Web Policy Agents

Fixes

Fixed in Web Agent 2024.3

  • AMAGENTS-6397: If the agent instance isn’t provided for key rotation, agentadmin doesn’t print an error

  • AMAGENTS-6302: NGINX agent PDP fails with HTTP/3 connections

  • AMAGENTS-6172: WPA for IIS does not work when running in 32bit mode on 64bit Windows OS

  • AMAGENTS-6046: convert_request_after_authn_post writes to /tmp instead of configured PDP directory

  • AMAGENTS-5985: Interactive installation using existing agent configuration files duplicate properties which are commented out

  • AMAGENTS-5983: Interactive installer refer to the legacy agent configuration file - OpenSSOAgentBootstrap.properties

  • AMAGENTS-4590: login-fragment-relay page should have charset specified.

  • AMAGENTS-3992: com.forgerock.agents.config.hostmap doesn’t use the IP address

  • AMAGENTS-3506: If there are permissions issues with password file with installation on IIS then the log messages are not helpful

Fixed in Web Agent 2023.11

  • AMAGENTS-6175: Memory leak in credentials_secure_free

  • AMAGENTS-6133: Improper use of Bcrypt hash handle in JWT password replay module in

  • AMAGENTS-6132: JWT password replay module in IIS should use json parser

  • AMAGENTS-6073: Idle timeout should not update on NEU with SSO Only, neu fetch and

  • AMAGENTS-6057: Incorrect padding mode used in jwtpasswdreplay.h

  • AMAGENTS-5594: Web agent will return 403 errors if OpenSSL libraries aren’t loaded.

Fixed in Web Agent 2023.9

  • AMAGENTS-5995: Don’t extend user session for not enforced url with fetch attributes enabled

  • AMAGENTS-5833: WPA 403 error on /agent/cdsso-oauth2 with invalid jwt.aud.whitelist parameter value

  • AMAGENTS-5495: Web agent validator reports access to OpenSSL v.1.1.x instead of v3.x

Fixed in Web Agent 2023.6

  • AMAGENTS-5678: Custom Login mode 1 doesn’t correctly process composite advice.

  • AMAGENTS-5462: WPA crash when config.redirect.param is not set

  • AMAGENTS-5444: WPA for IIS fails with 0x80090305 error

  • AMAGENTS-5147: Web agent incorrectly escapes UTF-8 when creating JSON for audit

  • AMAGENTS-5127: Internal Server Error (500) when POST is performed without POST data preservation

  • AMAGENTS-4478: Write the Identity used in SSO to the audit logs

  • AMAGENTS-3683: Misleading message in "unsuccessful" Agent login when it is actually successful

  • AMAGENTS-3315: WPA: Runtime properties are ignored if they appear before c.s.i.agents.config.repository.location

Fixed in Web Agent 2023.3

  • AMAGENTS-5341: Installer crashes when checking permissions

Fixed in Web Agent 5.10.1

  • AMAGENTS-5341: crashes in installer when checking permissions

  • AMAGENTS-5219: Nginx agent can crash when configured with not-enforced-url regex option

  • AMAGENTS-5116: Interactive installer loops infinitely when an invalid host is supplied for the am url.

Fixed in Web Agent 5.10

  • AMAGENTS-5068: performance issue in AMAGENTS-4716 fix

  • AMAGENTS-4897: config.fallback.mode doesn’t work for not-enforced url configuration

  • AMAGENTS-4795: POST Data Sticky Load Balancing Cookie Name configuration option isn’t working

  • AMAGENTS-4788: WPA doesn’t delete session tracking cookie when running in accept.sso.token mode

  • AMAGENTS-4737: WPA does not support TLS handshake Server Name Indication extension

  • AMAGENTS-4716: Agent does not handle SSO tracking cookie enclosed in double quotes

  • AMAGENTS-4687: Web Agent 5.9.0 crash if configuration fetch fails.

  • AMAGENTS-4545: nginx agent can crash if graceful restart (reload) is used with load testing.

  • AMAGENTS-4539: IIS Web Agent doesn’t log reason why PDP file deletion fails.

Fixed in Web Agent 5.9.1

  • AMAGENTS-4788: Agent doesn’t delete session tracking cookie when running in accept.sso.token mode

  • AMAGENTS-4716: Agent does not handle SSO tracking cookie enclosed in double quotes

  • AMAGENTS-4687: Web Agent 5.9.0 crash if configuration fetch fails.

  • AMAGENTS-4545: nginx agent can crash if graceful restart (reload) is used with load testing.

  • AMAGENTS-4539: IIS Web Agent doesn’t log reason why PDP file deletion fails.

Fixed in Web Agent 5.9

  • AMAGENTS-4501: Web Agent session cache invalidated on configuration change

  • AMAGENTS-4460: Response attributes for not enforced urls can be duplicated

  • AMAGENTS-4417: Address Agent session timeout, when AM doesn’t return 401 with getSessionInfo

  • AMAGENTS-4340: Log level inappropriate when agent reconnects after its token expires

  • AMAGENTS-4298: Validator segmentation fault with validate_session_profile test

  • AMAGENTS-4292: WPA is failing to complete authentication when there is no Content-Length header set on authn POST from AM

  • AMAGENTS-4216: When fragment redirection is enabled, the Agent ignores the query string

  • AMAGENTS-4188: Agent crash with local (not central) configuration.

  • AMAGENTS-4165: Agent will not translate http to https in agent/cdsso-oauth2 redirect in SSL offloading case on nginx

  • AMAGENTS-4101: Inconsistent behavior for JSON request between web agent 4.2.1.2 and 5.7.0 for content-type header

  • AMAGENTS-4064: Fragments don’t work in a ssl terminated environment

  • AMAGENTS-3165: Seg Fault if policy evaluation realm properties are null in local configuration.

  • AMAGENTS-2717: Timed out Login Session results in 403 Forbidden Error

Security advisories

ForgeRock issues security advisories in collaboration with our customers and the open source community to address any security vulnerabilities transparently and rapidly.

ForgeRock’s security advisory policy governs the process on how security issues are submitted, received, and evaluated as well as the timeline for the issuance of security advisories and patches.

For details of all the security advisories across ForgeRock products, see Security Advisories in the Knowledge Base library.

Copyright © 2010-2024 ForgeRock, all rights reserved.