Skip to content

v6.2.5
Compare
Choose a tag to compare
@rrayst rrayst released this 29 Jul 09:07
· 1 commit to cfbf2cd75ba00060f2e6489f8b471b927bfc70d3 since this release
v6.2.5
3ba45e3

Changes since 6.2.4:

Security Fix:

  • <oauth2resource2>: make cookie invalid after logout (previously, the cookie was deleted from the browser, but still valid)

Improvements:

  • <oauth2resource2><membrane responseModesSupported="form_post query"> can now be used to select/prioritize one response mode over another. (Setting this to query might allow you to use a sameSite session cookie, in case you Authorization Server uses another domain and supports form_post, which is the default choice if available.)
  • <httpClient> now logs requests and responses of all retries on the TRACE log level.
  • <openTelemetry> does not log an exception anymore, if the frontend/backend connection breaks while reporting the HTTP message body.

Fixes:

  • upgraded dependencies (log4j-layout-template-json to 2.25.1)
Assets 5
Loading