Web Policy Agents 5.10.1

Fixes

Fixes in Web Agent 5.10.1

  • AMAGENTS-5341: crashes in installer when checking permissions

  • AMAGENTS-5219: Nginx agent can crash when configured with not-enforced-url regex option

  • AMAGENTS-5116: Interactive installer loops infinitely when an invalid host is supplied for the am url.

Fixes in Web Agent 5.10

  • AMAGENTS-5068: performance issue in AMAGENTS-4716 fix

  • AMAGENTS-4897: config.fallback.mode doesn’t work for not-enforced url configuration

  • AMAGENTS-4788: WPA doesn’t delete session tracking cookie when running in accept.sso.token mode

  • AMAGENTS-4737: WPA does not support TLS handshake Server Name Indication extension

  • AMAGENTS-4716: Agent does not handle SSO tracking cookie enclosed in double quotes

  • AMAGENTS-4687: Web Agent 5.9.0 crash if configuration fetch fails.

  • AMAGENTS-4545: nginx agent can crash if graceful restart (reload) is used with load testing.

  • AMAGENTS-4539: IIS Web Agent doesn’t log reason why PDP file deletion fails.

AMAGENTS-4889: Apache will silently ignore attribute values that have underscores '' AMAGENTS-4883: Agent auth tree cannot be used for agent login until AM bugs are fixed. AMAGENTS-4878: WPA should not return http500 error when agent_fragment_relay parameter is empty AMAGENTS-4821: SELinux permissions for log directory causes segmentation fault AMAGENTS-4588: Fragment relay with Firefox causes 403 errors in logs and corrupted HAR files. AMAGENTS-4449: Replace hardcoded function names with _func macro in web agent log messages AMAGENTS-4382: am_free should set pointer to NULL after free.

Security advisories

ForgeRock issues security advisories in collaboration with our customers and the open source community to address any security vulnerabilities transparently and rapidly.

ForgeRock’s security advisory policy governs the process on how security issues are submitted, received, and evaluated as well as the timeline for the issuance of security advisories and patches.

For details of all the security advisories across ForgeRock products, see Security Advisories in the Knowledge Base library.

Copyright © 2010-2022 ForgeRock, all rights reserved.