Kantega SSO Enterprise 5.5.x release notes

Owned by Elias Brattli Sørensen
Last updated: Feb 20, 2022
3 min read

We are pleased to announce Kantega SSO Enterprise 5.5.

Read the upgrade notes for important information about the updating to version 5 (and you are upgrading from 4.x), and see the full changelog below.

Compatible applications

Application

Compatible from version

Application

Compatible from version

Bamboo

7.0.1

Bitbucket

7.0.0

Confluence

7.4.0

Jira

8.8.0

Kantega SSO Enterprise for Bamboo Data Center March 2022

We are happy to announce that Kantega SSO Enterprise will be release for Bamboo Data Center this spring. The version is planned for release during March, when the Atlassian certification is completed. Data Center customers will be required to purchase a Data Center app license upon their next renewal.

Changelog

Security patches and bug fixes and GUI improvements.

Changes in 5.5.0

Jan 31, 2022

Improvements

  • SAML/OIDC The setup wizard has been refactored with more a new, faster form system and state management

  • Migrate usage of a deprecated SAL UserManager methods for obtaining UserProfile

  • More consistent with external link symbol for links pointing outside the product

Bug fixes

  • Saml/oidc Fix poor handling of Websudo / Secure Administration Session timeout Setup wizard

  • SAMl/oidc Instant redirect didn’t show text on dashboard page in Jira

  • KSSO for bitbucket Nullpointer exception introduced in 5.4.0 in referer header check in servlet filter chain for REST endpoints

 

Changes in 5.5.2

Feb 4, 2022

Improvements

  • global configuration Added a toggle so it is an option to turn off the CSRF Origin Header check that was introduced in built-in to version 5 of Kantega SSO Enterprise if your system encounters issues with headers. The feature acts like ‘Disable Basic Auth’, and can be disabled also by removing a file on the application server. It is recommended to keep this check turned on for security reasons.

  • SAML/OIDC Updated Bouncy Castle bcpkix dependency in SAML component

  • kerberos Updated Bouncy Castle bcprov dependency in Kerberos component

  • Deprecated javascript resource com.atlassian.auiplugin:dialog2 migrated to com.atlassian.auiplugin:aui-dialog2

Bug fixes

  • Saml/oidc Fixed redirect to Jira Service Management (JSM/JSD) not working

  • SAML/OIDC Fix metadata URL hint missing for Keycloak in IDP setup wizard

  • saml Innacurate / incorrect test result text in SAML login test results for Missing User Info status

Dependency updates

Dependency

Updated from version

Updated to version

Description

Dependency

Updated from version

Updated to version

Description

bouncycastle.bcprov

bouncycastle.bcprov-jdk15@140

 

org.bouncycastle.bcprov-jdk15to18@1.70

Dependency in Kerberos component of Kantega SSO Enterprise, org.simplericity.serberuhs. Our internal managed fork of serberuhs contains the new updates.

org.bouncycastle.bcpkix

bcpkix-jdk15on@1.59

org.bouncycastle.bcpkix-jdk15to18@1.70

Dependency in SAML component of Kantega SSO Enterprise

Security vulnerabilities patched

The dependency patching resolved the following vulnerabilities:

Vulnerabilities

Vulnerable dependency

Fix dependency

Vulnerabilities

Vulnerable dependency

Fix dependency

CVE-2013-1624

bouncycastle.bcprov-jdk15@140 in org.simplericity.serberuhs

org.bouncycastle.bcprov-jdk15to18@1.70

CVE-2020-26939,
CVE-2020-15522
CVE-2020-26939
CVE-2018-1000180,
CVE-2018-1000613

bcpkix-jdk15on@1.59

org.bouncycastle.bcpkix-jdk15to18@1.70

CWE-200

commons-codec:commons-codec@1.3 in org.simplericity:serberuhs

commons-codec:commons-codec@1.15

Changes in 5.5.3

Feb 16, 2022

Improvements

  • SAML/OIDC Rewrote and improved the User Lookup page with more powerful regex transformation test and improved UX

  • SAML/oidc Improve how progress is kept in setup wizard when navigating to previous steps

Bug fixes

  • Saml/oidc Setup wizard did no allow characters outside ISO-8859-1

  • Saml/oidc Could not abort automatic redirect on login page with esc button

  • saml/oidc Managed groups under Group Memberships had inconsistencies and didn’t work properly

  • saml Inconsistent login test result status regarding user not found

  • kerberos Incorrect summary on Kerberos test page when Kerberos is disabled but is still enabled for users in a certain user group or directory.

  • Update of config warning flag gave wrong link path to Configuration status from certain pages

Security vulnerabilities patched

Audit and update NPM packages and one maven dependency. The following vulnerabilities were patched:

Vulnerabilities

Dependency

Package

Vulnerabilities

Dependency

Package

CVE-2021-3807

ansi-regex:4.1.0

pkg:npm/ansi-regex@4.1.0

CVE-2020-28469
CWE-400

glob-parent:3.1.0

pkg:npm/glob-parent@3.1.0

CVE-2020-15168
CVE-2022-0235

node-fetch:2.6.1

pkg:npm/node-fetch@2.6.1

CVE-2022-0122
NPM-1006852
NPM-1006854

node-forge:0.10.0

pkg:npm/node-forge@0.10.0

CVE-2021-23382

postcss:7.0.39

pkg:npm/postcss@7.0.39

CVE-2019-12400
CVE-2021-40690

org.apache.santuario:xmlsec:2.0.10)

pkg:maven/org.apache.santuario/xmlsec@2.0.10

Changes in 5.5.4

Feb 20, 2022

Bug fixes

  • kerberos In this release, we temporary roll back Kerberos (back to bouncycastle.bcprov-jdk15@140 in org.simplericity.serberuhs) due to some compatibility issues with the library update performed in verison 5.5.2. We will investigate and troubleshoot the issues with the update before reintroducing it more stabilized in a later release.

  • saml Setup wizard summary step was stuck on ‘Loading…’ due to changes in 5.5.3

  • saml Metadata URL was not saved after SAML IDP setup due to changes in 5.5.3

  • saml/oidc Unchanged display name was not persisted in IDP setup draft due to changes in 5.5.3