OpenICF 2.0.3 Released

Download

What’s new

• Addressed critical security vulnerabilities:
  • CVE-2025-67030 - Plexus-Utils Directory Traversal vulnerability in extractFile method
  • CVE-2026-0636 - Bouncy Castle LDAP injection
  • CVE-2024-7254 - Unbounded recursion when parsing deeply nested SGROUP tags causes stack overflow DoS
• Replace Nashorn with Rhino as JavaScript engine fallback
• Update OpenDJ dependency to version 5.1.1

Full changeset (more details)

Thanks for the contributions

1. Valery Kharseko
2. Maxim Thomas