Fixes

Fixes in IG 7.1.1

  • OPENIG-4956: Inbound WebSocket connection is not closed when outbound connection is closed abruptly

  • OPENIG-5539: The ForwardedRequestFilter should not change original URI parameter values when rebasing

  • OPENIG-5540: PEM secret format fails to decode some EC private keys

  • OPENIG-5610: Null Pointer Exception when using ForwardedRequestFilter with ResourceHandler

  • OPENIG-5683: HTTP/2 : set max connections

  • OPENIG-5743: Standalone: Possible OOME for large requests

  • OPENIG-5778: sessionInfo requests can lead to a build up of agent tokens being created

  • OPENIG-5805: The notification service should attempt to refresh the caller token when receiving a 401 on WebSocket connections

  • OPENIG-5868: WebSocketClientHandshakeException: Invalid subprotocol seen when using IG standalone to proxy WebSocket requests

Fixes in IG 7.1

  • OPENIG-4034: AuditService does not delete old files when maxDiskSpaceToUse is reached

  • OPENIG-4900: AMService cannot connect to AM via TLS with Standalone

  • OPENIG-5084: WebSocket connections are not being proxied when baseURI scheme is wss

  • OPENIG-5219: Vert.x HTTP Client does not replicate current CHF behaviour when request fails and headers have been received

  • OPENIG-5258: IG Standalone must populate the originalUri.port from Host header

  • OPENIG-5401: Retries on a ReverseProxyHandler not being triggered

Security Advisories

ForgeRock issues security advisories in collaboration with our customers and the open source community to address any security vulnerabilities transparently and rapidly.

ForgeRock’s security advisory policy governs the process on how security issues are submitted, received, and evaluated as well as the timeline for the issuance of security advisories and patches.

For details of all the security advisories across ForgeRock products, see Security Advisories in the Knowledge Base library.