OpenAM 14.6.3 Released

Download

What’s new

Improvements

• OpenID Connect checkSession endpoint
• Updating base docker image to latest 8.5.x tomcat
• Apache Cassandra user datastore improvements
• Apache Cassandra token datastore improvements
• Add same site cookie settings
• Make possible auth chain manipulation at a runtime
• Add QR auth module XUI template
• Significant performance improvements

Fixes

• Apache Cassandra user datastore: fix escape materialized view name
• Apache Cassandrda: fix error with index (replace “-“ -> “_”)
• fix guice module CoreTokenServiceGuiceModule errors
• CVE-2021-29156 ForgeRock OpenAM allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval

All changes

Thanks for the contributions

1. Luca Leonardo Scorcia

2. Aaron Hagopian

3. bagnos