Patch release description

This document describes the content of the 4.0.x patch releases.

CVE-2021-45046 - How to patch

  • Under <install_root>, locate all the occurrences  of log4j-core-*.jar.  Note that there could be multiple instances, found in different locations.
  • Replace with the attached jar file. No need to rename the file. Be sure that the filename correlates with the attached file in this article. IE: log4j-core-2.13.0.jar  should be replaced with log4j-core-2.13.0_CVE-2021-45046.jar
  • System needs restarting

Note that installing new features may require additional log4j patching described above.


This fix was included in the version.

  • Token-userID mapping case sensitivity

    Using internal HSQLDB for token storage, this fix removed the requirement of userID case sensitivity (ie bob, bOb and BOB will now be accepted as userID to fetch the token). 


Fixes included in the version.

  • BankID proxy API

Solving error "loader constraint violation" when BankID proxy API and other outgoing http module(s), such as Freja eID or SAML Metadata loading from URL, are coexistent.

  • API Base handler

Solving error "Unable to parse http body into json"

  • Upgrade Easy Access

  • SAML Logout

Solving problem with logout fail.

  • SQL columns

Adding columns used by PAS to internal and external database

  • SQL name

Possible to change name of the external database


Fixes included in the version.

  • SAML Service Provider authenticator
    Solving problem with AuthN Request via Redirect / GET

  • VerifyJwtTokenValve
    Solving a problem with datatype conversion when verifying JWT

  • Password Reset Module
    Customizations might have to be re-implemented due to an updated dependency


Fix in this version

  • SAML authnReq with HTTP-Redirect binding.

Update of formatting when sending SAML authnReq with HTTP-Redirect binding.
Affects authNs OIDCToSAMLBroker and SAMLSPBroker.


Fix in this version

  • Password Reset Module
    Reverted back to original build for 4.0.x

  • Double encoding
    Solving a problem where of response data for GET requests were double encoded

  • SAML anonymous assignment
    Improved session handling

  • Improved loading of modules
    Solving problems with modules depending on the crypto module


Please contact PhenixID support for additional information.