OpenAM 14.6.3 Released
What’s new
Improvements
- OpenID Connect checkSession endpoint
- Updating base docker image to latest 8.5.x tomcat
- Apache Cassandra user datastore improvements
- Apache Cassandra token datastore improvements
- Add same site cookie settings
- Make possible auth chain manipulation at a runtime
- Add QR auth module XUI template
- Significant performance improvements
Fixes
- Apache Cassandra user datastore: fix escape materialized view name
- Apache Cassandrda: fix error with index (replace “-“ -> “_”)
- fix guice module CoreTokenServiceGuiceModule errors
- CVE-2021-29156 ForgeRock OpenAM allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval
Thanks for the contributions
3. bagnos