What's New

Security

• Oracle Linux 7.9

• Oracle JDK 8u351

• Oracle WebLogic Patch Set Update 12.2.1.2.180717 (Patch 27741413)

• Upgrade org.apache.santuario xmlsec to 2.2.3

• Upgrade org.apache activemq to 5.16.5

• Upgrade net.minidev json-smart to 2.4.8

• Upgrade com.fasterxml jackson to 2.14.1

• Upgrade com.nimbusds oauth2-oidc-sdk to 9.43.1

• Upgrade org.springframework spring to 5.3.23

• Upgrade org.owasp.esapi esapi to 2.5.0.0

• Upgrade org.cryptacular cryptacular to 1.1.4

• Use org.jsmpp jsmpp 3.0.0 (it replaces cloudhopper/netty)

Enhancements

Self-Service Portal - HID Approve registration screen enhancement (IAAS-9426)

Bug fixes

• Push Device registration fails when Policy Rules are configured in the Device Adapter (IAAS-11240)

• Increased the maximum size of the TDS message (IAAS-10512)

• Unable to assign a Crescendo Key OTP with Soft PIN (P1359-104236)

• The certificate SN is not checked during PKI authentication for users with PKI stored on the server (IAAS-10845)

• Not able to change status or friendlyName if max device limit is set to 1 (IAAS-11009)

• Make sure to not erase/compromise a previous Syslog configuration from the previous 8.5 HF (IAAS-10315)

• The "/authn/bcauthorize" endpoint does not return a clear error if the push device or credential has expired (IAAS-10962)

• REST API updated to retrieve last device used (IAAS-8855)

• Fixed the SOAP API returning incorrect namespace (getAllAuthenticatorsForUserReturn xsi:type="ns2:AuthenticatorExt”) instead of (getAllAuthenticatorsForUserReturn xsi:type="ns2:Authenticator”) (P1359-104042)

• SCIM API may fail with error 1008 if a JWT is used for session token (P1359-104248)

• Sends email in English using French Gateway (P1359-104281)

Dataset updates

• Update for RADIUS CHAP support (IAAS-10473)

• The credential type CT_CMS_OA should use SHA256 by default (IAAS-10829)

• For OCRA, fixed the incoherence between device type and credential type default configuration (IAAS-10824)