OpenAM 16.0.4 Released

Download

What’s new

• Updated ESAPI to version 2.7.0.0 with Jakarta classifier for improved security and compatibility
• Fixed Fedlet blank index page issue to restore proper functionality
• Updated OpenDJ dependency to version 5.0.2 for enhanced directory services
• Addressed critical security vulnerabilities:
  • CVE-2025-66453 Resolved Rhino high CPU usage and potential DoS vulnerability
  • CVE-2025-12183 LZ4 Java Compression has Out-of-bounds memory operations which can cause DoS
  • CVE-2025-66566 yawkat LZ4 Java has a possible information leak in Java safe decompressor

Full changeset (more details)

Thanks for the contributions

1. vharseko

2. maximthomas