REST API access now has allowlisted URLs that are exceptions from the blocked URLs.
We are pleased to announce Kantega SSO Enterprise 5.8.
We recommend as always to take a backup before performing the update.
Read the update notes for important information about the updating to version 5 (and you are upgrading from 4.x), and see the full changelog below.
We recommend as always to take a backup before performing the update.
Read the update notes for important information about the updating to version 5 (and you are upgrading from 4.x), and see the full changelog below.
See the latest changes in version 5.8.11 for all products, and 5.8.12 for a special Bamboo release. Versions 5.8.1-5.8.6 and 5.8.8-5.8.9 were skipped during the release process limitations in Atlassian Marketplace during development of the new bug fix.
Application | Compatible from version |
|---|---|
Bamboo | 7.0.1 |
Bitbucket | 7.0.0 |
Confluence | 7.4.0 |
Jira | 8.8.0 |
Feature: Allowlist exception to REST API access URLs, improvements and bugfixes
17:39 CET
5.8.0 was withdrawn due to nullpointer bug discovery for those who had RML cookie enabled. Fixed in 5.8.7. |
REST API access now has allowlisted URLs that are exceptions from the blocked URLs.
Validation in setup wizard is more consistent in-depth
Remember my login (RML) cookie didn’t work on instant redirect mode
Got incorrect error message when selecting other metadata format when Metadata URL isn’t saved
Null-handling bug when the initiation of OIDC fails, so the correct error message doesn’t show
11:00 CET
The fix for “Remember my login (RML) cookie didn’t work on instant redirect mode” in 5.8.0 gave nullpointer expeption.
[Skipped due to issues with automated release process]
Version 1 of API Tokens REST API was unintentionally removed in 5.7 of Kantega SSO Enterprise. This is now reintroduced, so an update from Kantega SSO Enterprise <= 5.6.2 will be compatible and the deprecated REST service will keep working.
The message shown to users when traditional login is disabled for all users “Username / password login is disabled by your administrator”, has been made customizable.
Bug fix in update of IP restriction configs and RC4 deprecation warning
Bug fix in update of IP restriction configs and RC4 deprecation warning
Added warning of deprecated cipher RC4, which will be unsupported in October
Bug fix in K-SSO for Bamboo redirect engine due to referer headers
Fixed an issue with the redirect engine, which grabbed a referer header and applied this as the os_destination instead of the query string. This caused the cross-click on a Bamboo plan from Bitbucket to lose the context of the Bamboo plan, and instead redirect back to the base URL after SSO.