Release notes 4.04
4.04.17
Improvements
4.04.16
Improvements
4.04.15
Bug fixes
- Fixed building redirect uri when only the
X-Forwarded-Proto
header is set in the request
4.04.14
Bug fixes
- Fixed SAML response validation for SSO responses
4.04.13
Bug fixes
- Fixed persisting redirect bugs for specific scenarios
4.04.12
Bug fixes
- Removed duplicated context root in request url for some scenarios
4.04.11
Bug fixes
- Removed double context path in redirects for some scenarios
4.04.10
Bug fixes
- UTF-8 BOM stripped from template files to prevent database storage issues.
- Correct client id set for client credential events.
- PGP invalid signature length error resolved.
- Https to http redirect issues in IdP communication resolved.
- Only allow mobile authentication message data to be fetched once.
- Properly remove all data related to an application for a user when using the application end user api.
4.04.09
Improvements
- Added preemptive authentication support for the external REST services proxy configuration
4.04.08
Improvements
- Switched to Docker Compose variables for configuration instead of ETCD properties.
- Added proxy support for GCM.
Bug fixes
- Remove FIDO user authenticators on delete consent.
- Invalid attempts during SMS abuse now properly stored in cache.
- FIDO deregistration now only deregisters one authenticator instead of all of them.
4.04.07
Bug fixes
- Improved FIDO error handling.
4.04.06
Bug fixes
- Unique constraint issue with multiple IdP attribute mappings on Oracle and MSSQL.
- Display max resend value for Mobile authentication via SMS in read only view.
4.04.05
Bug fixes
- Use of semicolon as user dns separator instead of space.
- Mobile authentication via SMS exception in stateless cluster setup.
4.04.04
Improvements
- Dummy user IdP shows a page to provide a userId if no userId was provided as request parameter.
Bug fixes
- Mobile authentication transaction marked as unanswered when result fetched before callback is answered in stateless cluster setup.
- Acknowledged mobile authentication transactions resend in stateless cluster setup.
4.04.03
Improvements
- Integrated custom implementation of two way OTP authentication into core code base, transparent change.
4.04.02
Bug fixes
- Send the callback after a mobile authentication answer asynchronous.
- Make REST communication with other services stateless.
- Don't fully rely on FIDO server to validate registration during authentication.
- Validate the user identifier not empty in SAML response.
- Mobile authentication disabled when device disconnection via Token end user api.
4.04.01
Bug fixes
- Users with operator role not able to download app config and template set exports.
- Unable to find user details when clicking on user id in events overview for case sensitive user identifiers.
- Performance improvements user search admin console.
- DB Connection TTL not configurable causing issues with databases behind firewalls.
4.04.00
Features
- Allow fallback on PIN for mobile authentication via FIDO.
- More detailed events for FIDO success and failure responses.
- SSL/TLS ciphers are made configurable.
Bug fixes
- Mobile authentication via FIDO fixes.
- Add check for duplicate name for Mobile authentication types.
- No longer allow to send a mobile authentication answer multiple times until callback is handled by portal.
- Potential concurrent modification exception during push resend for iOS.