...
New setup wizard for SAML and OIDC identity providersStatus title SCIM
New identity provider overview pageStatus colour Purple title SAML/OIDC
Ability to only allow authentication from an OIDC identity provider when MFA is used for logging inStatus colour Purple title OIDC
Configuration status page for compatibility and upgradesStatus colour Green title Global
Improvements
Removed old onboarding, which was out of date with the rest of the appStatus colour Purple title SAML/OIDC Status colour Red title Kerberos Status colour Yellow title API Tokens
More powerful IP address restrictions for Kerberos, Username from Header and API tokens, now support Full IP addresses, CIDR, and stricter regex formats (start withStatus title Username from header ^
and ends with$
) to specify ranges of IP addresses
...
Bug Fixes
Users are removed from and immediately added to the same group againStatus colour Purple title SAML/OIDC
...
RV_ABSOLUTE_VALUE_OF_RANDOM_INT: RV: Bad attempt to compute absolute value of signed random integer in API Connector ID generator
DM_DEFAULT_ENCODING: String to byte or byte to string conversions using default platform encoding instead of consistent standard charset encoding
SECLDAPI - LDAP_INJECTION: Potential LDAP injection in user lookup due to missing sanitization of special LDAP characters
CRLF_INJECTION_LOGS: Potential CRLF Injection for logs: unsanitized user input put directly into logger
XSS_SERVLET: Potential XSS in Servlets that utilize printwriter
INSECURE_COOKIE: Cookie without HttpOnly or secure flag
UNSAFE_HASH_EQUALS: Unsafe hash equals in API Token validation. An attacker might be able to detect the value of the secret hash due to the exposure of comparison timing. When the functions
Arrays.equals()
orString.equals()
are called, they will exit earlier if fewer bytes are matchedUpdate io.jsonwebtoken jjwt libraries used for JWT validation in OpenID Connect to latest version 0.11.2
Increased CSRF protection: Origin header required in POST requests on Kantega SSO Enterprise pages
Changes in 5.0.1
Bugs
[SCIM]
Link to 'SCIM network requirements' is incorrect in step 'Network preparation in SCIM setup.Status title SCIM [
]Status title API Connector
Link to 'Setup provider' in API Connector is incorrect.[
]Status colour Purple title SAML/OIDC
Links to Identity Provider in will not render in JSM portal[
]Status colour Purple title SAML/OIDC
Links to Identity Provider on Jira baseUrl (which is redirected to /secure/MyJiraHome.jspa) will not render[Update of config]
Regular expressions in IP restrictions on Kerberos, Username from header and API Tokens are not translated to new format upon update of configStatus colour Green title Update COnfig
...