15.1.1

What's Changed

• CVE-2024-47554 Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader by @dependabot in #799
• [#790] FIX OAuth2 realm config - updating 'scopes supported' requires a restart by @vharseko in #791
• [#795] REST APIs after upgrade use Oldest API Version without header by @vharseko in #797
• Bump org.openidentityplatform.opendj 4.8.1 by @vharseko in #796
• Bump body-parser from 1.20.2 to 1.20.3 in /openam-ui/openam-ui-ria by @dependabot in #792
• Bump dompurify and swagger-ui in /openam-ui/openam-ui-api by @dependabot in #794
• Bump cookie and socket.io in /openam-ui/openam-ui-ria by @dependabot in #802
• Add JDK 23 build support by @vharseko in #800
• ADD maven-compiler-plugin release for cross compile compatibility by @vharseko in #801
• Docs in asciidoc & deploy antora docs after build by @maximthomas in #793
• Add missing resources & fix documentation links by @maximthomas in #798

Full Changelog: 15.1.0...15.1.1

15.1.0

What's Changed

• Publish docs to https://doc.openidentityplatform.org by @maximthomas in #783
• Bump requirejs from 2.3.2 to 2.3.7 in /openam-ui/openam-ui-ria by @dependabot in #785
• ADD JDK 22 support by @vharseko in #787
• Bump axios from 1.6.8 to 1.7.5 in /openam-ui/openam-ui-api by @dependabot in #789
• Switch docker to last LTS JRE 21 by @vharseko in #788
• Bump org.openidentityplatform.opendj 4.8.0 by @vharseko in #786

Full Changelog: 15.0.4...15.1.0

15.0.4

What's Changed

• CVE-2024-41667 OpenAM FreeMarker template injection by @maximthomas in GHSA-7726-43hg-m23v (thanks @AfterSnows)
• Bump nexus-staging-maven-plugin 1.7.0 by @vharseko in #781
• Bump ajv from 4.11.8 to 8.17.1 in /openam-ui/openam-ui-ria by @dependabot in #782

Full Changelog: 15.0.3...15.0.4

15.0.3

What's Changed

• compress webhelp, xhtml and html docs after build by @maximthomas in #771
• build docs on GitHub build by @maximthomas in #772
• Update README.md by @vharseko in #773
• Stabilize UI tests on Mac by @maximthomas in #774
• Update README.md by @vharseko in #775
• Fix man pages build profile by @maximthomas in #778
• Bump opendj.version to 4.6.5 (fix upgrade error from OpenAM 13.x with embedded OpenDJ 3.x) by @vharseko in #777

Full Changelog: 15.0.2...15.0.3

15.0.2

What's Changed

• Bump ws, engine.io and socket.io-adapter in /openam-ui/openam-ui-ria by @dependabot in #761
• Bump braces from 3.0.2 to 3.0.3 in /openam-ui/openam-ui-api by @dependabot in #762
• Restore docs from community repository by @maximthomas in #764
• build documentation from source by @maximthomas in #765
• Bump braces from 3.0.2 to 3.0.3 in /openam-ui/openam-ui-ria by @dependabot in #766
• Fix docs wiki publish on release and deploy by @maximthomas in #767
• Bump opendj.version 4.6.4 by @vharseko in #768
• build man-pages on "Publish to the Maven Central Repository" step by @maximthomas in #769
• CVE-2020-36604 CVE-2019-10790 CVE-2022-0144 CVE-2018-3728 CVE-2024-29025 CVE-2023-26136 CVE-2020-15366 update vulnerable libraries by @maximthomas in #770

Full Changelog: 15.0.1...15.0.2

15.0.1

What's Changed

• [#754] Restore the Version servlet without the vulnerability by @maximthomas in #757
• [#758] fix privilege update by @maximthomas in #759

Full Changelog: 15.0.0...15.0.1

15.0.0

What's Changed

• Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20 by @vharseko in #733
• [#730] Bump xml-sec 2.1.7 -> 3.0.4 by @vharseko in #732
• ESIA signature change RSA to GOST algorithm by @maximthomas in #735
• Use generic authenticator app for OATH by @maximthomas in #736
• Build add MacOs m1 arm64 support on jdk 1.8 by @vharseko in #738
• update npm & move frontend-maven-plugin to pluginManagement in parent by @maximthomas in #739
• Bump node-notifier and karma-notify-reporter in /openam-ui/openam-ui-ria by @dependabot in #740
• Bump bl and phantomjs-prebuilt in /openam-ui/openam-ui-ria by @dependabot in #741
• Bump underscore and jsdoc in /openam-ui/openam-ui-ria by @dependabot in #742
• Bump opendj.version 4.6.3 by @vharseko in #745
• Bump json5, babel-core and karma-babel-preprocessor in /openam-ui/openam-ui-ria by @maximthomas in #748
• Bump minimist, karma-mocha and mocha in /openam-ui/openam-ui-ria by @dependabot in #746
• Bump flat and mocha in /openam-ui/openam-ui-ria by @dependabot in #749
• WebAuthn implementation for XUI by @maximthomas in #750
• webauthn.js methods encapsulation by @maximthomas in #751

Full Changelog: 14.8.4...15.0.0

14.8.4

What's Changed

• [#714] ADD RedirectUriValidatorTest by @vharseko in #715
• Rollback: Don't save AdminToken user token in CTS in server mode (access denied cross-node api calls) by @vharseko in #716
• FIX lock on java.util.Properties.getProperty v3 by @vharseko in #717
• FIX CTS: query TokenFilter: Filter: [coreTokenString13 eq "VALID"] by @vharseko in #719
• Bump org.owasp.antisamy:antisamy from 1.7.4 to 1.7.5 by @dependabot in #720
• avoid unnecessary CTS call when using noSession authentication by @maximthomas in #723
• Restore caching attributes on update in ID repo by @maximthomas in #724
• Add system property to disable cross-sites monitoring in cluster by @maximthomas in #725
• IdCachedServicesImpl dirty cache on create by @maximthomas in #727
• Lockout duration multiplication fix by @maximthomas in #729
• Add binding for LDAP & AD authentication by @maximthomas in #722
• Move CORS configuration from web.xml to console by @maximthomas in #726

Full Changelog: 14.8.3...14.8.4

14.8.3

What's Changed

• [#326] added JSONStdout audit logger by @maximthomas in #690
• [#105] Added setGroups action to the user REST endpoint by @maximthomas in #691
• DJLDAPv3Repo implement miss dnCache by @vharseko in #692
• Reset InternalSession creation time after successful authenticaion by @maximthomas in #694
• CASSANDRA disable server tracing by default org.openidentityplatform.openam.cassandra.trace.server=false by @vharseko in #695
• CachingRealmLookup fix SynchronizedMap.get performance by @vharseko in #696
• IdRepoPluginsCache performance (lock on get) by @vharseko in #697
• CASSANDRA setAttributes performance by @vharseko in #699
• [#693 #671 #650] AuthD dont use internalAppSSOToken by @vharseko in #700
• [#698] org.forgerock.openam.ldap.secure.protocol.version TLSv1 -> TLS by @vharseko in #701
• IdCachedServicesImpl.getServiceAttributes function should return only requested attributes by @maximthomas in #702
• update README.md by @maximthomas in #703
• Avoid unnecessary CTS call if debug is not enabled on session activation by @maximthomas in #704
• Don't save AdminToken user token in CTS in server mode by @vharseko in #705
• opendj.version 4.6.2 by @vharseko in #706
• CASSANDRA shared session to cluster by @vharseko in #707
• FIX lock on java.util.Properties.getProperty by @vharseko in #708
• FIX IdRepoAttributeValidatorManager don't use cache by @vharseko in #709
• Avoid unnecessary CTS call if there's no session in LoginState by @maximthomas in #710
• IdCachedServicesImpl implement getAssignedServices by @vharseko in #711
• FIX lock on java.util.Properties.getProperty v2 by @vharseko in #712

Full Changelog: 14.8.2...14.8.3

14.8.2

What's Changed

• Fix dirty cache key mismatch in IdCachedServicesImpl by @maximthomas in #677
• OAuth2 device code authorization time to refresh_token by @maximthomas in #679
• [#681] DestroyOldestAction fix hang on invalid session by @vharseko in #682
• [#671] Admin interface unresponsive after a few days by @vharseko in #683
• [#506] FIX is not active and the client sends the challenge for code by @vharseko in #685
• [#192] FIX In the ThreadLocalAMTokenCache, a session entry is being set by @vharseko in #684
• [#120] FIX don't have KeyInfo Tag: allow includeCert in saml2 signature by @vharseko in #686
• GHSA-r68h-jhhj-9jvm esapi 2.5.3.1 by @vharseko in #687
• Fix social login proxy redirect path. Closes #24 by @maximthomas in #688

Full Changelog: 14.8.1...14.8.2