Zip archives loaded into the system are now checked against most common vulnerabilities.
Docker images now use OpenJDK
Bug fixes
Minor JavaScript issues have been fixed in Admin console
6.5.1
Improvements
Updated Java version in Docker images
Bug fixes
SAML may use default identity provider now
6.5.0
Improvements
Improved performance of the SDK initialization for Android
6.4.3
Bug fixes
For MS SQL database the ANSI_PADDING is now set to ON
6.4.2
Bug fixes
SAML Service Provider could not be disabled via admin console
SAML now correctly uses a KeyDescriptor with no specific 'use' attribute
6.4.1
Bug fixes
Configuration of an LDAP server for the Admin console should not be required
SAML Service Provider signature validation failed with a generated certificate
Enabling mobile authentication for a device which was previously disabled caused errors
Refresh Token abuse detection was triggered for clients that do not support this feature
6.4.0
Improvements
Change from HTTP-POST binding to HTTP-Redirect binding in SAML Authentication requests.
6.3.5
Bug fixes
Fixed removing all tokens when requesting to revoke only the fingerprint tokens via the End User Device API
Documentation should use the same scope names as shown in the Admin console
Repair failing database migration in MySQL
6.3.4
Improvements
Security improvements
6.3.3
Improvements
Security improvements
6.3.2
Bug fixes
Fix to make the scheme of the redirect URI fully compliant with RFC 3986
Correct documentation for header authentication
6.3.1
Bug fixes
Fixed triggering Mobile Authentication on a profile with multiple Custom Authenticators
Show validation errors in the form for Custom Authenticators
Fixed not being able to delete items from some overview pages in the Admin console
6.3.0
Improvements
Allow to delete a push messaging configuration that is in use.
Bug fixes
Fixed an issue that crashed the admin when visiting a read-only mobile app overview that contains a template set.
Fixed a serialization issue that printed Hibernate properties in the event details.
6.2.1
Bug fixes
Fixed resolving static resources
6.2.0
Features
Added Resource owner password credentials support for web clients validating the user password using the SAML PAOS binding
Improvements
Restructured the documentation to improve readability
Send the number of pending mobile authentication transactions as the app badge number in a push notification for iOS
Allow to disable issuing refresh tokens to mobile apps from the admin console
Allow to delete PIN policies
Added a client implementation for mobile authentication to the Token Server test client
Allow to delete template sets that are in use
Added a clone function to clone a mobile application version configuration
Bug fixes
Increased the column size of the user agent
Fixed not being able to save a form when using multiple browser tabs in the admin console
Clean up pending mobile authentication transactions if a user is deregistered
6.1.0
Features
Add support for multiple Custom Authenticators
Add endpoint to fetch pending mobile authentication transactions
Remove FIDO feature
Improvements
Add syntax validation when uploading Custom Authenticator scripts
Return device information when triggering mobile authentication
Show a message why an Application cannot be removed
Bug fixes
Fixed incorrect combinations of HTTP status codes and error messages in API calls
Only a warning about using the deprecated Token Validation Grant Type when applicable
Fixed the bug that required fields were disabled when adding an Identity Provider of type SAML or OAuth
6.0.0
Features
Custom Authenticators as a supported feature configurable in the Admin console
Introduced implicit authentication feature
Improvements
Resource gateway configurable as API client
Configure Extension Engine script configuration and connection properties via Admin console
Lists in Configuration Admin panel section have a logical alphabetic order
Different styling for buttons changing the state of the application in the Admin console
Simplify push mobile authentication fallback feature - allow to fallback to SMS or push with PIN using the base mobile authentication type configuration
Provide information on which method was used to initialize mobile authentication
Return a reason why mobile authentication failed on the fetch authentication result endpoint
Add filtering on Application instances in the Admin console
Distinguish between mobile authentication and push authentication
Improve the performance for sending APNS & FCM notifications
Improve displaying userAgent on Activity page in the Admin console
Events on why an error occurred with custom authenticators are more detailed
Use FCM instead of GCM for sending Android push notifications
Use APNs token based authentication for sending iOS push notifications, deprecate certificate authentication
Add support for an outgoing proxy for communication with APNS
Upgraded MariaDB Connector version
Upgrade to jQuery 3.x
Bug fixes
Display the scopes that the consent was given for in the event details
Prevent uploading too large file as template sets in the Admin console
User not logged out anymore after Custom Authenticator deregistration
Fixed broken app version config export
Fixed Side bar length not dynamically adjusted
Fixed displaying template set action options on a template set overwiew page
Fixed the link to the not existing intro Configuration page
Added validation for required defaultScopes field on Application configuration form in the Admin console
Fixed a bug that a second level navigation is hidden behind third level navigation in the Admin Console
Fixed handling Mobile Authentication with Custom Authenticator abuse (previously it was handled as a push with pin abuse)
Mention in the warning on Application form that clients that were using tampering protection would need to register again when development mode is switched to enabled