Versions Compared

Old Version 6

changes.mady.by.user Steinar Line

Saved on

compared with

New Version Current

changes.mady.by.user Elias Brattli Sørensen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

See the latest changes in version 5.10.05.

Compatible applications

Application

Compatible from version

Bamboo

7.1.0 Server, 8.0.0 Data Center

Bitbucket

7.5.0

Confluence

7.4.0

Jira

8.11.0

...

  • Status
    titleGlobal
    New function to copy users and their group and group memberships between user directories. This function is powerful, and can copy users even if a directory is inactive. This way the users can be copied first, and then when ready, the new user directory can be promoted with all the users ready to go.
    This can be used in many migration situations where you need users and their group memberships to be avaliable in another user directory than earlier. For instance it can be used when phasing out using active directory and introducing Just-in-time provisioning to internal directory, or when phasing out just-in-time provisioning and introducing cloud user synchronization from SCIM.

Changes in 5.10.1

15:00 CET

Bug fixes in OIDC & SAML test page and timing issue in WebServer Test.

Bug fixes

  • Status
    colourRed
    titleOIDC/SAML
    Bug fixes and stability on OIDC and SAML test pages. Had inconsistencies when custom username attribute was selected or change, and bad error handling for when a custom username attribute was not found

  • Status
    colourYellow
    titlekerberos
    Fix timing issue for triggering the header size probe in the Web Server Test in Kerberos

Changes in 5.10.2

16:00 CET

Bugs fixes in SCIM, OIDC/SAML wizard and Username from header

Improvements

  • Status
    colourGreen
    titleSCim
    Made visual improvement to input fields and updated the SCIM setup wizard description for Azure AD

Bug fixes

  • Status
    colourRed
    titleOIDC/SAML
    Fix incorrect URL to Azure AD in setup wizard

  • Status
    colourGreen
    titleSCim
    Fix issue with duplicated group memberships crashing the scim sync. Now unique lists of group memberships lessens the failure ratio.

  • Status
    titleusername from header
    Fix JSM signup-email from http header not working as intended due to timing issues with loading of DOM elements

  • Changes in 5.10.2

    16:00 CET

    Bugs fixes in SCIM, OIDC/SAML wizard and Username from header

Changes in 5.10.3

14:00 CET

Security Patch: stored XSS on group names and update npm library

Security patches

  • Status
    titleStored xss via group names
    Stored XSS in Kantega SSO Enterprise via Group names lead attacker to elevate a privileged user account to System admin. When script injection is stored in group names under User Management > Groups, a Select / dropdown component used on the
    Status
    colourRed
    titleoidc/saml
    “Group Memberships” page,
    Status
    colourGreen
    titlecommon
    “Disable traditional username/password login” page and
    Status
    colourBlue
    titlekerberos
    “Disable Kerberos for some users ” page was susceptible to stored XSS. The vulnerability is considered of low severity, since the attacker already would need to have administrative access to the system.

    Thanks to Bug Bounty researcher UpdateLap for discovering this vulnerability.

  • Patch CVE-2022-25858 found in the webpack terser plugin

Changes in 5.10.4

11:30 CET

Bugfix backup of config in Windows and other improvements

Bug fixes

  • Status
    titleBackup & restore
    A change introduced in version 5.7 of Kantega SSO Enterprise made a subtle change to file handling, which broke the creation of a backup of config file on Windows servers, because of a file lock that occured only in Windows, and passed by undiscovered in Unix-based QA.

Improvements

  • Status
    colourRed
    titlesupport debug information
    The Debug info text in the Support tab now contains information from the latest OIDC/SAML test logins, and such gives a more complete image of the instance without having to send several fragments from test pages in addition to the global Debug info text.

  • Status
    colourYellow
    titleapi tokens
    Fix debug log statement which had an inverted reasoning for blocking a request

Changes in 5.10.5

16:00 CET

Improvements to fallback redirect and default parameters

Improvements

  • Status
    colourRed
    titleAzure ad OIDC
    Setting up Azure AD with OIDC will now have populated default parameters for name and email .

  • Status
    colourYellow
    titlesaml/oidc
    Added login_hint to the redirect when FALLBACK is chosen as redirect mode.