Kantega SSO Enterprise 5.9.x release notes

We are pleased to announce Kantega SSO Enterprise 5.9.

We recommend as always to take a backup before performing updates, especially for major and minor versions.
Read the update notes for important information about the updating to major version 5 from 4.x or earlier, and see the full changelog below.

See the latest changes in version 5.9.1.

Compatible applications

Application	Compatible from version

Application	Compatible from version
Bamboo	7.1.0 Server, 8.0.0 Data Center
Bitbucket	7.5.0
Confluence	7.4.0
Jira	8.11.0

Changelog

Changes in 5.9.0

Jul 6, 2022 11:00 CET

Under-the-hood stabilization of security LDAP injection prevention

Improvements

Security Stabilized and cleaned up the security-related LDAP injection prevention that was introduced in 5.0.0 and patched in 5.0.2. Re-wrote the escaping logic which still had some known issues after the patch, and have now followed escaping rules according to RFCs https://www.rfc-editor.org/rfc/rfc4515.txt and http://www.ietf.org/rfc/rfc2253.txt.

Changes in 5.9.1

Jul 14, 2022 15:30 CET

Security update and OIDC+SAML bug fixes

Security patches

Security Update org.eclipse.jetty to patch CVE-2022-2047

Bug fixes

oidc Obfuscate client secret text that was visible upon inspect element on /idp-integration page.
saml IDP metadata URL wasn’t always properly persisted after setup wizard.