...
Fixed XML encoding bug that didn’t accept emoji characters in cloud synchronization API ConnectorsStatus colour Yellow title CLOUD USER sync
Security
...
patches
DM_DEFAULT_ENCODING: String to byte or byte to string conversions using default platform encoding instead of consistent standard charset encoding
UI_INHERITANCE_UNSAFE_GETRESOURCE: Calling this.getClass().getResource(...)
could give results other than expected if this class is extended by a class in another package.
XXE_DOCUMENT: XML parsing vulnerable to XML External Entities (XXE) when DocumentBuilder supports XML entities while processing XML received from an untrusted source.
OS_OPEN_STREAM_EXCEPTION_PATH: OS: Method may fail to close stream on exception
Changes in 5.1.2
...
Security patches
Consolidated logging by replacing all remaining direct references to the provided dependency of Log4j 1.2.17 with the facade Slf4j. Older versions of Kantega SSO are not affected by CVE-2021-44228, but this release mitigates risk of other vulnerabilities. Read more about the log4j vulnerability here: About the Log4j vulnerability CVE-2021-44228.