OpenAM 15.2.2 Released

Download

What’s New

• CVE-2025-8916 – Fixed unrestricted resource allocation (no throttling) vulnerability
• CVE-2025-9288 – Resolved missing type checks in ha.js that allowed hash reset via crafted data
• CVE-2025-26467 – Prevented privilege escalation in Apache Cassandra when user holds MODIFY permissions on all keyspaces
• CVE-2025-5889 – Patched Regular Expression DoS in brace-expansion library
• CVE-2024-38999 – Mitigated prototype pollution in requirejs v2.3.6
• CVE-2025-58056 – Fixed request smuggling in Netty due to improper chunk extension parsing
• CVE-2025-8662 – Addressed tampering attack that could corrupt internal cache and break SAML IdP functionality
• Resolved JavaDoc build failure in GitHub Actions workflows
• Upgraded dependency: bumped org.openidentityplatform.opendj to version 4.10.2

Full changeset: compare 15.2.1…15.2.2

Thanks for the contributions

1. Valery Kharseko
2. Maxim Thomas
3. tsujiguchitky