Java Policy Agents

Fixes

Fixes in are cumulative chronologically, by release date. An issue fixed in a maintenance release, such as Java Agent 5.9.2, is not included in a major release, such as Java Agent 5.10, if the major release was issued before the minor release.

Fixed in Java Agent 2023.11

No issues were fixed in this release.

Fixed in Java Agent 2023.9

  • AMAGENTS-5999: Cannot initialize logback when invoking classes in the agent SDK

  • AMAGENTS-5928: Remove META-INF/services/javax.servlet.ServletContainerInitializer from the distribution

  • AMAGENTS-5798: Oracle WebLogic admin console fails after patch upgrade

  • AMAGENTS-3798: The AM Conditional Login URL should check that the entry has a | in it

Fixed in Java Agent 2023.6

  • AMAGENTS-5797: java.lang.NullPointerException in org.forgerock.agents.util.UrlParamNormaliser

  • AMAGENTS-5685: JPA: Address bug in cache thawing

  • AMAGENTS-5654: JPA conditional login does not work in case when specific header should match any value

  • AMAGENTS-5600: JPA: Enabling pathinfo and using URL encoding raises exception

  • AMAGENTS-5236: JPA does not respect port/protocol overrides for Not Enforced Rules and Policy Evaluation

Fixed in Java Agent 2023.3

  • AMAGENTS-5550: Changing the log level at runtime stops logging altogether

  • AMAGENTS-5497: Avoid use of the "Agent Tree" for JPA login

  • AMAGENTS-5089: agentadmin --encrypt Agent_Id <password-file> throws error

  • AMAGENTS-4816: Do not invoke rest logout for some special cases

  • AMAGENTS-3912: Avoid displaying a huge stacktrace to the user when the bootstrap properties file cannot be opened

Fixes in Java Agent 5.10.2

  • AMAGENTS-5550: Changing the log level at runtime stops logging altogether

  • AMAGENTS-5497: Avoid use of the "Agent Tree" for JPA login

Fixes in Java Agent 5.10.1

  • AMAGENTS-5182: Log level should be WARN if agent-profile authN fails using service=Agent

  • AMAGENTS-5089: agentadmin --encrypt Agent_Id <password-file> throws error

  • AMAGENTS-4816: Agent does not invoke rest logout for special cases

Fixed in Java Agent 5.10

  • AMAGENTS-4677: Reimplement pre-authentication cookie signing

  • AMAGENTS-4667: Bug in i18n not-enforced pattern matching

  • AMAGENTS-4655: Align fragment handling cookie with Web Agent

Fixed in Java Agent 5.9.1

  • AMAGENTS-4667: Bug in i18n not-enforced pattern matching

  • AMAGENTS-4655: Align functionality with WPA with regards fragment handling cookie enhancement

Fixed in Java Agent 5.9

  • AMAGENTS-4427: Agent can’t cope with extended characters in the Agent realm

  • AMAGENTS-4424: Agent fails to specify OIDC client when extended characters are used in the Agent profile name

  • AMAGENTS-4423: Installer fails to write extended character profile name into bootstrap properties

  • AMAGENTS-4409: Address Agent session timeout problem when notifications are disabled

  • AMAGENTS-4336: Code around the AM agent token expired problem when getting the session info

  • AMAGENTS-4333: After upgrading to JEE Agent 5.7.0 (from Agent 3.5), agent behavior changes from catch AgentException to catch all Exception

  • AMAGENTS-4312: HTTP_HEADER fetch mode ignores everything but first value

  • AMAGENTS-4311: Redirect loop faced during session upgrade with AcceptSSOToken mode enabled.

  • AMAGENTS-4204: Fragments feature does not work with transaction policy

  • AMAGENTS-4196: When profile attribute is not found agent should continue authorization.

  • AMAGENTS-4177: Cookie Fetch attribute mode does extra request

  • AMAGENTS-4113: Reintroduce the original service resolver property

  • AMAGENTS-4077: Fix Port check regression and make it work in non sso-only mode.

Security advisories

ForgeRock issues security advisories in collaboration with our customers and the open source community to address any security vulnerabilities transparently and rapidly.

ForgeRock’s security advisory policy governs the process on how security issues are submitted, received, and evaluated as well as the timeline for the issuance of security advisories and patches.

For details of all the security advisories across ForgeRock products, see Security Advisories in the Knowledge Base library.

Copyright © 2010-2023 ForgeRock, all rights reserved.