5.1.6

PAS 5.1.6 is a maintenance release that aims to improve stability and security by addressing a few bugs and vulnerabilities.

Improvements

• PHX-4125 - Add support for object array in OIDC. You may now configure claims as arrays of multiple types in the OpenID Provider. Read the updated documentation on the OpenID Provider to learn more.

Bug fixes

• PHX-4011 - Export/Import pipe does not work for MyApps and Password self service. Resolved an issue where the import/export functions was not enabled for MyApps and password self service.
• PHX-4052 - Export/Import pipe does not work for SPBroker or RPBroker. Resolved an issue where the import/export functions was not enabled for SPBroker and RPBroker.
• PHX-4047 - Failed to save: undefined error when Import pipe -> delete valve. Resolved an issue where importing a pipe and making changes in the GUI immediately before saving would result in errors or the pipe not being saved correctly.
• PHX-4120 - Second save on auth selector make config corrupt, forgets the list of authenticators. Resolved an issue where subsequent saving of an authselector in the config gui without changing the list of authenticators would cause a null config value.
• PHX-4153 - It is not possible to save OIDC RP without setting custom scopes allowed. Resolved an issue where the model would not save unless custom scopes allowed were set.
• PHX-4021 - Revert some old .js and template changes-- contains syntax errors according to very old browsers. Resolved an issue where some changes in template / js files were not IE11-compatible, so those changes are applied in a backward-compatible way.

Vulnerabilities mitigated

• PHX-4156 - Critical vulnerability in an HTTP endpoint mitigated. Affected releases that contain the vulnerability are: 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, and 5.1.5.