We are pleased to announce the release of the Curity Identity Server 6.7. Here are some of the highlights:
Redirect URI Policies
The recent introduction of Pushed Authorization Requests (PAR) has caused us to rethink redirect URI validation. Previously, there were a few ways to influence this validation, but this release now has explicit policies to control it. These can be used on not only authenticated but also unauthenticated clients doing a typical OAuth integration.
New Claims User Interface
Curity Identity Server 6.7 now comes with an updated, more intuitive user interface helping to set how claims and scopes are defined. We have also improved how claims are defined and where they are sourced from. A debugger has been added to test claims transformations, and where claims end up (e.g., access token, ID token, etc.) are now clearly visible.
Removed OpenSSL dependency
We are also providing OpenSSL support now, so that component no longer needs to be sourced independently. This removes the last required, third-party dependency from the product.
This release also includes Log4j 2.17 which fixes CVE-2021-45105, CVE-2021-45046 and CVE-2021-44228 (all previously supported versions are also updated to have this version of Log4j). Like all releases, this one includes a number of fixes and enhancements.
Read the release notes for more details.