Skip to main content
Version: 8.2511.x.x RR

2024-Q2: LTS-2024 Update (May 2024)

Major version

Version: 7.2405 LTS

Lifecycle dates

Minor VersionGeneral AvailabilityEnd of Full SupportEnd of Fade-Out Support
7.2405.1.1177September 27, 2024Nov 19, 2024Jun 19, 2025
7.2405.0.1176August 30, 2024Nov 19, 2024Jun 19, 2025
7.2405.0.1163July 25, 2024Nov 19, 2024Jun 19, 2025
7.2405.0.1142June 26, 2024Nov 19, 2024Jun 19, 2025
7.2405.0.1128May 15, 2024Nov 19, 2024Jun 19, 2025

Components Changelog

nevisAdmin 7.2405.0 Release Notes - 2024-05-15

Release information

  • RPM: nevisadmin4-7.2405.0.3-1.noarch.rpm
  • GUI Version: FE 7.2405.0-1302 - BE 7.2405.0.3

Breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

  • CHANGED: Due to the shallow checkout feature, Kubernetes deployments no longer work with uninitialized repositories. (NEVISADMV4-10018)

New features

  • NEW: nevisAdmin 4 now collects anonymized analytics data. This helps us understand better how nevisAdmin 4 is used. (PRODROAD-402)
    note

    nevisAdmin 4 only collects data, it does not send it to us without explicit user interaction. For more information, see product-analytics.

General changes

  • IMPROVED: Issues with INFO severity are now logged at DEBUG log level instead of INFO log level, for better log readability. This change only affects issues (mostly the ones created during the validation of configurations), not all log messages. (NEVISADMV4-9878)
  • IMPROVED: The deployment process now creates a shallow clone of the deployment repository. (NEVISADMV4-9293)
  • IMPROVED: The log viewer dialog (for pod's or nevisAdmin 4's logs) now lets you turn on line wrapping. The preference is sticky among logs. (NEVISADMV4-9904)
  • FIXED: Using REST requests, it used to be possible to deploy projects with inventories that are not in the same tenant as the project. Such requests are now rejected. (NEVISADMV4-9556)
  • FIXED: We fixed a GUI issue in the pattern editor where an error was thrown when a variable was assigned to a multi-select type of pattern field. (NEVISADMV4-9894)
  • FIXED: The file tree in the Generation Results in the Deployment Wizard no longer throws errors or become unresponsive when the tree has a lot of items. Moving the divider between the file tree and the file content previewer also became easier. (NEVISADMV4-9519)
  • FIXED: The authentication flow tree (in the right sidebar of the pattern editor) mixed up multiple occurrences of the same pattern when navigating using the links in the tree. Now those links correctly select the expected pattern in the tree. (NEVISADMV4-9910)

Dependency upgrades

  • org.eclipse.jgit 6.9.0.202403050737-r (NEVISADMV4-9293)
  • jsch 0.2.17 (NEVISADMV4-9812)
  • jackson 2.17.0 (NEVISADMV4-9922)
  • jetty-rewrite 12.0.8 (NEVISADMV4-9922)
  • groovy 4.0.20 (NEVISADMV4-9922)
  • aspectjweaver 1.9.22 (NEVISADMV4-9922)
  • jakarta-activation-api 2.1.3 (NEVISADMV4-9922)
  • jakarta-xml-bind-api 4.0.2 (NEVISADMV4-9922)
  • jaxb-runtime 4.0.5 (NEVISADMV4-9922)
  • slf4j-api 2.0.12 (NEVISADMV4-9812)
  • logback-classic 1.5.3 (NEVISADMV4-9922)
  • guava 33.1.0-jre (NEVISADMV4-9922)
  • commonmark 0.22.0 (NEVISADMV4-9922)
  • opensaml 4.3.1 (NEVISADMV4-9922)
  • spring-boot 3.2.5 (NEVISADMV4-9942)
  • springdoc-openapi-starter-webmvc-ui 2.5.0 (NEVISADMV4-9922)
  • mariadb-java-client 3.3.3 (NEVISADMV4-9812)
  • postgresql 42.7.3 (NEVISADMV4-9922)
  • nimbus-jose-jwt 9.37.3 (NEVISADMV4-9812)
  • bcprov-jdk18on 1.78 (NEVISADMV4-9922)
  • bcpkix-jdk18on 1.78 (NEVISADMV4-9922)
  • bcpg-jdk18on 1.78 (NEVISADMV4-9922)
  • bcutil-jdk18on 1.78 (NEVISADMV4-9922)
  • kubernetes-java-client 20.0.1 (NEVISADMV4-9922)
  • micrometer 1.12.4 (NEVISADMV4-9922)

Patterns 7.2405.0 Release Notes - 2024-05-15

Release information

  • Build Version: 7.2405.0.3

Changes and new features

info

Changes marked with ⚠️ may be breaking, have security impact, or affect user experience. Review these changes carefully, and adapt your pattern configuration as required.

General
  • ⚠️ The image version encoded in the patterns has been raised to 7.2405.0 for all components. If you are deploying to Kubernetes you have to push all required images to your container registry before deployment.
  • PAT-675: Fixed duplicate Java agent configuration in env.conf when using Java Observability Settings pattern.
  • PAT-667: Support generation of otel configuration based on inventory variables.
Application Protection
  • PAT-674: Fix error during background generation when using a nevisAdmin ${var expression and using only a variable as param-value in a servlet or filter in Generic Virtual Host Settings or Generic Application Settings.
Authentication
  • N/A: Fixed corrupted binary files being deployed when uploading them to Custom Resources in nevisAuth Instance.
  • PAT-652: New advanced setting Shared Groovy Scripts on nevisAuth Instance.
  • PAT-642: Fix requirement clash when reusing JSON Response Step.
  • PAT-669: Support configuration of custom Audit channels for nevisAuth.
  • ⚠️ PAT-654: The default maximum session lifetime has been reduced to 8 hours. This was done to align the realm pattern with the defaults of nevisAuth. The original value of 12 hours has the benefit that sessions for end-users logging into an office account only have to log in once during a business day with the drawback of generating more, longer lasting sessions overall. If you want to go back to the “once a day login”, simply set the maximum session lifetime back to 12 hours in your realm patterns.
  • PAT-657: Support child element Mapping for Method element in Generic nevisAuth Web Service pattern.
  • PAT-657: Ensure errors caused by uploaded XML files are shown where the XML file is uploaded.
Identity Management
  • PAT-680: For permissions related to credentials (such as CredentialChangeState, CredentialCreate, CredentialDelete, CredentialModify, CredentialPdfView, CredentialSearch, CredentialView, and CredentialViewPlainValue), it is now allowed to reduce the elementary permission to a specific credential type. Example: CredentialCreate.PASSWORD
Mobile Authentication
  • PAT-641: Fix HTTP connection to nevisFIDO for Out-of-band Mobile Onboarding.
User behavior analytics
  • NEVISDETECT-1827: updated nevisAdapt Demo app in the template.
  • NEVISDETECT-1831: Added option to disable private IP filtering and configure default country code in that case.
  • NEVISDETECT-1834: Added option to enable Apache Hostname Verifier under nevisAdapt Instance / Advanced Settings.
  • NEVISDETECT-1835: Added option to disable nevisAdapt analyzers, either on module or analyzer level.

nevisAppliance 7.2405.0.1128 - 15.05.2024

This is the first release of the LTS-24. The LTS-24 is based mostly on the Nevis components and their respective versions released to the February 2024 Rolling Release, and replaces the LTS-21, which is gone into Maintenance mode now.

Upgraded Nevis components

  • nevisadmin4 7.2405.0.3
  • nevisadmin4 plugins 7.2405.0.3
  • nevisauth 7.2405.0.4
  • nevisadapt 7.2405.0.11
  • nevisdetect 7.2405.0.11
  • nevisdp 7.2405.0.8999484892
  • nevisfido 7.2405.0.2
  • nevisfido-test-client-core 7.2405.0.2
  • nevisfido-test-client-gatling 7.2405.0.2
  • nevisidm 7.2405.0.9032132306
  • nevisidmdb 7.2405.0.9032132306
  • nevislogrend 7.2405.0.1
  • nevismeta 7.2405.0.2
  • nevisproxy 7.2405.0.0
  • ninja 7.2405.0.2

Resolved issues

  • UPGRADED: We upgraded the Rocky Linux 8 operating system to the latest available version.

nevisAdapt 7.2405.0.11 - 15.05.2024

Changes and new features

  • ADDED: Added the option to disable private IP filtering and configure default country code in that case.
  • ADDED: Added the option to enable Apache Hostname Verifier under nevisAdapt Deployable / Advanced Settings.
  • ADDED: Added the option to disable nevisAdapt analyzers, either on module or analyzer level.
  • ADDED: New Logging groups for nevisAdapt for ease-of-access.
  • FIXED: finished integration to Java 17.
  • FIXED: PostgreSQL integration with nevisAdapt.
  • FIXED: GeoLocation error with nevisAdapt.
  • FIXED: nevisAdapt can now consume multiline JAVA_OPTS.
  • CHANGED: Dependencies updated.

nevisAuth 7.2405.0.4 - 15.05.2024

Changes and new features

Breaking changes
  • REMOVED: The constant TokenSignature.DFLT_ALGORITHM using SHA1 was removed from jcan-sectoken, use the value SHA256withRSA instead. (NEVISIDM-9456)
  • REMOVED: The nevisauth-test-authstateharness-fat no longer embeds the following 3rd party dependencies: log4j, slf4j, groovy-test, groovy-test-junit5, groovy-testng as these can easily cause an unresolvable version clash. (NEVISAUTH-4553)
  • FIXED: The OOCD and Remote session store incorrectly storing time data in certain cases when using MariaDB. This caused an error during daylight saving time switch in spring while 1 hour disappears from time. MariaDB JDBC driver defaulting to the server timezone caused to double convert from local timezone to UTC. Normally this does not cause any issue for nevisAuth as the read/write uses the same logic. During the daylight saving time switch this causes a validation error at db that we try to insert a not existing (valid) time. Database connection session is now using UTC timezone to avoid this. Note that because of this change OOCD entries and Sessions will expire earlier with the timezone offset. If this is not acceptable you can fix the data in the DB like this: update nevisauth_out_of_context_data_service set reap_timestamp = DATE_ADD(reap_timestamp, INTERVAL 2 HOUR); update TNSSA_AUTH_SESSION_CACHE set ABSTO = DATE_ADD(ABSTO, INTERVAL 2 HOUR); These statements assume Central European Time and that the data was created in Summer time. (With winter time you have to add only 1 hour) In case of getting an error like Unknown or incorrect time zone: 'UTC' afterwards that means your database did not have the timezone database initilized. You have to run mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root mysql -p to verifiy the result of that you can run SELECT * FROM mysql.time_zone_name;. Note that this will only impact you if you upgrading from the java8 els versions or any rolling version >= 4.40.0.10. Upgrading from LTS21 is not impacted as LTS21 does not have this issue yet as it was introduced in NEVISAUTH-4265. (NEVISAUTH-4650)
General Changes
  • FIXED: OAuth2 only return error redirect when valid redirect_uri is provided. (NEVISAUTH-4627)
  • FIXED: We made the encryption of the AccessToken work also for OAuth2. (NEVISAUTH-4630)
  • FIXED: We fixed corrupted SecToken generated by JWT Bearer Grant Authentication flow. (NEVISAUTH-4631)
  • FIXED: Getting BadConfigurationException when setting nevismeta.httpclient.authorization.basic.* properties. (NEVISAUTH-4520)
  • FIXED: The actorCert not extracted from HTTP Request. (NEVISAUTH-4649)
  • FIXED: The public client without client secret throw exception during token request. (NEVISAUTH-4691)
  • NEW: We support EC key for JWKS. (NEVISAUTH-4515)
  • EXPERIMENTAL: We introduced the property openid.promptParameterSupported for using prompt parameter in AuthorizationServer. (NEVISAUTH-4526)
  • UPGRADED: We upgraded the Angus activation third-party dependencies to version 2.0.2. (NEVISAUTH-4553)
  • UPGRADED: We upgraded the Angus mail third-party dependencies to version 2.0.3. (NEVISAUTH-4553)
  • UPGRADED: We upgraded the Apache Http Client third-party dependencies to version 5.3.1. (NEVISAUTH-4553)
  • UPGRADED: We upgraded the Bouncy Castle third-party dependencies to version 1.78. (NEVISAUTH-4641)
  • UPGRADED: We upgraded the Commons codec third-party dependency to version 1.16.1. (NEVISAUTH-4553)
  • UPGRADED: We upgraded the Groovy third-party dependencies to version 4.0.21. (NEVISAUTH-4553)
  • UPGRADED: We upgraded the Guava third-party dependencies to version 33.1.0-jre. (NEVISAUTH-4553)
  • UPGRADED: We upgraded the Jackson third-party dependencies to version 2.17.0. (NEVISAUTH-4553)
  • UPGRADED: We upgraded the Jakarta servlet api third-party dependency to version 6.0 (NEVISAUTH-4585)
  • UPGRADED: We upgraded the jaxb-impl third-party dependency to version 4.0.2. (NEVISAUTH-4553)
  • UPGRADED: We upgraded the jaxrs-ri third-party dependency to version 3.1.6. (NEVISAUTH-4553)
  • UPGRADED: We upgraded the jcan-saml, jcan-sectoken dependency to version 7.2405.0.x. (NEVISAUTH-4553)
  • UPGRADED: We upgraded the Jetty third-party dependencies to version 12.0.8. (NEVISAUTH-4585)
  • UPGRADED: We upgraded the json-smart third-party dependency to version 2.5.1. (NEVISAUTH-4553)
  • UPGRADED: We upgraded the ldap-unboudid third-party dependency to version 7.0.0. (NEVISAUTH-4553)
  • UPGRADED: We upgraded the libphonenumber third-party dependency to version 8.13.34. (NEVISAUTH-4553)
  • UPGRADED: We upgraded the log4j third-party dependencies to version 2.23.1. (NEVISAUTH-4553)
  • UPGRADED: We upgraded the MariaDB connector third-party dependency to version 3.3.3. (NEVISAUTH-4553)
  • UPGRADED: We upgraded the nimbus oicd sdk third-party dependency to version 11.10.1. (NEVISAUTH-4553)
  • UPGRADED: We upgraded the Opentelemetry api third-party dependency to version 1.37.0 (NEVISAUTH-4546)
  • UPGRADED: We upgraded the PostgreSQL jdbc driver third-party dependency to version 42.7.3. (NEVISAUTH-4553)
  • UPGRADED: We upgraded the Parsson third-party dependency to version 1.1.6. (NEVISAUTH-4553)
  • UPGRADED: We upgraded the slf4j third-party dependency to version 2.0.12. (NEVISAUTH-4553)
  • UPGRADED: We upgraded the woodstox third-party dependency to version 6.6.2. (NEVISAUTH-4553)
  • UPGRADED: We upgraded the wss4j third-party dependency to version 3.0.3. (NEVISAUTH-4553)
  • UPGRADED: We upgraded the xmlsec third-party dependency to version 3.0.4. (NEVISAUTH-4553)

nevisDataporter 7.2405.0.8999484892 - 15.05.2024

Changes and new features

  • UPGRADED: We updated netty to 4.1.108.Final. (NEVISDP-522)
  • UPGRADED: We upgraded greenmail to 2.0.1. (NEVISDP-526)
  • UPGRADED: We changed Javax Mail to Jakarta Mail 2.0.1. (NEVISDP-526)
  • FIXED: EmailSink issue with incorrect library used for sending emails is now fixed. (NEVISDP-526)

nevisDetect 7.2405.0.11 - 15.05.2024

Changes and new features

  • FIXED: finished integration to Java 17.
  • CHANGED: Dependencies updated.

nevisFIDO 7.2405.0.2 - 15.05.2024

Changes and new features

Breaking changes
  • CHANGE: The PublicKeyCredentialOptions stored in the FIDO2 session (webauthn_sessions) changed its format. Because of the serialisation used, it's not backward compatible. Ongoing registration or authentication ceremonies (started before upgrading) will fail. (NEVISFIDO-2006)
  • FIXED: The session store incorrectly storing time data in certain cases when using MariaDB. This caused an error during daylight saving time switch in spring while 1 hour disappears from time. MariaDB JDBC driver defaulting to the server timezone caused to double convert from local timezone to UTC. Normally this does not cause any issue for nevisFIDO as the read/write uses the same logic. During the daylight saving time switch this causes a validation error at db that we try to insert a not existing (valid) time. Database connection session is now using UTC timezone to avoid this. Note that because of this change Sessions will expire earlier with the timezone offset. If this is not acceptable you can fix the data in the DB like this: update uaf_sessions set reap_timestamp = DATE_ADD(reap_timestamp, INTERVAL 2 HOUR), created = DATE_ADD(created, INTERVAL 2 HOUR), status_updated = DATE_ADD(status_updated, INTERVAL 2 HOUR); update token_sessions set reap_timestamp = DATE_ADD(reap_timestamp, INTERVAL 2 HOUR), created = DATE_ADD(created, INTERVAL 2 HOUR), status_updated = DATE_ADD(status_updated, INTERVAL 2 HOUR); update webauthn_sessions set reap_timestamp = DATE_ADD(reap_timestamp, INTERVAL 2 HOUR), created = DATE_ADD(created, INTERVAL 2 HOUR), status_updated_at = DATE_ADD(status_updated_at, INTERVAL 2 HOUR); update jws_requests set reap_timestamp = DATE_ADD(reap_timestamp, INTERVAL 2 HOUR); These statements assume Central European Time and that the data was created in Summer time. (With winter time you have to add only 1 hour) In case of getting an error like Unknown or incorrect time zone: 'UTC' afterwards that means your database did not have the timezone database initilized. You have to run mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root mysql -p to verifiy the result of that you can run SELECT * FROM mysql.time_zone_name;. Note that this will only impact you if you upgrading from the java8 els versions or any rolling version >= 2.4.0.7. Upgrading from LTS21 is not impacted as LTS21 does not have this issue yet as it was introduced in NEVISFIDO-1817. (NEVISFIDO-2080)
General Changes
  • UPGRADED: We upgraded the Apache Http Client third-party dependencies to version 5.3.1. (NEVISFIDO-2006)
  • UPGRADED: We upgraded the Apache Http Core third-party dependencies to version 5.2.4. (NEVISFIDO-2006)
  • UPGRADED: We upgraded the Bouncy Castle third-party dependencies to version 1.78. (NEVISFIDO-2062)
  • UPGRADED: We upgraded the google-api-client third-party dependency to version 2.4.0. (NEVISFIDO-2006)
  • UPGRADED: We upgraded the google-auth-library third-party dependency to version 1.23.0. (NEVISFIDO-2006)
  • UPGRADED: We upgraded the guava third-party dependency to version 33.1.0-jre. (NEVISFIDO-2006)
  • UPGRADED: We upgraded the Jackson third-party dependencies to version 2.17.0. (NEVISFIDO-2006)
  • UPGRADED: We upgraded the jcan-saml, jcan-sectoken dependency to version 7.2405.0.x. (NEVISFIDO-2006)
  • UPGRADED: We upgraded the Jakarta servlet api third-party dependency to version 6.0 (NEVISFIDO-2012)
  • UPGRADED: We upgraded the Jetty third-party dependencies to version 12.0.7. (NEVISFIDO-2012)
  • UPGRADED: We upgraded the log4j third-party dependencies to version 2.23.1. (NEVISFIDO-2006)
  • UPGRADED: We upgraded the MariaDB connector third-party dependency to version 3.3.3. (NEVISFIDO-2006)
  • UPGRADED: We upgraded the Opentelemetry api third-party dependency to version 1.37.0. (NEVISFIDO-2006)
  • UPGRADED: We upgraded the PostgreSQL jdbc driver third-party dependency to version 42.7.3. (NEVISFIDO-2017)
  • UPGRADED: We upgraded the slf4j third-party dependency to version 2.0.12. (NEVISFIDO-2006)
  • UPGRADED: We upgraded the Spring-boot third-party dependency to version 3.2.4. (NEVISFIDO-2065)
  • UPGRADED: We upgraded Spring third-party dependencies to version 6.1.6. (NEVISFIDO-2065)
  • UPGRADED: We upgraded the Webauthn4j api third-party dependency to version 0.23.0.RELEASE. (NEVISFIDO-2006)
  • UPGRADED: We upgraded the ZXing third-party dependency to version 3.5.3. (NEVISFIDO-2006)
  • FIXED: Dispatch target and the UAF credential is only linked for the first authenticator registration of a user but not for additional ones. (NEVISFIDO-2043)
  • FIXED: Session update operations did not check if the update was successful. (NEVISFIDO-2050)
  • FIXED: UAF credential login information in nevisIdm was incorrectly updated for all UAF credentials of the user during authentication instead of only the credential used for the current authentication operation. (NEVISFIDO-2047)
  • EXPERIMENTAL: The device credential management endpoint returns a WWW-Authenticate header in case of expired device signature. (NEVISFIDO-2028)

nevisIDM 7.2405.0.9032132306 - 15.05.2024

Release information

  • Application version: 7.2405.0.9032132306 Minimal required database schema version: 7.23 Maximal supported database schema version: 7.x

Changes and new features

  • UPGRADED: We updated Jetty to 12.0.6. (NEVISIDM-9448)
  • UPGRADED: We updated Netty to 4.1.108.Final.
  • UPGRADED: We updated Spring Framework to 6.0.19. (NEVISIDM-9487)
  • UPGRADED: We updated CXF to 4.0.4. (NEVISIDM-9487)
  • UPGRADED: We updated PostgreSQL Driver to 42.6.1.
  • UPGRADED: We upgraded Commons-configuration2 to 2.10.1 (NEVISIDM-9470)
  • NEW: Credential-type specific permissions have been extended with AccessControl.CredentialSearch; From now on, it is possible to provide CredentialSearch to only specific credential types. For further information: Credential-type specific permissions of nevisIDM roles. (NEVISIDM-9309)
  • NEW: OpenTelemetry spanId and traceId is added to audit log if openTelemetry is configured (NEVISIDM-9480)
  • FIXED: Potential performance issues related to getting generic credentials have been resolved. (NEVISIDM-9295)
  • FIXED: Corrected issues with pagination of FIDO UAF credentials. (NEVISIDM-9315)
  • FIXED: In Kubernetes, IDM now saves Asynchronous Email Sending into the persistent event queue. Previously, IDM with with OracleSQL or PostgreSQL database did not save it into the persistent event queue, making Asynchronous Email Sending impossible. (NEVISIDM-9476)
  • CHANGED: Refactored dataroom handling to use separate dataroom test in SQL instead of summarizing them. (NEVISIDM-9408)
  • CHANGED: Refactored JMS Bridge to use its internal status to check for potential disconnetcions, thus provide improved stability. (NEVISIDM-9319)
  • CHANGED: Refactored the way IDM retrieves data from the persistent queue. (NEVISIDM-9502)
  • FIXED: Potential performance issues related to getting generic credentials have been resolved. (NEVISIDM-9295)
  • UPGRADED: On GUI CredentialType dropdowns lists only the CredentialTypes that signed-in user has the required credential-type specific right. Credential-type specific permissions (NEVISIDM-9500)
  • UPGRADED: Extended CredentialGetDto classes with the following 9 credential types: Ticket, Otp, TempStringPassword, Vasco, PUK, DevicePassword, MobileSignature, SamlFederaion, SecurityQuestions. They can be queried with the new endpoint {userExtId}/credentials in User REST service. (NEVISIDM-9479)
  • FIXED: JMS bridge feature refactored to avoid high resource consumption in case the bridge target is not enough stable. (NEVISIDM-9319)
    • Bridge status added to health endpoint.
      • The health endpoint counts the unsuccessful restart attempts and indicates as down if it reaches 10, otherwise as up
      • The successful reconnection to bridge target resets the health endpoint counter
    • New configuration properties introduced:
      • messaging.bridge.failure.retry.interval: passed to org.apache.activemq.artemis.jms.bridge.impl.JMSBridgeImpl as failureRetryInterval property; by default 10000
      • messaging.bridge.max.retries.on.failure: passed to ~"~.JMSBridgeImpl as maxRetries property; by default 6
    • Before this refactor the maxRetries property was hardcoded with value -1 and failureRetryInterval as 1000.
      • This means it tried to reconnect for each one second infinitely and a reinitalizer algorithm tried to stop the bridge and re-instantiate
      • Unfortunately, the previous bridge instances didn't shut down properly, so a lot of memory and other resources were not freed up
    • The current implementation instantiates the bridge only once.
      • In case the bridge lost its running state (based on the newly introduced configurations) the IDM tries to start back
      • The mentioned health endpoint counts these restart attempts
  • NEW: You can configure external JMS server for provisioning instead of using embedded Artemis server and JMS bridging. (NEVISIDM-9474)
    • If you configure external JMS server, the embedded Artemis instance will not be started.
    • New configuration properties introduced:
      • application.modules.provisioning.connection.factory.classname: connection factory class name; e.g. org.apache.activemq.artemis.jms.client.ActiveMQXAConnectionFactory
      • application.modules.provisioning.connection.factory.xa.properties: initialization properties for previous factory class; e.g. {"brokerURL": "https://artemis-server:61616", "user": "producer", "password": "secret"}
      • application.modules.provisioning.destination.classname: JMS destination class name; e.g. org.apache.activemq.artemis.jms.client.ActiveMQQueue
      • application.modules.provisioning.destination.name: JMS queue name; constructor parameter for previous class; e.g. Provisioning
      • application.modules.provisioning.destination.properties: possible initialization properties for the destination class
      • There is no default value for these properties. The default behavior is to start and use embedded Artemis JSM server
      • ATTENTION: The configured connection factory must implement jakarta.jms.XAConnectionFactory and destination must implement jakarta.jms.Destination!
  • NEW: The OpenTelemetry span and related OpTrace logging can contain the SOAP and REST request and response bodies. (NEVISIDM-9488)
    • New configuration property introduced:
      • add.request.and.response.body.to.opentelemetry: need to add or not; by default false
      • ATTENTION:
        • Processing the complete request and response bodies can cause reduction of performance!
        • The complete request and response bodies could contain sensitive information!
        • It works only if you use OpenTelemetry extension agent and OpTrace logger is configured to TRACE or you can see the body contents in Jaeger or similar tool!
Web GUI
  • FIXED: Improved performance of Users per Applicaiton report. (NEVISIDM-9451)
  • FIXED: Improved performance of the Assign Roles to Profile page. (NEVISIDM-9377)
  • FIXED: Search function on Vasco Administation tab now works correctly. (NEVISIDM-9513)
REST API
  • NEW: The endpoint {userExtId}/credentials is added to the User REST Services to search for the credentials of the user with given extId. (NEVISIDM-9458)
  • NEW: Added new endpoint to find and delete generics credentials to ClientsRestService. (NEVISIDM-9485)
SCIM API
  • NEW: SCIM is now able to filter or order users by meta.created and meta.lastModified fields. (NEVISIDM-9473)
Auth States
  • REMOVED: The constant TokenSignature.DFLT_ALGORITHM using SHA1 was removed from jcan-sectoken, use the value SHA256withRSA instead. (NEVISIDM-9456)
Configuration
  • NEW: nevisIDM support multi-line JAVA_OPTS parameters in conf/env.conf. (NEVISIDM-9490)
  • NEW: If add.request.and.response.body.to.opentelemetry is set to true, nevisIDM logs the request and response body to OpenTelemetry. (NEVISIDM-9491)
  • NEW: Introduced new configuration properties database.connection.healthcheck.retrydelay and database.connection.healthcheck.retrycount to control behaviour better, if healthcheck called during connection pool maintenance. (NEVISIDM-9494)
  • NEW: Added new configuration properties application.modules.provisioning.connection.factory.classname, application.modules.provisioning.connection.factory.xa.properties,application.modules.provisioning.destination.classname,application.modules.provisioning.destination.name and application.modules.provisioning.destination.propertie to make JMS connection more configurable. (NEVISIDM-9474)
  • NEW: Introduced rest.display.timezone configuration property to set the timezone for date and time attributes in the REST API responses. For further information: rest.display.timezone(NEVISIDM-9450)
  • NEW: Introduced new configuration property application.config.credentialTypesToBeLockedInDatabase to provided fine-grained control over which credential types should be locked during uniqueness check. (NEVISIDM-9330)

nevisLogRend 7.2405.0.1 - 15.05.2024

Changes and new features

  • UPGRADED: We upgraded the Jackson third-party dependencies to version 2.17.0. (NEVISLOG-523)
  • UPGRADED: We upgraded the Jetty third-party dependencies to version 12.0.8. (NEVISLOG-525)
  • UPGRADED: We upgraded the Jakarta servlet api third-party dependency to version 6.0 (NEVISLOG-525)
  • UPGRADED: We upgraded the Guava third-party dependency to version 33.1.0-jre. (NEVISLOG-523)
  • UPGRADED: We upgraded the Opentelemetry api third-party dependency to version 1.37.0 (NEVISAUTH-4546)
  • UPGRADED: We upgraded the log4j third-party dependencies to version 2.23.1. (NEVISLOG-523)
  • UPGRADED: We upgraded the slf4j third-party dependency to version 2.0.12. (NEVISLOG-523)

nevisMeta 7.2405.0.2 - 14.05.2024

Changes and new features

General
  • NEW: We introduced the responseCacheExpiry property to configure the cache expiry for the GET Entities endpoint. (NEVISMETA-2009)
  • FIXED: We fixed the data return incorrectly without root language for metadata of tos_uri, policy_uri, logo_uri (NEVISMETA-2004)
  • FIXED: We fixed queries using a lot of resources when querying all entities. (NEVISMETA-2009)
  • UPGRADED: We upgraded the spring third-party dependency to 6.1.6. (NEVISMETA-2016)
  • UPGRADED: We upgraded the postgresql third-party dependency to 42.7.3. (NEVISMETA-2016)

nevisProxy 7.2405.0 LTS2024 - 15.05.2024

Changes and new features

  • NEW: We added the parameter CaptureResponseHeaders to the OpenTelemetry trace configuration. (NEVISPROXY-7055)
  • NEW: We added the parameter CaptureRequestHeaders to the OpenTelemetry trace configuration. (NEVISPROXY-7045)
  • NEW: We added the parameter ResourceServiceName to the OpenTelemetry configuration. (NEVISPROXY-6964)
  • NEW: We added the parameter EnableMetrics to the Http[s]ConnectorServlet, Esauth4ConnectorServlet and WebSocketServlet. (NEVISPROXY-6949)
  • FIXED: We trace now the correct SHA256 hashed and base64 encoded cookie value in NProxyOp. (NEVISPROXY-6989)
  • UPGRADED: We upgraded zlib to 1.2.13. (NEVISPROXY-7121)
  • UPGRADED: We upgraded nghttp2 to 1.61.0. (NEVISPROXY-7075)
  • UPGRADED: We upgraded to Apache httpd/2.4.59. (NEVISPROXY-6880)
  • REMOVED: We removed the deprecated TelemetryFilter. (NEVISPROXY-6955)
  • DOCUMENTATION: We added the migration guide for LTS21 to LTS24. (NEVISPROXY-6999)

Notes

  • The upgraded Apache version httpd/2.4.59 also contains the fix for the DH certificate bug.

Ninja 7.2405.0.2 - 15.05.2024

Changes and new features

  • CHANGED: Ninja DEV mode now signes sectokens with SHA256 instead of SHA1. (NEVISIDM-9456)
  • UPGRADED: We upgraded the jcan-saml, jcan-sectoken dependency to version 7.2405.0.x. (NINJA-231)
  • UPGRADED: We upgraded the Servlet API third-party dependency to version 6.0.0. The Ninja filter was tested againts Servlet API version 5, 6 and 6.1. (NINJA-231)
  • UPGRADED: We upgraded the slf4j third-party dependency to version 2.0.12. (NINJA-231)

Component versions

The following versions are part of this release. All of them are under Full Support until the next RR upgrade becomes available.

ComponentArtifact nameVersion**RHEL 8*RHEL 9*SLES 15*
nevisAppliancenevisappliance7.2405.0.1176
7.2405.0.1163
7.2405.0.1142
7.2404.0.1128		n/an/an/a
nevisAdaptnevisadapt7.2405.2.5
7.2405.1.1
7.2405.0.11
nevisAdmin 4nevisadmin47.2405.1.0
7.2405.0.3
nevisAuthnevisauth7.2405.2.0
7.2405.1.1
7.2405.0.4
nevisCredneviscred2.0.20.0
nevisDataPorternevisdp7.2405.0.8999484892
nevisDetectnevisdetect
nevisdetectcl		7.2405.2.5
7.2405.1.1
7.2405.0.11
nevisFIDOnevisfido
nevisfidocl		7.2405.2.1
7.2405.1.1
7.2405.0.2
nevisIDMnevisidm
nevisidmcl
nevisidmdb		7.2405.3.10629987104
7.2405.2.10082472190
7.2405.1.9265059647
7.2405.0.9032132306
nevisIDMadnooprint7.2311.0.6565033000
nevisKeyboxneviskeybox2.2.4.3
nevisLogRendnevislogrend7.2405.0.1
nevisMetanevismeta7.2405.1.0
7.2405.0.2
nevisProxynevisproxy7.2405.1.0
7.2405.0.0
Ninjaninja7.2405.0.2n/an/an/a
Ninwinninwin2.3.5.0n/an/an/a

*) Tested with the latest available patch level.

**) Versions in bold changed compared to the previous quarterly release.

Third-party dependencies

The following third-party software is often used by Nevis components. Some of the software is included within nevisAppliance.

Below you find the latest supported versions.

Third-Party SoftwareVersion
JVM (OpenJDK)✅ 17.0.12
MariaDB✅ 10.6
PostgreSQL✅ 15
Kubernetes✅ 1.29