We are pleased to announce Kantega SSO Enterprise 5.10.
We recommend as always to take a backup before performing updates, especially for major and minor versions.
Read the update notes for important information about the updating to major version 5 from 4.x or earlier, and see the full changelog below.
See the latest changes in version 5.10.3
Compatible applications
Application | Compatible from version |
---|---|
Bamboo | 7.1.0 Server, 8.0.0 Data Center |
Bitbucket | 7.5.0 |
Confluence | 7.4.0 |
Jira | 8.11.0 |
Changelog
Changes in 5.10.0
13:30 CET
Beta feature: Copy users from one user directory to another
Features
GLOBAL New function to copy users and their group and group memberships between user directories. This function is powerful, and can copy users even if a directory is inactive. This way the users can be copied first, and then when ready, the new user directory can be promoted with all the users ready to go.
This can be used in many migration situations where you need users and their group memberships to be avaliable in another user directory than earlier. For instance it can be used when phasing out using active directory and introducing Just-in-time provisioning to internal directory, or when phasing out just-in-time provisioning and introducing cloud user synchronization from SCIM.
Changes in 5.10.1
15:00 CET
Bug fixes in OIDC & SAML test page and timing issue in WebServer Test.
Bug fixes
OIDC/SAML Bug fixes and stability on OIDC and SAML test pages. Had inconsistencies when custom username attribute was selected or change, and bad error handling for when a custom username attribute was not found
KERBEROS Fix timing issue for triggering the header size probe in the Web Server Test in Kerberos
Changes in 5.10.2
16:00 CET
Bugs fixes in SCIM, OIDC/SAML wizard and Username from header
Improvements
SCIM Made visual improvement to input fields and updated the SCIM setup wizard description for Azure AD
Bug fixes
OIDC/SAML Fix incorrect URL to Azure AD in setup wizard
SCIM Fix issue with duplicated group memberships crashing the scim sync. Now unique lists of group memberships lessens the failure ratio.
USERNAME FROM HEADER Fix JSM signup-email from http header not working as intended due to timing issues with loading of DOM elements
Changes in 5.10.2
16:00 CET
Bugs fixes in SCIM, OIDC/SAML wizard and Username from header
Changes in 5.10.3
14:00 CET
Security Patch: stored XSS on group names and update npm library
Security patches
STORED XSS VIA GROUP NAMES Stored XSS in Kantega SSO Enterprise via Group names lead attacker to elevate a privileged user account to System admin. When script injection is stored in group names under User Management > Groups, a Select / dropdown component used on the OIDC/SAML “Group Memberships” page, COMMON “Disable traditional username/password login” page and KERBEROS “Disable Kerberos for some users ” page was susceptible to stored XSS. The vulnerability is considered of low severity, since the attacker already would need to have administrative access to the system.
Thanks to Bug Bounty researcher UpdateLap for discovering this vulnerability.Patch CVE-2022-25858 found in the webpack terser plugin