...
Application | Compatible from version |
---|---|
Bamboo | 7.0.1 |
Bitbucket | 7.0.0 |
Confluence | 7.4.0 |
Jira | 8.8.0 |
Kantega SSO Enterprise for Bamboo Data Center
...
March 2022
We are happy to announce that Kantega SSO Enterprise will be release for Bamboo Data Center this spring. The version is planned for release during MayMarch, when the Atlassian certification is completed. Data Center customers will be required to purchase a Data Center app license upon their next renewal.
...
Vulnerabilities | Vulnerable dependency | Fix dependency |
---|---|---|
CVE-2013-1624 | bouncycastle.bcprov-jdk15@140 in org.simplericity.serberuhs | org.bouncycastle.bcprov-jdk15to18@1.70 |
CVE-2020-26939, | bcpkix-jdk15on@1.59 | org.bouncycastle.bcpkix-jdk15to18@1.70 |
CWE-200 | commons-codec:commons-codec@1.3 in org.simplericity:serberuhs | commons-codec:commons-codec@1.15 |
Changes in 5.5.3
Improvements
Rewrote and improved the User Lookup page with more powerful regex transformation test and improved UXStatus colour Red title SAML/OIDC
Keep progress in setup wizard when navigating to previous stepsStatus colour Red title SAML/oidc
Bug fixes
Setup wizard did no allow characters outside ISO-8859-1Status colour Red title Saml/oidc
Could not abort automatic redirect on login page with esc buttonStatus colour Red title Saml/oidc
Managed groups under Group Memberships had inconsistencies and didn’t work properlyStatus colour Red title saml/oidc
Inconsistent login test result status regarding user not foundStatus colour Yellow title saml
Incorrect summary on Kerberos test page when Kerberos is disabled but is still enabled for users in a certain user group or directory.Status colour Blue title kerberos Update of config warning flag gave wrong link path to Configuration status from certain pages
Security patches
Audit and update NPM packages and one maven dependency. The following vulnerabilities were patched:
Vulnerabilities | Dependency | Package |
---|---|---|
CVE-2021-3807 | ansi-regex:4.1.0 | |
CVE-2020-28469 | glob-parent:3.1.0 | |
CVE-2020-15168 | node-fetch:2.6.1 | |
CVE-2022-0122 | node-forge:0.10.0 | |
CVE-2021-23382 | postcss:7.0.39 | |
CVE-2019-12400 | org.apache.santuario:xmlsec:2.0.10) |