/OpenConext-engineblock

Latest release
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
5.8.6
Latest release

@MKodde MKodde released this Dec 11, 2018 · 26 commits to master since this release

Assets 4

A bug fix release where we stopped overwriting the NameId before giving consent #610

Verified
This commit was signed with a verified signature.
@MKodde MKodde Michiel Kodde
GPG key ID: A05D7AE92B58D7F5 Learn about signing commits
5.8.5

@MKodde MKodde released this Oct 23, 2018 · 31 commits to master since this release

Assets 4

Bugfix for a possible break after giving consent. This release is preventing a crash when the original issuer is null #604

Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
5.8.4

@MKodde MKodde released this Oct 17, 2018 · 32 commits to master since this release

Assets 4

A security patch, fixing a possible XSS vulnerability. Described in more detail in #598

Verified
This commit was signed with a verified signature.
@pablothedude pablothedude Bas Strooband
GPG key ID: B6D1D7052B4B9D4B Learn about signing commits
5.8.3

@pablothedude pablothedude released this Sep 12, 2018 · 46 commits to master since this release

Assets 4

This is a release mainly focussed on the rolling updates. Be aware that 5.8 releases prior to 5.8.3 do have some breaking changes in migrations due to the rolling update implementation added in this release. In order to update you should skip releases <5.8.3.

Features

  • A custom database health check is added for the Monitor bundle. #589
  • A feature toggle to disallow users on attribute violations is added. #591
  • Add Rolling update support #595
Verified
This commit was signed with a verified signature.
@pablothedude pablothedude Bas Strooband
GPG key ID: B6D1D7052B4B9D4B Learn about signing commits
5.8.2

@pablothedude pablothedude released this Aug 9, 2018 · 68 commits to master since this release

Assets 4

OpenConext-engineblock-5.8.2.tar.gz

This is mainly a release that consists of fixes of technical debt and longer standing quirks.

Bugfixes

  • Optimize consent viewport on xs #573
  • Revert suggestion title on WAYF screen #571
  • Fix SP displayName regression #568 (thanks @tvdijen)
  • Update the IdP placeholder logo reference #574
  • Prevent adding empty 'return' hidden input field #584

Chores and other improvements

  • References to Janus have been removed #581
  • Remove attribute_aggregation_required metadata setting #572
  • Symfony was upgraded to 2.8.44 to harden against CVE-2018-14773 #582
  • Add requesterid_required metadata setting to enforce the use of a RequesterId on trusted proxies (#540) (thanks @tvdijen)
Verified
This commit was signed with a verified signature.
@MKodde MKodde Michiel Kodde
GPG key ID: A05D7AE92B58D7F5 Learn about signing commits
5.8.1

@MKodde MKodde released this Aug 7, 2018 · 129 commits to master since this release

Assets 4

In this release resolves issue: #159466469. Where an empty 'return' parameter was added in the response processing form.

Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
5.7.6

@MKodde MKodde released this Aug 2, 2018 · 238 commits to master since this release

Assets 4

This release fixes the collapse issue on the consent screen for IE11 #578

5.7.5

@pablothedude pablothedude released this Jul 25, 2018 · 238 commits to master since this release

Assets 4

This release fixes the suggestion title on the wayf screen.

See #571 for more details

Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
5.8.0

@MKodde MKodde released this Jul 5, 2018 · 130 commits to master since this release

Assets 4

This release contains several changes that require your attention before upgrading. Read UPGRADING.md for more information.

Functional changes

  • Created integration for User Lifecycle #538
  • Added support for displaying minimal consent #544
  • Show attribute motivations in tooltips on consent #543
  • Show the IdP explanation that can be configured in Manage on consent #553
  • Display the NameID value if format is persistent or unspecified on consent #555
  • Increased EBAUTH log timestamp precision to microseconds #565

Performance- and maintanability improvements

  • Fixed Twig extension XSS vulnerabilities #563
  • ARP & attribute manipulation caused imbalance in attribute value and type arrays #541
  • User exerience bug fixes for the request access feature on the WAYF #508
  • The EDUgain section is removed from the front page #558
  • Fix regression in PDP policy decision error page #539
  • Composer and NPM packages were updated #557 #556
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
5.7.4

@MKodde MKodde released this Jul 5, 2018 · 238 commits to master since this release

Assets 4

This release addresses several Twig XSS vulnerabilities . See #563 and #566 for more details.

Thanks go out to the Pika Federation for spotting this issue!