We are pleased to announce Kantega SSO Enterprise 5.1.
Read the upgrade notes for important information about the updating to version 5 (and you are upgrading from 4.x), and see the full changelog below.
Read the upgrade notes for important information about the updating to version 5 (and you are upgrading from 4.x), and see the full changelog below.
Application | Compatible from version |
---|---|
Bamboo | 7.0.1 |
Bitbucket | 6.8.0 |
Confluence | 7.1.0 |
Jira | 8.6.0 |
After the large fundamental changes in 5.0, we are now stabilizing and improving the product, while still adding new functionality.
Support reauthentication with SAML or OIDC SSO when Websudo / Secure Administrative Sessions is activated
Visual changes in IP lists and remove incorrect error message
Fix typo in setup wizard
Fixed incorrect error message in “Run test”
Moved “Usage Counter” from Kerberos tab to Common tab
IDP Draft name was added to redirect rule text of other IDP
Fix performance issue with unnecessary database queries to AO_xx_RESTRICT_APIENDPOINT on REST API filter
Improved more responsive user experience, fix issues with input fields not rendering properly.
Fixed XML encoding bug that didn’t accept emoji characters in cloud synchronization API Connectors
DM_DEFAULT_ENCODING: String to byte or byte to string conversions using default platform encoding instead of consistent standard charset encoding
UI_INHERITANCE_UNSAFE_GETRESOURCE: Calling this.getClass().getResource(...)
could give results other than expected if this class is extended by a class in another package.
XXE_DOCUMENT: XML parsing vulnerable to XML External Entities (XXE) when DocumentBuilder supports XML entities while processing XML received from an untrusted source.
OS_OPEN_STREAM_EXCEPTION_PATH: OS: Method may fail to close stream on exception
Consolidated logging by replacing all remaining direct references to the provided dependency of Log4j 1.2.17 with the facade Slf4j. Older versions of Kantega SSO are not affected by CVE-2021-44228, but this release mitigates risk of other vulnerabilities. Read more about the log4j vulnerability here: About the Log4j vulnerability CVE-2021-44228.