Fixes

Fixes in IG 7.0.2

The following important issues were fixed in this release:

  • OPENIG-5084: WebSocket connections are not being proxied when baseURI scheme is wss

  • OPENIG-5219: Vert.x HTTP Client does not replicate current CHF behaviour when request fails and headers have been received

  • OPENIG-5258: IG Standalone must populate the originalUri.port from Host header

Fixes in IG 7.0.1

The following important issues were fixed in this release:

  • OPENIG-4034: AuditService does not delete old files when maxDiskSpaceToUse is reached

  • OPENIG-4900: AMService cannot connect to AM via TLS with Standalone

Fixes in IG 7.0.0

The following important issues were fixed in this release:

  • OPENIG-3221: OpenIG is decoding special character ' while sending to the backend which is causing issues

  • OPENIG-3275: SamlFederationHandler Doesn't Support Filtering

  • OPENIG-3296: UserProfileFilter and usernames with colons

  • OPENIG-3403: ContentTypeHeader quoted directives should be maintained

  • OPENIG-3488: IG fails to stop when started with a config.json with invalid json syntax.

  • OPENIG-3492: Request and response logged in different files when capture:all and global captureDecorator are in config.json

  • OPENIG-3659: SSOFilter logoutEndpoint does not take query parameters into consideration

  • OPENIG-3755: IG's decodeBase64 function returns null on JWTs generated by IG or AM

  • OPENIG-3783: ClassCastException in scriptable access token resolver occurs when invalid token is returned by delegated access token resolver

  • OPENIG-3819: WebSocket requests should be built using the raw query parameters

  • OPENIG-3837: WebSocketAdapter#writeBuffersIfStreamIsReady should check if stream is ready before calling flush

  • OPENIG-4037: Global decorators declared in a route cannot refer to decorators declared in the same route

  • OPENIG-4168: CacheAccessTokenResolver : missing requests to amService (not available in capture)

  • OPENIG-4190: A WebSocket Origin header is missing the scheme from the URL

Security Advisories

ForgeRock issues security advisories in collaboration with our customers and the open source community to address any security vulnerabilities transparently and rapidly. ForgeRock's security advisory policy governs the process on how security issues are submitted, received, and evaluated as well as the timeline for the issuance of security advisories and patches.

For details of all the security advisories across ForgeRock products, see Security Advisories in the Knowledge Base library.

Read a different version of :