memory
- MODLOGSAML-51 Fix com.fasterxml.jackson.core:jackson-databind vulnerability
- MODLOGSAML-45 Fix security vulnerabilities reported in jackson-databind >= 2.0.0, < 2.9.9.1
- MODLOGSAML-40 api fails to validate idpurl if the content type contains charset (MODLOGSAML-46 dup)
- MODLOGSAML-36: Fix security vulnerability reported in jackson-databind
- Add support for authtoken v2.0 interface
- MODLOGSAML-31: support
users
interface 15.0 - MODLOGSAML-32: Update Status Field to also control access to Folio via SSO
- MODLOGSAML-30: IdP URL Content-Type check
- First release