Skip to main content
Version: 8.2505.x.x RR

2025-Q2: RR Upgrade (May 2025)

Major version

Version: 8.2505

Lifecycle dates

Minor VersionGeneral AvailabilityEnd of Full SupportEnd of Fade-Out Support
8.2505.4.0Jun 10, 2025Nov 18, 2025Jun 16, 2026
8.2505.3.0May 21, 2025Nov 18, 2025Jun 16, 2026

Breaking changes and required actions

The following components have breaking changes compared to the previous release, or require specific actions. For more information, see the Release Notes of each listed component.

  • nevisAdmin 4 and its components are now compiled and run with Java 21. Using Java 17 is no longer supported.
  • nevisAdmin 4: The Generation Engine has been discontinued and is no longer supported. We recommend to use NevisAdmin4 instead, which also offers Kubernetes resource generation and automated key generation—features not available in the Generation Engine.
  • Patterns: The development of new, advanced use cases made patterns more interconnected.
  • nevisFIDO now supports the official FIDO Alliance Metadata Service.

Every RR (minor and major) may contain breaking changes. See the release notes of the component you are upgrading. You should always stay up to date on the RR branch. If there are multiple releases between your current version and the version you are upgrading to, consult the release notes of each version.

Components Changelog

nevisAdmin 8.2505.3 Release Notes - 2025-05-21

Release information

  • RPM: nevisadmin4-8.2505.3.16-1.noarch.rpm
  • GUI Version: FE 8.2505.3-1502 - BE 8.2505.3.16

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

  • UPGRADED: nevisAdmin 4 is now compiled and run with Java 21. Using Java 17 is no longer supported. (NEVISADMV4-10440)
  • CHANGED: The nevisadmin.yaml.literal-block-style.enabled property’s default value is now set to true. This feature may cause false changes on the publish screen, as the visualization of multi-line strings appears identical on the UI. See the documentation for more details on this property.
    For Helm-based installations, to opt out, use --set nevisAdmin4.yaml.literalBlockStyle.enabled=false or configure it in the values.yml file.
  • DEPRECATED: The Generation Engine has been discontinued and is no longer supported. We recommend to use NevisAdmin4 instead, which also offers Kubernetes resource generation and automated key generation—features not available in the Generation Engine. (NEVISADMV4-10411)
  • CHANGED: The promotion of canary deployments now run asynchronously, without blocking the UI. Refer to the Kubernetes Status screen to monitor its progress. The HTTP response code for PUT /api/inventories/{inventoryKey}/promote was changed from 200 to 202. (NEVISADMV4-10220).

Main improvement

  • NEW: Support REST API calls with a JWT token when SAML is enabled. (NEVISADMV4-10387)
  • NEW: Supporting PostgreSQL version 17. (NEVISADMV4-10439)
  • NEW: Supporting MariaDB version 11.4. (NEVISADMV4-10438)
  • NEW: Canary deployments now support custom replica counts and resource settings, independent of their primary counterparts. During promotion, the canary will automatically scale up to match the primary’s current replica count before traffic is switched over. (NEVISADMV4-10220).

Notable changes and bug fixes

  • NEW: The X-Frame-Options header is disabled when the platform spring profile is enabled. (IP-658)
  • IMPROVED: The Inventory help now has a section describing the usage of secrets and files. (NEVISADMV4-10384)
  • FIXED: We fixed a GUI issue on the Kubernetes Status page which allowed the deletion, promotion and rollback of deployments even if the user had not have permission to do that, only to receive an error message (still no deployments were changed). Now the GUI correctly enforces the permissions on these buttons. (NEVISADMV4-9091)
  • FIXED: We are skipping class loading for the nevisadmin-plugin-marketplace to avoid exceptions in the log. Furthermore, the nevisadmin-plugin-marketplace is not set as a default library for new projects. (NEVISADMV4-10423)
  • FIXED: Fixed in inventory help (Kubernetes and Classic) the url of the Product-Analytics page. (NEVISADMV4-10434)
  • FIXED: We resolved an issue where setting nevisadmin.http.header.content-security-policy would incorrectly set the value of nevisadmin.http.header.x-frame-options. (NEVISADMV4-10513)

Dependency upgrades

  • jsch 0.2.24 (NEVISADMV4-10369)
  • jackson 2.18.3 (NEVISADMV4-10369)
  • jetty 12.0.18 (NEVISADMV4-10369)
  • groovy 4.0.26 (NEVISADMV4-10369)
  • snakeyaml 2.4 (NEVISADMV4-10369)
  • aspectj 1.9.23 (NEVISADMV4-10369)
  • slf4j 2.0.17 (NEVISADMV4-10369)
  • logback-classic 1.5.18 (NEVISADMV4-10369)
  • guava 33.4.6-jre (NEVISADMV4-10369)
  • commonmark 0.24.0 (NEVISADMV4-10369)
  • spring-boot 3.3.11 (NEVISADMV4-10524)
  • spring-dependency-management 1.1.7 (NEVISADMV4-10369)
  • mariadb-java-client 3.5.3 (NEVISADMV4-10369)
  • postgres 42.7.5 (NEVISADMV4-10369)
  • shiro 2.0.2 (NEVISADMV4-10369)
  • nimbus-jose-jwt 10.1 (NEVISADMV4-10369)
  • bcprov-jdk18on 1.80 (NEVISADMV4-10369)
  • bcpkix-jdk18on 1.80 (NEVISADMV4-10369)
  • bcpg-jdk18on 1.80 (NEVISADMV4-10369)
  • bcutil-jdk18on 1.80 (NEVISADMV4-10369)
  • kubernetes-java-client 23.0.0 (NEVISADMV4-10369)

Patterns 8.2505.3 Release Notes - 2025-05-21

Release information

  • Build Version: 8.2505.3.14
info

This release includes the changes of the internal releases 8.2505.2 and 8.2505.1. Please read those release notes as well.

Changes

info

The development of new, advanced use cases made the patterns more interconnected. For instance, the nevisIDM User Lookup pattern now supports Passkey Autofill which requires assignment of a nevisFIDO FIDO2 Instance.

This does not mean that it is now always required to also select the nevisadmin-plugin-fido2 when using the nevisadmin-plugin-nevisidm. You only have to do that if you use this feature.

As a consequence, we will rearrange the subsections to describe the changes. Most patterns for building authentication flows are described in the Authentication section. Authentication step patterns that connect to nevisIDM are now also described there.

For changes related to passwordless authentication see the Mobile Authentication and FIDO2 Passwordless sections.

General

  • PAT-826: Add always_on to sampler to ensure OpenTelemetry traceId is always generated.

Authentication

  • ⚠️ We replaced the default Login Template with a more modern design
    • If you notice any screen rendering issues in combination with your custom AuthState configuration, please contact support.
    • You can also opt out of this change by setting Default Template to classic in the realm pattern.
    • The new template uses a ?v parameter for referenced resources (e.g., CSS, JavaScript, images) to avoid caching issues.
  • PAT-863: New Reset Session Step pattern.
  • PAT-811: Support setting custom properties in Kerberos Login pattern.
  • PAT-844: Do not filter out terms with silentAcceptance in nevisIDM Terms & Conditions Acceptance pattern.
  • IP-700: Improved display of OATH Onboarding and OATH Authentication.
  • IP-683: New nevisIDM Recovery Code Onboarding & nevisIDM Recovery Code Authentication patterns.
  • IP-697: New experimental setting for inline display of the button as a link in Dispatcher Button pattern.
    • This mode is not supported in all places yet.
    • If you would like to this feature, and it does not work for you, contact support.
  • ⚠️ PAT-867: Deprecated Remember Input setting
    • This feature does not work in all scenarios and was therefore marked for removal in the Nov 25 release.
    • A warning message will be displayed when the setting is enabled.
  • PAT-839: Added domain to default SecToken fields to ease integration with nevisAdapt.
  • ⚠️ PAT-872: Align naming of button labels
    • login.social.generic.button.label -> login.social.button.label
    • mobile_auth.cancel.button.label -> cancel.button.label
    • fido2.cancel.button.label -> cancel.button.label
    • If you have changed the translation for any of those labels, check that the new label is translated as required.
  • IP-704: Ensure roles are always fetched the generated IdmGetPropertiesState.
  • N/A: Added support for buttons to nevisIDM Second-Factor Onboarding pattern.
  • PAT-840: Fixes for nevisIDM Terms & Conditions Acceptance pattern
    • The Groovy script generated by the pattern did not work when the user had multiple terms to accept.
  • IP-706: Added optional user property update to nevisIDM User Update pattern.

Identity Management

  • PAT-842: Support exposure of REST API for use by nevisIDM Administration GUI when the project contains nevisIDM REST Service pattern and domains differ.
  • PAT-837: Add env.conf upload possibility to nevisDataPorter Instance pattern.

Adaptive Authentication

  • NEVISDETECT-2113: New experimental pattern nevisAdapt Risk Calculation Step with minimal setting options and no persistence.
  • IP-665: new setting allows nevisAdapt Authentication Connector to opt out of assigning it to the logout flow.

SAML / OAuth / OpenID Connect

  • N/A: Fixed a generation failure caused by Generic Social Login Step.
  • PAT-865: Improved handling of invalid requests in the dispatcher script generated by the SAML IDP pattern.
  • PAT-841: Improved error handling in OAuth 2.0 Authorization Server / OpenID Provider.
  • PAT-782: Allow disabling role re-assignment for SAML IDP Connector pattern in case SP does not belong to Nevis.
  • PAT-794: Added setting to configure old signer to support certificate rollover for OAuth 2.0 Authorization Server / OpenID Provider.
  • PAT-812: Only require IDP Signer Trust Store when Signature Validation is not none.
  • PAT-790: Support PKCE config for RelyingParty and OAuth2Client states.

Mobile Authentication

  • PAT-861: Add support for App Attestation for iOS and Android to the nevisFIDO UAF Instance pattern.
  • PAT-878: Outbound proxy support for App Attestation connections.
  • PAT-860: Add support for usage of nevisProxy Login Renderer in In-Band Mobile Authentication Realm.
  • PAT-873: Add connection pool settings to nevisFIDO UAF Database pattern.
  • PAT-858: New setting Push Message Timeout on nevisFIDO UAF Instance to configure the lifetime of a push message on the Google and Apple push servers.
  • PAT-836: New setting Full Basic Attestation - Android Permissive Mode in nevisFIDO UAF Instance pattern.

FIDO2 Passwordless

  • PAT-873: Add connection pool settings to nevisFIDO FIDO2 Database pattern.
  • PAT-855: Support for Passkey autofill in nevisIDM User Lookup pattern.
  • PAT-868: Support optional nevisIDM policy ID configuration in nevisFIDO FIDO UAF Instance pattern for UAF and generic dispatch target credentials.
  • ⚠️ PAT-832: Improved support for FIDO2 Metadata in nevisFIDO FIDO2 Instance pattern:
    • It is now possible to fetch the metadata from a remote metadata service, e.g., https://mds3.fidoalliance.org/
    • The default is backward compatible, but we recommend to check the settings in the FIDO2 Metadata tab and configure the metadata as desired.

Kubernetes

  • NEVISADMV4-10220: Support for minimal canary deployment
  • ⚠️ IP-669: Improved defaults for Startup Probe Delay:
    • nevisMeta: 30s
    • nevisDetect: 30s
    • nevisLogrend: 30s
    • nevisAuth: 50s
    • nevisFIDO: 30s
    • nevisDP: 30s
    • nevisIDM: 60s
    • nevisProxy: 30s
    • nevisAdapt: 60s

nevisAdapt 8.2505.3.5 - 21.05.2025

Changes and new features

  • ADDED: Oracle 23ai support

  • ADDED: MariaDB 11 support

  • ADDED: PostgreSQL 17 support

  • ADDED: (Experimental) New REST endpoint for risk calculation service: /calculateRisk. This endpoint does not increase the observation counts.

  • ADDED: (Experimental) New AuthState for the service above: NevisAdaptCalculatorAuthState

  • FIXED: Dependencies updated

  • FIXED: Country persistence of IP2Location DB1BIN handler

  • CHANGED: JRE upgraded to 21

  • CHANGED: Java 21 specific refactorings (records, pattern matching, deprecated APIs)

  • CHANGED: Increased the length of USER_AGENT in the table TACAC_BROWSER_FINGERPRINT_OBV to 512

  • CHANGED: Geolocation file overwrite threshold reduced from 1 MiB to 1 kiB during deployment

  • CHANGED: Default key object reference DefaultKeyStore/DefaultSigner -> DefaultKeyStore

  • CHANGED: AuthState HTTP client creation failure no longer allowed, leads to BadConfigurationException instead

nevisAuth 8.2505.3.5 - 21.05.2025

Breaking changes

  • UPGRADED: nevisAuth is now compiled and run with Java 21. Using Java 17 is no longer supported. Using custom Java based authentication states compiled with older Java than 21 is technically possible. However as Nevis cannot test those in practice, providing support for non Java 21 compiled custom authentication states is not possible. (NEVISAUTH-4934)
  • FIXED: KeyStoreUtil.getKeyStore() now returns all certificates in the keystore when keystoreref and keyobjectref configuration options are specified, before this change, it returned a keystore with the first certificate only. Note that in case a direct file reference was configured using keystorefile then there's no change in behaviour, as that already correctly returned all certificates. This affects your setup if you configured a keystore in the WSSHeaderValidation auth state or used the KeyStoreUtil.getKeyStore() or AuthState.getKeyStore() methods in a custom auth state or Groovy script state. If this change is causing issues for you, you should either create a new keystore file with only one certificate or define a separate keyobject specifying the alias in the file url. We generally advise to check your configured keystores to ensure they only contain certificates for intended purposes. (NEVISAUTH-4869)
  • CHANGED: CertStoreManager.getCertificate() throws and exception if multiple certificates are found in the configured keystore, before this change the method returned the first certificate and logged a warning. The motivation of this change is that this method should be only used when a single certificate is expected. The original behaviour created hard to debug scenarios and made it too easy to create a flawed PKI setup. SAML, OAuth2, JWTToken, DynCert, SAPTicketIssuer, MobileSignatureState, authentication states are possibly involved as well custom auth states or Groovy script states in case you used any of the following methods: AuthState.getCertificates(), AuthState.getCertificate(), CertStoreManager.getCertificate(). For existing configurations in case this change causes issues, you should either create a new keystore file with only one certificate or define a separate keyobject specifying the alias in the file url. In general if you don't receive an exception there is nothing needed to be done. (NEVISAUTH-4869)
  • REMOVED: We removed the deprecated RSA1_5 and RSA_OAEP encryption methods from the Discovery Endpoint and related configurations in AuthorizationServer. (NEVISAUTH-4980)
  • CHANGED: The artifact nevisauth-test-authstateharness-fat now only contains Nevis classes. 3rd party dependencies are now supplied in a pom file which can found near the jar file. (NEVISAUTH-5026)
  • CHANGED: The classes EngineTestContext, InMemoryCertStoreProvider, KeyStoreHandle, TestContext in the nevisauth-test-authstateharness-fat artifact can now be created using static of methods instead of constructors. (NEVISAUTH-4963)
  • CHANGED: The HttpClient in nevisAuth is backed by the Apache HttpClient, which changed the default encoding to UTF-8 for text type contents. This could break setups in case if ISO8859-1 is expected on the called side. In the TanState for the Http channel you can already configure the encoding, so changing this is already possible, the Swissphone channel is now fixed to ISO8859-1 to match specifications. We did not detect any other place where this could be an issue. Contact support if you find it otherwise. In case of issues when you use the HttpClient from custom Java or ScriptStates, you can configure encoding via the charset in entity. (NEVISAUTH-5036)
  • UPGRADED: We upgraded the Nevis OpenTelemetry java agent to version 3.0.0.0. wich changes the OpenTelemetry span names and the number of spans. This only affects you if you export OpenTelemetry tracing to a backend of your choosing. Using version 2.x will cause duplicated spans and missing HTTP request headers when your logging pattern contains %X{httpHeader.yourHttpHeader} entries. Therefore version 2.x is no longer supported. (NEVISAUTH-5007)

Changes and new features

  • NEW: Supporting PostgreSQL version 17. (NEVISAUTH-4933)
  • NEW: Supporting MariaDB version 11.4. (NEVISAUTH-4939)
  • NEW: We support the option for scopes to be selected via JWT bearer flow or not in AuthorizationServer local datasource. (NEVISAUTH-4591)
  • NEW: We support max_age parameter in AuthorizationServer. User will be forced to re-login when elapsed time is greater than max_age value. (NEVISAUTH-4878)
  • NEW: We introduced addKid parameter in AuthorizationServer AuthState to add kid in ID Token and Access Token. (NEVISAUTH-4837)
  • NEW: Return error request_uri_parameter_supported when Authorization Request to AuthorizationServer contain request_uri but PAR is not enabled. (NEVISAUTH-4945)
  • NEW: We introduced keycurve.old, keyID.old, addKid.old, keystoreref.old and keyobjectref.old parameters in AuthorizationServer. When AuthorizationServer do a certificate rollover, Token(s) generated by the old key still able to be verified and old key will be displayed in JWKS with provided keyID. (NEVISAUTH-4952)
  • NEW: We added jwksEndpoint parameter to OAuth2ClientState for validating the Access Token signature when needed. (NEVISAUTH-4954)
  • NEW: We introduced keystoreref.old, keyobjectref.old and keycurve.old when AccessTokenConsumer AuthState need to validate the Access Token with old certificate during certificate rollover period. (NEVISAUTH-4953)
  • NEW: Audit log property Detail for Info messages in case of AUTH_DONE can now be set using the notes:lastinfo property. (NEVISAUTH-5043)
  • CHANGED: Change request_uri_parameter_supported return from false to true for DiscoveryService. (NEVISAUTH-4945)
  • CHANGED: Backend side validation of gui elements now can be also done using the new backendValidation attribute where you can write an El expression to do validation logic. So far the validation attribute of GuiElem executed the client side javascript on the backend side as well. From the November 2025 release on nevisAuth will no longer execute the javascript defined in the validation attribute on the backend side, use the backendValidation instead. (NEVISAUTH-5032)
  • FIXED: ACR claim in ID Token will only return 1 value without space. (NEVISAUTH-4883)
  • FIXED: The correct error message is displayed when code_challenge is empty but S256 is required for AuthorizationServer. (NEVISAUTH-4800)
  • FIXED: auth_time won't be changed in new ID Token when user does not need to login with prompt=none or max_age still in the valid period. (NEVISAUTH-4879)
  • FIXED: We fixed a bug in the LocalSessionStore session reaper which caused a deadlock when manual session invalidation and LocalSessionStore reaper collided. (NEVISAUTH-4988)
  • FIXED: We fixed a bug that empty SessionIndex caused session not found in IdentityProviderState. (NEVISAUTH-5004)
  • UPGRADED: We upgraded the Nevis OpenTelemetry java agent to version 2.0.1.1 (NEVISAUTH-4941)
  • FIXED: Form encryption no longer logs excessive stacktraces when there is no input to be decrypted. (NEVISAUTH-5018)
  • FIXED: We fixed the logging of Assertion's Subject Confirmation validation. (NEVISAUTH-4946)
  • FIXED: We check for the missing request_uri parameter first when PAR is required for AuthorizationServer. (NEVISAUTH-4754)
  • FIXED: OpenTelemetry PeriodicMetricReader no longers logs a WARN level message when Metrics export fails during shutdown due to the application is already unloaded. (NEVISLOG-547)
  • FIXED: Double resolution of EL expressions on Gui labels. (NEVISAUTH-5068)
  • FIXED: The HttpResponse implementation in the nevisAuth HttpClient incorrectly returned HTTP headers in the header and headerDate methods case sensitively. Headers are now returned case insensitively in these methods. (NEVISAUTH-5080)
  • UPGRADED: We upgraded the Apache EL third-party dependency to version 11.0.4. (NEVISAUTH-5036)
  • UPGRADED: We upgraded the Apache Httpclient third-party dependency to version 5.4.3. (NEVISAUTH-5036)
  • UPGRADED: We upgraded the Apache XML beans third-party dependency to version 5.3.0. (NEVISAUTH-5036)
  • UPGRADED: We upgraded the Bouncy Castle third-party dependencies to version 1.80. (NEVISAUTH-5036)
  • UPGRADED: We upgraded the Checker-qual third-party dependency to version 3.49.2. (NEVISAUTH-5036)
  • UPGRADED: We upgraded the Commons codec third-party dependency to version 1.18.0. (NEVISAUTH-5036)
  • UPGRADED: We upgraded the Commons-text third-party dependency to version 1.13.0. (NEVISAUTH-5036)
  • UPGRADED: We upgraded the Groovy third-party dependencies to version 4.0.26. (NEVISAUTH-5036)
  • UPGRADED: We upgraded the Guava third-party dependencies to version 33.4.6-jre. (NEVISAUTH-5036)
  • UPGRADED: We upgraded the HikariCP third-party dependencies to version 6.3.0. (NEVISAUTH-5036)
  • UPGRADED: We upgraded the Jackson third-party dependencies to version 2.18.3. (NEVISAUTH-5036)
  • UPGRADED: We upgraded the Jaxrs-ri third-party dependency to version 3.1.10. (NEVISAUTH-5036)
  • UPGRADED: We upgraded the Jetty third-party dependencies to version 12.0.18. (NEVISAUTH-5036)
  • UPGRADED: We upgraded the jcan-saml, jcan-sectoken dependency to version 8.2505.x. (NEVISAUT
  • UPGRADED: We upgraded the Ldap-unboudid third-party dependency to version 7.0.2. (NEVISAUTH-5036)
  • UPGRADED: We upgraded the Libphonenumber third-party dependency to version 9.0.2. (NEVISAUTH-5036)
  • UPGRADED: We upgraded the Log4j third-party dependencies to version 2.24.3. (NEVISAUTH-5036)
  • UPGRADED: We upgraded the MariaDB connector third-party dependency to version 3.5.3. (NEVISAUTH-5036)
  • UPGRADED: We upgraded the Moxy third-party dependency to version 4.0.5. (NEVISAUTH-5036)
  • UPGRADED: We upgraded the Nevis OpenTelemetry java agent to version 3.0.0.0 (NEVISAUTH-4941)
  • UPGRADED: We upgraded the Nimbus oicd sdk third-party dependency to version 11.23.1. (NEVISAUTH-5036)
  • UPGRADED: We upgraded the Nimbus JWT third-party dependency to version 10.0.2. (NEVISAUTH-5036)
  • UPGRADED: We upgraded the OpenSaml third-party dependency to version to 5.1.3 (NEVISAUTH-4707)
  • UPGRADED: We upgraded the Opentelemetry api third-party dependency to version 1.48.0 (NEVISAUTH-5036)
  • UPGRADED: We upgraded the PostgreSQL jdbc driver third-party dependency to version 42.7.5. (NEVISAUTH-5036)
  • UPGRADED: We upgraded the Slf4j third-party dependency to version 2.0.17. (NEVISAUTH-5036)
  • UPGRADED: We upgraded the XmlSec third-party dependency to version to 4.0.3 (NEVISAUTH-4707)
  • UPGRADED: We upgraded the Woodstox third-party dependency to version 7.1.0. (NEVISAUTH-5036)

nevisDataporter 8.2505.3.4 - 21.05.2025

Changes and new features

  • CHANGED: The nevisDP supports Java 21 and this is the required minimum version of JVM. (NEVISDP-585)
  • UPGRADED: We upgraded json-smart to 4.4.11. (NEVISDP-572)
  • UPGRADED: We upgraded artemis to 1.18.0. (NEVISDP-585)
  • UPGRADED: We upgraded beanutil to 1.18.0. (NEVISDP-585)
  • UPGRADED: We upgraded c3p0 to 0.10.2. (NEVISDP-585)
  • UPGRADED: We upgraded commons-cli to 1.9.0. (NEVISDP-585)
  • UPGRADED: We upgraded commons-codec to 1.18.0. (NEVISDP-585)
  • UPGRADED: We upgraded commons-lang to 3.17.0. (NEVISDP-585)
  • UPGRADED: We upgraded commons-io to 2.18.0. (NEVISDP-585)
  • UPGRADED: We upgraded groovy to 4.0.26. (NEVISDP-585)
  • UPGRADED: We upgraded gradle-os-package-plugin to 11.11.2. (NEVISDP-585)
  • UPGRADED: We upgraded gson to 2.12.1. (NEVISDP-585)
  • UPGRADED: We upgraded jackson to 2.18.3. (NEVISDP-585)
  • UPGRADED: We upgraded jax-ws to 4.0.3. (NEVISDP-585)
  • UPGRADED: We upgraded jax-ws-api to 4.0.2. (NEVISDP-585)
  • UPGRADED: We upgraded jersey to 3.1.10. (NEVISDP-585)
  • UPGRADED: We upgraded json-smart to 2.5.2. (NEVISDP-585)
  • UPGRADED: We upgraded log4j to 2.24.3. (NEVISDP-585)
  • UPGRADED: We upgraded maria-jdbc to 3.5.2. (NEVISDP-585)
  • UPGRADED: We upgraded netty to 4.1.119.Final. (NEVISDP-585)
  • UPGRADED: We upgraded narayana to 7.2.1.Final. (NEVISDP-585)
  • UPGRADED: We upgraded postgresql to 42.7.5. (NEVISDP-585)
  • UPGRADED: We upgraded quartz to 2.5.0. (NEVISDP-585)
  • UPGRADED: We upgraded servlet to 6.1.0. (NEVISDP-585)
  • UPGRADED: We upgraded slf4j2 to 2.0.17. (NEVISDP-585)
  • UPGRADED: We upgraded snake-yaml to 2.4. (NEVISDP-585)
  • UPGRADED: We upgraded unboundid-ldapsdk to 7.0.2. (NEVISDP-585)
  • UPGRADED: We upgraded woodstox to 7.1.0. (NEVISDP-585)
  • UPGRADED: We upgraded jakarta-jms-api to 3.0.0. (NEVISDP-585)
  • UPGRADED: We upgraded commons-text to 1.10.0. (NEVISDP-585)

nevisDetect 8.2505.3.4 - 21.05.2025

Changes and new features

  • ADDED: Oracle 23ai support

  • ADDED: MariaDB 11 support

  • ADDED: PostgreSQL 17 support

  • ADDED: ActiveMQ Artemis support

  • FIXED: Dependencies updated

  • CHANGED: JRE upgraded to 21

  • CHANGED: Java 21 specific refactorings (records, pattern matching, deprecated APIs)

  • CHANGED: nevisAdapt plugin code cleanup

  • CHANGED: Default key object reference DefaultKeyStore/DefaultSigner -> DefaultKeyStore

  • CHANGED: AuthState HTTP client creation failure no longer allowed, leads to BadConfigurationException instead

  • CHANGED: removed DeviceCookieAuthState as it is now part of nevisadaptcl

nevisFIDO 8.2505.3.2 - 21.05.2025

Breaking changes

  • NEW: nevisFIDO supports the official FIDO Alliance Metadata Service. (NEVISFIDO-2236)
  • UPGRADED: nevisFIDO is now compiled and run with Java 21. Using Java 17 is no longer supported. (NEVISFIDO-2280)
  • REMOVED: SOAP based nevisIdm connection is now removed and completely replaced by REST. The following properties are also removed as they are related to SOAP: idm-connection-type, administration-url, admin-service-version, client-name. The REST connection requires the rest-url property to be configured. (NEVISFIDO-2239)
  • REMOVED: The fido-uaf.metadata.polling-period and fido-uaf.policy.polling-period are removed together with the mechanism to reload those configuration at runtime. (NEVISFIDO-2241)

Changes and new features

  • NEW: Application Attestation support for Android and iOS. (NEVISFIDO-2297)
  • NEW: FIDO UAF Full Basic Attestation supports permissive mode. (NEVISFIDO-2306)
  • NEW: FIDO UAF Full Basic Attestation validation now checks attestation certificates against the key revocation list from Google. (NEVISFIDO-2307)
  • NEW: Configuration properties fido-uaf.metadata.value, fido-uaf.policy.value and fido2.metadata.value which take an inline JSON configuration. Providing an alternative to defining file system paths using the path configuration option. (NEVISFIDO-2241, NEVISFIDO-2299)
  • NEW: Configuration property fido2.user-presence-requirement to define the user presence requirement of nevisFIDO during FIDO2 ceremonies. (NEVISFIDO-2322)
  • NEW: Configuration property push-message-ttl for the firebase-cloud-messaging dispatcher to configure how long the push message remain valid. (NEVISFIDO-2339)
  • NEW: Configuration property fido-uaf.credential.uaf-policy-id, fido-uaf.credential.dispatch-target-policy-id and fido-uaf.credential.ios-app-attestation-policy-id to allow the configuration of the nevisIdm policy extId to be used for the credential creation. nevisFIDO does not modify existing credential policy. (NEVISFIDO-2362)
  • NEW: Supporting EdDSA in the signature-algorithms configuration of FIDO2. (NEVISFIDO-2319)
  • NEW: Configuration property added for session respository connection pool size: min-connection-pool-size and max-connection-pool-size (Default value remains 10 for both). Also added a new property connection-timeout with the default value remaining 30 seconds. (NEVISFIDO-2401)
  • NEW: Supporting MariaDB version 11.4. (NEVISFIDO-2283)
  • NEW: Supporting PostgreSQL version 17. (NEVISFIDO-2282)
  • FIXED: Authenticating with a deleted FIDO2 credential incorrectly returning HTTP 500 instead of 404. (NEVISFIDO-2087)
  • FIXED: protocols product analytics incorrectly containing not related spring profiles. (NEVISFIDO-2285)
  • FIXED: Default example configuration not starting up, because pointing to non existent policy file. (NEVISFIDO-2286)
  • FIXED: FIDO UAF authentication states possibly selecting the wrong handler for input payloads, leading to broken authentication process. (NEVISFIDO-2289)
  • FIXED: IDM FIDO UAF dispatch target REST implementation incorrectly creating the generic credential as initial instead of active. (NEVISFIDO-2308)
  • FIXED: IDM FIDO UAF dispatch target REST implementation was not handling properly dispatch targets created with older versions of nevisFIDO. (NEVISFIDO-2325)
  • FIXED: IDM FIDO UAF dispatch target REST implementation was not handling properly generic credentials that were not dispatch targets. (NEVISFIDO-2326)
  • FIXED: FIDO2 ServerPublicKeyCredentialCreationOptionsResponse no longer returns null for authenticatorAttachment when it is empty. (NEVISFIDO-2320)
  • FIXED: FIDO2 ServerPublicKeyCredentialCreationOptionsResponse and ServerPublicKeyCredentialGetOptionsResponse are now properly returning requested extensions.(NEVISFIDO-2321)
  • FIXED: OpenTelemetry PeriodicMetricReader no longers logs a WARN level message when Metrics export fails during shutdown due to the application is already unloaded. (NEVISLOG-547)
  • CHANGED: The dispatch target lookup logic has been improved to ignore orphan dispatch target entries. (NEVISFIDO-2303)
  • CHANGED: nevisFIDO REST endpoints in general no longer return JSON attributes where the attribute was null. (NEVISFIDO-2321)
  • UPGRADED: We upgraded the Apache EL third-party dependency to version 11.0.4. (NEVISFIDO-2370)
  • UPGRADED: We upgraded the Apache HttpClient third-party dependency to version 5.4.3. (NEVISFIDO-2370)
  • UPGRADED: We upgraded the Bouncy Castle third-party dependencies to version 1.80. (NEVISFIDO-2370)
  • UPGRADED: We upgraded the Checker Framework third-party dependency to version 3.49.2. (NEVISFIDO-2370)
  • UPGRADED: We upgraded the Google-api-client third-party dependency to version 2.7.2. (NEVISFIDO-2370)
  • UPGRADED: We upgraded the Google-auth-library third-party dependency to version 1.33.1. (NEVISFIDO-2370)
  • UPGRADED: We upgraded the Guava third-party dependency to version 33.4.6-jre. (NEVISFIDO-2370)
  • UPGRADED: We upgraded the HikariCP third-party dependencies to version 6.3.0. (NEVISFIDO-2370)
  • UPGRADED: We upgraded the Jackson third-party dependencies to version 2.18.3. (NEVISFIDO-2370)
  • UPGRADED: We upgraded the Jakarta-validation third-party dependency to version 3.1.1. (NEVISAUTH-2370)
  • UPGRADED: We upgraded the Log4j third-party dependencies to version 2.24.3. (NEVISFIDO-2370)
  • UPGRADED: We upgraded the MariaDB connector third-party dependency to version 3.5.3. (NEVISFIDO-2370)
  • UPGRADED: We upgraded the Nevis OpenTelemetry java agent to version 3.0.0.0 (NEVISFIDO-2370)
  • UPGRADED: We upgraded the Nimbus third-party dependency to version 10.0.2. (NEVISFIDO-2370)
  • UPGRADED: We upgraded the Opentelemetry api third-party dependency to version 1.48.0. (NEVISFIDO-2370)
  • UPGRADED: We upgraded the PostgreSQL jdbc driver third-party dependency to version 42.7.5. (NEVISFIDO-2370)
  • UPGRADED: We upgraded the Slf4j third-party dependency to version 2.0.17. (NEVISFIDO-2370)
  • UPGRADED: We upgraded the Spring-boot third-party dependency to version 3.4.4. (NEVISFIDO-2370)
  • UPGRADED: We upgraded the Webauthn4j third-party dependency to version 0.28.5.RELEASE. (NEVISFIDO-2208)

nevisIDM 8.2505.3.10 - 21.05.2025

Application versionMinimal required database schema versionMaximal supported database schema version
8.2505.3.107.337.x

Breaking changes

  • UPGRADED: nevisIDM is now compiled and run with Java 21. Using Java 17 is no longer supported. (NEVISIDM-9927)

General changes and new features

General/Core

  • NEW: Attributes soap.service and soap.operation are added to SOAP related OpenTelemetry traces. (NEVISIDM-9612)
    • These new attributes are related to jcanOptrace that help to identify the SOAP service and operation.
  • NEW: We extended core REST services with partial search support (see. REST API documentation for details). (NEVISIDM-9935)
  • NEW: We extended core REST services with ordering/sorting support based on creation date descending. (NEVISIDM-9936)
  • NEW: We extended core REST services with returning the total number of results (see. REST API documentation for details). (NEVISIDM-9937)
  • NEW: We extended core REST services with pagination (see. REST API documentation for details). (NEVISIDM-9940)
  • NEW: Ability added to delete credentials via SelfAdmin API. (NEVISIDM-9985)
  • NEW: We introduced @Batchsize annotation to improve child record fetching. (NEVISIDM-10022)
  • CHANGED: We modified data loading for our Query Service (NEVISIDM-10028):
    • The data loading is now done in batches of application.queryservice.dataloading.batchsize records
    • Separated Client and User entities during data loading, thus when updating clientNames, filtering uses the old name until next running of the queryservice index updating cron job. Client names displayed in the return DTO updated instantly.
    • The application.queryservice.dataloading.batchsize property is set to 4000 by default.
    • Fixed the issue wher application.queryservice.forcedreindex.enabled disregarded false value.
  • UPGRADED: Spring Framework upgraded to 6.2.3. and SpringData to 3.4.1. (NEVISIDM-9895)
  • UPGRADED: We upgraded Antlr to 2.7.7. (NEVISIDM-9927)
  • UPGRADED: We upgraded AngusMail to 2.0.3. (NEVISIDM-9927)
  • UPGRADED: We upgraded AopallianceRepackaged to 3.1.1. (NEVISIDM-9927)
  • UPGRADED: We upgraded AssertjCore to 3.27.2. (NEVISIDM-9927)
  • UPGRADED: We upgraded AzureServicebus to 7.17.7. (NEVISIDM-9927)
  • UPGRADED: We upgraded AzureCoreHttpNetty to 1.15.7. (NEVISIDM-9927)
  • UPGRADED: We upgraded ReactorNettyHttp to 1.2.1. (NEVISIDM-9927)
  • UPGRADED: We upgraded Aspectj to 1.9.22.1. (NEVISIDM-9927)
  • UPGRADED: We upgraded Beanutils to 1.10.0. (NEVISIDM-9927)
  • UPGRADED: We upgraded C3p0 to 0.10.1. (NEVISIDM-9927)
  • UPGRADED: We upgraded Caffeine to 3.1.8. (NEVISIDM-9927)
  • UPGRADED: We upgraded CommonsCodec to 1.17.2. (NEVISIDM-9927)
  • UPGRADED: We upgraded CommonsConfiguration to 2.11.0. (NEVISIDM-9927)
  • UPGRADED: We upgraded CommonsIo to 2.18.0. (NEVISIDM-9927)
  • UPGRADED: We upgraded CommonsLang3 to 3.17.0. (NEVISIDM-9927)
  • UPGRADED: We upgraded CommonsLogging to 1.3.4. (NEVISIDM-9927)
  • UPGRADED: We upgraded CommonsText to 1.12.0. (NEVISIDM-9927)
  • UPGRADED: We upgraded CommonsValidator to 1.9.0. (NEVISIDM-9927)
  • UPGRADED: We upgraded Csrfguard to 4.4.0-jakarta. (NEVISIDM-9927)
  • UPGRADED: We upgraded Cxf to 4.1.0. (NEVISIDM-9927)
  • UPGRADED: We upgraded Dbcp2 to 2.13.0. (NEVISIDM-9927)
  • UPGRADED: We upgraded FontAwesome to 6.7.1. (NEVISIDM-9927)
  • UPGRADED: We upgraded Gatling to 3.10.5. (NEVISIDM-9927)
  • UPGRADED: We upgraded Gson to 2.11.0. (NEVISIDM-9927)
  • UPGRADED: We upgraded Greenmail to 2.1.2. (NEVISIDM-9927)
  • UPGRADED: We upgraded Guava to 33.4.0-jre. (NEVISIDM-9927)
  • UPGRADED: We upgraded Hamcrest to 3.0. (NEVISIDM-9927)
  • UPGRADED: We upgraded HateOas to 2.4.1. (NEVISIDM-9927)
  • UPGRADED: We upgraded Httpunit to 1.7. (NEVISIDM-9927)
  • UPGRADED: We upgraded JakartaMail to 2.1.3. (NEVISIDM-9927)
  • UPGRADED: We upgraded JakartaXmlBind to 4.0.2. (NEVISIDM-9927)
  • UPGRADED: We upgraded AvaJwt to 4.4.0. (NEVISIDM-9927)
  • UPGRADED: We upgraded JakartaJsp to 4.0.0. (NEVISIDM-9927)
  • UPGRADED: We upgraded JakartaServlet to 6.1.0. (NEVISIDM-9927)
  • UPGRADED: We upgraded JakartaValidation to 3.1.0. (NEVISIDM-9927)
  • UPGRADED: We upgraded JakartaWsRs to 4.0.0. (NEVISIDM-9927)
  • UPGRADED: We upgraded Jandex to 3.2.3. (NEVISIDM-9927)
  • UPGRADED: We upgraded JcanSaml to 8.2505.0.1. (NEVISIDM-9927)
  • UPGRADED: We upgraded JcanSectoken to 8.2505.0.1. (NEVISIDM-9927)
  • UPGRADED: We upgraded Jetty to 12.0.16. (NEVISIDM-9927)
  • UPGRADED: We upgraded Jquery to 3.7.1. (NEVISIDM-9927)
  • UPGRADED: We upgraded Jstreegrid to 3.10.2. (NEVISIDM-9927)
  • UPGRADED: We upgraded Jstree to 3.3.17. (NEVISIDM-9927)
  • UPGRADED: We upgraded LibPhoneNumber to 8.13.52. (NEVISIDM-9927)
  • UPGRADED: We upgraded imbus to 10.0.1. (NEVISIDM-9927)
  • UPGRADED: We upgraded Nodejs to 23.6.0. (NEVISIDM-9927)
  • UPGRADED: We upgraded Nevisauth to 8.2411.0.13. (NEVISIDM-9927)
  • UPGRADED: We upgraded Opencsv to 4.6. (NEVISIDM-9927)
  • UPGRADED: We upgraded Picocli to 4.7.6. (NEVISIDM-9927)
  • UPGRADED: We upgraded Postgresql to 42.7.5. (NEVISIDM-9927)
  • UPGRADED: We upgraded SaajImpl to 3.0.4. (NEVISIDM-9927)
  • UPGRADED: We upgraded Selenium to 4.27.0. (NEVISIDM-9927)
  • UPGRADED: We upgraded Slf4j to 2.0.16. (NEVISIDM-9927)
  • UPGRADED: We upgraded Slf4jLog4jImpl to 2.24.3. (NEVISIDM-9927)
  • UPGRADED: We upgraded Snakeyaml to 2.3. (NEVISIDM-9927)
  • UPGRADED: We upgraded Swagger to 2.2.27. (NEVISIDM-9927)
  • UPGRADED: We upgraded Typeahead to 1.3.4. (NEVISIDM-9927)
  • UPGRADED: We upgraded QpidJmsClient to 2.6.1. (NEVISIDM-9927)
  • UPGRADED: We upgraded XmlSec to 3.0.3. (NEVISIDM-9927)
  • UPGRADED: We upgraded GradleGit to 5.3.0. (NEVISIDM-9927)
  • UPGRADED: We upgraded InfoPlugin to 13.0.0. (NEVISIDM-9927)
  • UPGRADED: We upgraded JacocoAnt to 0.8.12. (NEVISIDM-9927)
  • UPGRADED: We upgraded NodePlugin to 7.1.0. (NEVISIDM-9927)
  • UPGRADED: We upgraded OspackagePlugin to 11.10.1. (NEVISIDM-9927)
  • UPGRADED: We upgraded SonarGradlePluing to 6.0.1.5171. (NEVISIDM-9927)
  • UPGRADED: We upgraded Woodstox to 7.1.0. (NEVISIDM-9927)
  • UPGRADED: We upgraded Axb to 4.0.5. (NEVISIDM-9927)
  • UPGRADED: We upgraded CxfNew to 4.1.0. (NEVISIDM-9927)
  • UPGRADED: We upgraded JakartaAnnotationApi to 3.0.0. (NEVISIDM-9927)
  • UPGRADED: We upgraded JakartaActivationApi to 2.1.3. (NEVISIDM-9927)
  • UPGRADED: We upgraded JakartaAuthenticationApi to 3.1.0. (NEVISIDM-9927)
  • UPGRADED: We upgraded JakartaXmlWsApi to 4.0.2. (NEVISIDM-9927)
  • UPGRADED: We upgraded JakartaJspJstl to 3.0.2. (NEVISIDM-9927)
  • UPGRADED: We upgraded JaxWs4 to 4.0.3. (NEVISIDM-9927)
  • UPGRADED: We upgraded SpringBeansApi to 6.2.1. (NEVISIDM-9927)
  • UPGRADED: We upgraded OpentelemetryApi to 1.46.0. (NEVISIDM-9927)
  • UPGRADED: We upgraded DownloadPlugin to 5.6.0. (NEVISIDM-9927)
  • UPGRADED: We upgraded Mapstruct to 1.6.3 (NEVISIDM-9970)
  • UPGRADED: We upgraded Poi to 5.4.0 (NEVISIDM-9971)
  • UPGRADED: We upgraded Jackson to 2.17.2. (NEVISIDM-9975)
  • UPGRADED: We upgraded Zxing to 3.5.3 (NEVISIDM-9976)
  • UPGRADED: We upgraded Artemis to 2.39.0. (NEVISIDM-9977)
  • UPGRADED: We upgraded Apache Jasper Jsp to 11.0.24. (NEVISIDM-9983)
  • UPGRADED: Apache Jasper JSP upgraded to 10.1.31 and Elasticsearch REST Client upgraded to 8.13.3. (NEVISIDM-10010)
  • FIX: Credential creation considers policy type as well as policy name. (NEVISIDM-9861)
  • FIX: Configuration parameter daysNoActivitySinceReactivation handling fixed in UpdateUserStateJob. (NEVISIDM-9995)
  • FIX: Field name fixed in user login info history query. (NEVISIDM-9997)
  • FIX: Improve profileless flag set on unit with profile error message. (NEVISIDM-10001)
  • FIX: Certificate duplication issue fixed. (NEVISIDM-10005)
  • FIX: Query service indexing improved with batch fetching to shorten transactions. (NEVISIDM-10028)
  • FIX: We improved performance of property retrieval for client service's get users endpoint. (NEVISIDM-10079)
  • FIX: Concurrency problem fixed in authentication cache holder. (NEVISIDM-10096)
  • FIX: We are using -Djava.locale.useOldISOCodes=true JVM flag by default to Locale identifiers changed in ISO639. It is overrideable in JAVA_OPTS. (NEVISIDM-10107)
  • FIX: Authentication cache holder synchronization issue solved. (NEVISIDM-10129)

Web GUI

FIX: Duplicated display of security questions fixed when the user has multiple profiles. (NEVISIDM-9848) REMOVED: We removed consent screens; we discontinued the use of Angular JS in nevisIDM. (NEVISIDM-10113)

Configuration

  • NEW: New configuration file atomikos.properties introduced to override transactions.properties. (NEVISIDM-9565)
  • NEW: From now on the nevisIdm Auth states use HTTP connection timeout setting correctly. (NEVISIDM-10091)
  • NEW: The phone number normalization can be disabled with normalizePhoneNumber configuration parameter. (NEVISIDM-10094)
    • Affected auth states: IdmGetPropertiesState, IdmPasswordResetState and IdmSetPropertiesState.
  • UPDATED: Some minor improvements introduced for management interface stability. (NEVISIDM-10031)
    • Jetty upgraded from 12.0.9 to 12.0.16;
    • Management interface threads now can be configured (see server.management.max-threads configuration property);
    • Detailed logging messages added to health indicators.

Database

  • NEW: We added support for MariaDB 11.4 and upgraded MariaDB driver to 3.5.2. (NEVISIDM-9928)
  • NEW: We added support PostgreSQL version 17 and upgraded PostgreSQL driver to 42.6.1. (NEVISIDM-9929)
  • NEW: We added support Oracle version 23AI. (NEVISIDM-9930)
    • Currently, the following Oracle DBMS versions are supported: 19c, 21c and 23ai.
    • The supported (and recommended) Oracle driver version upgraded to com.oracle.database.jdbc:ojdbc11:21.17.0.0.

nevisLogRend 8.2505.3.1 - 21.05.2025

Breaking changes

  • UPGRADED: nevisLogrend is now compiled and runs with Java 21. Using Java 17 is no longer supported. (NEVISLOG-551)

Changes and new features

  • FIXED: OpenTelemetry PeriodicMetricReader no longers logs a WARN level message when Metrics export fails during shutdown due to the application is already unloaded. (NEVISLOG-547)
  • UPGRADED: We upgraded the Commons-text third-party dependency to version 1.13.0. (NEVISLOG-561)
  • UPGRADED: We upgraded the Jackson third-party dependencies to version 2.18.3. (NEVISLOG-561)
  • UPGRADED: We upgraded the Jetty third-party dependencies to version 12.0.18. (NEVISLOG-561)
  • UPGRADED: We upgraded the Guava third-party dependency to version 33.4.6-jre. (NEVISLOG-561)
  • UPGRADED: We upgraded the Nevis OpenTelemetry java agent to version 3.0.0.0 (NEVISLOG-561)
  • UPGRADED: We upgraded the Opentelemetry api third-party dependency to version 1.48.0 (NEVISLOG-561)
  • UPGRADED: We upgraded the Log4j third-party dependencies to version 2.24.3. (NEVISLOG-561)
  • UPGRADED: We upgraded the Slf4j third-party dependency to version 2.0.17. (NEVISLOG-561)
  • UPGRADED: We upgraded the Velocity third-party dependency to version 2.4.1. (NEVISLOG-561)

nevisMeta 8.2505.3.2 - 21.05.2025

Changes and new features

Delete browser cache

Due to changes in the UI 3rd party dependencies, we highly recommend deleting your browser cache to avoid UI issues. (NEVISMETA-2180)

Breaking changes

  • REMOVED: We removed the deprecated RSA1_5 and RSA_OAEP encryption methods on edit in the client UI. Add warning message when a client containing RSA1_5 and RSA_OAEP encryption method is loaded. (NEVISAUTH-4980)
  • NEW: We introduced a new persisted consent deletion V3 endpoint. (NEVISMETA-2153)

General

  • NEW: Add default resource server with default openid scope. (NEVISMETA-2092)
  • NEW: Add default scope openid when no scope included in DCR request. (NEVISMETA-2092)
  • NEW: We allow to input an array for client metadata. (NEVISMETA-2093)
  • NEW: Supporting PostgreSql version 17. (NEVISMETA-2125)
  • NEW: We added a new parameter for getting the latest refresh token in /tokens endpoint. (NEVISMETA-2125)
  • NEW: We added PKCE support for the RelyingPartyState and OAuth2ClientState nevisAuth auth states. (NEVISMETA-2125)
  • UPGRADED: We upgraded the postgresql third-party dependency to 42.7.4. (NEVISMETA-2125)
  • UPGRADED: We upgraded the flyway third-party dependency to 11.0.1. (NEVISMETA-2125)
  • UPGRADED: We upgraded the spring third-party dependency to 6.2.1. (NEVISMETA-2131)
  • UPGRADED: We upgraded the jetty third-party dependency to 12.0.18. (NEVISMETA-2160)
  • UPGRADED: We upgraded the jakarta.servlet-api third-party dependency to 6.1.0. (NEVISMETA-2160)
  • UPGRADED: We upgraded the json third-party dependency to 20250107. (NEVISMETA-2160)
  • UPGRADED: We upgraded the quartz third-party dependency to 2.5.0. (NEVISMETA-2160)
  • UPGRADED: We upgraded the primefaces third-party dependency to 15.0.2. (NEVISMETA-2107)
  • UPGRADED: We upgraded the bootstrap third-party dependency to 5.3.3. (NEVISMETA-2107)
  • UPGRADED: We upgraded the typescript third-party dependency to 0.11.1. (NEVISMETA-2107)
  • DEPRECATED: The OAuth2 Consent REST API V1 is deprecated and will no longer be supported with the November 2025 release, customers should migrate to V3. (NEVISMETA-2170)

nevisProxy 8.2505.3 - 21.05.2025

Changes and new features

  • NEW: We now support PostgreSQL 17. (NEVISPROXY-7365)
  • NEW: We added the element SSLOpenSSLConfCmd to navajo.xml. (NEVISPROXY-7350)
  • NEW: We added the bc property BC.Tracer.DebugProfile.NPPerfMeter.DetailLevel. (NEVISPROXY-7333)
  • NEW: We now support the Securosys OpenSSL-provider for frontend connections. (NEVISPROXY-7172)
  • NEW: The number of active Websocket connection metric has been added to the WebSocketServlet. (NEVISPROXY-7520)
  • NEW: We added the parameter DbServlet to the CountryIpFilter. (NEVISPROXY-6629)
  • NEW: We added the tracegroup Telemetry for OpenTelemetry. (NEVISPROXY-7523)
  • NEW: We added the events MS05 and MS06. (NEVISPROXY-7521)
  • NEW: We added the parameter LoadExternalEntity to the SoapFilter. (NEVISPROXY-7578)
  • NEW: We added the parameter ReaperTimeout to the PostgresSessionStoreServlet. (NEVISPROXY-7569)
  • NEW: We added SQL-statement execution time tracing to the PostgresSessionStoreServlet. (NEVISPROXY-6610)
  • FIXED: We fixed multi-value dTB tracing with OpenTelemetry. (NEVISPROXY-7434)
  • FIXED: We fixed a possible dead-lock in the MySQLSessionStoreServlet, and we added the error code 2014 to the default ConnectionErrorCodes. (NEVISPROXY-7431)
  • FIXED: We fixed the handling of responses without Content-Length or Transfer-Encoding headers. (NEVISPROXY-7379)
  • FIXED: The ICAPFilter now sends the URL-encoded request path to the ICAP server. (NEVISPROXY-7322)
  • FIXED: We fixed the issue that the EncryptionFilter re-encoded already URL-encoded paths. (NEVISPROXY-7303)
  • FIXED: We fixed the issue where a request with a big body was blocked if ClientCert was set to optional. (NEVISPROXY-7459)
  • FIXED: We fixed the issue that cookies with a name starting with $ and a value were not transferred to the backend. (NEVISPROXY-6465)
  • FIXED: We fixed a bug where the SynchronizeLoginRequests parameter of the IdentityCreationFilter did not synchronize the certificate based login requests. (NEVISPROXY-7579)
  • FIXED: NPE in ICAPFilter for 100-Continue response. (NEVISPROXY-7508)
  • FIXED: We fixed the issue that some signature algorithms didn't work when using the GemEngine with OpenSSL 3.0 by using the shared OpenSSL libraries. (NEVISPROXY-7480)
  • CHANGED: We now officially support MariaDB 11.4 in the MySQLSessionStoreServlet. (NEVISPROXY-7366)
  • CHANGED: We lowered the log-levels of the Unsupported Content-Encoding messages in the RewriteFilter. (NEVISPROXY-7517)
  • CHANGED: The parameter ExporterAddress in the Trace section of the OpenTelemetry configuration is optional. (NEVISPROXY-7515)
  • CHANGED: The number of active WebSocket connections are now regularly traced on INFO level. (NEVISPROXY-7444)
  • CHANGED: The property BC.Tracer.DebugProfile.NPPerfMeter.InfoTimeout can now be changed dynamically. (NEVISPROXY-7471)
  • CHANGED: We changed the behaviour of the HttpConnectorServlet in case of a corrupted state. (NEVISPROXY-7577)
  • CHANGED: The InputValidationFilter's DefaultDecodingRule now supports multiple rules. As a result, the InputValidationFilter is stricter than before. (NEVISPROXY-7568)
  • CHANGED: We changed the behaviour in the MultiLevelSessionStore that the original creation time is used when copying back a session from the BackupServlet to the MainServlet. (NEVISPROXY-7323)
  • CHANGED: We now trace a NOTICE if 'StoreInterceptedRequest.MaxSize' is reached in the IdentityCreationFilter. (NEVISPROXY-6580)
  • UPGRADED: We upgraded to Apache HTTP Server 2.4.63. (NEVISPROXY-7484)
  • UPGRADED: We upgraded to mod_qos 11.76. (NEVISPROXY-7453)
  • UPGRADED: We upgraded to OpenTelemetry 1.18.0. (NEVISPROXY-7383)
  • UPGRADED: We upgraded to ModSecurity 3.0.14. (NEVISPROXY-7530)
  • UPGRADED: We upgraded to the libunblufilter 1.7.7. (NEVISPROXY-7509)
  • UPGRADED: We upgraded to OpenSSL version 3.0.16. (NEVISPROXY-7506)
  • UPGRADED: We upgraded to APR 1.7.5. (NEVISPROXY-7495)
  • UPGRADED: We upgraded to nghttp2 1.65.0. (NEVISPROXY-7535)
  • DEPRECATED: We deprecated the binaries qsfilter2 and wlsg and the commands nevisproxy genrules and nevisproxy whitelist. (NEVISPROXY-7490)
  • DEPRECATED: We deprecated the binaries qsrotate, qssign, qstail, qsgrep, qsexec, qscheck, qshead, qsdt and ipfilter. (NEVISPROXY-7491)
  • DEPRECATED: We deprecated the ProxyPolicy client-side in the HttpConnectorServlet. (NEVISPROXY-7376)
  • DEPRECATED: The Lua function getContextPath and setContextPath have been deprecated. (NEVISPROXY-7565)
  • DEPRECATED: We deprecated the MQServlet. (NEVISPROXY-6334)
  • REMOVED: We removed the deprecated ContentType parameters of the EncryptionFilter. (NEVISPROXY-7023)
  • REMOVED: We removed the deprecated path attribute in the Context section of navajo.xml. (NEVISPROXY-6059)
  • DOCUMENTATION: The documentation of the request/modifier flags has been improved. (NEVISPROXY-7397)
  • DOCUMENTATION: We added an example configuration for the UnbluFilter towards a kubernetes based Unblu server. (NEVISPROXY-7456)
  • DOCUMENTATION: We added an example for client certificate authentication with TLSv1.3. (NEVISPROXY-7545)

Backward compatibility issues

  • Due to the upgrade to the OpenTelemetry Library 1.18.0 the name of the deployment environment variable has changed from deployment.environment to deployment.environment.name.
  • The new parameter LoadExternalEntity of the SoapFilter avoids out-calls to the internet or intranet. If this was wanted, you will have to set this new parameter to true.

SLES15 support

  • on SLES15 you have to be up to date with the latest available service pack (SP). You can find the available SP versions here.

Ninja 8.2505.3.1 - 21.05.2025

Changes and new features

  • CHANGED: Ninja is now compiled using Java 21. As this component is typically embedded as a dependency, the target compatibility remains Java 17. Therefore the supported Java versions at runtime stay the same as before: Java 17 and Java 21. (NINJA-239)

nevisoperator 8.2505.3 - 21.05.2025

  • FIXED: Set the git passphrase in key secret even if empty. (NOPE-8).
  • FIXED: We fixed an issue where the NEVIS_GIT_INIT_SSH_KEY_PASS environment variable was not set for the init container when the passphrase was defined directly in the GitCredentials resource (NOPE-7).

nevis-base-flyway 8.2505.3 - 21.05.2025

  • CHANGED: Upgraded to Java 21. (NEVISADMV4-10341)

nevis-git-init:1.4.0 - 21.05.2025

  • REMOVED: The ssh-dss algorithm is no longer supported as a HostKeyAlgorithms. (NEVISADMV4-10472)
  • CHANGED: Upgraded to openssh 9.9_p1-r2. (NEVISADMV4-10472)
  • CHANGED: Upgraded to git 2.47.2-r0. (NEVISADMV4-10472)

nevis-opentelemetry-javaagent 3.0.0.0 - 21.05.2025

info

Use V3 for RR and V2 for LTS24.

  • CHANGED: Upgraded to Java 21. (NEVISAUTH-5007)
  • CHANGED: Removed unnecessary javax.servlet support. (NEVISAUTH-5007)
  • CHANGED: Moved nevisAuth instrumentation to nevisAuth. (NEVISAUTH-5007)

Component versions

The following versions are part of this release. All of them are under Full Support until the next RR upgrade becomes available.

ComponentArtifact nameVersion**RHEL 8*RHEL 9*SLES 15*
nevisAppliancenevisappliance8.2505.4.0
8.2505.3.0		n/an/an/a
nevisAdaptnevisadapt8.2505.3.5
nevisAdmin 4nevisadmin48.2505.3.16
nevisAuthnevisauth8.2505.3.5
nevisCredneviscred2.0.20.0
nevisDataPorternevisdp8.2505.3.4
nevisDetectnevisdetect
nevisdetectcl		8.2505.3.4
nevisFIDOnevisfido
nevisfidocl		8.2505.3.2
nevisIDMnevisidm
nevisidmcl
nevisidmdb		8.2505.4.1
8.2505.3.10
nevisIDMadnooprint7.2311.0.6565033000
nevisKeyboxneviskeybox2.2.5.0
nevisLogRendnevislogrend8.2505.3.1
nevisMetanevismeta8.2505.3.2
nevisProxynevisproxy8.2505.3.0
Ninjaninja8.2505.3.1n/an/an/a
Ninwinninwin2.3.5.0n/an/an/a

*) Tested with the latest available patch level.

**) Versions in bold changed compared to the previous release.

Third-party dependencies

The following third-party software is often used by Nevis components. Some of the software is included within nevisAppliance.

Below you find the latest supported versions.

Third-Party SoftwareVersion
JVM (OpenJDK)✅ 21.0.7
MariaDB✅ 11.4
PostgreSQL✅ 17
Kubernetes✅ 1.31

Mobile Apps

Mobile apps and the Mobile SDK are released independently of the component releases. Refer to the following pages: