15.0.0

We are proud to announce the first stable release of Wren:AM that is fully independent of legacy infrastructure (dependencies and repositories). This release is Java 17 compatible with fixed vulnerabilities. Release is compatible with the previous OSS AM (i.e. you should be able to upgrade directly to Wren:AM).

What's Changed

Following list consists of all merged PRs. Please note that there are other contributions done by various people before fully adopting PRs. Check full git log for all contributions and participants that helped with this milestone.

• Fix LDAP connection leak during policy update. #6 by @pavelhoral in #7
• Fix RSA JWK modulus encoding by @fyrbach in #49
• Perform README cleanup (#9) by @karelmaxa in #52
• Upgrade master to the current wrensec-parent by @pavelhoral in #48
• Fix failing build by @fyrbach in #53
• Fix setup by @fyrbach in #54
• Fix OpenDJ init and XUI dependencies by @pavelhoral in #56
• Add Java 11 and 17 support by @fyrbach in #57
• Add filtering query support into IdentityResourceV1 by @fyrbach in #50
• Change configurator and webapp branding to Wren:AM by @minnoroth in #62
• Backport changes from #34 by @pavelhoral in #58
• Update default debug log format. #51 by @pavelhoral in #59
• Add simple Dockerfile by @pavelhoral in #61
• Backport recovered CDDL commits by @pavelhoral in #60
• Change artifact's final name to WrenAM. by @pavelhoral in #64
• Fix login error messages localization by @fyrbach in #72
• Switch to org.wrensecurity.wrenam groupId and cleanup POMs by @pavelhoral in #73
• Fix JavaDoc generation by @pavelhoral in #75
• Adjust Dockerfile to import ssoadm and ssoconf into Docker image by @minnoroth in #78
• Add SAAJ exports to fix RPC calls. #77 by @pavelhoral in #80
• Fix Jato patch to support compression by @pavelhoral in #81
• Fix realm creation using CLI #77 by @fyrbach in #82
• Fix handling of default auth modules by @karelmaxa in #84
• Fix getSessionInfo user fetching with external principal by @pavelhoral in #85
• Fix JavaDoc issues (#83). by @karelmaxa in #86
• Remove Java version check from ssoadm setup script (#87). by @karelmaxa in #88
• Revert "OPENAM-9849 Ensure isActive false takes precedence on multiple datastores" by @karelmaxa in #93
• Ignore CTS store SSO token cleanup during shutdown (#63) by @karelmaxa in #95
• Fix date format constant for version check. by @minnoroth in #94
• Add publish pipeline. by @karelmaxa in #96
• Fix site build and change to Wren:AM reference by @minnoroth in #97
• Switch to Wren:DS 5.0.0 release. by @karelmaxa in #98
• Drop CCPL content (#68). by @karelmaxa in #99
• Enforce EN locale for unit tests (#5). by @karelmaxa in #102
• Invalidate OAuth2 scope and claim cache during config change (#37). by @karelmaxa in #101
• Use Puppeteer instead of PhantomJS (#28) by @karelmaxa in #100
• Improve ssoconf artifact name. by @karelmaxa in #103
• Use Wren Security vendor. by @karelmaxa in #106
• Fix noSession post auth plugin processing (#104) by @pavelhoral in #105
• Ignore keystore update when no key change was performed. by @karelmaxa in #108
• Change product name in XUI translations by @pavelhoral in #110
• Fix NPE when API has not yet been defined. by @karelmaxa in #112
• Fix NPE when global properties are missing. by @karelmaxa in #113
• Delete DefaultUrlResourceTypeGenerator that causes replication errors in HA environments (#114). by @karelmaxa in #115
• Disable polling in ssoadm tool (#116) by @pavelhoral in #117
• Fix goto parameter handling in XUI (#119) by @pavelhoral in #120
• Extract attributes from notification body (#121). by @karelmaxa in #122
• [CVE-2021-35464] Remove version-related components. by @karelmaxa in #123
• [CVE-2021-4201] Perform security check during getting sessions count. by @karelmaxa in #124
• [CVE-2018-0696] Perform authorization during KBA questions change. by @karelmaxa in #125
• [CVE-2017-14394] [CVE-2017-14395] Fix validation of OAuth2 redirect URI. by @karelmaxa in #126
• [CVE-2022-24670] Check privileges in JAX-RPC search methods. by @karelmaxa in #128
• [CVE-2021-37154] Escape SAML request inResponseTo attribute. by @karelmaxa in #130
• Fix redirect button on SAML2 IdP dashboard. by @karelmaxa in #129
• Fix Directory Server name. by @karelmaxa in #133
• [AM SA #201901-03] Cross Site Scripting by @karelmaxa in #132
• [AM SA #201801-01] Remove JWT bearer token grant type. by @karelmaxa in #131
• [AM SA #201801-03] Cross Site Scripting by @karelmaxa in #134
• Handle token validity maximum value. by @karelmaxa in #140
• Fix non-expiring sessions management. by @karelmaxa in #138
• Upgrade dependencies by @karelmaxa in #135
• Fix non expiring session management (#141) by @pavelhoral in #143
• Cap max session time to a safe value. by @pavelhoral in #144
• Remove useless error message when consent saving is disabled. by @karelmaxa in #145
• Fix WDSSO configuration errors by @fyrbach in #148
• Add OAuth2 revocation_endpoint to .well-known by @fyrbach in #149
• Add configuration audit logging (#33) by @fyrbach in #150
• Fix NPE caused by missing secret key alias by @fyrbach in #152
• Upgrade AsciidoctorJ dependency. by @karelmaxa in #155
• Upgrade Commons FileUpload dependency. by @karelmaxa in #154
• Upgrade xmlsec dependency. by @karelmaxa in #156
• [AM SA #201801-02] Configuration password stored in plain text by @karelmaxa in #137
• Upgrade wrensec-commons. Remove PowerMock dependency. by @karelmaxa in #157
• Fix ClassCastException in WDSSO & Cleanup by @fyrbach in #158
• Cleanup and upgrade dependencies to fix various CVEs by @pavelhoral in #159
• Upgrade json and groovy dependencies. by @karelmaxa in #160
• Upgrade Swagger UI to the newest version by @pavelhoral in #161

New Contributors

• @fyrbach made their first contribution in #49
• @karelmaxa made their first contribution in #52
• @minnoroth made their first contribution in #62

Full Changelog: forgerock/14.0.0-RC7...15.0.0