...
Show if | ||||
---|---|---|---|---|
| ||||
4.2.0 (Unreleased)Changes to Existing BehaviorA regression in all 4.x releases was identified in the way the Logout ChangesThis release contains a few new options and optimizations to improve logout behavior and quiet noise in the logs, and are worth a review if you operate an IdP with a lot of SPs that do not support logout. It includes an automatic behavioral change that tracks the endpoint used to deliver an assertion when starting a session, and uses that URL when selecting a logout endpoint to use if there are multiple endpoints spanning different virtual hosts or paths. The endpoint selected will contain the longest matching sequence of characters starting from the beginning of the URL(s). This approach is notably more compatible with Shibboleth SPs that are virtually hosted with a single entityID. Another automatic change eliminates attempts to issue logout requests to SAML 2.0 SPs whose metadata contains no logout endpoints. This should reduce the extra noise of EndpointResolutionFailed events in the log and improve performance. A new property named A new property named Miscellaneous ChangesDisplay name and descriptive information associated with attributes used on the New Properties
New Beans
New Messages
|
4.1.5 (Unreleased)
Jira Legacy | ||||||||
---|---|---|---|---|---|---|---|---|
|
This is a patch release primarily to update logback, the logging solution we provide by default. The new version was issued in response to the log4shell debacle, and includes some hardening of features and the removal of other features to reduce the attack surface, though logback itself did not have any meaningful vulnerability that wouldn’t require compromise of its configuration file to begin with.
...