Patch release description

5.0.1

  • PHX-3293 SignatureValue has whitespace/newlines in payload
    SignatureValue includes whitespace/newlines which is correct according to specification but some SP' fails to parse. Issue resolved - by default no whitespaces/newlines are added in payload 
  • PHX-3303 OWASP: Vulnerabilities CVE-2023-44487, CVE-2007-5090, CVE-2023-4586
    Identified vulnerabilities. grpc-api-1.57.2.jar: CVE-2023-44487(7.5), sqljdbc-4.1.jar: CVE-2007-5090(7.5), vertx-core-4.4.4.jar: CVE-2023-4586(7.4). Issue resolved
  • PHX-3335 Not possible to set "embedded EncryptoinKey" at encryptassertion in Assertionprovider
    Add the possibility to configure if KeyPlacement.PEER or KeyPlacement.INLINE should be used in AssertionProvider configuration. Today only KeyPlacement.PEER is supported. Enhancement added, now possible to select PEER or INLINE
  • PHX-3341 SAML AuthnRequest ACS-URL validation
    If request isnt signed, AssertionConsumerService in SAML AuthnRequest should only be used if the ACS is present in the metadata. Issue resolved
  • PHX-3353 MiuLookupValve: Does not set TLS version?
    MiuLookupValve does not set what TLS version to use, and it’s not configurable. Issue resolved, see GetHsaPersonValve, GetMiuForPersonValve
  • PHX-3358 DSS-Signing: Problem with chain trust for POE (timestamps)
    When adding new signatures in PDF document, the trust of already embedded timestamps is incorrectly validated while validating already embedded signatures proof of existence . Issue resolved
  • PHX-3361 SAML2SithsEid authenticator fails to parse response from Inera
    The SAML2SithsEID authenticator fails with “DecodeException” when the initialization of the eID authentication is requested from the Inera server. Issue resolved
  • PHX-3363 MSSQL, missing dll for integrated authentication
    Integrated authentication for MSSQL doesnt work due to wrong dll. Issue resolved
  • PHX-3381 Traceid not working
    Incompability between log4j adapter and slf4j causing traceid not to be correct in logs. Issue resolved
  • PHX-3384 HttpVerticle.startHttp fails silently on errors
    In case of error in HttpVerticle.startHttp the deployment will stall without any log or information on why. Issue resolved
  • PHX-3385 HTTPSCfgUtility.configure: NullPointerException if config["sslKeyStore"] == null
    When JsonObject contains a property with the explicit value of null, PAS throws NullPointerException. Issue resolved