| Tip |
|---|
This is the advisory page for Identity Provider V4 releases. For IdP plugins supported by the project, see the plugins home page. For the older V3 IdP's advisories, please refer to the V3 IDP SecurityAdvisories page. For the SP, please refer to V3 SPÂ SecurityAdvisories page. As a courtesy, you can also find Jetty advisories at https://www.eclipse.org/jetty/security-reports.html and Tomcat advisories at http://tomcat.apache.org/security.html |
...
Version | EOL | User Data Exposure | User Data Accuracy | Session Hijacking | Denial of Service | Remote Exploit | Advisories |
|---|---|---|---|---|---|---|---|
All | X | X | X | 2018-01-23, 2017-05-18 | |||
4.2.1 | |||||||
4.1.6 | Apr 2022 | ||||||
4.1.5 | Mar 2022 | ||||||
4.1.4 | Jan 2022 | ||||||
4.1.2 | Jul 2021 | ||||||
4.1.0 | May 2021 | ||||||
4.0.1 | Mar 2021 | ||||||
4.0.0 | Jun 2020 |
Advisory List
Date | Title | Affects | Severity | CVE |
|---|---|---|---|---|
2018-01-23 | All | high | ||
2017-05-18 | All | high |
...
In the event that we ship releases known to, or that we subsequently discovery to, contain vulnerable libraries and do not have specific plans to immediately issue a patch with a newer version, we will document any known issues here, and our official position as to the lack of relevance of the issue to the software. It is not our aim to pass generic, context-free scanners that simply flag every issue. Automation is not a substitute for human judgement.
V4.2.
...
1
Guava (any) (CVE-2020-8908)
We don't use the affected, deprecated function, and there is no fix for the issue.
Spring 5.3.19 (CVE-2022-22970, CVE-2022-22971)
We don’t use the affected functionality. We will update the affected libraries at the time of the next release.