2024-Q4: RR Upgrade (November 2024)
Major version
Version: 8.2411
Lifecycle dates
Minor Version | General Availability | End of Full Support | End of Fade-Out Support |
---|---|---|---|
8.2411.0.0 | November 20, 2024 | May 20, 2025 | Dec 20, 2025 |
Breaking changes and required actions
The following components have breaking changes compared to the previous release, or require specific actions. For more information, see the Release Notes of each listed component.
- nevisProxy: The Apache config generation is changed when multiple hosts are defined in navajo.xml. Now the default hosts' virtual hosts are moved to the beginning. In the old config generation, the virtual hosts order was defined by the connectors' order.
- nevisProxy: The XmlFilter now checks the content against the configured XSD schema (if any). If the content doesn't match the schema, or a schema is missing, the request will be blocked. In order to switch back to the old behaviour you need to set the parameter
ValidateSchema
tofalse
. - nevisProxy: Due to the apache httpd upgrade you have to add the following
SSLCryptoDevice
in theService
section of navajo.xml if a Securosys HSM (or any pkcs#11 based HSM) is configured:
SSLCryptoDevice="pkcs11"
- nevisProxy: The DeflateFilter's CompressionWindowSize parameter no longer accepts positive values.
- nevisProxy: For nevisproxy to run correctly, you need at least SP6 if running on SLES15. You can check the installed SP version on your SLES15 host by executing
cat /etc/os-release
. The version has to be 15.6 or more:
# cat /etc/os-release
NAME="openSUSE Leap"
VERSION="15.6"
- nevisProxy: If neither OpenTelemetry nor sampling is enabled op tracing in some nevis components may not work any more. To solve that you can set the java property
otel.traces.sampler
in the concerned nevis component toalways_on
. - nevisAuth: jcan-saml and jcan-saml-xmlbeans libs are removed from the nevisAuth RPM. These are transitive dependencies of jcan-sectoken to support the SAML Assertion as a token. These libraries are only used in Ninja for verification purposes, therefore they are not required in nevisAuth.
- nevisAuth: Several properties in configuration have breaking changes.
- nevisAuth: The LegacySecurityTokenService is removed.
- nevisFIDO: New column dispatch_target_ext_id in database table token_sessions.
- nevisIDM: Now default policy values are applied to
PASSWORD
,CONTEXT_PASSWORD
andDEVICE_PASSWORD
credentials when validating passwords. This behaviour can be turned off with configuration propertyapplication.policy.loadDefaultValues
. - nevis...: ...
Every RR (minor and major) may contain breaking changes. See the release notes of the component you are upgrading. You should always stay up to date on the RR branch. If there are multiple releases between your current version and the version you are upgrading to, consult the release notes of each version.
Components Changelog
nevisAdmin 8.2411.0 Release Notes - 2024-11-20
Release information
- RPM: nevisadmin4-8.2411.0.17-1.noarch.rpm
- GUI Version: FE 8.2411.0-1459 - BE 8.2411.0.17
Breaking changes
Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.
- CHANGED: The
nevisadmin-plugin-nevisadapt
has been separated from thenevisadmin-plugin-nevisdetect
. The nevisAdapt Patterns, which were previously part of the nevisDetect plugin, have now been moved to the new nevisAdapt plugin. (NEVISADMV4-10229)
Main improvement
- NEW: It is now possible to delete plugin libraries on the Resources / Pattern Libraries page. (NEVISADMV4-9761)
- NEW: You can now add a git tag to the commit that is created when publishing a project, both on the GUI in the publishing dialog, and also using the REST API. (PRODROAD-597)
- NEW: Project variables now can have default values. Compared to the existing sample values, if a default value is not overridden in the inventory, it will not cause an error during deployment, and instead the default value of the project variable will be directly used. (NEVISADMV4-10185)
- NEW: We've introduced a new feature that automatically migrates the project when the
nevisadmin-plugin-base-generation
version is upgraded. This feature attempts to handle breaking changes by updating most project data automatically, reducing the need for manual adjustments, but some cases cannot be handled automatically, and manual intervention may still be required. (NEVISADMV4-10104)
Notable changes and bug fixes
- NEW: Deployments can now be performed using the legacy checkout method by setting the configuration property
nevisadmin.git.shallow-checkout
tofalse
. (NEVISADMV4-10252) - NEW: We added two new properties,
nevisadmin.pki.root-certificate-validity
andnevisadmin.pki.end-certificate-validity
, to configure certificate validity for automatic key management in classic deployments. (NEVISADMV4-10268) - IMPROVED: When publishing a project containing attachment properties where the attached files were changed, the changes can be reviewed in the publish dialog with a new diff view. (NEVISADMV4-10067)
- IMPROVED: The inventory editor has received a number of improvements (NEVISADMV4-10074)
- Errors that are not related to a specific line are shown on the first line.
- Folding controls are now always shown, not only when the gutter (i.e. the line numbers) is hovered.
- When the inventory yaml has issues, an inline peek view pops up showing the details. This can also be triggered from the new menu left to the inventory resource actions, which also has controls to fold/unfold all regions of the yaml file.
- Tooltips in the editor are no longer clipped if they extend beyond the editor.
- IMPROVED: When editing a pattern attachment file, now you can toggle the editor to Fullscreen mode. (NEVISADMV4-10071)
- IMPROVED: Pattern fields of type key-value can now be sorted alphabetically. This helps in finding them when there are many of them, and also, in reviewing the diff during publishing. (NEVISADMV4-10084)
- IMPROVED: If an attachment is renamed in a way that the only difference from the original name is in letter casing, it may cause errors. The errors now include explanations and workarounds for resolving these issues. (NEVISADMV4-10102)
- IMPROVED: Addressed some performance issues that happened when there were a lot of plugin libraries uploaded. (NEVISADMV4-10073)
- CHANGED: The REST endpoints at
/api/v1/jobs
now include thecreationTime
field in their returned data. (NEVISADMV4-10011) - FIXED: The variables screen now also considers
${var.<name>}
references when listing the usages of variables. (NEVISADMV4-10024) - FIXED: Renaming a variable now also updates all references to it that use the
${var.<name>}
format. (NEVISADMV4-10085) - FIXED: When using the main pattern list in grouped by labels mode, the expanded state of the groups was not restored when navigating away and coming back. They are now correctly saved and restored when needed. (NEVISADMV4-10072)
- FIXED: In some rare cases, newly created tenant scoped secrets were not available in the inventory editor to be inserted, until another inventory was opened first. They are now available immediately. (NEVISADMV4-9969)
- FIXED: We fixed a GUI issue, which caused the project validation spinner to sometimes stay spinning even after the project validation has finished, especially if there were new edits before the previous validation has finished. (NEVISADMV4-8559)
- FIXED: We fixed a GUI issue which allowed both the Delete and the Connect to Git actions for projects and inventories to be available, even when the user did not have permission to modify the selected project or inventory, which led to a permission error. These buttons are now disabled if the user does not have the required permission. (NEVISADMV4-8854)
- FIXED: We fixed a GUI issue in the inventory editor, where inserting a secret in the middle of a line replaced the rest of the line instead of inserting the secret at the caret's location. Highlighting secrets in the editor is also fixed. (NEVISADMV4-8441)
- FIXED: The default values for
cors.allowed.methods
,cors.allowed.headers
, andcors.max.age
now align with what is stated in the documentation. (NEVISADMV-10128) - FIXED: We fixed a GUI issue which caused project variables to be imported with an invalid value. (NEVISADMV4-9090)
- FIXED: We fixed a GUI issue in the pattern editor, which caused the navigation to be canceled when clicking through a pattern reference link while having unsaved changes. (NEVISADMV4-10308)
Dependency upgrades
- shiro 2.0.1 (NEVISADMV4-9164)
- org.eclipse.jgit 6.10.0.202406032230-r (NEVISADMV4-10027)
- jsch 0.2.20 (NEVISADMV4-10273)
- jackson 2.18.0 (NEVISADMV4-10273)
- jetty-rewrite 12.0.14 (NEVISADMV4-10273)
- groovy 4.0.23 (NEVISADMV4-10273)
- snakeyaml 2.3 (NEVISADMV4-10273)
- aspectjweaver 1.9.22.1 (NEVISADMV4-10027)
- jakarta-annotation-api 3.0.0 (NEVISADMV4-10027)
- slf4j-api 2.0.16 (NEVISADMV4-10027)
- logback-classic 1.5.9 (NEVISADMV4-10273)
- guava 33.3.1-jre (NEVISADMV4-10273)
- opensaml 4.3.2 (NEVISADMV4-10027)
- spring-boot 3.3.5 (NEVISADMV4-10307)
- spring-dependency-management-plugin 1.1.6 (NEVISADMV4-10027)
- springdoc-openapi-starter-webmvc-ui 2.6.0 (NEVISADMV4-10027)
- mustache 0.9.14 (NEVISADMV4-10027)
- mariadb-java-client 3.4.1 (NEVISADMV4-10027)
- postgresql 42.7.4 (NEVISADMV4-10027)
- nimbus-jose-jwt 9.41.2 (NEVISADMV4-10273)
- bcprov-jdk18on 1.78.1 (NEVISADMV4-10027)
- bcpkix-jdk18on 1.78.1 (NEVISADMV4-10027)
- bcpg-jdk18on 1.78.1 (NEVISADMV4-10027)
- bcutil-jdk18on 1.78.1 (NEVISADMV4-10027)
- kubernetes-java-client 21.0.1 (NEVISADMV4-10027)
Patterns 8.2411.0 Release Notes - 2024-11-20
Release information
- Build Version: 8.2411.0.15
Changes marked with ⚠️ may be breaking, have security impact, or affect user experience. Review these changes carefully, and adapt your pattern configuration as required.
General Changes
- PAT-762: Fixed a bug in
Generic Deployment
which caused unknown files in nested sub-folders to be deleted, even whenPath: Delete Unknown Files
is set todisabled
. - NEVISADMV4-9763: Added new logger
ProductAnalytics
to Nevis components.- The logger is enabled by default, it can be disabled by setting the log level to
WARN
orERROR
.
- The logger is enabled by default, it can be disabled by setting the log level to
Application Protection
- ⚠️ PAT-750 / PAT-754: Refactored the
nevisProxy Observability Settings
pattern:- Renamed the
Trace Resource Service Name
parameter and moved it to theBasic Settings
tab.- This setting now controls the
service.name
key-value pair resource attribute for bothMetrics Mode
andTrace Mode
.
- This setting now controls the
- Removed the experimental label from the pattern.
- New settings:
Sampler
,Deployment Environment
,Capture Request Headers
,Capture Response Headers
- Renamed the
- ⚠️ PAT-751: Added CRS version 4.7.0 to the
OWASP ModSecurity CRS Version
setting in theVirtual Host
pattern.- The oldest, unsupported CRS version 3.0.2 was removed.
- PAT-734: Added
Default File
setting to theHosting Service
pattern. - PAT-678: Added a default template for
Proxy Login Renderer
. - ⚠️ PAT-650: Added the setting
SOAP Schema Validation Mode
to theSOAP Service
pattern.- The default mode is
content-type
, where the SOAP service only analyses requests with Content-Typeapplication/soap+xml
. - Select
enabled
to analyse all requests with a body. - Select
strict
to analyse all requests, which was the previous behaviour.
- The default mode is
- PAT-688: We fixed an unexpected error when using a variable for the
Public Key
of theJWT Access Restriction
pattern. - ⚠️ PAT-755: We improved the
Maintenance Page
pattern:- The
Update Interval
is now configurable. - The pattern now includes its sanitized name in the names of the generated
MaintenanceFilter
andDefaultServlet
.- This prevents naming collisions, and allow linking multiple Maintenance Page patterns to a single
Virtual Host
orApplication
. - Check your configuration if you use
Generic Application Settings
orGeneric Virtual Host Settings
to customize yourMaintenanceFilter
or the relatedDefaultServlet
.
- This prevents naming collisions, and allow linking multiple Maintenance Page patterns to a single
- The
- PAT-759: The
SOAP Service
pattern can now be attached to severalVirtual Host
patterns even whenSOAP Schema Validation
files are configured. - NEVISPROXY-7253: The
HTTP Error Handling
pattern now also replaces placeholders in JSON error pages.- This also applies to the default
ErrorFilter
that is generated by theVirtual Host
.
- This also applies to the default
Authentication
- PAT-756: Set
-Dotel.instrumentation.metro.enabled=false
for nevisAuth.- OpenTelemetry does not support tracing of these SOAP calls.
- ⚠️ PAT-710: Apply
Custom Attributes
toRemoteOutOfContextDataStore
as well.- If you have attributes that should only be applied to the
RemoteSessionStore
use the prefixsession:
in the attribute name.
- If you have attributes that should only be applied to the
- PAT-707: Support configuration of number of worker threads for nevisAuth.
- PAT-693: Updated
JWT Token
pattern to be compatible with latest nevisAuth release.
Identity Management
- PAT-507: Support upload of additional resources for
nevisDataPorter Instance
. - PAT-704: NevisIDM Second Factor pattern now validates if the found credentials are active and during their validity period.
- PAT-722: The
nevisIDM Authorizations
pattern now adds default values to Roles where no setting is defined in the pattern. - PAT-722: The
nevisIDM Authorizations
pattern now acceptsMultiClient
authorization as well. - PAT-726: Password validation displays error correctly when using Self-Registration flow in Simple Sign-in / Sign On Template
- PAT-743: Added SYSLOG formatting option for
nevisIDM
's batch log. - PAT-745: Created pattern for
nevisIDM Create Credential
AuthState. - PAT-763: Path of password reset in nevisIDM Password Login automatically added to the Allowed Application paths.
- PAT-758: Modified nevisIDM Password Login to store the redirection URL in the URL Ticket credential.
- PAT-770:
nevisIDM Authorizations
pattern now handles fine-grained authorizations forUserModify
andUserSearch
authorization.
SAML / OAuth / OpenID Connect
- PAT-753: New setting
Remove Empty Claim(s) In Token
inOAuth 2.0 Authorization Server / OpenID Provider
. - PAT-701: Updated the translation text for the OAuth2 / OpenID Connect consent screen.
- PAT-744: Fixed invalid generation of nevisIDM HttpClient in Social Login patterns.
- PAT-742: The
IDP URL
in theSAML IDP Connector
now supports EL expressions. - PAT-716: Fixes in SAML patterns to support logout message via SOAP.
FIDO2 Passwordless
- PAT-729: Support Authenticator allow-listing in
nevisFIDO FIDO2 Instance
.
Mobile Authentication
- PAT-541: Configuration of
fido-uaf.timeout.device-request
. - PAT-730: Support for Android Key Attestation (FIDO UAF Full Basic Attestation).
- PAT-735: Updated default metadata file to support both RSA and new EC algorithms for Android UAF authenticators.
- PAT-748: Support REST-only usage of nevisIDM in nevisFIDO.
- PAT-694: Add new wildcard facetID entries to replace the old specific values.
- PAT-618: New pattern
nevisFIDO UAF Device Service
. - PAT-739: Support assignment of
nevisFIDO UAF Connector
inOut-of-band Mobile Onboarding
pattern. - NEVISAUTH-4768: The mobile authentication JavaScripts now only schedule a single polling request at a time, preventing “parallel polling” in the same session.
User Behavior Analytics
- ⚠️ NEVISDETECT-1874: nevisAdapt patterns were moved to a new nevisAdmin4 plugin:
nevisadmin-plugin-nevisadapt
.- The package name of all related patterns changed, so it is important to run the automatic migrations script to avoid errors.
- Make sure that the new package is enabled when setting up a project with nevisAdapt.
- ⚠️ NEVISDETECT-1954: observation timeframe inside nevisAdapt Instance was moved to its own pattern along with other cleanup related timeframes which can be linked into
nevisAdapt Instance
.- The automatic migration script takes care of this change if any specific value was set in the original project.
nevisAdapt 8.2411.0.22 - 20.11.2024
Breaking changes
- CHANGED: nevisAdapt has its own nevisAdmin 4 plugin:
nevisadmin-plugin-nevisadapt
. There is an automated migration script for transferring nevisAdapt patterns. Please make sure that the new plugin is enabled after the migration. On the other hand,nevisadmin-plugin-nevisdetect
can be turned off if nevisDetect is not part of the authentication flow. - CHANGED:
ch.nevis.nevisdetect:nevisdetect-dto
package no longer contains nevisAdapt DTOs. New packagech.nevis.nevisadapt:nevisadapt-dto:8.2411.0.22
introduced. - CHANGED:
ch.nevis.nevisdetect:nevisadapt-api
package was moved. New packagech.nevis.nevisadapt:nevisadapt-api:8.2411.0.22
introduced.
Changes and new features
- ADDED:
nevisadaptcl
package for nevisAdapt AuthStates (introducedch.nevis.adapt.authstate
domain) - FIXED: Dependencies updated
- FIXED: Observation data analysis performance was improved
- FIXED: IP velocity analyzer for close distances
- CHANGED: Dependencies used by nevisDetect only were removed
- CHANGED: Several classes were moved within
ch.nevis.nevisadapt
- CHANGED: Health checks expect lower-case schema history table name
- CHANGED: nevisAdapt plugin classes for nevisDetect are removed (moved to
nevisdetect
package)
nevisAuth 8.2411.0.13 - 20.11.2024
Breaking changes
- REMOVED: The deprecated
LegacySecurityTokenService
is removed. It was enabled by default when-Dch.nevis.esauth.wstrust.SecurityTokenService.Enabled=true
was configured. The replacement for theLegacySecurityTokenService
is the SecurityTokenService (NEVISAUTH-4654) - REMOVED: We removed the validation that
acr_values
must contain the value of theacr
claim. (NEVISAUTH-4854) - REMOVED:
jcan-saml
andjcan-saml-xmlbeans
libs are removed from the nevisAuth RPM. These are transitive dependencies ofjcan-sectoken
to support the SAML Assertion as a token. These libraries are only used inNinja
for verification purposes, therefore they are not required in nevisAuth. In case you relied on classes from these artifacts in your testing or custom auth states, you can acquire them fromNinja
and add them on your classpath manually. (NEVISAUTH-4864) - CHANGED: The JWTToken auth state configuration
token.identifier
is renamed totoken.outputAttributeName
. (NEVISAUTH-4715) - CHANGED: The default value
connectionMaxPoolSize
property of the Remote session store and OOCD is changed to 10 from the previous 20 to be aligned with the underlying library recommended defaults. (NEVISAUTH-4819) - CHANGED: ScripState now resolves variables in
parameter.[parameterName]
. This can be a breaking change if you resolved variables manually before, or have a value which looks like an EL expression. (NEVISAUTH-4604) - NEW: We introduced the property
removeEmptyClaimsInToken
inAuthorizationServer
AuthState to remove empty claims forID Token
andAccess Token
. (NEVISAUTH-4778)
General Changes
- NEW: nevisAuth generates new OpenTelemetry metrics for Jetty worker threads, request statistics, heap size, http client pool statistics. This can help in analysing and observing nevisAuth load. (NEVISAUTH-4746)
- NEW: The JWTToken auth state now allows the configuration where the output is stored using the
token.outputAttributeScope
configuration option. By default, it is the previousoutargs
. (NEVISAUTH-4715) - NEW: HTTP headers can be referred in the log pattern with syntax
%X{httpHeader.yourHttpHeader}
. There is a differences in where the HTTP request is originating from: authenticate/stepup requests arriving from nevisProxy will contain the original HTTP headers of the client in the SOAP request body and made available in the logging context. Other Web and Rest services does not have this proprietary mechanism therefore in case of those nevisAuth will simply use the HTTP headers of the current request. (NEVISAUTH-4776) - NEW:
connectionMinPoolSize
configuration option for the Remote session store and OOCD. Note that by defaultconnectionMinPoolSize
takes the value ofconnectionMaxPoolSize
which means that the pool opens all connections on start, which is the recommended way to maximise performance. For cases where you only want to create connections on demand, you can specify a lowerconnectionMinPoolSize
value. (NEVISAUTH-4819) - NEW: We introduced
openid.jws.addx5c
andoauth2.jws.addx5c
for adding x5c field to ID Token and Access Token header. (NEVISAUTH-4834) - NEW: We allow the use of EL expressions for
claimsRequest
inRelyingPartyState
andOAuth2ClientState
. (NEVISAUTH-4832) - NEW: We introduced
absoluteRefreshTokenLifetime
to specify how the lifetime of a Refresh Token is managed when using token rotation. (NEVISAUTH-4745) - FIXED: We reduced the verbosity of the log entries related to the translation of scope metadata. (NEVISAUTH-4507)
- FIXED: SecurityTokenService logging confusing error message
SAAJ0303.ver1_1.msg.op.unsupported.in.SOAP1.1
when generating an error response. (NEVISAUTH-4681) - FIXED: Unreleased lock causing threads to hang in scenarios where several clients are using the same session and this session is killed by multiple nevisProxy instances at the same time. Also, some warning messages not requiring operational attention are downgraded to info. (NEVISAUTH-4738)
- FIXED: Unreleased lock causing threads to hang in scenarios where
IdentityProviderState
received the logout contain session index but doesn't act as SOAP logout. (NEVISAUTH-4852) - FIXED: We removed the limitation of only allowing a certain prefix in the envelope of SOAP logout requests in
IdentityProviderState
. (NEVISAUTH-4852) - FIXED: We fixed
AccessTokenConsumer
not accepting URLs that contain space. (NEVISAUTH-4788) - DEPRECATED: The
autoRegenerate
configuration flag of theTANState
is currently not working properly, and it is not possible to fix it with the current codebase, therefore it will be removed in the future. Custom behaviour can implemented with the existinginputFalse
transition mechanism which allows the customization of the faulty input handling. (NEVISAUTH-4710) - FIXED: Default logging.yml incorrectly containing
jcan.Op
instead ofOpTrace
. (NEVISAUTH-4774) - FIXED: WSSHeaderValidation auth state not sanitizing passwords in soap headers in the log. (NEVISAUTH-4826)
- FIXED: NullPointerException in the ScripState session variable validation. (NEVISAUTH-4856)
- FIXED: We improved the performance by reducing the introspection endpoint calls for empty
token_type_hint
. (NEVISAUTH-4899) - CHANGED: Most of the log messages produced by loggers
AuthEngine
,EsAuthStart
,EsAuthSv
related to startup were moved from INFO to DEBUG level to speed up start and clean up logs, as those messages are not relevant from an operational point of view. (NEVISAUTH-4833) - FIXED: XmlSec initialization in
jcan-saml
caused the error message lookup in thewss4j
library to fail and producing confusing errors. (NEVISAUTH-4864) - FIXED: The error responses of the introspection and revocation endpoints were not returned in JSON format.(NEVISAUTH-3998)
- FIXED: The session was not terminated after a SAML concurrent logout. (NEVISAUTH-4491)
- DOWNGRADED: We fixed encrypted SAML message generation with
xenc11:MGF
tag by downgrading the xmlsec third-party dependency to version 3.0.3. (NEVISAUTH-4870) - UPGRADED: We upgraded the Apache EL third-party dependency to version 10.1.25. (NEVISAUTH-4836)
- UPGRADED: We upgraded the Apache XML beans third-party dependency to version 5.2.1. (NEVISAUTH-4836)
- UPGRADED: We upgraded the Bouncy Castle third-party dependencies to version 1.78.1. (NEVISAUTH-4836)
- UPGRADED: We upgraded the Checker-qual third-party dependency to version 3.47.0. (NEVISAUTH-4836)
- UPGRADED: We upgraded the Commons-cli third-party dependency to version 1.19.0. (NEVISAUTH-4836)
- UPGRADED: We upgraded the Commons codec third-party dependency to version 1.17.1. (NEVISAUTH-4836)
- UPGRADED: We upgraded the Commons-lang3 third-party dependency to version 3.17.0. (NEVISAUTH-4836)
- UPGRADED: We upgraded the Commons-text third-party dependency to version 1.12.0. (NEVISAUTH-4836)
- UPGRADED: We upgraded the Jackson third-party dependencies to version 2.17.2. (NEVISAUTH-4836)
- UPGRADED: We upgraded the Jaxrs-ri third-party dependency to version 3.1.8. (NEVISAUTH-4836)
- UPGRADED: We upgraded the Jaxws-rt third-party dependency to version 4.0.3. (NEVISAUTH-4836)
- UPGRADED: We upgraded the Jetty third-party dependencies to version 12.0.13. (NEVISAUTH-4836)
- UPGRADED: We upgraded the Groovy third-party dependencies to version 4.0.22. (NEVISAUTH-4836)
- UPGRADED: We upgraded the Guava third-party dependencies to version 33.3.0-jre. (NEVISAUTH-4836)
- UPGRADED: We upgraded the Jackson third-party dependencies to version 2.17.0. (NEVISAUTH-4836)
- UPGRADED: We upgraded the Jakarta servlet api third-party dependency to version 6.0 (NEVISAUTH-4836)
- UPGRADED: We upgraded the jaxb-impl third-party dependency to version 4.0.2. (NEVISAUTH-4836)
- UPGRADED: We upgraded the jaxrs-ri third-party dependency to version 3.1.6. (NEVISAUTH-4836)
- UPGRADED: We upgraded the jcan-saml, jcan-sectoken dependency to version 8.2411.0.x. (NEVISAUTH-4836)
- UPGRADED: We upgraded the Jetty third-party dependencies to version 12.0.8. (NEVISAUTH-4836)
- UPGRADED: We upgraded the Ldap-unboudid third-party dependency to version 7.0.1. (NEVISAUTH-4836)
- UPGRADED: We upgraded the Libphonenumber third-party dependency to version 8.13.45. (NEVISAUTH-4836)
- UPGRADED: We upgraded the Log4j third-party dependencies to version 2.24.0. (NEVISAUTH-4836)
- UPGRADED: We upgraded the MariaDB connector third-party dependency to version 3.4.1. (NEVISAUTH-4836)
- UPGRADED: We upgraded the Nimbus oicd sdk third-party dependency to version 11.19.1. (NEVISAUTH-4836)
- UPGRADED: We upgraded the Opensaml third-party dependencies to version 4.3.2. (NEVISAUTH-4836)
- UPGRADED: We upgraded the Opentelemetry api third-party dependency to version 1.42.0 (NEVISAUTH-4836)
- UPGRADED: We upgraded the PostgreSQL jdbc driver third-party dependency to version 42.7.4. (NEVISAUTH-4836)
- UPGRADED: We upgraded the Parsson third-party dependency to version 1.1.7. (NEVISAUTH-4836)
- UPGRADED: We upgraded the Rhino third-party dependency to version 1.7.15. (NEVISAUTH-4836)
- UPGRADED: We upgraded the Slf4j third-party dependency to version 2.0.16. (NEVISAUTH-4836)
- UPGRADED: We upgraded the Woodstox third-party dependency to version 7.0.0. (NEVISAUTH-4836)
nevisDataporter 8.2411.0.11795601371 - 20.11.2024
General changes
- UPGRADED: WE upgraded the commons-io 2.14.0. (NEVISDP-543)
nevisDetect 8.2411.0.6 - 20.11.2024
Breaking changes
- CHANGED: nevisAdapt has its own nevisAdmin 4 plugin:
nevisadmin-plugin-nevisadapt
. There is an automated migration script for transferring nevisAdapt patterns. Please make sure that the new plugin is enabled after the migration. - CHANGED:
ch.nevis.nevisdetect:nevisdetect-dto
package no longer contains nevisAdapt DTOs. New packagech.nevis.nevisadapt:nevisadapt-dto:8.2411.0.22
introduced. - CHANGED:
ch.nevis.nevisdetect:nevisadapt-api
package was moved. New packagech.nevis.nevisadapt:nevisadapt-api:8.2411.0.22
introduced.
General Changes
- FIXED: Dependencies updated.
- CHANGED: Dependencies used by nevisAdapt only were removed.
- CHANGED: nevisAdapt AuthStates were moved to their own separate package (
nevisadaptcl
). - CHANGED: Health checks expect lower-case schema history table name.
nevisFIDO 8.2411.0.13 - 20.11.2024
Breaking changes
For non-docker based setups run the following SQL script to add the new database table columns required for the extended FIDO UAF status service (NEVISFIDO-2145):
ALTER TABLE token_sessions
ADD COLUMN IF NOT EXISTS `dispatch_target_ext_id` VARCHAR(128) NULL,
;
General Changes
- DEPRECATED: The
ch.nevis.auth.fido.uaf.authenticators
variable written to the nevisAuthnotes
by the FidoUafAuthState and OutOfBandFidoUafAuthState is deprecated, use thesession
variable instead. (NEVISFIDO-2145) - DEPRECATED: The
fido-uaf.metadata.polling-period
andfido-uaf.policy.polling-period
are deprecated and will be removed in the 2025 May release together with the mechanism to reload those configuration at runtime. (NEVISFIDO-2241) - EXPERIMENTAL: Allow to modify the device ID in the device credential management endpoint. (NEVISFIDO-2140)
- CHANGED: The status service lists the UAF and generic dispatch target credential extIds for successful authentication operations. (NEVISFIDO-2145)
- CHANGED: The FidoUafAuthState and OutOfBandFidoUafAuthState write the UAF and generic dispatch target credential extIds for a successful authentication operation to the current nevisAuth session. (NEVISFIDO-2145)
- NEW: Support of authenticators that can use different authentication algorithms. (NEVISFIDO-2145)
- NEW: Support additional checks for Full Basic Attestations with Nevis Mobile Authentication SDK Android authenticators. (NEVISFIDO-2212)
- NEW: authenticating during FIDO UAF with a disabled nevisIDM credential now returns UAF status code 1493. This only works on a server that connects to nevisIDM via its REST API, which requires the
credential-repository.rest-url
property to be set. (NEVISFIDO-2121) - NEW: nevisFIDO now capable supporting both REST and SOAP connections towards nevisIDM at the same time (FIDO2 supports only REST, FIDO UAF supports REST and SOAP). (NEVISFIDO-2206)
- NEW: There is a new configuration property
fido-uaf.idm-connection-type
with valuessoap
andrest
that defines what connection is used to connect to nevisIDM for FIDO UAF. (NEVISFIDO-2206) - DEPRECATED: SOAP connection towards nevisIDM will be removed in a future version, replaced by the REST API client. (NEVISFIDO-2206)
- NEW: Added configuration option to allow-list certain FIDO2 authenticators via metadata. The allow-listing can be enabled by setting the
fido2.metadata.allow-listing-enabled
property to true. The allowed authenticators are configured via a metadata json file supplied in the configuration propertyfido2.metadata.path
. (NEVISFIDO-2157) - NEW: Added HTTP connection configuration options for REST nevisIDM connections in the credential repository. (NEVISFIDO-2056)
- NEW: Added configuration options for FCM dispatcher
proxy-user
andproxy-password
to enable basic proxy authentication. This will be used for both sending request to FCM and Google OAuth2 endpoint to acquire an access token. (NEVISFIDO-2108) - FIXED: The HTTP Client used to connect to nevisIdm REST service and the Firebase Cloud Messaging service was in some cases incorrectly configured limiting the maximum allowed connections per route to 5. The intended default 50 is now properly used. (NEVISFIDO-2103)
- FIXED: Confusing error message when login information status cannot be updated. (NEVISFIDO-2091)
- FIXED: The registration and authentication response endpoints now correctly return UAF status code 1492 Unacceptable Authenticator in case the UAF policy does not allow the authenticator, instead of UAF status code 1498 Unacceptable Content. (NEVISFIDO-1940)
- FIXED: Use JSON comparison to compare signature and encryption keys in device endpoints. Fixing a bug breaking the device service for iOS when multiple accounts are defined in a given device. (NEVISFIDO-2198)
- CHANGED: For backwards compatibility, FIDO UAF credentials do not use key ID attribute (kid) in the comparison of encryption and signature keys as new versions of the SDK do not provide it. (NEVISFIDO-2237)
- CHANGED: Errors occurring during the final challenge parameter validation in the authentication response service resulting in UAF status code 1491 Request Invalid are now logged on
ERROR
level. This can help to identify configuration problems (such as an incorrect appID in the Facets configuration) more quickly. (NEVISFIDO-2099) - CHANGED: nevisFIDO now updates the successful or failed login information in the generic dispatch target associated with the UAF credential used during the authentication operation. This change makes it easier to find out when a user's "device" was last used for UAF authentication as not all associated UAF credentials need to be searched. (NEVISFIDO-2088)
- CHANGED: We replaced SOAP technology stack for nevisIDM connections. (NEVISFIDO-2056)
- REMOVED: The experimental JavaScript Login Application has been removed from the nevisFIDO client RPM. Preferred integration is via the nevisadmin-plugin-mobile-auth nevisAdmin 4 pattern. (NEVISFIDO-2194)
- UPGRADED: We upgraded the Apache EL third-party dependency to version 10.1.25. (NEVISFIDO-2193)
- UPGRADED: We upgraded the Bouncy Castle third-party dependencies to version 1.78.1. (NEVISFIDO-2193)
- UPGRADED: We upgraded the Checker Framework third-party dependency to version 3.47.0. (NEVISFIDO-2193)
- UPGRADED: We upgraded the Google-api-client third-party dependency to version 2.7.0. (NEVISFIDO-2193)
- UPGRADED: We upgraded the Google-auth-library third-party dependency to version 1.25.0. (NEVISFIDO-2193)
- UPGRADED: We upgraded the Guava third-party dependency to version 33.3.0-jre. (NEVISFIDO-2193)
- UPGRADED: We upgraded the Jackson third-party dependencies to version 2.17.2. (NEVISFIDO-2193)
- UPGRADED: We upgraded the Jakarta-validation third-party dependency to version 3.1.0. (NEVISAUTH-2193)
- UPGRADED: We upgraded the Log4j third-party dependencies to version 2.24.0. (NEVISFIDO-2193)
- UPGRADED: We upgraded the MariaDB connector third-party dependency to version 3.4.1. (NEVISFIDO-2193)
- UPGRADED: We upgraded the Nimbus third-party dependency to version 9.40. (NEVISFIDO-2193)
- UPGRADED: We upgraded the Opentelemetry api third-party dependency to version 1.42.0. (NEVISFIDO-2193)
- UPGRADED: We upgraded the PostgreSQL jdbc driver third-party dependency to version 42.7.4. (NEVISFIDO-2193)
- UPGRADED: We upgraded the Slf4j third-party dependency to version 2.0.16. (NEVISFIDO-2193)
- UPGRADED: We upgraded the Spring-boot third-party dependency to version 3.3.4. (NEVISFIDO-2222)
- UPGRADED: We upgraded the Spring third-party dependencies to version 6.1.14. (NEVISFIDO-2222)
- UPGRADED: We upgraded the Webauthn4j api third-party dependency to version 0.26.0.RELEASE. (NEVISFIDO-2193)
nevisIDM 8.2411.0.11824142812 - 20.11.2024
Application version | Minimal required database schema version | Maximal supported database schema version |
---|---|---|
8.2411.0.11824142812 | 7.28 | 7.x |
Breaking changes
- FIXED: Now default policy values are applied to
PASSWORD
,CONTEXT_PASSWORD
andDEVICE_PASSWORD
credentials when validating passwords. This behaviour can be turned off with configuration propertyapplication.policy.loadDefaultValues
. (NEVISIDM-9598)- Startup time check is added to check if there is some policy where it can cause issues. It can be turned of with
application.policies.passwordpolicies.checkatstartup
configuration property. - Policies for credential types
PASSWORD
,CONTEXT_PASSWORD
andDEVICE_PASSWORD
are validated when created and modified.
- Startup time check is added to check if there is some policy where it can cause issues. It can be turned of with
General changes and new features
General/Core
- UPGRADED: We updated Jetty to 12.0.9. (NEVISIDM-9448)
- UPGRADED: We updated ws to 8.17.1. (NEVISIDM-9629)
- FIXED: Added missing dtds to DigesterFactory. (NEVISIDM-9552)
- FIXED: Fixed mistakenly applied/left out privilege escalation checks for credential related operations. (NEVISIDM-9334)
- CHANGED: IDM health check now only check database version once in
database.version.healthcheck.cache.timeout
seconds, otherwise it uses the cached value. (NEVISIDM-9563) - UPGRADED: We updated Braces lib from 3.0.2 to 3.0.3. (NEVISIDM-9617)
- UPGRADED: We updated NodeJs from 16.13.2 to 22.9.0. (NEVISIDM-9831)
- FIXED: The problem with credential login info counters solved on systems where the audit logging disabled. (NEVISIDM-9886)
Web GUI
- UPGRADED: We updated commons-io to 2.14.0. (NEVISIDM-9793)
- UPGRADED: We updated socket.io to 4.7.5. (NEVISIDM-9629)
- UPGRADED: We updated npm-ip to 2.0.1. (NEVISIDM-9609)
REST API
- FIXED: Create history for custom properties when it is modified via REST API (NEVISIDM-9690)
Web Services
- FIXED: For
queryRoles
,queryProfiles
andqueryUsers
now displaying the nevisIDM roles correctly. (NEVISIDM-9787) - FIXED: ModifyCredential now accepts state changes for FIDO UAF credentials with empty
credentialFidoUaf
tags in the request. (NEVISIDM-9762) - FIXED: When displaying credential SOAP services no longer logs an error if the user has
RECOVERY_CODE
orFIDO2
credentials is not found. (NEVISIDM-9599)
Configuration
- FIXED:
database.connectiom.pool.min
anddatabase.read.only.connectiom.pool.min
now has the correct default value of 3. (NEVISIDM-9601) - FIXED: Property Import mechanism now can display encrypted enum property values correctly after first start. (NEVISIDM-9587)
- NEW: Property import mechanism now handles properties with same name, but different scope correctly. (NEVISIDM-9463)
- NEW: Introduced new configuration property to control if UserRestService should return credential specific fields. Behaviour could be controlled with
show.user.credentials.special.attributes.enabled
. (NEVISIDM-9567)
Database
- FIXED: Added
CERTIFICATE_VALUE
toTIDMA_CERT_INFO_V
table on PostgreSQL Database schema. (NEVISIDM-9562) - CHANGED:
CONTEXT
column inTIDMA_CREDENTIAL
table is extended to be able to handle up to 4000 characters. (NEVISIDM-9807) - CHANGED: Dropped
TIDMA_ERROR
table from the database schema and modified error raising. (NEVISIDM-9477)
nevisLogRend 8.2411.0.14 - 20.11.2024
General changes
- FIXED: Default logging.yml incorrectly containing
jcan.Op
instead ofOpTrace
. (NEVISAUTH-4774) - UPGRADED: We upgraded the commons-cli third-party dependency to version 1.9.0. (NEVISLOG-538)
- UPGRADED: We upgraded the commons-lang3 third-party dependency to version 3.17.0. (NEVISLOG-538)
- UPGRADED: We upgraded the commons-text third-party dependency to version 1.12.0. (NEVISLOG-538)
- UPGRADED: We upgraded the commons-validator third-party dependency to version 1.9.0. (NEVISLOG-538)
- UPGRADED: We upgraded the Jackson third-party dependencies to version 2.17.2. (NEVISLOG-538)
- UPGRADED: We upgraded the Jetty third-party dependencies to version 12.0.13. (NEVISLOG-538)
- UPGRADED: We upgraded the Guava third-party dependency to version 33.3.0-jre. (NEVISLOG-538)
- UPGRADED: We upgraded the Opentelemetry api third-party dependency to version 1.42.0 (NEVISLOG-538)
- UPGRADED: We upgraded the log4j third-party dependencies to version 2.24.0. (NEVISLOG-538)
- UPGRADED: We upgraded the slf4j third-party dependency to version 2.0.16. (NEVISLOG-538)
nevisMeta 8.2411.0.4 - 20.11.2024
General changes
- FIXED: We fixed NPE exception while import the old data that doesn't contain ToS URI, Policy URI, Logo URI. (NEVISMETA-2037)
- FIXED: We fixed DCR endpoint cannot create new client without login. (NEVISMETA-2080)
- FIXED: The Resource Server's scope metadata was incorrectly displayed on the GUI. (NEVISMETA-2035)
- FIXED: In the field
contacts
of the UI, the charactern
was converted to a separator. (NEVISMETA-2015) - FIXED: We fixed the validation of JWKS and JWKS_URI field on UI. (NEVISMETA-2058)
- FIXED: We only log the error for invalid request uri while loading from database instead of throwing exception. (NEVISMETA-2088)
- CHANGED: We only write a warning instead of an error when a property name is incorrect. (NEVISMETA-1924)
- UPGRADED: We upgraded the jetty third-party dependency to 12.0.14. (NEVISMETA-2091)
- UPGRADED: We upgraded the spring third-party dependency to 6.1.14. (NEVISMETA-2094)
- UPGRADED: We upgraded the primefaces bootstrap dependency to 1.10.11. (NEVISMETA-2071)
- UPGRADED: We upgraded the common-io to 2.17.0. (NEVISMETA-2084)
- CHANGED: We changed implementation from custom JWKS class to nimbus one. (NEVISMETA-2045)
nevisProxy 8.2411.0 - 20.11.2024
Changes and new features
- NEW: We added the parameter PropagateTraceparentHeader to forward the traceparent header back to the frontend. (NEVISPROXY-7335)
- NEW: We added the parameter
InflateResponse.ContentTypes
to the InflateFilter. (NEVISPROXY-7271) - NEW: We added the parameter
Brotli.Quality
to the DeflateFilter. (NEVISPROXY-7270) - NEW: The OpenTelemetry traces now contain the
dt
andcR
values. (NEVISPROXY-7259) - NEW: We added the parameter
ViaHeader
to the BackendConnectorServlet. (NEVISPROXY-7248) - NEW: We added the parameter
Sampler
to the OpenTelemetry tracing. (NEVISPROXY-7243) - NEW: We added the parameter
AllowEncodedSlashes
to navajo.xml. (NEVISPROXY-7239) - NEW: The PostgreSQLSessionStoreServlet now reports to the StatusServlet. (NEVISPROXY-7094)
- NEW: We added the parameter EnableMetrics to the BackendConnectorServlet. (NEVISPROXY-7092)
- NEW: We extended the HTTP connector servlets with status code metrics. (NEVISPROXY-7091)
- NEW: We added the parameter
DeploymentEnvironment
to the Telemetry configuration. (NEVISPROXY-7088) - NEW: The Lua JWT handler now supports token verification using a JWK key. (NEVISPROXY-7078)
- NEW: We added the parameters
ValidateSchema
andSchemaType
to the XMLFilter. (NEVISPROXY-7069) - NEW: Events are now reported in traces to the OpenTelemetry service. (NEVISPROXY-6887)
- NEW: The DeflateFilter and InflateFilter support now deflate encoding as well. (NEVISPROXY-6224)
- NEW: The DeflateFilter and InflateFilter support now the Brotli Algorithm. (NEVISPROXY-6206)
- FIXED: We fixed the bug where a race condition followed by a NullPointerException was triggered when using the MultiLevelSessionStoreServlet and a custom based SessionManagementFilter. (NEVISPROXY-7307)
- FIXED: We fixed the possible ModSecurityFilter segmentation fault when DelegateFromTx parameter was configured. (NEVISPROXY-7362)
- FIXED: We fixed the issue that the BackendConnectorServlet passed the wrong HTTP-Protocol for HTTP/2 requests coming from the frontend. (NEVISPROXY-7340)
- FIXED: We fixed the issue where a DATA frame was sent for empty HTTP2 responses. (NEVISPROXY-7319)
- FIXED: We fixed the issue where the ErrorFilter did only replace placeholders for
text/*
Content-Types when the Resource was a Servlet. It now also processesapplication/json
Content-Type by default. See the new parameterPlaceHolders.ContentTypes
. (NEVISPROXY-7312) - FIXED: We fixed the bug where the UrlEncryptionFilter did not support a request path containing URL-encoded special characters. (NEVISPROXY-7293)
- FIXED: We fixed the issue where Events and Logout-Cookies were not visible in LuaFilters for logout requests. (NEVISPROXY-7282)
- FIXED: The JsonFilter now adds the RequestFlag
+NEEDS_JSON_PARSING
by default. (NEVISPROXY-7210) - FIXED: We fixed the error which may have occurred if a ModSecurityFilter was mapped before an ICAPFilter. (NEVISPROXY-7170)
- FIXED: We fixed a possible memory leak if
SSLCheckPeerHostname.AllowWildcards
was set totrue
in the HttpsConnectorServlet. (NEVISPROXY-7162) - CHANGED: The deprecated Lua functions getRequestUri and setRequestUri have been replaced by getRequestPath and setRequestPath. (NEVISPROXY-7304)
- CHANGED: We improved the placeholder substitution in the ErrorFilter. (NEVISPROXY-7300)
- CHANGED: The ModSecurityFilter checks now against the encoded path for the request evaluation. (NEVISPROXY-7279)
- CHANGED: The DeflateFilter accepts now a quality of 0 in the Accept-Encoding header. (NEVISPROXY-7246)
- CHANGED: We improved the startup time of nevisProxy. (NEVISPROXY-7228)
- CHANGED: We improved the MultiLevelSessionStoreServlet for parallel login requests. (NEVISPROXY-7207)
- CHANGED: We changed the behaviour of the navajo.xml Connector priority. (NEVISPROXY-7152)
- CHANGED: We use now keep-alive sockets if KeepAlive is true in the HttpConnectorServlet or BackendConnectorServlet. (NEVISPROXY-7143)
- CHANGED: The parameter CompressionWindowSize of the DeflateFilter accepts now only values between -15 and -8 including those. (NEVISPROXY-7138)
- CHANGED: We improved the nevisproxy version written in telemetry reports. (NEVISPROXY-7129)
- CHANGED: The base62 binary can now be used without setting the LD_LIBRARY_PATH. (NEVISPROXY-7107)
- CHANGED: The DefaultAction parameter of the CountryIpFilter is now conditional. (NEVISPROXY-6606)
- CHANGED: The method name isn't traced any longer for INFO and ERROR messages.. (NEVISPROXY-4619)
- UPGRADED: We upgraded to nghttp2 1.64.0. (NEVISPROXY-7353)
- UPGRADED: We upgraded to OpenSSL 3.0.15. (NEVISPROXY-7310)
- UPGRADED: We upgraded to Apache HTTP Server 2.4.62. (NEVISPROXY-7247)
- UPGRADED: We upgraded to OpenTelemetry 1.16.1. (NEVISPROXY-7238)
- UPGRADED: We upgraded to Lua 5.4.6. (NEVISPROXY-7147)
- UPGRADED: We upgraded to ModSecurity 3.0.13. (NEVISPROXY-7009)
- UPGRADED: We upgraded to mod_qos 11.75. (NEVISPROXY-6705)
- DEPRECATED: We replaced the low-level property
ch.nevis.navajo.SessionCleanupWaitTimeout
withch.nevis.navajo.ListenerWaitTimeout
. (NEVISPROXY-7202) - DEPRECATED: We deprecated the bc property
org.apache.request.ParsedUri
. (NEVISPROXY-7080) - DEPRECATED: The parameter CheckAlwaysClientCert of the IdentityCreationFilter has been deprecated. (NEVISPROXY-6750)
- DEPRECATED: The apache H2 directive H2SerializeHeaders has been deprecated. (NEVISPROXY-6527)
- DEPRECATED: We deprecated the
ch.nevis.isiweb4.auth.ExternalHint
request attribute. (NEVISPROXY-5741) - REMOVED: We removed the system memory usage tracing. (NEVISPROXY-7209)
- DOCUMENTATION: We improved the documentation for Securosys integration. (NEVISPROXY-7277)
- DOCUMENTATION: We improved the documentation of the
H2
tag in navajo.xml. (NEVISPROXY-7232) - DOCUMENTATION: The chapters about tracing information have been improved. (NEVISPROXY-4637)
SLES15 support
- on SLES15 you have to be up to date with the latest available service pack (SP). You can find the available SP versions here.
Backward compatibility issues
- The Apache config generation is changed when multiple hosts are defined in navajo.xml. Now the default hosts' virtual hosts are moved to the beginning. In the old config generation, the virtual hosts order was defined by the connectors' order.
- The XmlFilter checks now the content against the configured XSD schema (if any). If the content doesn't match the schema, or a schema is missing, the request will be blocked. In order to switch back to the old behaviour you need to set the parameter
ValidateSchema
tofalse
. - Due to the apache httpd upgrade you have to add the following
SSLCryptoDevice
in theService
section of navajo.xml if a Securosys HSM (or any pkcs#11 based HSM) is configured:
SSLCryptoDevice="pkcs11"
- The DeflateFilter's CompressionWindowSize parameter no longer accepts positive values.
- For nevisproxy to run correctly, you need at least SP6 if running on SLES15. You can check the installed SP version on your SLES15 host by executing
cat /etc/os-release
. The version has to be 15.6 or more:
# cat /etc/os-release
NAME="openSUSE Leap"
VERSION="15.6"
- If neither OpenTelemetry nor sampling is enabled op tracing in some nevis components may not work any more. To solve that you can set the java property
otel.traces.sampler
in the concerned nevis component toalways_on
.
Ninja 8.2411.0.1 - 20.11.2024
- UPGRADED: We upgraded the jcan-saml, jcan-sectoken dependency to version 8.2411.0.x. (NINJA-236)
nevisoperator 8.2411.0 - 20.11.2024
Main improvement
- NEW: We are fully mounting the Oracle Volume for containers to support Oracle JDBC Type 2 connections. (NOPE-2)
nevis-base-flyway 8.2411.0 - 20.11.2024
- NEW: We grant the
azure_pg_admin
role to the schemaOwner user. (NEVISADMV4-10314) - UPGRADED: We upgraded to postgresql 42.4.5. (NEVISADMV4-10286)
- UPGRADED: We upgraded to nimbus-jose-jwt 9.37.3. (NEVISADMV4-10296)
nevis-opentelemetry-javaagent 2.0.0.2 - 20.11.2024
- NEW: We are logging the product analytics metrics into the
*-nevis-product-analytics.jsonl
file and with theProductAnalytics
logger, if configured. (NEVISADMV4-9763) - CHANGED: We renamed the artifact from
opentelemetry-extensions-all
tonevis-opentelemetry-javaagent
. (IS-374) - CHANGED: We upgraded to java 17. (NEVISADMV4-9763)
Component versions
The following versions are part of this release. All of them are under Full Support until the next RR upgrade becomes available.
Component | Artifact name | Version** | RHEL 8* | RHEL 9* | SLES 15* |
---|---|---|---|---|---|
nevisAppliance | nevisappliance | 8.2411.1.0 8.2411.0.0 | n/a | n/a | n/a |
nevisAdapt | nevisadapt | 8.2411.0.22 | ✅ | ✅ | |
nevisAdmin 4 | nevisadmin4 | 8.2411.0.17 | ✅ | ✅ | |
nevisAuth | nevisauth | 8.2411.0.13 | ✅ | ✅ | |
nevisCred | neviscred | 2.0.20.0 | ✅ | ||
nevisDataPorter | nevisdp | 8.2411.0.11795601371 | ✅ | ✅ | |
nevisDetect | nevisdetect nevisdetectcl | 8.2411.0.6 | ✅ | ✅ | |
nevisFIDO | nevisfido nevisfidocl | 8.2411.0.13 | ✅ | ✅ | |
nevisIDM | nevisidm nevisidmcl nevisidmdb | 8.2411.0.11824142812 | ✅ | ✅ | |
nevisIDM | adnooprint | 7.2311.0.6565033000 | ✅ | ✅ | |
nevisKeybox | neviskeybox | 2.2.5.0 | ✅ | ✅ | ✅ |
nevisLogRend | nevislogrend | 8.2411.0.14 | ✅ | ✅ | |
nevisMeta | nevismeta | 8.2411.0.4 | ✅ | ✅ | |
nevisProxy | nevisproxy | 8.2411.0.0 | ✅ | ✅ | |
Ninja | ninja | 8.2411.0.1 | n/a | n/a | n/a |
Ninwin | ninwin | 2.3.5.0 | n/a | n/a | n/a |
*) Tested with the latest available patch level.
**) Versions in bold changed compared to the previous release.
Third-party dependencies
The following third-party software is often used by Nevis components. Some of the software is included within nevisAppliance.
Below you find the latest supported versions.
Third-Party Software | Version |
---|---|
JVM (OpenJDK) | ✅ 17.0.12 |
MariaDB | ✅ 10.6 |
PostgreSQL | ✅ 15 |
Kubernetes | ✅ 1.29 |
Mobile Apps
Mobile apps and the Mobile SDK are released independently of the component releases. Refer to the following pages:
- Nevis Mobile Authentication Client SDK
- Nevis Access App