Release Notes
20.1.16
Release date: 28th June 2022
Security updates:
- #639: Remote Code Exploit: Variable ${clientIp} not sanitized leading to argument injection vulnerability
- Denial of Service (DoS) High Severity
OIDC:
- Improper Verification of Cryptographic Signature High Severity
SAML2:
- Improper Input Validation Medium Severity
- XML External Entity (XXE) Injection Critical Severity
- Authentication Bypass High Severity
- Cryptographic Issues Medium Severity
- Improper Output Neutralization for Logs Medium Severity
- Improper Input Validation Medium Severity
- Remote Code Execution Critical Severity
- Denial of Service (DoS) Medium Severity
TEST TOOL:
- Improper Handling of Case Sensitivity Low Severity
- Denial of Service (DoS) Medium Severity
- Denial of Service (DoS) Medium Severity
- Denial of Service (DoS) Medium Severity
- Insufficient Hostname Verification Medium Severity
- HTTP Request Smuggling Medium Severity
- Denial of Service (DoS) High Severity
- Privilege Escalation High Severity
- Improper Input Validation High Severity
- Remote Code Execution Critical Severity
20.1.15
Release date: 19th January 2022
Security updates:
- protobuf-java CVE-2021-22569 Denial of Service (DoS) High Severity
- jackson-databind CWE-400 Denial of Service (DoS) Medium Severity
- jetty-webapp CVE-2021-34428 Information Exposure Low Severity
- jetty-servlet CVE-2021-34429 Access Restriction Bypass Medium Severity
- log4j CVE-2021-44832 Improper Input Validation Medium Severity