In general, the latest version of Kantega SSO Enterprise is compatible with the oldest version that has not been ended of life. See Atlassian’s End-of-life (EOL) policy to get an overview of versions and EOL dates.
Application
Compatible from Server version
Compatible from Data Center version
Bamboo
7.2.1
8.0.1
Bitbucket
7.6.0
7.6.0
Confluence
7.10.0
7.10.0
Jira
8.14.0
8.14.0
Changelog
Excerpt
Changes in 6.6.
0 10
3
11:30 CET
Just-in-time into AD, improve performance user lookup , and other improvements
Improvement to redirect rules: you can now choose to redirect the users that DO NOT have a certain group membership, as opposed to only redirect users with the group membership
Status
colour
PurpleRed
title
Prevent Traditional Login
Notify admin user if username/password was used to log into K-SSO admin and he is about to lock himself out with this user
saml
Status
colour
GreenYellow
title
Kerberos
Improved user lookup to reduce the number of username searches during login
Improvments
oidc
Fix a wider clickable area for the selects in Just-in-time provisioning
Added a switch to show or hide the SAML certificate expired warning flag
Status
colour
Red
title
SAMLsaml
Status
colour
Yellow
title
OIDC
Allow username to be sent as login_hint to IdPs when redirect mode is set to FallbackRemove cancel link during instant redirect. As before you may add ?noredirect in URL to stop instant redirect.
oidc
AUDIT log the identity provider’s name and ID for the logged in user in a successful login event
Bug fixes
Status
colour
Red
title
SAMLsaml
Status
colour
Yellow
title
OIDCoidc
The redirect mode was missing from the Identity Provider overview page
Status
colour
GreenPurple
title
Kerberos
Fix behaviour on Force login when using up instant redirect to IdP in combination with Kerberos login
Changes in 6.6.1
17:30 CET
Bug fixes
Bug fix for User Cleanup config ui
user cleanup
The last logged in attribute on users came as null for certain confluence users on the users API, leading to a match on users that were in fact not inactive.
Security
Status
colour
Green
title
kerberos
Tag RC4-HMAC encryption as deprecated in Kerberos setup wizard
Patch CVE-2022-25927 in transitive dependency to an npm json library. We are still awaiting a released patch for CVE-2022-25927 in the maven package org.json/json, but since we do not use the affected component this is not critical.
Changes in 6.6.2
12:00 CET
Bug fixes, cache improvements and dependency updates
Improvements
Status
colour
Red
title
saml
Status
colour
Yellow
title
oidc
Disable browser history on client secret input field in setup wizard. This way the browser doesn’t save the values to it can auto-suggest them later.
Status
colour
Blue
title
prevent traditional login
Improve caching in lookup of resources used in every-request filters when Exception groups for Prevent Traditional Login is configured
Status
colour
Yellow
title
google api connector
Update in-app setup guide for Google Workspace API Connector (Cloud user sync)
Bug fixes
Status
colour
Yellow
title
google api connector
Fix improper pagination support in the group sync membership API which meant that only the group members in the last “page” were persisted. This likely affects all groups with more that 200 members.
Status
colour
Red
title
saml
The certificate expired warning leads to a broken URL.
Security
Added Software Bill of Materials for frontend resources. It can be found packaged with the jar bundle, under SBOM, acting as a bill for the packages javascript resources bundled with the app. The maven SBOM can be found in the release notes text in the given release in the Marketplace listing.
Patch dependencies. Update maven-dependency-check plugin to 8.0.1.
Just-in-time into AD, improve performance user lookup , and other improvements
Features
Status
colour
Red
title
samlSAML
Status
colour
Yellow
title
oidc
Improvement to redirect rules: you can now choose to redirect the users that DO NOT have a certain group membership, as opposed to only redirect users with the group membership
OIDC
Just-in-time provisioning can create users in Active Directory
AUDIT log the identity provider’s name and ID for the logged in user in a successful login event
OIDC
Allow username to be sent as login_hint to IdPs when redirect mode is set to Fallback
Remove cancel link during instant redirect. As before you may add ?noredirect in URL to stop instant redirect.
Bug fixes
Status
colour
Red
title
samlSAML
Status
colour
Yellow
title
oidc
The redirect mode was missing from the Identity Provider overview page
OIDC
Status
colour
PurpleGreen
title
user cleanup
The last logged in attribute on users came as null for certain confluence users on the users API, leading to a match on users that were in fact not inactive.
Security
Status
colour
Green
title
kerberos
Tag RC4-HMAC encryption as deprecated in Kerberos setup wizard
Patch CVE-2022-25927 in transitive dependency to an npm json library. We are still awaiting a released patch for CVE-2022-25927 in the maven package org.json/json, but since we do not use the affected component this is not critical.
Kerberos
Fix behaviour on Force login when using up instant redirect to IdP in combination with Kerberos login