@MKodde MKodde released this Dec 11, 2018 · 26 commits to master since this release

Assets 4

A bug fix release where we stopped overwriting the NameId before giving consent #610

@MKodde MKodde released this Oct 23, 2018 · 31 commits to master since this release

Assets 4

Bugfix for a possible break after giving consent. This release is preventing a crash when the original issuer is null #604

@MKodde MKodde released this Oct 17, 2018 · 32 commits to master since this release

Assets 4

A security patch, fixing a possible XSS vulnerability. Described in more detail in #598

@pablothedude pablothedude released this Sep 12, 2018 · 46 commits to master since this release

Assets 4

This is a release mainly focussed on the rolling updates. Be aware that 5.8 releases prior to 5.8.3 do have some breaking changes in migrations due to the rolling update implementation added in this release. In order to update you should skip releases <5.8.3.

Features

  • A custom database health check is added for the Monitor bundle. #589
  • A feature toggle to disallow users on attribute violations is added. #591
  • Add Rolling update support #595

@pablothedude pablothedude released this Aug 9, 2018 · 68 commits to master since this release

Assets 4

OpenConext-engineblock-5.8.2.tar.gz

This is mainly a release that consists of fixes of technical debt and longer standing quirks.

Bugfixes

  • Optimize consent viewport on xs #573
  • Revert suggestion title on WAYF screen #571
  • Fix SP displayName regression #568 (thanks @tvdijen)
  • Update the IdP placeholder logo reference #574
  • Prevent adding empty 'return' hidden input field #584

Chores and other improvements

  • References to Janus have been removed #581
  • Remove attribute_aggregation_required metadata setting #572
  • Symfony was upgraded to 2.8.44 to harden against CVE-2018-14773 #582
  • Add requesterid_required metadata setting to enforce the use of a RequesterId on trusted proxies (#540) (thanks @tvdijen)

@MKodde MKodde released this Aug 7, 2018 · 129 commits to master since this release

Assets 4

In this release resolves issue: #159466469. Where an empty 'return' parameter was added in the response processing form.

@MKodde MKodde released this Aug 2, 2018 · 238 commits to master since this release

Assets 4

This release fixes the collapse issue on the consent screen for IE11 #578

@pablothedude pablothedude released this Jul 25, 2018 · 238 commits to master since this release

Assets 4

This release fixes the suggestion title on the wayf screen.

See #571 for more details

@MKodde MKodde released this Jul 5, 2018 · 130 commits to master since this release

Assets 4

This release contains several changes that require your attention before upgrading. Read UPGRADING.md for more information.

Functional changes

  • Created integration for User Lifecycle #538
  • Added support for displaying minimal consent #544
  • Show attribute motivations in tooltips on consent #543
  • Show the IdP explanation that can be configured in Manage on consent #553
  • Display the NameID value if format is persistent or unspecified on consent #555
  • Increased EBAUTH log timestamp precision to microseconds #565

Performance- and maintanability improvements

  • Fixed Twig extension XSS vulnerabilities #563
  • ARP & attribute manipulation caused imbalance in attribute value and type arrays #541
  • User exerience bug fixes for the request access feature on the WAYF #508
  • The EDUgain section is removed from the front page #558
  • Fix regression in PDP policy decision error page #539
  • Composer and NPM packages were updated #557 #556

@MKodde MKodde released this Jul 5, 2018 · 238 commits to master since this release

Assets 4

This release addresses several Twig XSS vulnerabilities . See #563 and #566 for more details.

Thanks go out to the Pika Federation for spotting this issue!