OpenIDM 7.1.0 Released

Download

What’s new

• Addressed critical security vulnerabilities:
  • CVE-2026-1605 - Eclipse Jetty Gzip request memory leak when response is not compressed
  • CVE-2026-33227 - Apache ActiveMQ classpath path traversal via Stomp consumer and Web console
  • CVE-2026-39304 - Apache ActiveMQ Denial of Service via Out of Memory through TLSv1.3 handshake KeyUpdates
  • CVE-2026-27903, CVE-2026-27904, CVE-2026-26996 - UI: updated grunt to 1.6.2 to address multiple vulnerabilities
  • CVE-2018-1294 - Apache Commons Email header injection via bounce address
  • CVE-2026-42198 - pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS
• Make REST context path configurable via openidm.context.path system property
• Add onQueryResult script hook to filter managed object query results
• Upgrade OrientDB from 2.1.25 to 3.2.51
• Fix SCR deadlock in SecurityManager by making repoService a dynamic reference
• Fix Property mapping /authzRoles transformation script exception
• Fix Felix Web Console PreferencesConfigurationPrinter not enabled
• Update OpenICF dependency to version 2.0.3

Full changeset (more details)

Thanks for the contributions

1. Valery Kharseko
2. Maxim Thomas
3. 20107589 Vincent Liefooghe