Releases: OpenIdentityPlatform/OpenIDM
Releases · OpenIdentityPlatform/OpenIDM
Release list
7.1.0
What's Changed
- CVE-2026-1605 The Eclipse Jetty Server Artifact has a Gzip request memory leak by @dependabot[bot] in #130
- CVE-2026-33227 Apache ActiveMQ: Improper validation and restriction of a classpath path name by @dependabot[bot] in #157
- CVE-2026-39304 Apache ActiveMQ: Denial of Service via Out of Memory vulnerability by @dependabot[bot] in #158
- CVE-2026-27903 CVE-2026-27904 CVE-2026-26996 UI: update grunt to 1.6.2 to address vulnerabilities by @maximthomas in #159
- CVE-2018-1294 email header injection via bounce address by @Copilot in #161
- CVE-2026-42198 pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS by @dependabot[bot] in #168
- Make REST context path configurable via
openidm.context.pathsystem property by @Copilot in #142 - Add
onQueryResultscript hook to filter managed object query results by @Copilot in #139 - [#186] Fix "Internal Error" in mapping Sample Source / Single Record Reconciliation when first property has no
sourceby @vharseko in #188 - Upgrade OrientDB from 2.1.25 to 3.2.51 by @Copilot in #166
- Update asm.version to 9.9.1 for JDK 26 support by @Copilot in #135
- Update build.yml add JDK 26 support by @vharseko in #132
- Upgrade MyBatis 3.2.5 → 3.5.16 (deserialization vulnerability) by @Copilot in #162
- fix: remove hardcoded OPENIDM_PASSWORD from ENV, use shell default in HEALTHCHECK by @Copilot in #149
- Update openicf dependency version to 2.0.3 by @vharseko in #191
- Take bouncycastle version from commons by @maximthomas in #165
- Fix SCR deadlock in SecurityManager by making repoService a dynamic reference by @Copilot in #169
- Fix Property mapping /authzRoles transformation script encountered exception javax.script.ScriptException: Script status is 8 by @vharseko in #181
- Fix Felix Web Console
PreferencesConfigurationPrinternot enabled by @vharseko in #176 - Rhino: migrate from servicemix to org.mozilla by @maximthomas in #189
- Replace activiti-osgi
OsgiScriptingEngineswith stock ActivitiScriptingEnginesby @vharseko in #179 - Remove dead
logback.configurationFilereference and silence noisy pax-web INFO logs by @vharseko in #177 - chore: bump GitHub Actions to latest versions by @Copilot in #143
- Remove dead maintenance mode code from SettingsView by @Copilot in #151
- Add Playwright UI smoke tests against real OpenIDM server in CI by @Copilot in #145
- CI: matrixed ui-smoke-tests job across Java 17,26 × context paths × samples by @vharseko in #167
- Update GitHub Actions workflow versions to latest by @Copilot in #170
- Adding extended UI smoke tests for the getting-started scenario by @vharseko in #171
- ci: dump openidm logs after UI smoke tests by @vharseko in #173
- Adding extended UI smoke tests for the samples/workflow scenario by @vharseko in #172
- Fix workflow e2e Step 6: trigger blur/change so Start button becomes enabled by @Copilot in #174
- ci: fail "Print openidm logs" step on errors/exceptions in OpenIDM logs by @vharseko in #175
- fix(samples/workflow): honor
openidm.context.pathin Accept Notice script by @vharseko in #178 - Add
samples/usecase/usecase1UI smoke test and align doc/sample artifacts by @vharseko in #185 - test(openidm-script): reproduce custom endpoint field projection collision (#183) by @vharseko in #190
- docs: Add OAUTH authentication module documentation by @Copilot in #136
- docs: Add OPENID_CONNECT authentication module documentation by @Copilot in #137
- docs: Add SOCIAL_PROVIDERS authentication module documentation by @Copilot in #138
- Docs: set neutral version for the docs by @maximthomas in #141
- Update chap-scheduler-conf.adoc: Fix the URI for schedulers by @vliefooghe-adeo in #156
New Contributors
- @vliefooghe-adeo made their first contribution in #156
Full Changelog: 7.0.2...7.1.0
7.0.2
What's Changed
- CVE-2025-25247: Apache Felix Webconsole: XSS in services console by @vharseko in #128
- Update org.openidentityplatform.openicf to 2.0.2 by @vharseko in #129
Full Changelog: 7.0.1...7.0.2
7.0.1
What's Changed
- Update target JDK to 17 and move to JakartaEE 10 (Pax Web 11) by @maximthomas in #114
- Add support LTS JDK 25 by @vharseko in #119
- Update base docker image Java version to 25 LTS by @maximthomas in #122
- Remove OrientDB's snappy dependency to get rid of native access warning by @maximthomas in #121
- CVE-2024-38999 requirejs v2.3.6 was discovered to contain a prototype pollution by @maximthomas in #118
- Update org.openidentityplatform.openicf to 2.0.1 by @vharseko in #125
- Update README.md: add backers and sponsors by @vharseko in #116
- ISSUE_TEMPLATE: add "Vote to raise the priority" by @vharseko in #117
Full Changelog: 6.3.0...7.0.1
6.3.0
What's Changed
- CVE-2019-11358 CVE-2020-11023 Update jQuery to 3.7.1 by @maximthomas in #106
- CVE-2025-27533 Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation by @dependabot[bot] in #107
- CVE-2025-48734 CVE-2020-15250 Apache Commons Improper Access Control vulnerability by @vharseko in #108
- CVE-2025-48976 Apache Commons FileUpload: FileUpload DoS via part headers by @dependabot[bot] in #109
- CVE-2025-48924 Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs by @vharseko in #111
- Update Pax Web to 7.4.6 (prepare for Jakarta migration) by @maximthomas in #110
- Add root group permission to the Docker /opt/openidm directory by @maximthomas in #112
- Bump org.openidentityplatform.openicf 1.8.0 by @vharseko in #113
- Fix OpenAM and OpenDJ documentation links by @maximthomas in #101
- Deploy: migrating from Legacy OSSRH to Central Portal by @vharseko in #104
Full Changelog: 6.2.5...6.3.0
6.2.5
What's Changed
- CVE-2025-27497 Fix Denial of Service (Dos) using alias loop by @vharseko in #96
- CVE-2019-17554 CVE-2019-17555 CVE-2020-1925 Bump Apache Olingo by @vharseko in #98
- Add support Java SE 24 by @vharseko in #97
- FIX NPE org.activiti.osgi.Extender.getBundleContext() is null by @vharseko in #99
- Bump org.apache.felix.webconsole 4.5.4->4.8.12 by @vharseko in #100
- Documentation update by @maximthomas in #94
- Docs: Generate and publish javadoc by @maximthomas in #95
Full Changelog: 6.2.4...6.2.5
6.2.4
What's Changed
- CVE-2023-22102 allows an attacker to compromise MySQL Connectors by @maximthomas in #89
- Bump org.openidentityplatform.openicf to 1.7.2 by @maximthomas in #93
- Fix build issues with Puppeteer and transient dependency by @maximthomas in #91
- Update documentation formatting and cross references by @maximthomas in #90
- Fix documentation issues and update links by @maximthomas in #92
Full Changelog: 6.2.3...6.2.4
6.2.3
What's Changed
- Fix missing workflow sample chess image by @maximthomas in #84
- move sample chess image to local by @maximthomas in #86
Full Changelog: 6.2.2...6.2.3
6.2.2
What's Changed
- update download links in documentation by @maximthomas in #78
- fix documentation issues by @maximthomas in #79
- [#81] Fix missing codemirror.css file by @maximthomas in #82
- Fix doc push error by @maximthomas in #83
Full Changelog: 6.2.1...6.2.2
6.2.1
What's Changed
- CVE-2024-47554 Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader by @dependabot in #75
- Bump org.openidentityplatform.openicf 1.7.1 by @vharseko in #73
- Add JDK 23 build support by @vharseko in #76
- ADD maven-compiler-plugin release for cross compile compatibility by @vharseko in #77
- Docs in asciidoc & deploy antora docs after build by @maximthomas in #72
- Add missing attachments & publish pdf to wiki by @maximthomas in #74
Full Changelog: 6.2.0...6.2.1
6.2.0
What's Changed
- [#66] Activiti crashes (ClassNotFoundException: javax.script.ScriptEnineFactory not found) on default org.codehaus.groovy:groove-all:META-INF/services/javax.script.ScriptEngineFactory with comments inside it by @vharseko in #68
- ADD JDK 22 support by @vharseko in #69
- Switch docker to last LTS JRE 21 by @vharseko in #70
- Bump OpenICF 1.7.0 by @vharseko in #71
Full Changelog: 6.1.2...6.2.0