-
Error on ECDSA token exchange #8990
-
Error on ECDSA token exchange #8990
-
Error on ECDSA token exchange #8990
-
Error on ECDSA token exchange #8990
-
Column messages in i18n_dictionary_entries table has too little characters #9046
-
MFA - manage remember device with external IDP
-
MFA - support Orange Contact Everyone service to send SMS
-
Passwordless - enforce webauthn devices control
-
Passwordless - enforce password usage
-
Manage MFA factors that use username as SEED
-
Management - Change Username
-
CORS configuration on Security Domain level
-
[management-ui] [menu unification] integrate the gio-sub-menu component
-
Create account with uppercase username #8966
-
[jdbc][liquibase] password history character not updated to the correct value
-
Audit Log sort is broken #8662
General
-
AM - POST-login flow not executed when authenticating using WebAuthn #8918
-
Do not display default "Internal Server Error" page #9000
-
Mongodb - long running server side queries cause outage #8910
-
SCIM - additionalInformation entries are lost when using PATCH method #8991
-
The same DOM element can have a different ID from one template to another #8884
General
-
AM - POST-login flow not executed when authenticating using WebAuthn #8918
-
Mongodb: long running server side queries cause outage #8910
-
AM should audit USER_CREATED when using delegated OIDC authentication #8920
-
Merge 3.18.7 into 3.19.x #8986
-
The same DOM element can have a different ID from one template to another #8884
General
Management
General
-
A disabled user can trigger reset password and successfully reset the password (Backport #8670) #8712
-
Access ManagerEmail validation regex needs updating #8350
-
Improve WebAuthnSettings validation #8622
-
Recovery email does not work if user has signed into another app prior to clicking on recovery link #8812
-
Template can’t be saved twice #8624
-
'The access token is invalid' message when actually, the refresh_token is expired #8791
MFA
-
Unable to sign in with new user if the self registration email is sent twice. #8806
Management
-
Unable to update a user linked to removed application #8380
General
-
LoginCallbackOpenIDConnectFlowHandler throws UnsupportedOperationException #8819
-
The name displayed on the user list is not updated when they are changed to the first/last name in the user’s profile (self-service account management API) #8755
-
Add missing error logs when external OpenID IdP authentication fails #8818
-
[Self Account Management] improve reset password endpoint #8723
-
Merge AM 3.18.14 into 3.19.x #8826
Policy
-
Send Email policy requires the "From Name" attribute #8778
Gateway
-
Improve SAMLRequestFailureHandler #8159
General
-
- Login_sso_post template broken due to CSP rules #8782
-
Internal server error on FIDO2 factor when attestation set to 'none' #7967
-
Merge AM 3.15.16 into 3.18.x #8780
-
Receiving email to reset password for a username which does not exist #8729
-
State parameter isn’t URLEncoded when redirect_uri is called #8761
-
X-Forward-Port impact the iss claim #8807
General
General
-
Password history : Enforce my end-users to not re-use a previous password during reset password. PR#2171 & PR#2216
-
MFA security features :
-
The MFA Rate Limit feature enables you to configure and limit the number of challenges a user is allowed to send within a specific time period. PR#2205
-
The Brute Force Detection feature enables you to configure and limit the number of verification requests a user is allowed to send within a specific time period. PR#2220
-
-
System Certificates : The certificate rotation feature enables you to generate a new system certificate quickly and easily when the previous one is about to expire PR#2217 & PR#2222
-
User interface : uniform user interface accross products PR#2221
-
Enable security headers by default PR#2229
General
Gateway
Management-ui
-
Add missing inputs to set jwks and jwks_uri values for an application #8786
General
AM-Groups
Gateway
General
-
Application name not updated on initial login page when changed within AM console #8706
General
-
A disabled user can trigger reset password and successfully reset the password #8670
Gateway
General
-
AM sets alternate MFA factor as primary #8544
-
Expiration time for Registration confirmation email #8560
-
Fix Postman Tests #8603
-
Group role are lost after SCIM update #8591
-
JDBC UserProvider doesn’t update the email field #8599
-
Kafka reporternull pointer exception is thrown for unsuccessful user login in app #8609
-
Post logout redirect URI list doesn’t work at Domain level and can allow open redirection #8535
-
Query parameter is not supported in the post_logout_redirect_uri #8610
-
Upgrade dependencies #8594
-
User profile initialization #8572
General
-
AM request_uri implementation is vulnerable to Server Side Request Forgery (SSRF) #8532
General
-
Merge 3.18.6 into master #8476
-
Merge 3.18.7 into 3.19 #8546
-
Merge AM 3.18.1 into 3.19.x #8395
-
Merge AM 3.18.2 into 3.19.x #8396
-
Merge AM 3.18.3 into 3.19.x #8397
-
Merge AM 3.18.4 into 3.19.x #8398
-
Merge AM 3.18.5 into master #8426
-
User locale claims isn’t taking into account #8268
-
Upgrade dependencies #8557
Gateway
-
Implement X-XSS-Protection #8558
-
Provide default languages #8054
-
[emails] internationalization support #8039
-
[emails] use the new default theme #8043
-
[forms] internationalization support #8038
-
[forms] use the new default theme #8042
-
[management] Redesign end user forms and emails #7566
-
[multi-languages] manage languages at domain level #8040
-
[override theme] [forms] theme integration #8125
Management
-
[emails] override default theme #8045
-
[forms] override default theme #8044
-
[multi-languages] UI languages #8289
-
[multi-languages] data structure / API definition #8067
-
[multi-languages] storage at domain level #8071
-
[override theme] CRUD implementation at domain level #8121
-
[override theme] Data model / API Definition #8120
-
[override theme] HTML mode integration #8124
-
[override theme] UI/UX integration at domain level #8122
-
[override theme] [view mode] display default gateway forms if there is no custom ones #8315
-
[override theme] [view mode] forms preview mode #8369
-
[override theme] [view mode] load gateway assets #8316
-
[override theme] view mode integration #8123
Management-api
-
Implement CSP headers #8559
Management-ui
-
[emails] improve Help and Tips section #8051
AM-Registration
-
User fails to log in after completing registration via confirmation link #8321
Gateway
-
Brute force detection does not work when AM username is not the same as the IdP username #7884
-
Factor can’t be registered if device is already known #7971
-
Flow are not loaded - backport 7964 #7966
-
Redirect to RP after POST login error when SelectionRules are used #7958
-
Unable to connect a end user if the IDP whitelist is enabled #7827
-
[auth] wrong error logged whenever tries user to authenticate #7984
-
[policy] Enroll MFA doesn’t restrict on active factor #7950
General
-
Merge AM 3.15.10 #8108
Management-ui
-
[policy] Enroll MFA policy can’t be saved if the application has only one factor activated #8112
Policy
-
Email policy requires FROM-NAME field #7933
Gateway
-
Email aliases interpretation with identifier first login doesn’t work onto another am domain #7889
-
Email sent for MFA doesn’t use "from" field defined by SMTP resource #7833
-
Factor choice not accurate #7928
-
Improve find user during reset password #7912
-
Insert action should not be triggered after a reset password #7911
-
Login attempts should not be based on the username #7916
-
Missing text description for the HTTP factor in the MFA alternatives default template #7878
-
AM does not URL-decode when using Basic Authentication as specified in RFC 6794 #7803
Idp
-
[jdbc] [mongodb] only update password field during reset password #7800
Management
-
Application description ignored during creation #7222
Gateway
-
Confirmation pages don’t use the App template #7744
-
Decorate with initial parameters when handler is failing #7808
-
Identifier first should not be required when using idp selection rule #7678
-
Inline javascript not properly manage with CSP #7724
-
ResetPassword use the wrong template in case of error #7734
-
[idp][auth] handle login attempt failure when the IDP is configure to accept several username input #7797
General
-
Document the breaking change about application update #7623
Idp
Management
-
[upgrader] Application identity provider task blocked to ONGOING #7730
Gateway
-
[forgot-password] allow forgot password confirmation to display which email the reset password was sent to #7796
Gateway
Management
-
Certificates expiration notification - UI notification bar #6881
-
Certificates expiration notification - display certificate expiration date in the UI #7175
-
Certificates expiration notification - notification service #6879
-
Certificates expiration notification - notification timeframe #6882
-
Certificates expiration notification - watcher service #6880
-
Certificates expiration notification #6833
-
Manage identity provider priority #6519
-
[gateway] add RESET_PASSWORD flow #7015
-
[gateway] conditional policies #7016
-
[idp] handle redirection to Identity Provider via Expression language #5167
-
[mfa] Recovery codes #7014
Gateway
General
-
Merge 3.14.3 #6868
Management
-
Device Identifier permissions are not set #6925
Management-api
-
Do not expose sensitive information from plugins configuration #6734
Policy
-
[groovy] merge 1.14.2 into master #6843
Gateway
Management
-
[audits] access point info aren’t displayed in organization settings audit logs #6776
Management
Fapi
-
Keep query params of the redirect_uri #5939
-
Oauth2 redirect_uri query parameters are not returned if error has occurred #4045
-
[JARM] Response parameter missing from some error responses #5967
-
[JARM] the Error page doesn’t use the error coming from the JWT #5976
-
[PAR] issues when client auth use private_key_jwt #5990
General
Oidc
-
Always provide auth_time in idToken #5956
Fapi
Identity-provider
-
[http] encode password #5710
Management
-
Create FAPI option #5951
Oidc
-
Plain FAPI support #3708
Fapi
-
'nbf' and 'aud' claims shall be present in request object #5965
-
Certificate bound access tokens client option #5985
-
Manage 'exp' claim in request object #5940
-
Restrict JWS algorithm #5989
-
Scope & response_type are optional in OAuth parameters #5975
-
Shall require that all parameters are present inside the signed request object passed in the request or request_uri parameter #4052
-
[JARM] make response lifetime configurable #5968
-
[PAR] PKCE required #5973
Gateway
-
Manage TLS Cipher Suites #5929
Gateway
General
Jwks
-
The alg field is wrong #5923
Management
-
Unable to remove certificate from application #5922
Mangement
-
[jdbc] unable to create domain #5759
Userinfo
-
Provide roles grant by groups #5795
Gateway
-
Be able to logout from OIDC provider in addition of AM #5654
-
Handle id_token_hint to sign in users #5840
-
Self account management API configuration #5854
-
[identity-provider] support EL for role mapping #4107
-
[identity-provider] support EL for user mapping #5645
-
[login] be able to skip the login page if client has social/OIDC identity providers #2289
Management
Mfa
-
[sms] Infobip implementation #5736
Reporter
-
Kafka implementation #5735
Gateway
-
Forgot password - update profile from IdP during forgot password action #5863
-
Forgot password - wrong email sent if same user email is shared across multiple IdP and multiple app #5864
-
Http identity provider is not compatible with the passwordless feature #5889
-
Users are created with brute force detection #5866
General
Gateway
Management
Gateway
General
Management
Gateway
Gateway
Management
-
Organization social providers for the organization are not updated #3303
Management-ui
-
[Audits] audits search timeout should not block the entire page #2526
AM
Gateway
Management
-
Add gateway entry points to organizations #3438
-
Allow users to subscribe to newsletters #3666
-
Application management #1973
-
Provide domain analytics #3077
-
[acl] - Create default owner for a security domain #3023
-
[acl] - Create default owner for an application #3022
-
[acl] - Secure REST API with roles and permissions #1893
Management-ui
Multi-env
-
Replace admin domain with default organization #3200
Oauth2
-
Support OAuth "Public" clients #2090
Oidc