Table of Contents |
|
3.0.8 (July 19th, 2024)Apache Syncope 3.0.8 Maggiore is the eighth maintenance release of Apache Syncope 3.0, bringing several fixes and improvements.
Info |
|
Upgrading from 3.0.7? There are some notes about this process. |
Relevant dependency upgrades
- Spring Framework: 5.3.35 → 5.3.37
- Spring Security: 5.8.12 → 5.8.13
- Apache CXF: 3.6.3 → 3.6.4
- Apereo CAS: 6.6.15.1 → 6.6.15.2
IssuesImprovement
- [SYNCOPE-1822] - SCIM: support user extension
- [SYNCOPE-1823] - SCIM: support search by extension attributes
3.0.7 (May 20th, 2024)Apache Syncope 3.0.6 7 Maggiore is the seventh maintenance release of Apache Syncope 3.0, bringing several fixes and improvements.
Info |
|
Upgrading from 3.0.6? There are some notes about this process. |
Relevant dependency upgrades
- Spring Framework: 5.3.31 → 5.3.35
- Spring Security: 5.7.11 → 5.8.12
- Apereo CAS: 6.6.14 → 6.6.15.1
IssuesBug
- [SYNCOPE-1798] - Incorrect descendant Realms found by Elasticsearch / OpenSearch
- [SYNCOPE-1800] - FIQL comparison espressions with single quote cause JSONB search to fail
- [SYNCOPE-1803] - Can't remove multivalue membership plain schema value from console
- [SYNCOPE-1806] - Overlapping dynamic realms don't get updated
- [SYNCOPE-1808] - Wrong location for group in ResourceTypes SCIM service
- [SYNCOPE-1812] - Can't perform case-sensitive search using MariaDB
- [SYNCOPE-1813] - Wrong provisioning result shown after batch operation
- [SYNCOPE-1817] - Standalone: components not available
- [SYNCOPE-1818] - Wrong status value propagated to external resources if changed while pulling
- [SYNCOPE-1820] - Console label not working with multivalue schema
Improvement
- [SYNCOPE-1802] - Missing delegated SAML2 IdP configuration parameters
- [SYNCOPE-1807] - Status propagation on resource doesn't happen from the SCIM extension
- [SYNCOPE-1809] - Cleanup of uid-on-create attribute on resource unassignment
- [SYNCOPE-1811] - Missing Bypass MFA properties
- [SYNCOPE-1815] - Macro improvements
- [SYNCOPE-1816] - Provide the possibility to add a JcifsSpnegoAuthenticationHandler
...
- A new extension is available for OpenSearch, providing an alternate internal search engine for Users, Groups and Any Objects,Realms and Audit Events
- Ready-to-use components are provided to ease integration with Microsoft Entra (formerly Azure)
IssuesBug
- [SYNCOPE-1778] - Reset password requires double click in order to provide username
- [SYNCOPE-1779] - Missing support for underscore in queries
- [SYNCOPE-1785] - Display rows changes not effective until reload
- [SYNCOPE-1790] - Swagger filtered GET returns multiple Users/AnyObjects instead of one
- [SYNCOPE-1791] - Unable to save audit config for CUSTOM event in the console
- [SYNCOPE-1792] - Error in console while editing conf parameter with values containing numbers
- [SYNCOPE-1793] - A logged in user cannot associate/deassociate a resource to himself
- [SYNCOPE-1794] - SAML: Authentication issue instant is too old or in the future
...
- [SYNCOPE-1783] - Provide OpenSearch extension
- [SYNCOPE-1789] - Add support for X509 authentication
- [SYNCOPE-1796] - Verify access token issued by Microsoft Entra (formerly Azure)
Improvement
- [SYNCOPE-1780] - Password policy allows a minimum length less than the number of characters needed
- [SYNCOPE-1784] - Allow you to use other OIDCScopes in addition to those currently defined
- [SYNCOPE-1786] - Self Keymaster improvements
- [SYNCOPE-1787] - Support deployments with large number of Realms
- [SYNCOPE-1788] - Allow to insert JWKS value in OIDC Client Applications
- [SYNCOPE-1795] - JWT_SSO_PROVIDER and AUDIT_APPENDER should not be Implementations
- [SYNCOPE-1797] - Compatibility of SCIM 2.0 requests from Microsoft Entra
...
Info |
|
Upgrading from 3.0.4? There are some notes about this process. |
IssuesBug
- [SYNCOPE-1764] - Connector capabilities and/or configuration are not updated in cluster environments
- [SYNCOPE-1770] - Errors upon Core restart after adding domain
- [SYNCOPE-1774] - Admin console does not recognize parameter type
- [SYNCOPE-1777] - DelegatedAdministrationException is occasionally thrown during Pull Task execution
...
- [SYNCOPE-1772] - WA: support MFA trusted device storage
Improvement
- [SYNCOPE-1771] - WA: support delegated authentication for Google, Keycloak and Apple ID
- [SYNCOPE-1773] - Support configuration for multi-nodes Elasticsearch clusters
- [SYNCOPE-1775] - It should be possible to set logoutType to WA services
- [SYNCOPE-1776] - Let Elasticsearch re-index use bulk requests
...
Info |
|
Upgrading from 3.0.3? There are some notes about this process. |
IssuesBug
- [SYNCOPE-1755] - NullPointer exception during PULL delete operation in case of NO_MATCH
- [SYNCOPE-1757] - Misalignment between SyncTokenSerializer and SyncTokenDeserializer in case of token given as a clear string
- [SYNCOPE-1761] - As admin, searching Users, Groups or Any Objects performs full Realm tree traversal
- [SYNCOPE-1763] - Constant increase of open files after upgrade to CXF 3.6.0
- [SYNCOPE-1767] - When searching Groups with GROUP_MEMBER condition only Users are considered
Improvement
- [SYNCOPE-1759] - REST endpoint to evaluate account and password compliance with policies
- [SYNCOPE-1760] - Align Core Spring Boot actuator endpoint security with other components
- [SYNCOPE-1762] - Enrich actuator info with JPA provider information
- [SYNCOPE-1765] - allow WA to decrypt properties during the configuration bootstrap phase
- [SYNCOPE-1768] - Improve internal storage export feature
- [SYNCOPE-1769] - Allow the same name to be used across different Any Object types
...
Info |
|
Upgrading from 3.0.2? There are some notes about this process. |
IssuesBug
- [SYNCOPE-1731] - Performance issue with multiple any type classes
- [SYNCOPE-1734] - Elasticsearch not updated for uidOnCreate
- [SYNCOPE-1735] - Can't retrieve all policies during Realm create and update
- [SYNCOPE-1736] - Templates do not set the latest additions to Users and Groups
- [SYNCOPE-1737] - Cannot specifiy attribute mapping for AttributeRelease policies
- [SYNCOPE-1739] - Wrong volume mapping for source code in fit docker profile
- [SYNCOPE-1742] - Exception in console when defining a date for delegation
- [SYNCOPE-1749] - Incorrect Dynamic Group Membership Condition save from Console
- [SYNCOPE-1750] - Password policy not enforced if password is not stored in Syncope
...
- [SYNCOPE-1741] - Add support form Azure Active Directory delegated authentication
- [SYNCOPE-1746] - Provide Software Bill Of Materials (SBOM)
Improvement
- [SYNCOPE-1732] - Console does not support custom Access Policy Configuration
- [SYNCOPE-1733] - Support OAUTH20 authentication module in WA
- [SYNCOPE-1738] - Refactor Report management
- [SYNCOPE-1740] - Allow to specify UsernameAttributeProvider for Client Applications
- [SYNCOPE-1743] - Add support for Ticket Expiration Policies into ClientApp
- [SYNCOPE-1745] - Allow to manage ConnId bundles with more Connectors
- [SYNCOPE-1747] - Provide controls to refresh WA client applications from Console
- [SYNCOPE-1748] - SCIM 2.0 Implement PATCH operations
- [SYNCOPE-1751] - Improve password auto generation on propagation
- [SYNCOPE-1752] - Support large number of Realms
- [SYNCOPE-1753] - Extend changes' history management to most relevant WA configuration objects
...
Info |
|
Upgrading from 3.0.1? There are some notes about this process. |
IssuesBug
- [SYNCOPE-1725] - Error when searching with high number of OR or AND conditions with Elasticsearch
- [SYNCOPE-1726] - WA does not always get configuration from Core on startup
- [SYNCOPE-1727] - Elasticsearch cannot find anything under given Realm in case of parent update
- [SYNCOPE-1728] - Unable to create LDAP authentication module from console
- [SYNCOPE-1730] - Standalone on Windows: Console Topology page does not show any Connector or Resource
Improvement
- [SYNCOPE-1722] - Allow password fields to reveal their value to the end-user
- [SYNCOPE-1723] - remove some non-reproducible bits
- [SYNCOPE-1724] - Provide health status for Elasticsearch
- [SYNCOPE-1729] - Configure Maven Build Cache Extension
...
Info |
|
Upgrading from 3.0.0? There are some notes about this process. |
IssuesBug
- [SYNCOPE-1711] - WA Docker image not working properly
- [SYNCOPE-1712] - Invalid HTTP method: PATCH with JDK 17
- [SYNCOPE-1715] - Cannot update Audit settings via Console
...
- [SYNCOPE-1105] - Provide unique key for operations
Improvement
- [SYNCOPE-1709] - Persist Jobs' current status in the database to support multi-node deployments
- [SYNCOPE-1713] - Support time-based conditions for Audit, Exec and Remediation queries
- [SYNCOPE-1714] - Support Docker deployments from archetype
- [SYNCOPE-1716] - Concurrent handling for pull and push tasks
- [SYNCOPE-1719] - Remove limitations for memberships and relationships
- [SYNCOPE-1720] - Switch persistence identifiers to UUID version 7
- [SYNCOPE-1721] - Allow for more Access Policy types
...
- create a new Maven project based on Syncope 3.0
- update code customization and extensions made from your previous Syncope project to the new classes and interfaces provided by Syncope 3.0
- with both projects running:
- download relevant configurations - especially connectors and resources - via REST from your previous Syncope project
- upload via REST to the new Syncope 3.0 project
- configure a new REST resource in the new Syncope 3.0 project to pull users, groups and any objects from your previous Syncope project
IssuesAll issues from 3.0.0-M0, 3.0.0-M1 and 3.0.0-M2 plus the following. ...
- [SYNCOPE-1706] - Notification task not created with event category PROPAGATION
- [SYNCOPE-1707] - Failure when attempting to add Plain Schema via Console
Improvement
- [SYNCOPE-1696] - Audit Elasticsearch persistence
- [SYNCOPE-1708] - Allow enable/disable extensions in enduser
... This is likely the last milestore release before General Availability of the new major series Syncope 3.0 Maggiore. IssuesBug
- [SYNCOPE-1701] - unable to build syncope-sra from Maven Archetype
- [SYNCOPE-1704] - Policy update not affecting External Resources
...
- [SYNCOPE-1700] - Leverage JSON DataType Support in Oracle
Improvement
- [SYNCOPE-1705] - Deprecate SchedulingPullActions
... This additional milestone release brings a few improvements and features, code polishing and some fixes for the new major series Syncope 3.0 Maggiore. IssuesBug
- [SYNCOPE-1693] - Must change password submit on console leads to errors
- [SYNCOPE-1698] - Aux classes number doubles when saving external resource
...
- [SYNCOPE-1692] - Incremental propagation
- [SYNCOPE-1697] - Commands & Macros
Improvement
- [SYNCOPE-1665] - In enduser manage provisioning result on create/update and set feedback accordingly
- [SYNCOPE-1694] - Optimize creation of Implementation instances
- [SYNCOPE-1695] - History console view improvements
- [SYNCOPE-1699] - Extract key from path for UserUpdate ops if undefined in request body
... First milestone release for the new major series Syncope 3.0 Maggiore. IssuesSub-task
- [SYNCOPE-1413] - Remove CLI
- [SYNCOPE-1414] - Remove GUI Installer
- [SYNCOPE-1418] - Convert webapps to Spring Boot
- [SYNCOPE-1421] - New Enduser UI
- [SYNCOPE-1426] - Remove Eclipse IDE plugin
- [SYNCOPE-1458] - Keymaster for Configuration Parameters
- [SYNCOPE-1459] - Keymaster for Service Discovery
- [SYNCOPE-1460] - Keymaster for dynamic Domain management
- [SYNCOPE-1494] - Basic maven build to verify compilation correctness
- [SYNCOPE-1495] - Remove deb packages
- [SYNCOPE-1496] - Add integration tests for DBMSes via Docker
- [SYNCOPE-1552] - Allow WA audits to be stored in Syncope
- [SYNCOPE-1553] - Fetch WA auth modules & map to properties during bootstrap
- [SYNCOPE-1555] - Allow WA as SAML2 IdP to fetch metadata over REST
- [SYNCOPE-1556] - Allow WA as OIDC OP to fetch JWKS over REST
- [SYNCOPE-1557] - Complete policies manipulating with authentication modules and mappings information
- [SYNCOPE-1558] - Configure WA delegated authn module to SAML IdPs via REST
- [SYNCOPE-1559] - Allow WA Google Auth MFA settings to become reloadable
- [SYNCOPE-1562] - Handle OTP records for GoogleAuthN MFA
- [SYNCOPE-1566] - Manage device registration records for GoogleAuthMFA
- [SYNCOPE-1570] - Support U2F device registration via REST APIs
- [SYNCOPE-1571] - Support U2F MFA tokens/requests via REST APIs
- [SYNCOPE-1577] - Support CAS-enabled client applications
- [SYNCOPE-1578] - Protected SRA Routes: OAuth 2.0 / OpenID Connect 1.0
- [SYNCOPE-1579] - Protected SRA Routes: SAML 2.0
- [SYNCOPE-1580] - Design WA REST APIs to configure configuration properties
- [SYNCOPE-1582] - Protected SRA Routes: CAS
- [SYNCOPE-1584] - Allow Syncope to manage WA authentication events
- [SYNCOPE-1587] - Enable Web AuthN support for WA
- [SYNCOPE-1588] - WA attributes consent management
- [SYNCOPE-1595] - Support themes per client application
- [SYNCOPE-1599] - Support Duo Security for MFA
- [SYNCOPE-1625] - Support impersonation for Web Access
- [SYNCOPE-1638] - Remove Netbeans IDE plugin
- [SYNCOPE-1682] - WA: support CAS Attribute Resolution
...
- [SYNCOPE-129] - Delegation
- [SYNCOPE-160] - Authentication features
- [SYNCOPE-957] - Multiaccount
- [SYNCOPE-1019] - Template mechanism for Enduser UI
- [SYNCOPE-1220] - Support Groovy implementations in the Netbeans IDE plugin
- [SYNCOPE-1348] - REST: replace bulk operations with batch requests
- [SYNCOPE-1367] - Add some accessibility features to Enduser
- [SYNCOPE-1368] - Add some accessibility features to Console
- [SYNCOPE-1369] - User requests
- [SYNCOPE-1395] - Leverage PostgreSQL's jsonb type
- [SYNCOPE-1401] - Leverage MySQL JSON type
- [SYNCOPE-1455] - New component: sra (API gateway)
- [SYNCOPE-1456] - New component: Keymaster
- [SYNCOPE-1506] - Merge Users
- [SYNCOPE-1511] - Configure audit events create/update/etc of users, groups, etc
- [SYNCOPE-1529] - French (CA) translation for Admin Console
- [SYNCOPE-1545] - Web Access
- [SYNCOPE-1680] - Support Simple MFA as an MFA Provider in WA
- [SYNCOPE-1681] - Support LDAP Google Auth Tokens/Accounts in WA
- [SYNCOPE-1688] - Console: saved queries
Improvement
- [SYNCOPE-1336] - Add pagination for approvals forms
- [SYNCOPE-1341] - Domain should be configurable parameter for syncope-enduser docker image
- [SYNCOPE-1355] - Document how to access services when using Docker Compose
- [SYNCOPE-1379] - Make configurable resource check timeout
- [SYNCOPE-1382] - Failure specifying push task filters including db column mapped as integer
- [SYNCOPE-1384] - SAML 2.0: Allow to customize RequestedAuthnContext for a given Service Provider
- [SYNCOPE-1385] - Priority propagation timeout hard coded into PriorityPropagationTaskExecutor
- [SYNCOPE-1392] - Reduce usage of Reflection to improve overall performance
- [SYNCOPE-1394] - Add un-claim capability for requests
- [SYNCOPE-1396] - Give the possibility to configure TLS client parameters
- [SYNCOPE-1397] - No Such element exception while editing USER update approval
- [SYNCOPE-1409] - Avoid double round-trip to External Resource during Push
- [SYNCOPE-1412] - Serch for identities with null attributes can be improved
- [SYNCOPE-1416] - remove user_search_null_attr view
- [SYNCOPE-1422] - Permit to provide custom implementation of NotificationManager and AuditManager
- [SYNCOPE-1424] - Improve Propagation task ordered search
- [SYNCOPE-1433] - Unflag/flag uniqueness shouldn't be permitted
- [SYNCOPE-1436] - Remove pullPolicy EAGER fetchType from JPAExternalResource
- [SYNCOPE-1441] - Perform in-memory match for dynamic conditions
- [SYNCOPE-1444] - Pull correlation rules: allow to discriminate ongoing event
- [SYNCOPE-1445] - Docker: support pgjsonb as DBMS option
- [SYNCOPE-1449] - Support multi-value attributes in JEXL expressions
- [SYNCOPE-1465] - Add executor information to Task and Report executions
- [SYNCOPE-1466] - Add context to user, group and any object metadata information
- [SYNCOPE-1468] - Allow for configurable org.quartz.jobStore.misfireThreshold
- [SYNCOPE-1473] - Provide a PropagationActions to maintain a conservative membership policy management
- [SYNCOPE-1498] - Allow variable resolution in Content.xml
- [SYNCOPE-1499] - Add support for READ correlation rule
- [SYNCOPE-1500] - Allow single import from External Resource
- [SYNCOPE-1501] - Allow filtering for explore resource
- [SYNCOPE-1502] - Find Anys using FIQL: SQL improvements
- [SYNCOPE-1508] - Allow to extend the set of attributes requested from External Resources
- [SYNCOPE-1509] - Auto-select language from Accept-Language HTTP header
- [SYNCOPE-1510] - Allow to store encrypted schema's secret key externally
- [SYNCOPE-1513] - Allow to customize security headers
- [SYNCOPE-1515] - Adapt realm selector to actual number of realms
- [SYNCOPE-1517] - Audit appender should be configurable
- [SYNCOPE-1518] - Allow X-Forwarded-For and X-Forwarded-Proto HTTP headers integration
- [SYNCOPE-1519] - SchemaDataBinderImpl#update optimization
- [SYNCOPE-1521] - Allow filtering for Role assignment
- [SYNCOPE-1522] - Realm behaviors for Delegated Administration
- [SYNCOPE-1523] - JPAConnInstanceDAO should be marked as Transactional
- [SYNCOPE-1527] - Allow for custom search conditions
- [SYNCOPE-1530] - Add parameters at User Requests start
- [SYNCOPE-1531] - Easier bulk upload from / download to CSV
- [SYNCOPE-1532] - Allow tilde for key values and Realms name
- [SYNCOPE-1534] - Display friendly error messages in Admin Console
- [SYNCOPE-1535] - Customize the order of the provisions of a resource according to the object classes
- [SYNCOPE-1540] - Make internal storage export DBMS independent
- [SYNCOPE-1541] - XML response message timestamps missing millisecs component if "0 msecs"
- [SYNCOPE-1547] - Allow the possibility to customize the roles to be displayed
- [SYNCOPE-1548] - Allow the possibility to customize the Groups wizard step
- [SYNCOPE-1551] - Allow for info notifications in Admin Console
- [SYNCOPE-1568] - Render custom wizard on user request
- [SYNCOPE-1575] - Provide the ability to specify on which resources the user's status should be propagated
- [SYNCOPE-1591] - Support fetching data from internal storage for XML content loader
- [SYNCOPE-1594] - Allow to filter user requests and forms by username
- [SYNCOPE-1597] - Enable default customization of console layout
- [SYNCOPE-1600] - Flowable: support password form property type
- [SYNCOPE-1608] - Allow wildcard group membership search
- [SYNCOPE-1609] - Reduce the number of table joins into PostgreSQL JSONB persistence implementation
- [SYNCOPE-1610] - Set Reconciliation to work with Pull and Push Correlation Rules if available
- [SYNCOPE-1611] - Caffeine Cache for Virtual Attribute Cache
- [SYNCOPE-1614] - Convert SyncopeService into Spring Boot's InfoContributor
- [SYNCOPE-1615] - Convert LoggerService into Spring Boot's loggers actuator
- [SYNCOPE-1624] - Toggle panel improvements
- [SYNCOPE-1630] - Use Group owners to extend Delegated Administration
- [SYNCOPE-1631] - Pass ConnId ObjectClass to ReconFilterBuilder
- [SYNCOPE-1633] - Give the possibility to add a custom message to the confirm dialog
- [SYNCOPE-1639] - Provide ordering of attributes in the diff view on the history management
- [SYNCOPE-1641] - Allow to purge Propagation Tasks
- [SYNCOPE-1652] - Align AccessPolicy with CAS DefaultRegisteredServiceAccessStrategy
- [SYNCOPE-1653] - Align AttrReleasePolicy with CAS ReturnAllowedAttributeReleasePolicy
- [SYNCOPE-1658] - Allow to view the topology in table format
- [SYNCOPE-1661] - Add sidebar layout customization thorugh JSON file to enduser
- [SYNCOPE-1666] - Security Answer encryption
- [SYNCOPE-1667] - Propagation Policy
- [SYNCOPE-1668] - Provide Entity Cache report and management
- [SYNCOPE-1669] - Create pull results for remediations
- [SYNCOPE-1670] - Support Graceful shutdown
- [SYNCOPE-1673] - Use Passay for password validation and generation
- [SYNCOPE-1674] - Optimize User, Group and Any Object lifecycle events management
- [SYNCOPE-1678] - Allow for non-recursive search operations
- [SYNCOPE-1679] - Allow to search by Auxiliary Any Type class assignment
- [SYNCOPE-1685] - Allow JEXL _expression_ to evaluate to Object
- [SYNCOPE-1687] - Allow to configure External Resources not to pre-fetch objects during propagation
- [SYNCOPE-1689] - Consolidate Provision, Mapping and Items into single JSON column
... |