4.297.vcddb_d8a_e4694

🚀 New features and improvements

• Implement Token Expiry Check and Refresh using Refresh Tokens (#310) @krezovic

📦 Dependency updates

• Bump Jenkins version to 2.426.3 (#346) @michael-doubez

4.290.v6f5e8da_e98b_2

🚀 New features and improvements

• Set up an error page when the token could not be validated. (#344) @Vlatombe

4.284.v0cc21de03d37

🐛 Bug fixes

• Replace OicUserProperty with LastGrantedAuthoritiesProperty (#333) @jglick

4.279.vca_c1e2fdd24b_

🐛 Bug fixes

• OicUserProperty was discarded after saving the user config page (#332) @jglick

📦 Dependency updates

• Bump crowdin/github-action from 1 to 2 (#331) @dependabot

4.269.va_7526f34f306

🚀 New features and improvements

• Rework security realm config GUI (#312) @michael-doubez

🌐 Localization and translation

• Update french localization (#325) @github-actions

👻 Maintenance

• Add HOWTO on groups configuration (#309) @michael-doubez

4.257.v5360e8489e8b_

Fix issue(#304) caused by JWKS parsing. This release disables the signature verification if parsing failes but idtoken content is still validated.

If token verification was disabled due to previous version, it can be re-activated to perform content verification. Side effect will be a unique warning at the first failure of JWKS URI parsing.

🚀 New features and improvements

• Ensure login doesn't redirect to logout URL (#303) @michael-doubez

🐛 Bug fixes

• Disable JWKS verification if not supported by client library (#308) @michael-doubez

4.250.v5a_d993226437

Improve security by verifying signature of provider's idtoken and, if applicable, userinfo. This requires the configuration of the JWKS endpoint of the provider; this is automatic if auto mode is used. At the same time, the idtoken generation and expiry times are verified as per idtoken token verification specs.

A new flag can be configured for bypassing the new checks.

🚀 New features and improvements

• Add JWKS parameters for verifying web token signatures (#297) @michael-doubez

🚩 Known issues

• Issue(#304): JWKS server URL is expected to contain alg parameter which breaks login - workaround: use new flag to disable token signature verification

👻 Maintenance

• Add open rewrite to pom.xml (#298) @michael-doubez

4.239.v325750a_96f3b_

🚀 New features and improvements

• Gracefully handle missing and invalid idtoken (#292) @michael-doubez

4.238.v0021f710b_b_f4

🌐 Localization and translation

• Add localization of help html files (#294) @michael-doubez

📦 Dependency updates

• Bump mailer from 1.34.2 to 448.v5b_97805e3767 (#293) @michael-doubez

4.236.v4124503b_a_f88

Fix regression(#290) on PKCE code verification. PKCE can be re-enabled in configuration.

🐛 Bug fixes

• Reimplement PKCE to serialize verifier in session (#291) @michael-doubez

👻 Maintenance

• Improve code cleaning (#289) @michael-doubez

📦 Dependency updates

• Jenkins minimal version to v2.361.4 (#289) @michael-doubez