Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Some search values, such as <script>alert('I'm testing it')</script>, did not return a validation error instead of a empty result when searching for.

  • It was possible to add the same linked resource twice, if the the resource group was different.

...

  • It’s now possible to decide which claims are issued in which token (id_token or access_token). For that, a new configuration user interface has been created. By default, all claims are assigned to the id_token token, but you can use that new configuration user interface to make any necessary changes.

  • The AVH / AHV (ZAS) identity validation method now asks the user for explicit consent to store the AHV / SSN number.

  • The user has now the option to validate and edit his personal data before any validation methods. Additionally, he can validate and edit the data after a failed validation attempt.

  • A forgot username process has been implemented. If the user can provide a unique communication channel, the username will be sent to that channel.

  • All JavaScript libraries have been updated to the latest possible versions.

Bug Fixes

  • In some cases, the ordering of the available Quality of Authentication (QoA) was not calculated correctly.

  • It was possible to perform redos attacks to an a validation endpoint. The issue has been resolved.

...

  • The handling of dates in the CoreOne API has been unified and improved in regards regard to filters such as ge and le.

...

  • When the user selected the “Close” on the prolong user session popup, the popup simply reappeared. The button has been renamed to “Logout” and, when selected, initiates the logout.

...

  • Provisioning of empty values to an OpenLDAP could cause errors which have been resolved.

  • Multi value support in the EntraID Entra ID connector has been improved.

...