Not a long update this month, just some status updates:

  • Minimal feedback to this point regarding our publicly announced Java support decisions, but what little there has been suggests the clarity is meeting immediate needs for planning.
  • A few people have started to upgrade to newer Java versions and are hitting the LDAP bug. Crashes are the best case and easy to spot, but non-LDAPS deployments are seeing total pool meltdown only under load. No fun, but obvious now that we know what to look for. The one problem we don't have a fix for yet is that JNDI's support for binary attributes is not something that translates to UnboundID, so deployments with that need are probably limited to Java 8 for now. There are years to go before supported Java 8 options lost support so there's time to address this.
  • Work is slowly proceeding on developing a CI capability using AWS, to relieve our current resource constraints.
  • We have a number of design proposals and prototypes for adding CSRF prevention to the IdP, which is overdue. Discussion will take place on the dev list as well as a regular meeting in the near future.
  • Contrary to what we had been thinking could happen, we don't expect to move off of Velocity as a view template technology in the short run, and are hoping the Velocity project will eventually take over the Spring integration code that was removed from Spring 5.
  • Documentation of the new attribute registry/mapping feature is getting underway now that the configuration has mostly solidified. The V4 wiki space is still hidden for the moment to avoid confusion, but I have started to move various material out of the V3 space and into the KB area so that it can be kept independent of specific IdP releases.
  • Real work on proxying hasn't really started yet, it's still a lot of vaguely formed ideas at this stage. With vacation time I don't think work on this will really get going until August at the soonest.

A final note: RHEL 8 is out, but CentOS 8 is probably still a few weeks out. I do not expect to have official SP packages for either for a while yet.