[mitreid-connect] Release: 1.2.1 and 1.1.18

Justin Richer jricher at mit.edu
Fri Oct 2 19:03:59 EDT 2015


Two new versions of MITREid Connect are now available in Maven Central. 

The stable release branch has 1.2.1, which fixes a number of issues from the 1.2.0 point release:

 - ID Tokens now include a JTI to guarantee uniqueness
 - All tokens now include a KID field
 - Address objects are now an interface for extensibility 
 - MySQL file includes indexes for performance enhancement
 - Anonymous users no longer get loaded through the user info layer
 - Login and logout pages now include CSRF support (n.b.: this means that directing someone to the /logout page no longer works)
 - UserInfo encrypted response now calculated from correct client field
 - Token issuance fully restricted to ROLE_USER accounts
 - Blacklist UI rewritten and functional
 - All item delete functionality fixed in UI
 - Update to latest Spring Security release
 - Several small cleanups and fixes

The legacy branch has 1.1.18 which back ports a number of these changes:
 - ID Tokens now include a JTI to guarantee uniqueness
 - All tokens now include a KID field
 - UserInfo encrypted response now calculated from correct client field
 - Several small cleanups and fixes


Upgrades are highly recommended due to several security fixes and functionality fixes.

 — Justin


More information about the mitreid-connect mailing list