Skip to content

Onegini Security Proxy

5.x

Release notes 5.x¶

5.8.4¶

Improvements¶

Make the default client_body_buffer_size configurable
Dependency updates

5.8.3¶

Improvements¶

Dependency updates

5.8.2¶

Improvements¶

Dependency updates
Improvements in our deployment charts (to support upgrades of our platform)

5.8.1¶

Improvements¶

Dependency updates
Cache resiliency improvements

5.8.0¶

Improvements¶

Dependency updates

Bug fix¶

X-Forwarded-For header is now correctly set when using payload encryption

5.7.4¶

Bug fixes¶

Fixes bug in 5.7.3 by including a logging framework

5.7.3¶

Security update¶

Mitigate CVE-45046 vulnerability

5.7.2¶

Security update¶

Mitigate CVE-44228 vulnerability

5.7.1¶

Improvements¶

Dependency updates

5.7.0¶

Features¶

Add toggle to enable or disable the hiding of certain headers from resource gateways and transparent proxies.
Add configuration option to enable extra headers to be set on upstream requests or responses for transparent proxies or resource gateways.

5.6.2¶

Bug fixes¶

Fix redis connection by @patrykroszczyniala in #291

5.6.1¶

Bug fixes¶

Use JAVA_TOOL_OPTIONS instead of JAVA_OPTS
Fix ingress.yaml structure

5.6.0¶

Features¶

Added ElastiCache support

5.5.8¶

Bug fix¶

Fixed an issue with the location of TLS certificates in the Nginx template.

5.5.7¶

Bug fix¶

Since the nginx upgrade in version 5.5.1, it was no longer possible to configure custom TLS certificates. This has been fixed.

5.5.4¶

Improvement¶

Upstream logs are now configurable (disabled by default). See the configuration properties related to SECURITY_PROXY_NGINX_ENABLE_UPSTREAM_LOG for more information.

5.5.3¶

Improvement¶

The initial delays for verifying readiness and liveness probes are now configurable in the deployment chart.

Bug fixes¶

Existing mobile app installations could not migrate from Security Controls v1 to Security Controls v2. This has been fixed.

5.5.2¶

Improvement¶

Extended the Security Proxy's deployment capabilities to make it compatible with the multi-tenant Onegini Identity Cloud.

5.5.1¶

Improvement¶

Upgraded nginx and openssl. Now running on alpine.

5.5.0¶

Improvement¶

Exposed configuration properties that allow to set expected TLS protocol version for each service that the Security Proxy integrates with. For more information check properties with SSL_PROTOCOLS suffix in the properties reference.

5.4.0¶

Improvement¶

Both client registration and migration flows now function correctly when Payload Encryption is enabled with the new Security Controls protocol.

5.3.2¶

Bug fixes¶

Large Payload Encryption requests failed. We have added a missing configuration property for the maximum size of the encrypted request body variable.

5.3.1¶

Bug fixes¶

Large Payload Encryption requests failed. We have fixed this, so large requests utilizing Payload Encryption will also succeed. We have made the maximum size of the encrypted request body configurable.
The Security Proxy would return an error on requests by OAuth/OpenID Connect clients that use PKCE (Proof Key for Code Exchange). PKCE is designed to use the OAuth authorization code flow from single page apps or native clients. These clients cannot store a predefined secret, and utilize PKCE as a temporary secret. We have fixed this issue, so you can use the Security Proxy again for OAuth clients that rely on PKCE.

5.3.0¶

Features¶

Introduced a new version of the Payload Encryption handshake API that is part of the new Security Controls protocol.

5.2.0¶

Improvements¶

New timeout settings for communication with the Token Server have been introduced. This makes the Security Proxy more resilient in case there are issues with this connection.

5.1.0¶

Features¶

Support Cross-Origin Resource Sharing (CORS) for resource gateways

Improvements¶

Updates of internal libraries

5.0.0¶

Improvements¶

Upgraded to Spring Boot 2
Switched to OpenJDK 11 in Docker images