Versions Compared

Old Version 9

changes.mady.by.user Elias Brattli Sørensen

Saved on

compared with

New Version Current

changes.mady.by.user Elias Brattli Sørensen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Dependency

Updated from version

Updated to version

Description

bouncycastle.bcprov

bouncycastle.bcprov-jdk15@140

org.bouncycastle.bcprov-jdk15to18@1.70

Dependency in Kerberos component of Kantega SSO Enterprise, org.simplericity.serberuhs. Our internal managed fork of serberuhs contains the new updates.

org.bouncycastle.bcpkix

bcpkix-jdk15on@1.59

org.bouncycastle.bcpkix-jdk15to18@1.70

Dependency in SAML component of Kantega SSO Enterprise

Security vulnerabilities

...

patched

The dependency patching resolved the following vulnerabilities:

...

  • Status
    colourRed
    titleSAML/OIDC
    Rewrote and improved the User Lookup page with more powerful regex transformation test and improved UX

  • Status
    colourRed
    titleSAML/oidc
    Keep Improve how progress is kept in setup wizard when navigating to previous steps

...

  • Status
    colourRed
    titleSaml/oidc
    Setup wizard did no allow characters outside ISO-8859-1

  • Status
    colourRed
    titleSaml/oidc
    Could not abort automatic redirect on login page with esc button

  • Status
    colourRed
    titlesaml/oidc
    Managed groups under Group Memberships had inconsistencies and didn’t work properly

  • Status
    colourYellow
    titlesaml
    Inconsistent login test result status regarding user not found

  • Status
    colourBlue
    titlekerberos
    Incorrect summary on Kerberos test page when Kerberos is disabled but is still enabled for users in a certain user group or directory.

  • Update of config warning flag gave wrong link path to Configuration status from certain pages

Security

...

vulnerabilities patched

Audit and update NPM packages and one maven dependency. The following vulnerabilities were patched:

Vulnerabilities

Dependency

Package

CVE-2021-3807

ansi-regex:4.1.0

pkg:npm/ansi-regex@4.1.0

CVE-2020-28469
CWE-400

glob-parent:3.1.0

pkg:npm/glob-parent@3.1.0

CVE-2020-15168
CVE-2022-0235

node-fetch:2.6.1

pkg:npm/node-fetch@2.6.1

CVE-2022-0122
NPM-1006852
NPM-1006854

node-forge:0.10.0

pkg:npm/node-forge@0.10.0

CVE-2021-23382

postcss:7.0.39

pkg:npm/postcss@7.0.39

CVE-2019-12400
CVE-2021-40690

org.apache.santuario:xmlsec:2.0.10)

pkg:maven/org.apache.santuario/xmlsec@2.0.10

Changes in 5.5.4

Bug fixes

  • Status
    colourBlue
    titlekerberos
    In this release, we temporary roll back Kerberos (back to bouncycastle.bcprov-jdk15@140 in org.simplericity.serberuhs) due to some compatibility issues with the library update performed in verison 5.5.2. We will investigate and troubleshoot the issues with the update before reintroducing it more stabilized in a later release.

  • Status
    colourRed
    titlesaml
    Setup wizard summary step was stuck on ‘Loading…’ due to changes in 5.5.3

  • Status
    colourRed
    titlesaml
    Metadata URL was not saved after SAML IDP setup due to changes in 5.5.3

  • Status
    colourRed
    titlesaml/oidc
    Unchanged display name was not persisted in IDP setup draft due to changes in 5.5.3