Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


This is a patch update containing some memory-related bug fixes, and addresses a security advisory involving the use of the External, RemoteUser, X509, and SPNEGO login flows.

Fixing the security issue required an internal redesign of the External login flow (the other three essentially reuse the External flow to function) and the fix required changes to some Java classes that are part of the public API. This is allowed in a patch when necessary to address critical bugs. While these changes are visible, they do not impact the documented/intended "public" interface to the External login mechanism used by deployers.