Skip to content

8.19.0

Choose a tag to compare

View all tags
@pmaytak pmaytak released this 02 Jun 03:37
· 2 commits to dev8x since this release
8.19.0
63d9d67
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

New Features

  • Add ML-DSA (FIPS 204) post-quantum signature support. See PR #3479.
  • Cache custom crypto providers in CryptoProviderFactory. See PR #3489.

Bug Fixes

  • Disable automatic redirects on default HttpClient for JKU retrieval. See PR #3494.
  • Adjust rented buffer handling in claim set parsing. See PR #3493.
  • Tidy null handling in SAML conditions validation. See PR #3491.
  • Improve validation of jku claim. See PR #3481.
  • Limit telemetry algorithm dimension cardinality. See PR #3490.
  • Add defensive copy of collections in ValidationParameters. See PR #3492.
  • Update TokenValidationParameter copy constructor to make a deep copy. See PR #3488.
  • Update to fail-closed when replay protection isn't configured and other DPoP hardening. See PR #3505.
  • Apply RFC 3986 section 6.2.2 normalization to DPoP htu comparison. See PR #3509.
Assets 2
Loading