Versions Compared

Old Version 8

changes.mady.by.user Elias Brattli Sørensen

Saved on

compared with

New Version 9

changes.mady.by.user Elias Brattli Sørensen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Application

Compatible from version

Bamboo

7.0.1

Bitbucket

7.0.0

Confluence

7.4.0

Jira

8.8.0

Kantega SSO Enterprise for Bamboo Data Center

...

March 2022

We are happy to announce that Kantega SSO Enterprise will be release for Bamboo Data Center this spring. The version is planned for release during MayMarch, when the Atlassian certification is completed. Data Center customers will be required to purchase a Data Center app license upon their next renewal.

...

Vulnerabilities

Vulnerable dependency

Fix dependency

CVE-2013-1624

bouncycastle.bcprov-jdk15@140 in org.simplericity.serberuhs

org.bouncycastle.bcprov-jdk15to18@1.70

CVE-2020-26939,
CVE-2020-15522
CVE-2020-26939
CVE-2018-1000180,
CVE-2018-1000613

bcpkix-jdk15on@1.59

org.bouncycastle.bcpkix-jdk15to18@1.70

CWE-200

commons-codec:commons-codec@1.3 in org.simplericity:serberuhs

commons-codec:commons-codec@1.15

Changes in 5.5.3

Improvements

  • Status
    colourRed
    titleSAML/OIDC
    Rewrote and improved the User Lookup page with more powerful regex transformation test and improved UX

  • Status
    colourRed
    titleSAML/oidc
    Keep progress in setup wizard when navigating to previous steps

Bug fixes

  • Status
    colourRed
    titleSaml/oidc
    Setup wizard did no allow characters outside ISO-8859-1

  • Status
    colourRed
    titleSaml/oidc
    Could not abort automatic redirect on login page with esc button

  • Status
    colourRed
    titlesaml/oidc
    Managed groups under Group Memberships had inconsistencies and didn’t work properly

  • Status
    colourYellow
    titlesaml
    Inconsistent login test result status regarding user not found

  • Status
    colourBlue
    titlekerberos
    Incorrect summary on Kerberos test page when Kerberos is disabled but is still enabled for users in a certain user group or directory.

  • Update of config warning flag gave wrong link path to Configuration status from certain pages

Security patches

Audit and update NPM packages and one maven dependency. The following vulnerabilities were patched:

Vulnerabilities

Dependency

Package

CVE-2021-3807

ansi-regex:4.1.0

pkg:npm/ansi-regex@4.1.0

CVE-2020-28469
CWE-400

glob-parent:3.1.0

pkg:npm/glob-parent@3.1.0

CVE-2020-15168
CVE-2022-0235

node-fetch:2.6.1

pkg:npm/node-fetch@2.6.1

CVE-2022-0122
NPM-1006852
NPM-1006854

node-forge:0.10.0

pkg:npm/node-forge@0.10.0

CVE-2021-23382

postcss:7.0.39

pkg:npm/postcss@7.0.39

CVE-2019-12400
CVE-2021-40690

org.apache.santuario:xmlsec:2.0.10)

pkg:maven/org.apache.santuario/xmlsec@2.0.10