Fixes

The following issues have been fixed in this release:

  • AMAGENTS-4501: Web Agent session cache invalidated on configuration change

  • AMAGENTS-4460: Response attributes for not enforced urls can be duplicated

  • AMAGENTS-4417: Address Agent session timeout, when AM doesn’t return 401 with getSessionInfo

  • AMAGENTS-4340: Log level inappropriate when agent reconnects after its token expires

  • AMAGENTS-4298: Validator segmentation fault with validate_session_profile test

  • AMAGENTS-4292: WPA is failing to complete authentication when there is no Content-Length header set on authn POST from AM

  • AMAGENTS-4216: When fragment redirection is enabled, the Agent ignores the query string

  • AMAGENTS-4188: Agent crash with local (not central) configuration.

  • AMAGENTS-4165: Agent will not translate http to https in agent/cdsso-oauth2 redirect in SSL offloading case on nginx

  • AMAGENTS-4101: Inconsistent behavior for JSON request between web agent 4.2.1.2 and 5.7.0 for content-type header

  • AMAGENTS-4064: Fragments don’t work in a ssl terminated environment

  • AMAGENTS-3165: Seg Fault if policy evaluation realm properties are null in local configuration.

  • AMAGENTS-2717: Timed out Login Session results in 403 Forbidden Error

Security Advisories

ForgeRock issues security advisories in collaboration with our customers and the open source community to address any security vulnerabilities transparently and rapidly.

ForgeRock’s security advisory policy governs the process on how security issues are submitted, received, and evaluated as well as the timeline for the issuance of security advisories and patches.

For details of all the security advisories across ForgeRock products, see Security Advisories in the Knowledge Base library.