Fixes
The following important issues were fixed in this release:
-
OPENIG-4956: Inbound WebSocket connection is not closed when outbound connection is closed abruptly
-
OPENIG-5425: JwkSetHandler: No error displayed when using an invalid configuration such as a public key exported -as jwk- for decryption usage
-
OPENIG-5539: The ForwardedRequestFilter should not change original URI parameter values when rebasing
-
OPENIG-5540: PEM secret format fails to decode some EC private keys
-
OPENIG-5610: Null Pointer Exception when using ForwardedRequestFilter with ResourceHandler
-
OPENIG-5683: HTTP/2 : set max connections
-
OPENIG-5725: Add SNI configuration
-
OPENIG-5743: Standalone: Possible OOME for large requests
-
OPENIG-5778: sessionInfo requests can lead to a build up of agent tokens being created
-
OPENIG-5793: Unexpected behaviour of EL function matches
-
OPENIG-5805: The notification service should attempt to refresh the caller token when receiving a 401 on WebSocket connections
-
OPENIG-5868: WebSocketClientHandshakeException: Invalid subprotocol seen when using IG standalone to proxy WebSocket requests
-
OPENIG-5872: Stop Tyrus WebSocket connection retry when Websocket Client is closed
-
OPENIG-6206: When checking for peer certificates in a request, validate that the SSLSession is available
-
OPENIG-6394: Stack traces are printed twice in the log files
Security advisories
ForgeRock issues security advisories in collaboration with our customers and the open source community to address any security vulnerabilities transparently and rapidly.
ForgeRock’s security advisory policy governs the process on how security issues are submitted, received, and evaluated as well as the timeline for the issuance of security advisories and patches.
For details of all the security advisories across ForgeRock products, see Security Advisories in the Knowledge Base library.