OpenAM 16.0.5 Released

Download

What’s new

• Set explicit xmlsec dependency for openam-federation-library
• Updated JSTL to Jakarta 2.0.0 version
• Updated OpenDJ to 5.0.3
• Addressed critical security vulnerabilities:
  • CVE-2025-67735 - Netty CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder
  • CVE-2025-15284 - qs’s arrayLimit bypass in bracket notation that allows DoS via memory exhaustion
  • CVE-2025-13465 - Lodash Prototype Pollution vulnerability in _.unset and _.omit functions (versions 4.0.0 through 4.17.22)

Full changeset (more details)

Thanks for the contributions

1. Mike Lothian

2. David Ignjić

3. Valery Kharseko

4. Maxim Thomas