14.8.1

What's Changed

• Append the IdType (membershipType/memberType) to the cache key by @sp193 in #663
• Session constraint fixes by @sp193 in #664
• [#368] Avoid NPE if the PrivateKey cannot be loaded. by @sp193 in #666
• opendj.version 4.5.10-SNAPSHOT by @vharseko in #667
• CVE-2023-5072 Denial of Service in JSON-Java by @vharseko in #669
• fix multiple access_token polling in device code flow by @maximthomas in #670
• JDK 21 support by @vharseko in #673
• [#671] Add scheduledExecutorService reference for NonExpiringSessionManager by @vharseko in #674
• Bump opendj.version 4.6.1 by @vharseko in #675
• Bump org.owasp.esapi:esapi from 2.5.0.0 to 2.5.2.0 by @dependabot in #676

Full Changelog: 14.7.4...14.8.1

14.7.4

What's Changed

• Docker Xmx UseContainerSupport by @vharseko in #626
• add missing ESAPI.properties file to fedlet.war by @maximthomas in #630
• Update build.yml fix The set-output command is deprecated and will be disabled soon by @vharseko in #632
• opendj.version: 4.5.6 by @vharseko in #634
• FIX cargo-maven3-plugin uberwar: java.lang.NoSuchMethodError: void org.codehaus.plexus.util.xml.Xpp3Dom. by @vharseko in #633
• fix NoClassDefFoundError in openam-clientsdk by @maximthomas in #636
• Decouple internal session class from session by @maximthomas in #638
• opendj.version: 4.5.9 by @vharseko in #639
• nexus autoReleaseAfterClose=false by @vharseko in #640
• cargo-maven3-plugin 1.10.9 by @vharseko in #641
• CVE-2023-43642 snappy-java's missing upper bound check on chunk length can lead to Denial of Service (DoS) impact by @vharseko in #648
• FIX prevent calculate AMIdentity.isMember across realms equalsIgnoreCase #347 by @vharseko in #649
• CVE-2023-4586 Netty-handler does not validate host names by default by @vharseko in #651
• FIX ClassCastException: class org.forgerock.opendj.ldap.Filter cannot be cast to class org.forgerock.openam.tokens.CoreTokenField #650 by @vharseko in #652
• Bump org.owasp.antisamy:antisamy from 1.7.1 to 1.7.4 by @dependabot in #657
• Avoid NPE by skipping attributes that are not in schema by @sp193 in #654
• Policy filter fix by @sp193 in #656
• Bump maven-surefire-plugin 3.1.2 + allow cassandra foreground by @vharseko in #658
• FIX #355 Error Cannot import the following key file: fedlet.pfx. The key file may be password protected by @vharseko in #659
• Fix inability to retrieve the token ID of the token used in the session by @sp193 in #660
• (#293) With an empty cookie domain set: add current host domain by @vharseko in #661

New Contributors

• @sp193 made their first contribution in #654

Full Changelog: 14.7.3...14.7.4

14.7.3

What's Changed

• Bump commons-fileupload from 1.4 to 1.5 by @dependabot in #590
• Add how to guides secion to readme by @maximthomas in #591
• Fix ssoadm tool JAXRPC calling error (#592) by @maximthomas in #593
• PerThread cache default 500->1024 by @vharseko in #601
• Fix infinite session cache update when reading from cache by @maximthomas in #602
• Add caching for IdRepo getMembers and getMemberships functions by @maximthomas in #605
• Bump json from 20090211 to 20230227 by @dependabot in #606
• fix getLong JSON error by @maximthomas in #607
• Fix LoginViewBean NPE by @maximthomas in #609
• Update build.yml: fail-fast: false by @vharseko in #610
• allow internal session cache invalidation by @maximthomas in #613
• internal session cache max time to seconds by @maximthomas in #616
• Bump h2 from 2.1.210 to 2.2.220 by @dependabot in #615
• FIX double encrypt/decrypt blob from CTS by @vharseko in #618
• Fix SessionNotificationSender handler NPE when internal session cache disabled by @maximthomas in #619
• Bump cassandra-all from 4.0.8 to 4.0.10 in /openam-cassandra by @dependabot in #614
• CVE-2023-34453 CVE-2023-34454 CVE-2023-34455 snappy-java's Overflow vulnerability by @vharseko in #620
• CVE-2023-34462 netty-handler SniHandler 16MB allocation by @vharseko in #621
• Bump com.datastax.oss java-driver to 4.16.0 by @vharseko in #622
• GHSL-2023-143, GHSL-2023-144, deny unsigned SAML response by @maximthomas in #624
• Bump opendj.version 4.5.5 by @vharseko in #625

Full Changelog: 14.7.2...14.7.3

14.7.2

What's Changed

• Session culler refresh session on check time by @maximthomas in #577
• NTLMv2 authentication module by @maximthomas in #578
• Fix NTLMv2 authentication module XUI errors by @maximthomas in #581
• Switch NTLMv2 auth module dependencies to maven by @maximthomas in #582
• added post process class order by @maximthomas in #583
• CVE-2022-41915 Netty vulnerable to HTTP Response splitting from assigning header value iterator by @vharseko in #586
• CVE-2022-1471 SnakeYaml Constructor Deserialization Remote Code Execution by @vharseko in #588
• Fix 500 error when open XUI console in another tab #584 by @maximthomas in #587
• CASSANDRA 4.0.8 by @vharseko in #589

Full Changelog: 14.7.1...14.7.2

14.7.1

What's Changed

• ADD support org.openidentityplatform.default_hash=CLEAR property for change default hash schema (storage without prefix) by @vharseko in #568
• replace jato library with shaded jar module by @maximthomas in #571
• Do not create session on update & split session create and update by @maximthomas in #572
• Add legacy UI integration test by @maximthomas in #573

Full Changelog: 14.7.0...14.7.1

14.7.0

What's Changed

• Bump OpenDJ to 4.5.1-SNAPSHOT by @maximthomas in #515
• Add additional user search attributes to admin console by @maximthomas in #517
• CASSANDRA disable double hash userPassword by @vharseko in #519
• OAuth user token search attribute case-insensitive by @maximthomas in #518
• Add session url notification after token restoration from persistent storage by @maximthomas in #516
• add query filter for cassandra repo by @maximthomas in #521
• CASSANDRA mask search exception with empty result (unknown index case) by @vharseko in #522
• add missing SSO Token url added event by @maximthomas in #524
• Fix recursive load guava cache error by @maximthomas in #525
• LDAP pool: shuffle by priority (round robbin) by @vharseko in #526
• FIX Throwable publishInstance error by @vharseko in #527
• Add Cassandra DS created and updated attributes. by @maximthomas in #528
• CASSANDRA disable findEntriesBlacklistedSince task by @vharseko in #529
• increase integration test timeout to complete OpenAM setup by @maximthomas in #530
• added Cassandra DataStore OR filter by @maximthomas in #532
• Modify user membership via REST API by @maximthomas in #533
• Dirty idm cache on modify membership by @maximthomas in #534
• Cassandra IdRepo date fields to unix timestamp by @maximthomas in #535
• use username instead uid by @diegogmanzanares in #531
• CVE-2021-23369 CVE-2021-23383 handlebars 4.7.7 CVE-2021-28168 jaxrs-ri 2.37 by @vharseko in #538
• snakeYAML before 1.32 vulnerable to Denial of Service by @vharseko in #539
• FIX auditCreate userpassword masking by @vharseko in #540
• FIX QuotaExhaustionActionImpl$SetBlockingQueue.add lock in LinkedBlockingQueue.contains by @vharseko in #541
• FIX QuotaExhaustionAction tasks interrupt by @vharseko in #542
• fix stack overflow when destroying sesson by quota by @maximthomas in #543
• rest auth set session id cookie by @maximthomas in #544
• FIX unit/IT test by @vharseko in #551
• FIX SessionCuller leak: prevent unscheduled task by @vharseko in #552
• CVE-2022-40153 CVE-2022-40154 CVE-2022-40156 Denial of Service by @vharseko in #553
• bump esapi to 2.5.0.0; bump antisamy to 1.7.1 by @maximthomas in #554
• WindowsDesktopSSO avoid blocking calls by @maximthomas in #558
• Windows sso write krb5 conf by @maximthomas in #559
• UPDATE github action version by @vharseko in #561
• Bump commons-net from 3.6 to 3.9.0 in /openam-authentication/openam-auth-recaptcha by @dependabot in #563
• Build java: [ '8', '11', '17', '19' ] by @vharseko in #564
• Switch Docker to jre17 LTS by @vharseko in #565
• Avoid escape pattern for privileges by @maximthomas in #566

New Contributors

• @diegogmanzanares made their first contribution in #531

Full Changelog: 14.6.6...14.7.0

14.6.6

What's Changed

• fix WindowsDesktopSSO auth module NPE when kerberos token was not set by @maximthomas in #510
• Issues/fix frontend build by @maximthomas in #511
• FIX ObjectIdentifier equals by String form by @vharseko in #512
• CVE-2022-34298 fix NT auth module vulnerability by @maximthomas (thanks Aliz Hammond , at watchTowr) in #514

Full Changelog: 14.6.5...14.6.6

14.6.5

What's Changed

• Bump antisamy from 1.5.10 to 1.6.4 by @dependabot in #383
• fix Dockerfile env vars #384 by @maximthomas in #385
• GitHub action build by @vharseko in #388
• FIX cassandra tests on windows by @vharseko in #389
• Github action deploy by @vharseko in #390
• action: separate deploy by @vharseko in #391
• Assertion conditions with skew by @ajlugt in #392
• FIX TOKEN_SIGNING_RSA_KEYSTORE_ALIAS->TOKEN_SIGNING_ECDSA_KEYSTORE_ALIAS for JwsAlgorithmType.ECDSA by @vharseko in #393
• Do not validate time when handling unexpected NotBefore attribute by @ajlugt in #394
• Corrected namespace for the SessionIndex element to samlp by @vharseko in #395
• Fix LDAP connection leak during policy update. by @vharseko in #397
• Bump xmlsec from 2.1.5 to 2.1.7 by @dependabot in #400
• Update external dependency to https protocol by @lscorcia in #402
• switch org.openidentityplatform.opendj 4.4.12-SNAPSHOT by @vharseko in #403
• FIX unit test with escaping after OpenIdentityPlatform/commons@fd2e665 by @vharseko in #404
• org.bouncycastle.bcpkix-jdk15on 1.66-1.69 by @vharseko in #405
• rest-sts: added OIDC token internal validation by @maximthomas in #406
• set XmlResolver for AuthnResponse to null to prevent XXE attack by @maximthomas in #408
• Handle multiple LDAP servers in openam-auth-msisdn by @rrialq in #411
• CASSANDRA add option org.openidentityplatform.openam.cassandra.embedded.import.test for sample data load by @vharseko in #413
• Allow get create/update field repo with update-prefix by @vharseko in #414
• ldif2cassandra.sh: converts LDIF data to CASSANDRA CQL by @vharseko in #415
• CASSANDRA add advanced.retry-policy.class=ConsistencyDowngradingRetryPolicy by @vharseko in #420
• remove cargo-maven3-plugin version (import from commons) by @vharseko in #421
• CASSANDRA remove LWT transaction by @vharseko in #422
• FIX deadlock on ClientSdkSessionOperationStrategy (app token conflict) by @vharseko in #423
• FIX base64 check error by @vharseko in #424
• CASSANDRA embedded add PasswordAuthenticator+CassandraAuthorizer by @vharseko in #425
• FIX acOS-latest workflows will use macOS-11 soon. by @vharseko in #426
• CASSANDRA fix wait "Created default superuser role 'cassandra'" (first start) by @vharseko in #427
• Fix vulnerable libraries and code by @maximthomas in #435
• FIX check isDN by regular expression by @vharseko in #436
• FIX setAttribute for disable phantom empty values on re-write process by @vharseko in #437
• CASSANDRA add IdRepoDuplicateObjectException exception in LWT by @vharseko in #438
• GHSA-qrmm-w75w-3wpx Vulnerable versions: < 4.1.3 SwaggerUI supports … displaying remote OpenAPI definitions through the ?url parameter. This enables robust demonstration capabilities on sites like petstore.swagger.io, editor.swagger.io, and similar sites, where users often want to see what their OpenAPI definitions would look like rendered. by @vharseko in #439
• fix windows desktop sso authentication by @maximthomas in #440
• DJLDAPv3Repo exclude searchField from filter by @maximthomas in #441
• JTI move CTS field coreTokenString01->coreTokenString15 (last activity conflict) by @vharseko in #442
• update libraries by @maximthomas in #443
• Bump h2 from 1.4.188 to 2.0.202 by @dependabot in #444
• Bump h2 from 2.0.202 to 2.0.206 by @dependabot in #445
• Bump h2 from 2.0.206 to 2.1.210 by @dependabot in #449
• exclude bc-fips to avoid bcpkix-jdk15on conflict by @maximthomas in #451
• add auth cookie to rest auth response by @maximthomas in #458
• Bump karma from 1.3.0 to 6.3.14 in /openam-ui/openam-ui-ria by @dependabot in #457
• fix new configuration policies creation by @maximthomas in #460
• Update pom.xml nexus-staging-maven-plugin 1.6.11 by @artb1sh in #463
• add integration test by @maximthomas in #464
• update grunt js to fix dependabot alert by @maximthomas in #465
• update grunt js to fix dependabot alert by @maximthomas in #467
• Bump karma from 6.3.14 to 6.3.16 in /openam-ui/openam-ui-ria by @dependabot in #469
• bump wsit-impl to 2.4.8 and netty-handler to 4.1.74.Final by @maximthomas in #470
• downgrade wsit-impl to 2.4.4 restore compatibility & update antisamy to 1.6.5 by @maximthomas in #473
• Fix #475 Apache ActiveMQ client switched to Java 11 only for release 5.17 by @lscorcia in #476
• Fix #479 - Auto Federation is unable to find users when auto federation attribute is not uid by @lscorcia in #480
• fix create update delete privelege by @maximthomas in #484
• Disable escape wildcard while performing privileged user search, fix #483 by @maximthomas in #485
• PERFORMANCE implement IdCachedServicesImpl for getServiceAttributes by @vharseko in #486
• CASSANDRA performance CTS by @vharseko in #487
• Bump grunt from 1.4.1 to 1.5.2 in /openam-ui/openam-ui-ria by @dependabot in #490
• Bump antisamy from 1.6.5 to 1.6.7 by @dependabot in #489
• Bump esapi from 2.2.3.1 to 2.3.0.0 by @dependabot in #491
• <opendj.version>4.4.13</opendj.version> by @vharseko in #488
• opendj.version: 4.4.15-SNAPSHOT by @vharseko in #493
• Docker refactoring + remove travis by @vharseko in #494
• FIX exclude Build package local where has MAVEN_USERNAME+MAVEN_PASSWORD by @vharseko in #496
• Java 11 (#1) by @maximthomas in #495
• fix class cast exception by @maximthomas in #497
• FIX java.lang.UnsupportedClassVersionError: org/openjdk/nashorn/api/scripting/NashornScriptEngineFactory has been compiled by a more recent version of the Java Runtime by @vharseko in #498
• move CTS track/query am.protected.oauth2.uid (STRING_FIFTEEN->STRING_FOURTEEN) by @vharseko in #499
• CASSANDRA update version by @vharseko in #500
• FIX Warning about RELEASE_7 #379 by @vharseko in #501
• CTS add cache for persistence level by @vharseko in #502
• FIX disable init DJLDAPv3Repo with empty LDAP_SERVER_LIST by @vharseko in #503
• Bump grunt from 1.5.2 to 1.5.3 in /openam-ui/openam-ui-ria by @dependabot in #507
• CASSANDRA CTS add all fields in materialized view by @vharseko in #508
• Build with JDK 16, 17, 18 by @maximthomas in ht...

14.6.4

7529aa9...53b06c3

14.6.3

b23cc71...7529aa9