FIXED: Unreleased lock causing threads to hang in scenarios where several clients are using the same session and this session is killed by multiple nevisProxy instances at the same time. Also some warning messages not requiring operational attention are downgraded to info. (NEVISAUTH-4738)
FIXED: We now set the kid field in the JWKS endpoint with the property keyID of the AuthorizationServer, in case the keyID property exists. (NEVISAUTH-4501)
FIXED: SecurityTokenService logging confusing error message SAAJ0303.ver1_1.msg.op.unsupported.in.SOAP1.1 when generating an error response. (NEVISAUTH-4681)
REMOVED: The constant TokenSignature.DFLT_ALGORITHM using SHA1 was removed from jcan-sectoken, use the value SHA256withRSA instead. (NEVISIDM-9456)
REMOVED: The nevisauth-test-authstateharness-fat no longer embeds the following 3rd party dependencies: log4j, slf4j, groovy-test, groovy-test-junit5, groovy-testng as these can easily cause an unresolvable version clash. (NEVISAUTH-4553)
FIXED: The OOCD and Remote session store incorrectly storing time data in certain cases when using MariaDB. This caused an error during daylight saving time switch in spring while 1 hour disappears from time. MariaDB JDBC driver defaulting to the server timezone caused to double convert from local timezone to UTC. Normally this does not cause any issue for nevisAuth as the read/write uses the same logic. During the daylight saving time switch this causes a validation error at db that we try to insert a not existing (valid) time. Database connection session is now using UTC timezone to avoid this. Note that because of this change OOCD entries and Sessions will expire earlier with the timezone offset. If this is not acceptable you can fix the data in the DB like this: update nevisauth_out_of_context_data_service set reap_timestamp = DATE_ADD(reap_timestamp, INTERVAL 2 HOUR); update TNSSA_AUTH_SESSION_CACHE set ABSTO = DATE_ADD(ABSTO, INTERVAL 2 HOUR); These statements assume Central European Time and that the data was created in Summer time. (With winter time you have to add only 1 hour) In case of getting an error like Unknown or incorrect time zone: 'UTC' afterwards that means your database did not have the timezone database initilized. You have to run mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root mysql -p to verifiy the result of that you can run SELECT * FROM mysql.time_zone_name;. Note that this will only impact you if you upgrading from the java8 els versions or any rolling version >= 4.40.0.10. Upgrading from LTS21 is not impacted as LTS21 does not have this issue yet as it was introduced in NEVISAUTH-4265. (NEVISAUTH-4650)