[mitreid-connect] Release: 1.2.1 and 1.1.18
Justin Richer
jricher at mit.edu
Fri Oct 2 19:03:59 EDT 2015
Two new versions of MITREid Connect are now available in Maven Central.
The stable release branch has 1.2.1, which fixes a number of issues from the 1.2.0 point release:
- ID Tokens now include a JTI to guarantee uniqueness
- All tokens now include a KID field
- Address objects are now an interface for extensibility
- MySQL file includes indexes for performance enhancement
- Anonymous users no longer get loaded through the user info layer
- Login and logout pages now include CSRF support (n.b.: this means that directing someone to the /logout page no longer works)
- UserInfo encrypted response now calculated from correct client field
- Token issuance fully restricted to ROLE_USER accounts
- Blacklist UI rewritten and functional
- All item delete functionality fixed in UI
- Update to latest Spring Security release
- Several small cleanups and fixes
The legacy branch has 1.1.18 which back ports a number of these changes:
- ID Tokens now include a JTI to guarantee uniqueness
- All tokens now include a KID field
- UserInfo encrypted response now calculated from correct client field
- Several small cleanups and fixes
Upgrades are highly recommended due to several security fixes and functionality fixes.
— Justin
More information about the mitreid-connect
mailing list