Skip to main content
Version: 4.12.x.x LTS

Release notes

Important Information for nevisAdmin 3 Users

nevisAdmin 4 is the completely overhauled configuration and deployment solution for the Nevis Identity Suite.

nevisAdmin 3 configurations cannot be automatically migrated to nevisAdmin 4. Contact your integration partner, if you need assistance to migrate from nevisAdmin 3 to nevisAdmin 4.

If you are looking for updates to nevisAdmin 3, check the nevisAdmin 3 documentation.

Patterns 4.12.17 Release Notes - 2024-10-17

Release information

  • Build Version: 4.12.17.0

How to install and use the plugins

Download the plugin JAR files from the Nevis Portal.

Go to the Downloads section, and select LTS21 RELEASE / 2024 May.

Enter the version in the Search field: 4.12.17.

On how to use this library, see Editing Project Pattern Libraries.

Changes

info

Changes marked with ⚠️ may be breaking, have security impact, or affect user experience. Review these changes carefully, and adapt your pattern configuration as required.

Identity Management

  • ⚠️ PAT-749: Modified the nevisIDM Password Login pattern to verify whether the URL from which the login page is opened in the Password Reset use case is startable. The new functionality can be fine-tuned using Redirection Path Validation Mode, Application Path Fallback, and Custom Redirection Path Validation Regexes properties in the Password Reset tab of the pattern. If new line or carriage return characters can appear in your protected URL paths, fine-tuning of the settings may be required, as the new default settings block them.

nevisAdmin 4.12.16 Release Notes - 2024-05-15

Release information

  • RPM: nevisadmin4-4.12.16.2-1.noarch.rpm
  • GUI Version: FE 4.12.16-1289 - BE 4.12.16.2

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

Notable changes and bug fixes

Dependency upgrades

  • org.eclipse.jgit 5.13.3.202401111512-r (NEVISADMV4-9812)
  • jackson 2.17.0 (NEVISADMV4-9922)
  • jetty-rewrite 9.4.54.v20240208 (NEVISADMV4-9812)
  • groovy to 3.0.21 (NEVISADMV4-9922)
  • aspectjweaver to 1.9.22 (NEVISADMV4-9922)
  • guava to 33.1.0-jre (NEVISADMV4-9922)
  • spring-framework 5.3.34 (NEVISADMV4-9942)
  • mariadb-java-client 3.3.3 (NEVISADMV4-9812)
  • nimbus-jose-jwt to 9.37.3 (NEVISADMV4-9812)
  • bcprov-jdk18on 1.78 (NEVISADMV4-9922)
  • bcpkix-jdk18on 1.78 (NEVISADMV4-9922)
  • bcpg-jdk18on 1.78 (NEVISADMV4-9922)
  • bcutil-jdk18on 1.78 (NEVISADMV4-9922)
  • kubernetes-java-client to 20.0.1 (NEVISADMV4-9922)
  • micrometer to 1.12.4 (NEVISADMV4-9922)

Patterns 4.12.16 Release Notes - 2024-05-15

Release information

  • Build Version: 4.12.16.4

How to install and use the plugins

Download the plugin JAR files from the Nevis Portal.

Go to the Downloads section, and select LTS21 RELEASE / 2024 May.

Enter the version in the Search field: 4.12.16.

On how to use this library, see Editing Project Pattern Libraries.

Changes

info

Changes marked with ⚠️ may be breaking, have security impact, or affect user experience. Review these changes carefully, and adapt your pattern configuration as required.

General

  • ⚠️ The image version encoded in the patterns has been raised for all components. If you are deploying to Kubernetes you have to push all required images to your container registry before deployment.

nevisAdmin 4.12.15 LTS Release Notes - 2024-02-21

Release information

  • RPM: nevisadmin4-4.12.15.2-1.noarch.rpm
  • GUI Version: 4.12.15-1157 - BE 4.12.15.1

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

Notable changes and bug fixes

  • FIXED: We fixed a GUI issue which caused the username in the session expiry dialog to be pre-filled with the user’s real name instead of the username if the real name was provided. Now the username is pre-filled always, so logging back in is easier. (NEVISADMV4-9652)

Dependency upgrades

  • jackson 2.16.0 (NEVISADMV4-9675)
  • jaxb-runtime 2.3.9 (NEVISADMV4-9675)
  • slf4j-api 1.7.36 (NEVISADMV4-9675)
  • logback-classic 1.2.13 (NEVISADMV4-9675)
  • spring-boot 2.7.18 (NEVISADMV4-9675)
  • spring-dependency-management-plugin 1.1.4 (NEVISADMV4-9675)
  • mariadb-java-client 2.7.11 (NEVISADMV4-9675)
  • shiro 1.13.0 (NEVISADMV4-9675)
  • nimbus-jose-jwt 9.37.2 (NEVISADMV4-9675)
  • bcprov-jdk18on 1.77 (NEVISADMV4-9675)
  • bcpkix-jdk18on 1.77 (NEVISADMV4-9675)
  • bcpg-jdk18on 1.77 (NEVISADMV4-9675)
  • bcutil-jdk18on 1.77 (NEVISADMV4-9675)
  • kubernetes-java-client 19.0.0 (NEVISADMV4-9675)

Patterns 4.12.15 Release Notes - 2024-02-21

Build Version: 4.12.15.1

How to install and use the plugins

Download the plugin JAR files from the Nevis Portal.

Go to the Downloads section, and select LTS 2021 RELEASE / 2024 February.

Enter the version in the Search field: 4.12.15.

On how to use this library, see Editing Project Pattern Libraries.

Changes

info

Changes marked with ⚠️ may be breaking, have security impact, or affect user experience. Review these release notes carefully, and adapt your pattern configuration if required.

General

  • This release contains cleanups which do not have any impact on the generated configuration.

nevisAdmin 4.12.14 LTS Release Notes - 2023-11-15

Release information

  • RPM: nevisadmin4-4.12.14.3-1.noarch.rpm
  • GUI Version: 4.12.14-1056 - BE 4.12.14.3

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

Dependency upgrades

  • org.eclipse.jgit 5.13.2.202306221912-r (NEVISADMV4-9406)
  • jsch 0.2.11 (NEVISADMV4-9406)
  • jackson 2.15.3 (NEVISADMV4-9533)
  • jetty 9.4.53.v20231009 (9552)
  • groovy 3.0.19 (NEVISADMV4-9406)
  • snakeyaml 2.2 (NEVISADMV4-9533)
  • guava 32.1.3-jre (NEVISADMV4-9533)
  • nimbus-jose-jwt 9.37 (NEVISADMV4-9533)
  • aspectjweaver 1.9.20.1 (NEVISADMV4-9533)
  • slf4j-api 2.0.9 (NEVISADMV4-9533)
  • spring-boot 2.7.16 (NEVISADMV4-9533)
  • mustache 0.9.11 (NEVISADMV4-9533)
  • logback-classic 1.3.11 (NEVISADMV4-9406)
  • spring-dependency-management-plugin 1.1.3 (NEVISADMV4-9406)
  • bcprov-jdk18on 1.76 (NEVISADMV4-9406)
  • bcpkix-jdk18on 1.76 (NEVISADMV4-9406)
  • bcpg-jdk18on 1.76 (NEVISADMV4-9406)
  • bcutil-jdk18on 1.76 (NEVISADMV4-9406)

Patterns 4.12.14 Release Notes - 2023-11-15

Build Version: 4.12.14.1

How to install and use the plugins

Download the plugin JAR files from the Nevis Portal.

Go to the Downloads section, and select LTS 2021 RELEASE / 2023 November.

Enter the version in the Search field: 4.12.14.

On how to use this library, see Editing Project Pattern Libraries.

Changes

info

Changes marked with ⚠️ may be breaking, have security impact, or affect user experience. Review these release notes carefully, and adapt your pattern configuration if required.

Application Protection

  • PAT-500: Fixed generation of DynamicConfigFilter configuration in nevisProxy patterns.

nevisAdmin 4.12.13 LTS Release Notes - 2023-08-16

Release information

  • RPM: nevisadmin4-4.12.13.4-1.noarch.rpm
  • GUI Version: 4.12.13-987 - BE 4.12.13.4

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

Dependency upgrades

  • jackson 2.15.0 (NEVISADMV4-9199)
  • jetty-rewrite 9.4.51.v2023021 (NEVISADMV4-9199)
  • springdoc-openapi-ui 1.7.0 (NEVISADMV4-9199)
  • groovy 3.0.17 (NEVISADMV4-9199)
  • snakeyaml 2.0 (NEVISADMV4-9199)
  • slf4j-api 2.0.7 (NEVISADMV4-9199)
  • Logback-classic 1.3.7 (NEVISADMV4-9199)
  • mariadb-java-client 2.7.9 (NEVISADMV4-9199)
  • apache-el was removed (NEVISADMV4-9199)
  • kubernetes-java-client 18.0.1 (NEVISADMV4-9368)
  • spring-boot 2.7.14 (NEVISADMV4-9368)
  • guava 32.0.1-jre (NEVISADMV4-9311)
  • bcprov-jdk18on 1.75 (NEVISADMV4-9311)
  • bcpkix-jdk18on 1.75 (NEVISADMV4-9311)
  • shiro 1.12.0 (NEVISADMV4-9368)

Patterns 4.12.13 Release Notes - 2023-08-16

Build Version: 4.12.13.1

How to install and use the plugins

Download the plugin JAR files from the Nevis Portal.

Go to the Downloads section, and select LTS 2021 RELEASE / 2023 August.

Enter the version in the Search field: 4.12.13.

On how to use this library, see Editing Project Pattern Libraries.

Changes

info

Changes marked with ⚠️ may be breaking, have security impact, or affect user experience. Review these release notes carefully, and adapt your pattern configuration if required.

Application Protection

  • PAT-393: Fixed the HTTP Header Customization pattern bug where it was missing the Conditional prefix.
  • PAT-407: Fix the missing html mime mapping when using the Maintenance Page pattern.
  • ⚠️ PAT-419: Upgraded the default ModSecurity CRS to 3.3.5 and removed the previous version 3.3.4.

Authentication

  • PAT-408: Made SMTP User and SMTP Password optional in Generic SMTP pattern.

nevisAdmin 4.12.12 LTS Release Notes - 2023-06-05

Release information

  • RPM: nevisadmin4-4.12.12.0-1.noarch.rpm
  • GUI Version: 4.12.11-897 - BE 4.12.12.0

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

Notable changes and bug fixes

  • FIXED: The report generation no longer fails when the project has a variable that references a secret, secret file, or file attachment.
  • FIXED: Wrong autoscaling API version in nevisOperator caused deployments to fail on Kubernetes v1.26+ unless autoscaling was enabled.

Patterns 4.12.12 Release Notes - 2023-06-14

Build Version: 4.12.12.2

How to install and use the plugins

Download the plugin JAR files from the Nevis Portal.

Go to the Downloads section, and select LTS 2021 RELEASE / 2023 May.

Enter the version in the Search field: 4.12.12.

On how to use this library, see Editing Project Pattern Libraries.

Changes

info

Changes marked with ⚠️ may be breaking, have security impact, or affect user experience. Review these release notes carefully, and adapt your pattern configuration if required.

Application Protection

  • PAT-368: Removed a check which leads to invalid warning messages when using certain authentication steps in a realm assigned to a SOAP Service pattern.
  • PAT-379: Fixed how the paranoia level is configured in the generated ModSecurity configuration file for nevisProxy.

nevisAdmin 4.12.11 LTS Release Notes - 2023-05-17

Release information

  • RPM: nevisadmin4-4.12.11.1-1.noarch.rpm
  • GUI Version: 4.12.11-897 - BE 4.12.11.1

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

Notable changes and bug fixes

  • NEW: MariaDB 10.6 is now officially supported. (NEVISADMV4-8689)
  • FIXED: The Generation Engine no longer ignores the specified log level. (NEVISADMV4-8994)
  • FIXED: The nevisadmin4 db-migration helper commands now run successfully. (NEVISADMV4-9033)
  • FIXED: We improved the performance of the REST APIs for listing resources and secret-resources by optimizing the DB queries. (NEVISADMV4-9182)

Dependency upgrades

  • jackson 2.14.2 (NEVISADMV4-8968)
  • jetty-rewrite 9.4.50.v20221201 (NEVISADMV4-8968)
  • springdoc-openapi-ui 1.6.14 (NEVISADMV4-8968)
  • groovy 3.0.15 (NEVISADMV4-8968)
  • aspectjweaver 1.9.19 (NEVISADMV4-8968)
  • jaxb-runtime 2.3.8 (NEVISADMV4-8968)
  • slf4j-api 2.0.6 (NEVISADMV4-8968)
  • spring-boot 2.7.11 (NEVISADMV4-9137)
  • mariadb-java-client 2.7.8 (NEVISADMV4-8968)
  • apache-el 10.1.5 (NEVISADMV4-8968)
  • nimbus-jose-jwt 9.31 (NEVISADMV4-8968)
  • kubernetes-java-client 17.0.1 (NEVISADMV4-8968)
  • micrometer 1.10.4 (NEVISADMV4-8968)
  • replaced bcprov-jdk15on:1.70 with bcprov-jdk18on:1.73 (NEVISADMV4-9129)
  • replaced bcpkix-jdk15on:1.70 with bcpkix-jdk18on:1.73 (NEVISADMV4-9129)

Patterns 4.12.11 Release Notes - 2023-05-17

Release information

Build Version: 4.12.11.4

How to install and use the plugins

Download the plugin JAR files from the Nevis Portal.

Go to the Downloads section, and select LTS 2021 RELEASE / 2023 May.

Enter the version in the Search field: 4.12.11.

On how to use this library, see Editing Project Pattern Libraries.

Changes

info

Changes marked with ⚠️ may be breaking, have security impact, or affect user experience. Review these release notes carefully, and adapt your pattern configuration if required.

General

The following changes affect multiple components:

  • PAT-248: Release patterns as a single ZIP file instead of separate JAR files.

SAML / OAuth / OpenID Connect

  • PAT-359: Add missing method to the dispatcher script used by the SAML IDP.

User behavior analytics

  • NEVISDETECT-1683: Fixed Oracle JDBC driver could not be found issue.

Patterns 4.12.10 Release Notes - 2023-03-27

Release information

Build Version: 4.12.10.3

How to install and use the plugins

Download the plugin JAR files from the Nevis Portal.

Go to the Downloads section, and select LTS 2021 RELEASE / 2023 Feb.

Enter the version in the Search field: 4.12.10.

On how to use this library, see Editing Project Pattern Libraries.

Changes

info

Changes marked with ⚠️ may be breaking, have security impact, or affect user experience. Review these release notes carefully, and adapt your pattern configuration if required.

SAML / OAuth / OpenID Connect

  • ⚠️ PAT-274: Protection against XML Signature Wrapping (XSW) attacks. By default, the SAML IDP now signs the entire SAML Response.

    This is a breaking change. You have to adapt the configuration of your SAML service providers (SPs) to validate the signature of the Response. If this is not possible, you can opt out of this change by selecting Assertion in the Signed Element drop-down of the SAML SP Connector. If only the Assertion is signed, then your setup may be vulnerable to attacks.

    We recommend to check if your SP applies appropriate mitigations. If you are using a Nevis SP, then upgrade to the latest applicable version of nevisAuth to benefit from additional checks of the ServiceProviderState. Check the release notes of nevisAuth for details.

    To easily configure which signatures are validated on the SP side, we have added a drop-down Signature Validation to the SAML IDP Connector pattern. The default of this drop-down is both, which means that the signature of the Response and Assertion is checked. This in line with the change of the default on the IDP side. If you can not enable response signing on the IDP site, you can opt out of this change by setting the drop-down to Assertion.

nevisAdmin 4.12.9 LTS Release Notes - 2023-02-15

Release information

  • RPM: nevisadmin4-4.12.9.3-1.noarch.rpm
  • GUI Version: 4.12.9-867 - BE 4.12.9.3

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

Notable changes and bug fixes

  • IMPROVED: Reduced the size of the database migration docker image by removing unused drivers. (NEVISADMV4-8874)
  • FIXED: Fixed an issue causing jobs to create data with 'anonymous' user instead of the user that actually triggered the job. (NEVISADMV4-8953)

Dependency upgrades

  • Jackson 2.14.1 (NEVISADMV4-8690)
  • Springdoc-openapi-ui 1.6.13 (NEVISADMV4-8690)
  • Snakeyaml 1.33 (NEVISADMV4-8690)
  • Jaxb-runtime 2.3.7 (NEVISADMV4-8690)
  • Slf4j-api 2.0.4 (NEVISADMV4-8690)
  • Logback-classic 1.3.5 (NEVISADMV4-8690)
  • Commonmark 0.21.0 (NEVISADMV4-8690)
  • Spring dependency-management-plugin 1.1.0 (NEVISADMV4-8690)
  • Mariadb-java-client 2.7.7 (NEVISADMV4-8690)
  • Apache-el 10.1.1 (NEVISADMV4-8690)
  • Shiro 1.11.0 (NEVISADMV4-8912)
  • Nimbus-jose-jwt 9.25.6 (NEVISADMV4-8690)
  • Kubernetes-java-client 16.0.2 (NEVISADMV4-8690)
  • Micrometer 1.10.1 (NEVISADMV4-8690)

See Patterns Release Notes, releases 4.12.8 to 4.12.9.

Patterns 4.12.9 Release Notes - 2023-02-15

Release information

Build Version: 4.12.9.5

How to install and use the plugins

Download the plugin JAR files from the Nevis Portal.

Go to the Downloads section, and select LTS 2021 RELEASE / 2023 Feb.

Enter the version in the Search field: 4.12.9.

On how to use this library, see Editing Project Pattern Libraries.

Changes

info

Changes marked with ⚠️ may be breaking, have security impact, or affect user experience. Review these release notes carefully, and adapt your pattern configuration if required.

Application Protection

  • PAT-161: Fixed nevisProxy minimal version check for ModSecurity Core Rule Set to only apply when deploying a nevisProxy Instance.

Identity Management

  • ⚠️ NEVISIDM-8595: The nevisIDM Instance pattern now validates the length of the configured Encryption Key.

nevisAdmin 4.12.8 LTS Release Notes - 2022-11-16

Release information

  • RPM: nevisadmin4-4.12.8.5-1.noarch.rpm
  • GUI Version: 4.12.8-811 - BE 4.12.8.5

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

Notable changes and bug fixes

  • UPGRADED: We upgraded dependencies.
  • FIXED: The publish modal could run into an error when publishing the deletion of a pattern copied into this project. The issue is now fixed. (NEVISADMV4-8488)

See Patterns Release Notes, releases 4.12.6 to 4.12.8.

Patterns 4.12.8 LTS Release Notes - 2022-11-16

Release information

Build Version: 4.12.8.4

How to install and use the plugins

Download the plugin JAR files from the Nevis Portal.

Go to the Downloads section, and select LTS 2021 RELEASE / 2022 Nov.

Enter the version in the Search field: 4.12.8.

On how to use this library, see Editing Project Pattern Libraries.

Changes

info

Changes marked with ⚠️ may be breaking, have security impact, or affect user experience. Review these release notes carefully, and adapt your pattern configuration if required.

Application Protection

  • ⚠️ PAT-107: We added a setting OWASP ModSecurity CRS version to the Virtual Host pattern to select the CRS version.
    • If a custom rule set was configured, the option custom must be selected.
    • The default CRS version remains 3.0.2 with self-contained mode to not break applications.
    • We have added 3.3.2 and 3.3.4 to the available options. These new bundles match the OWASP recommended configuration, therefore they use anomaly mode and response body check is enabled.
    • Versions 3.3.4 requires nevisProxy 4.6.9 (October 2022) or newer.
    • We recommend using CRS version 3.3.4, but you can still choose one of the previous versions.

Authentication

  • PAT-56: Removed unused mermaid.min.js.

Patterns 4.12.7 LTS Release Notes - 2022-10-07

Build version: 4.12.7.1

How to Install and Use the Plug-Ins

Download the plugin JAR files from the Nevis Portal.

Go to the Downloads section, and select LTS 2021 RELEASE / 2022 Aug.

Enter the version in the Search field: 4.12.7

On how to use this library, see Editing Project Pattern Libraries.

Changes

info

Some changes may be breaking, have security impact, or affect user experience. Review these release notes carefully and adapt your pattern configuration, if required.

General Changes

  • PAT-53: Improved cleanup of rotated log files in components

    • Changed glob expression filename.* to a regex expression to avoid that files which have not been created by the component (e.g. backups or compressed rotated logs) are removed.
  • NEVISADMV4-8507: Improved links to applications in Application Mapping Report.

nevisAdmin 4.12.6 LTS Release Notes - 2022-08-17

Release information

  • nevisAppliance: 2.202111.22 LTS
  • RPM: nevisadmin4-4.12.6.2-1.noarch.rpm
  • GUI Version: 4.12.6-708 - BE 4.12.6.2

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

Notable changes and bug fixes

  • UPGRADED: Various dependencies are upgraded.

See Patterns Release Notes, releases 4.12.5 to 4.12.6.

Patterns 4.12.6 LTS Release Notes - 2022-08-17

Build version: 4.12.6.3

How to Install and Use the Plug-Ins

Download the plugin JAR files from the Nevis Portal.

Go to the Downloads section, and select LTS 2021 RELEASE / 2022 Aug.

Enter the version in the Search field: 4.12.6

On how to use this library, see Editing Project Pattern Libraries.

Changes

info

Some changes may be breaking, have security impact, or affect user experience. Review these release notes carefully and adapt your pattern configuration, if required.

General Changes

  • NEVISADMV4-8402: We improved Log Settings patterns to support time-based log rotation.
    • This applies to classic VM deployment only, as in a Kubernetes deployment all log messages are written to the pod log with a prefix.
    • Choose between time or size in the Rotation Type drop-down.
    • The file extension for rotated files is (example for Log4J2-based components):
      • size-based rotation: %i
      • daily rotation: %d{yyyy-MM-dd}
      • hourly rotation: %d{yyyy-MM-dd-HH}

Application protection

  • NEVISADMV4-8338: We prevented the error issue when using a variable for Lua Script in Lua HTTP Processing pattern.
  • NEVISADMV4-8383, NEVISPROXY-6251: The HTTP Error Handling pattern now supports uploading JSON files.

Authentication

  • NEVISLOG-409: We fixed generic JSON rendering by nevisLogrend.

Identity Management

  • NEVISIDM-7694: Encryption settings are now exposed in the nevisIDM Instance. From now on the Encryption Key can be set.
    • The database should be checked for encrypted content to determine if Encryption Fallback has to be enabled:
      • encrypted properties: select * from tidma_property where encrypted = 1;
      • unused URL tickets: select * from tidma_credential where CREDENTIAL_TYPE_ID = 14 and STATE_ID = 2;
  • NEVISIDM-8120: We reworked the Azure Service Bus pattern, it can mow be used to set the following remote queues with the help of Azure Service Bus Remote Queue pattern(s):
    • Provisioning Queue: Previously the only queue which can be configured as remote: this queue contains messages about changes in entities.
    • Expiry Queue: If messages are not read locally from Provisioning, and they are not moved to Remote Provisioning before Time to Live expires, they are moved to local Expiry Queue, which can be connected with this setting to a remote queue.
    • Dead Letter Queue: If messages failed to read locally from Provisioning, they are moved to local DLQ which can be connected with this setting to a remote queue

nevisAdmin 4.12.5 LTS Release Notes - 2022-05-18

Release information

  • nevisAppliance: 2.202111.19-LTS
  • RPM: nevisadmin4-4.12.5.7-1.noarch.rpm
  • GUI Version: 4.12.3-564 - BE 4.12.5.7

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

  • If you use Kubernetes:You can no longer use the Kubernetes cluster to sign certificates when using automatic key management. Use cert-manager for this purpose. For more information, see Migrating to cert-manager.

Notable changes and bug fixes

  • IMPROVED: We improved the audit logs of numerous REST endpoints. (NEVISADMV4-8033)
  • FIXED: Random**ArrayIndexOutOfBoundsException occurred on Inventory edit, caused by a bug in SnakeYAML library. The issue is now fixed. (NEVISADMV4-8114)
  • UPGRADED: Various dependencies are upgraded.

See Patterns Release Notes, releases 4.12.4 to 4.12.5.

Patterns 4.12.5 LTS Release Notes - 2022-05-18

Build version: 4.12.5.4

How to Install and Use the Plug-Ins

You can download the plugin JAR files from the Nevis Portal.

Go to the Downloads section, and select LTS 2021 RELEASE / 2022 May.

Enter the version in the Search field: 4.12.5

On how to use this library, see Editing Project Pattern Libraries.

Changes

info

Some changes may be breaking, have security impact, or affect user experience. Review these release notes carefully and adapt your pattern configuration, if required.

General changes

  • NEVISADMV4-8077: All Generic Log Settings patterns are removed. Change your project configuration to use the high-level Log Settings patterns instead.
  • NEVISADMV4-8076: The fields used for Log Levels in Log Settings patterns are aligned. In case you have to adapt your pattern configuration, a message is shown to guide you through the process.
  • NEVISADMV4-8076: Log config generation is migrated from Log4J version 1 to Log4J version 2. The following Nevis components are affected:
    • nevisAuth
    • nevisDP
    • nevisLogrend
    • nevisMeta
  • NEVISADMV4-8078: The available options for Log Targets in Log Settings patterns are changed.
    • The option file is now called default because in Kubernetes deployments the log is always written to the pod log.
    • The option file + syslog is now called default + syslog for the same reason.
    • If you selected one of the options above, you get an error. Select default instead.
  • NEVISADMV4-8076: The default maximum log file size is aligned. Now all components use 100 MB by default. This means an increase from 10 MB to 100 MB for the following components:
    • nevisIDM
    • nevisMeta

Application protection

  • NEVISADMV4-8161: We fixed the missing port number in the defaultHost property of the navajo.xml. The issue occurred when several Virtual Host patterns shared the same Frontend Addresses, and one of these patterns was set as Default Virtual Host in the nevisProxy Instance pattern.
  • NEVISADMV4-8141: The nevisProxy patterns no longer generate SERVER_FDLIMIT, as nevisProxy does not use this instruction since version 4.6.
  • NEVISPROXY-6092: We fixed the time interval based log rotation in the nevisProxy Log Settings pattern.
  • NEVISADMV4-7709: The HTTP Header Customization pattern now allows the of use constant values for Basic Auth User and Basic Auth Password. Previously you have to add the CONST: prefix.

Authentication

  • NEVISADMV4-8172: We added validation to ensure the SecToken Signer Key Store has a name that is compatible with Kubernetes deployment. This means that the name must end with “Signer”.
  • NEVISADMV4-8153: We removed ch.nevis.session.jdbc.connector.store.absTo from the env.conf of nevisAuth instances.
  • NEVISADMV4-8149: We now use a plain TCP connect check for nevisLogrend readiness endpoint in Kubernetes deployment. This is because the check fails if a HTTPs based check is used, and HTTPs is set to mutual in the nevisLogrend Instance pattern.

Identity management

  • NEVISADMV4-8196: Do not create a WARNING issue when a variable is used for the JDBC driver in nevisIDM Database Connector pattern during background generation. Variables used to upload files do not have a sample value in the project and thus validation has to be skipped.
  • NEVISADMV4-8126: The IdmPasswordResetState, which is generated by the nevisIDM Password Login pattern when Password Reset is enabled, now shows password policy information.
    • The IdmChangePasswordState generated for enforced password change during login now shows the same policy.
    • The AuthState configuration is generated in a way that policy information is only shown when there is user impact. For example, information that “0” characters of a certain type must be entered, is never shown.
  • NEVISADMV4-8174: We added PersistentQueueRetry to the validation of nevisIDM Authorizations Pattern.

nevisAdmin 4.12.4 LTS Release Notes - 2022-02-16

Release information

  • nevisAppliance: 2.201111.11-LTS
  • RPM: nevisadmin4-4.12.4.2-1.noarch.rpm
  • GUI Version: 4.12.3-564 - BE 4.12.4.2

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

Notable changes and bug fixes

  • FIXED: The nevisadmin4 rpm package integrity was wrong by default. The issue is now fixed.

See Patterns Release Notes, releases 4.12.2 to 4.12.4.

Patterns 4.12.4 LTS Release Notes - 2022-02-16

Build version: 4.12.4.1

How to Install and Use the Plug-Ins

You can download the plugin JAR files from the Nevis Portal.

Go to the Downloads section, and select LTS 2021 RELEASE / 2022 Feb.

Enter the version in the Search field: 4.12.4

On how to use this library, see Editing Project Pattern Libraries.

Changes

info

Some changes may be breaking, have security impact, or affect user experience. Review these release notes carefully and adapt your pattern configuration, if required.

Application Protection

  • NEVISADMV4-7936: Fixed an exception in the Application Mapping Report.
  • NEVISADMV4-7891: Fixed a typo in the VERSION-CONTROL HTTP method.

Authentication

  • NEVISADMV4-7826: Refactored startup check for nevisAuth to check if the port is bound only.
    • The previous status check failed when the log was rotated during startup.
  • NEVISADMV4-7837: Generic Authentication Step now supports adding multiple GuiElem of type submit with the same name as long as the value is different.
    • There are custom AuthState implementations which require such a configuration.

Mobile Authentication

  • NEVISADMV4-7627: Added new Android biometric authenticator AAID for Android to nevisFIDO Instance pattern default Policy and Metadata.

Identity Management

  • NEVISADMV4-7834: Ensure tmp folder inside nevisIDM instance is not deleted on deployment.
    • Removal of the tmp folder during runtime can lead to outages.

Federation

  • NEVISADMV4-7767: Fixed a bug in the social login patterns which made the authentication fail.
  • NEVISADMV4-7979: Social Login Pattens use the next step correctly when create new user failed.

Provisioning

  • NEVISDP-328: Allow the upload of multiple Custom JAR Files for nevisDataPorter Instance.
  • NEVISDP-329: The nevisDataPorter Instance now has a tab nevisIDM Connection where you can set a Trust Store and Key Store to establish a 2-way TLS connection.
    • Check the documentation on how to use these stores in your Configuration.

nevisAdmin 4.12.3 LTS Release Notes - 2021-11-17

Release information

  • nevisAppliance: 2.202111.3 LTS
  • RPM: nevisadmin4-4.12.3.5-1.noarch.rpm
  • GUI Version: FE 4.12.3-564 - BE 4.12.3.5

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

Version specific upgrade instructions

If you are upgrading from 4.5 (LTS), see nevisAdmin 4 migration guide from LTS-2019 to LTS-2021 for the essentials, or the rolling release notes from 4.6 to 4.12 to see all improvements and features made.

Changes

  • NEW: Data porter patterns are now available with the standard pattern libraries.
  • IMPROVED: A new property nevisadmin.generation.engine.smart-error-recovery is added to make the Generation Engine continue the generation on errors. With this property turned on, the error output of the Generation Engine and the Deployment Wizard will be the same for the same project.
  • IMPROVED: The authentication flow tree now loads faster.
  • IMPROVED: On Kubernetes, component containers will now start with the runAsNonRootoption, instead of specifying a random UID. This is to improve compatibility with OpenShift.
  • IMPROVED: The responsive design on Kubernetes Status screen is improved.
  • IMPROVED: When importing an existing project from zip, a project overwrite warning dialog message is displayed.
  • IMPROVED: The display of error messages is improved on the Deployment Wizard and Pattern property editor.
  • IMPROVED: The message while loading the Authentication flow tree is improved.
  • IMPROVED: The scroll was enabled on Create Inventory dialog and at Help section on Issues and Variables screens while using a smaller browser window size.

Deprecations

  • DEPRECATED: Using the Kubernetes cluster to sign the certificates when using automatic key management is now deprecated, and the feature will be removed in a future release. Use cert-manager for this purpose, for more information see: Migrating to cert-manager.

See Patterns Release Notes, releases 4.12 to 4.12.2.

Patterns 4.12.3 LTS Release Notes - 2021-11-17

This version contains minimal changes compared to the previous 4.12.2 release and marks the starting point of LTS 2021.

Build version: 4.12.3.9

How to Install and Use the Plug-Ins

You can download the plugin JAR files from the Nevis Portal.

Go to the Downloads section and select LTS 2021 RELEASE / 2021 Nov.

Enter the version in the Search field: 4.12.3

To use this library, see the chapter Editing Project Pattern Libraries of the nevisAdmin 4 technical documentation.

Changes

info

Some changes may be breaking, have security impact, or affect user experience. Review these release notes carefully and adapt your pattern configuration, if required.

General Changes

  • NEW: a chmod to automatic key management scripts to fix a permission issue which occurs in certain versions of openssl has been added.
  • FIXED: thread-safety issue which could make the generation fail when automatic key management was used has been fixed.

Application Protection

  • FIXED: an exception in the Application Mapping Report which made report generation fail was fixed.

Authentication

  • NEW: a WARN issue when multiple files per language are uploaded for Labels in authentication realm patterns was added.
  • FIXED: a bug in the generation of SectokenVerifierCert when using multiple realm patterns with different configuration for Internal SecToken Trust Store was fixed.

Federation

  • NEW: an optional configuration On User Creation Failed in social login patterns was added.

Identity Management

  • NEW: experimental patterns for the configuration of nevisDataPorter were added.
  • UPDATED: the CSRF protection to be compatible with new nevisIDM release was updated.

Known issues and limitations

nevisAdmin 4

  • When using Kubernetes, inventory secret file attachments cannot exceed 1 MB in size by default. Because, in Kubernetes deployments, it is not possible to transfer files larger than 1 MB to the cluster as Kubernetes secrets. As a workaround, you can upload files that do not contain sensitive information via the Attach files feature. Alternatively, if you do not need to deploy to Kubernetes, you can increase the value of the property nevisadmin.secret.max-file-size.
  • If you update the value of a secret, secret file, or non-secret file, subsequent rollback deployments use the updated value.
  • Updating an inventory attachment with a file that has a new name does not update its reference in the inventory. This results in an outdated file name shown in the reference (inv-res-secret://<id>#fileName>).
  • The first redeployment of a project after promotion from side-by-side deployment causes the restart of nevisProxy instances, even if there is no configuration change related to the nevisProxy instances.
  • If there are multiple RPM nevisAdmin 4 installations on a server, the command nevisadmin4 status lists the versions of all installations under the Component field in the nevisAdmin 4 GUI, not only the currently used one.
  • You cannot change the case of a letter of an already published variable. This bug does not affect unpublished variables.
  • The Project summary report tab can take several seconds to load in case of very large projects.
  • Loading the Pattern list can take several seconds in the case of very large projects. In such cases, the Label view or Filters function is a more convenient way to view the patterns.
  • The deployment preview phase reports an error if the automatic key management setting is enabled during classic deployments. This issue does not occur if the deployment is initiated by the root user.

Automatic key management

Kubernetes deployment

In Kubernetes deployments, automatic keystores are scoped to a Kubernetes service.

To support side-by-side deployment, a post-fix is appended to Kubernetes service names.

As the service name is included in the certificate subject, it is required to generate new keystores when a service is renamed.

This can be problematic for keystores used to sign a token, because all truststores used to validate the token signature have to be updated as well.

This means that tokens signed by the previous signer are no longer accepted.

For instance, a previous signer may have used to sign a SecToken for the user, which is then stored in the session.

To avoid this problem, the following keystores are not scoped to the Kubernetes service, this applies even if side-by-side deployment is not being used:

  • The internal SecToken that nevisAuth creates for itself to access nevisIDM and nevisMeta APIs.
  • Application access tokens issued to the user to access applications protected by nevisProxy.

This works when no key management patterns are assigned, but it may fail when assigning an Automatic Key Store pattern. If you use Automatic Key Store patterns to sign tokens, make sure the pattern name ends with -signer.

Classic deployment

When the folder /var/opt/keys/ is completely removed on target hosts in VM deployments, two deployments are required to recreate the key material.

This is an exceptional case which occurs only during disaster recovery or nevisAdmin 4 CA renewal.

HTTP error codes cause session loss

By default, the Virtual Host maps an ErrorFilter that handles HTTP error codes.

For security reasons, the filter is configured to remove response headers.

This behavior can lead to the loss of the nevisProxy session when an HTTP error occurs, for example while the session cookie is being renewed after a successful authentication.

For status codes 404 and 502, the headers are not reset, which makes session loss less likely.

You can opt out by adding your own HTTP Error Handling pattern.

This pattern allows you to define which status codes are handled, and for which codes the headers are kept.

You can do this using the property Keep Header Status Codes.

Assign the HTTP Error Handling pattern to relevant locations, for example, the entire Virtual Host or in applications.