OpenAM 16.0.3 Released

Download

What’s new

• Update target JDK to 11 and move to JakartaEE 9
• Add support LTS JDK 25
• Update base docker image Java version to 25 LTS
• Fix OAuth2 issues: Restore ‘none’ token endpoint auth method. Do not add default openid scope if non-empty
• Update OpenDJ to 5.0.1
• Addressed critical security vulnerabilities:
  • CVE-2023-45133: Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
  • CVE-2024-53382: PrismJS DOM Clobbering vulnerability (update swagger-ui)
  • CVE-2025-64099: Using arbitrary OIDC requested claims values in id_token and user_info is allowed

Full changeset (more details)

Thanks for the contributions

1. maximthomas

2. vharseko