- SAML Single Sign-On 6.0.10 comes with the User Sync 2.4.5 release, see 2.4.x release notes.
- Added option to make XML Schema validation optional for SAML responses.
- Added missing cache directive for POST binding form.
- Updated libraries.
Version history
6.0.10Confluence Server 6.13.10 - 7.18.22022-06-14Bugfix release Version 6.0.10 • Released 2022-06-14 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial6.0.10Confluence Data Center 6.13.10 - 7.18.22022-06-14Bugfix release Version 6.0.10 • Released 2022-06-14 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- SAML Single Sign-On 6.0.10 comes with the User Sync 2.4.5 release, see 2.4.x release notes.
- Added option to make XML Schema validation optional for SAML responses.
- Added missing cache directive for POST binding form.
- Updated libraries.
6.0.9Confluence Server 6.13.10 - 7.18.22022-05-19Bugfix release Version 6.0.9 • Released 2022-05-19 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- SAML Single Sign-On 6.0.9 comes with the User Sync 2.4.4 release, see 2.4.x release notes.
- Fixed issue with Single Logout where the logout URL was not used when using redirect binding.
6.0.9Confluence Data Center 6.13.10 - 7.18.22022-05-19Bugfix release Version 6.0.9 • Released 2022-05-19 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- SAML Single Sign-On 6.0.9 comes with the User Sync 2.4.4 release, see 2.4.x release notes.
- Fixed issue with Single Logout where the logout URL was not used when using redirect binding.
6.0.6Confluence Server 6.13.10 - 7.17.52022-04-13Bugfix release Version 6.0.6 • Released 2022-04-13 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- SAML Single Sign-On 6.0.6 comes with the User Sync 2.4.2 release, see 2.4.x release notes.
- Fixed possible XSS vulnerability on old browsers by injecting Javascript code in the redirectTo parameter.
- Fixed: exported support information could have contained sensitive information from the configured JVM arguments. The JVM arguments are no longer included in the support information.
- Fixed: enabling the option "Use Base URL from Request" caused wrong SAML request.
6.0.6Confluence Data Center 6.13.10 - 7.17.52022-04-13Bugfix release Version 6.0.6 • Released 2022-04-13 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- SAML Single Sign-On 6.0.6 comes with the User Sync 2.4.2 release, see 2.4.x release notes.
- Fixed possible XSS vulnerability on old browsers by injecting Javascript code in the redirectTo parameter.
- Fixed: exported support information could have contained sensitive information from the configured JVM arguments. The JVM arguments are no longer included in the support information.
- Fixed: enabling the option "Use Base URL from Request" caused wrong SAML request.
6.0.4Confluence Server 6.13.10 - 7.17.52022-03-24Support for OpenID Connect (beta), improved SAML implementation Version 6.0.4 • Released 2022-03-24 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialNew in 6.0.4:
- Fixed: Use SHA-256 instead of SHA-1 as digest algorithm.
- Fixed: NameIDPolicy was missing in AuthnRequest.
- Fixed email preset in attribute mapping for Google Cloud Identity (G Suite).
New in 6.0.3:
- SAML Single Sign-On 6.0.3 comes with the User Sync 2.4.1 release, which fixes an issue with the Azure full sync, see 2.4.x release notes.
New in 6.0.2:
- Fixed generating metadata for Service Provider (organizations section).
New in 6.0.1:
- Fixed login issue when IdP sends multiple attributes with the same key.
- Added new preset "Use UPN and convert guest users" for the email attribute in the Azure connector.
New in 6.0.0:
- SAML Single Sign-On 6.0.0 comes with the User Sync 2.4.0 release, see 2.4.x release notes.
- Support for OpenID Connect (beta)
- Replaced OpenSAML with OneLogin SAML/Java
- Removed separate SAMLWrapper-plugin
- Several improvements and bugfixes, see our release notes.
6.0.4Confluence Data Center 6.13.10 - 7.17.52022-03-24Support for OpenID Connect (beta), improved SAML implementation Version 6.0.4 • Released 2022-03-24 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialNew in 6.0.4:
- Fixed: Use SHA-256 instead of SHA-1 as digest algorithm.
- Fixed: NameIDPolicy was missing in AuthnRequest.
- Fixed email preset in attribute mapping for Google Cloud Identity (G Suite).
New in 6.0.3:
- SAML Single Sign-On 6.0.3 comes with the User Sync 2.4.1 release, which fixes an issue with the Azure full sync, see 2.4.x release notes.
New in 6.0.2:
- Fixed generating metadata for Service Provider (organizations section).
New in 6.0.1:
- Fixed login issue when IdP sends multiple attributes with the same key.
- Added new preset "Use UPN and convert guest users" for the email attribute in the Azure connector.
New in 6.0.0:
- SAML Single Sign-On 6.0.0 comes with the User Sync 2.4.0 release, see 2.4.x release notes.
- Support for OpenID Connect (beta)
- Replaced OpenSAML with OneLogin SAML/Java
- Removed separate SAMLWrapper-plugin
- Several improvements and bugfixes, see our release notes.
6.0.3Confluence Server 6.13.10 - 7.17.52022-02-25Support for OpenID Connect (beta), improved SAML implementation Version 6.0.3 • Released 2022-02-25 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialNew in 6.0.3:
- SAML Single Sign-On 6.0.3 comes with the User Sync 2.4.1 release, which fixes an issue with the Azure full sync, see 2.4.x release notes.
New in 6.0.2:
- Fixed generating metadata for Service Provider (organizations section).
New in 6.0.1:
- Fixed login issue when IdP sends multiple attributes with the same key.
- Added new preset "Use UPN and convert guest users" for the email attribute in the Azure connector.
New in 6.0.0:
- SAML Single Sign-On 6.0.0 comes with the User Sync 2.4.0 release, see 2.4.x release notes.
- Support for OpenID Connect (beta)
- Replaced OpenSAML with OneLogin SAML/Java
- Removed separate SAMLWrapper-plugin
- Serveral improvements and bugfixes, see our release notes.
6.0.3Confluence Data Center 6.13.10 - 7.17.52022-02-25Support for OpenID Connect (beta), improved SAML implementation Version 6.0.3 • Released 2022-02-25 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialNew in 6.0.3:
- SAML Single Sign-On 6.0.3 comes with the User Sync 2.4.1 release, which fixes an issue with the Azure full sync, see 2.4.x release notes.
New in 6.0.2:
- Fixed generating metadata for Service Provider (organizations section).
New in 6.0.1:
- Fixed login issue when IdP sends multiple attributes with the same key.
- Added new preset "Use UPN and convert guest users" for the email attribute in the Azure connector.
New in 6.0.0:
- SAML Single Sign-On 6.0.0 comes with the User Sync 2.4.0 release, see 2.4.x release notes.
- Support for OpenID Connect (beta)
- Replaced OpenSAML with OneLogin SAML/Java
- Removed separate SAMLWrapper-plugin
- Serveral improvements and bugfixes, see our release notes.
6.0.2Confluence Server 6.13.10 - 7.17.52022-02-21Support for OpenID Connect (beta), improved SAML implementation Version 6.0.2 • Released 2022-02-21 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialNew in 6.0.2:
- Fixed generating metadata for Service Provider (organizations section).
New in 6.0.1:
- Fixed login issue when IdP sends multiple attributes with the same key.
- Added new preset "Use UPN and convert guest users" for the email attribute in the Azure connector.
New in 6.0.0:
- SAML Single Sign-On 6.0.0 comes with the User Sync 2.4.0 release, see 2.4.x release notes.
- Support for OpenID Connect (beta)
- Replaced OpenSAML with OneLogin SAML/Java
- Removed separate SAMLWrapper-plugin
- Serveral improvements and bugfixes, see our release notes.
6.0.2Confluence Data Center 6.13.10 - 7.17.52022-02-21Support for OpenID Connect (beta), improved SAML implementation Version 6.0.2 • Released 2022-02-21 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialNew in 6.0.2:
- Fixed generating metadata for Service Provider (organizations section).
New in 6.0.1:
- Fixed login issue when IdP sends multiple attributes with the same key.
- Added new preset "Use UPN and convert guest users" for the email attribute in the Azure connector.
New in 6.0.0:
- SAML Single Sign-On 6.0.0 comes with the User Sync 2.4.0 release, see 2.4.x release notes.
- Support for OpenID Connect (beta)
- Replaced OpenSAML with OneLogin SAML/Java
- Removed separate SAMLWrapper-plugin
- Serveral improvements and bugfixes, see our release notes.
6.0.1Confluence Server 6.13.10 - 7.17.52022-02-17Support for OpenID Connect (beta), improved SAML implementation Version 6.0.1 • Released 2022-02-17 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialNew in 6.0.1:
- Fixed login issue when IdP sends multiple attributes with the same key.
- Added new preset "Use UPN and convert guest users" for the email attribute in the Azure connector.
New in 6.0.0:
- SAML Single Sign-On 6.0.0 comes with the User Sync 2.4.0 release, see 2.4.x release notes.
- Support for OpenID Connect (beta)
- Replaced OpenSAML with OneLogin SAML/Java
- Removed separate SAMLWrapper-plugin
- Serveral improvements and bugfixes, see our release notes.
6.0.1Confluence Data Center 6.13.10 - 7.17.52022-02-17Support for OpenID Connect (beta), improved SAML implementation Version 6.0.1 • Released 2022-02-17 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialNew in 6.0.1:
- Fixed login issue when IdP sends multiple attributes with the same key.
- Added new preset "Use UPN and convert guest users" for the email attribute in the Azure connector.
New in 6.0.0:
- SAML Single Sign-On 6.0.0 comes with the User Sync 2.4.0 release, see 2.4.x release notes.
- Support for OpenID Connect (beta)
- Replaced OpenSAML with OneLogin SAML/Java
- Removed separate SAMLWrapper-plugin
- Serveral improvements and bugfixes, see our release notes.
5.2.1Confluence Server 7.1.0 - 7.16.42021-10-25Bugfix release Version 5.2.1 • Released 2021-10-25 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialSAML Single Sign-On 5.2.1 comes with the User Sync 2.2.1 release, see 2.2.x release notes.
5.2.1Confluence Data Center 7.1.0 - 7.16.42021-10-25Bugfix release Version 5.2.1 • Released 2021-10-25 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialSAML Single Sign-On 5.2.1 comes with the User Sync 2.2.1 release, see 2.2.x release notes.
5.2.0Confluence Server 7.1.0 - 7.14.42021-10-13Updated User Sync, bug fixes Version 5.2.0 • Released 2021-10-13 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- SAML Single Sign-On 5.2.0 comes with the User Sync 2.2.0 release, see 2.2.x release notes.
- Some minor bugfixes.
5.2.0Confluence Data Center 7.1.0 - 7.14.42021-10-13Updated User Sync, bug fixes Version 5.2.0 • Released 2021-10-13 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- SAML Single Sign-On 5.2.0 comes with the User Sync 2.2.0 release, see 2.2.x release notes.
- Some minor bugfixes.
5.1.2Confluence Server 7.1.0 - 7.14.42021-09-14Communardo User Profiles, Better Groovy transformations and Crowd support Version 5.1.2 • Released 2021-09-14 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- Support for Communardo User Profiles: When Communardo User Profiles is installed, attributes configured in Communardo User Profiles can be mapped in User Sync connectors and SAML Just-in-Time Provisioning.
- Improved Groovy attribute transformations. If you're using custom Groovy based attribute transformations, please check that user attributes are assigned properly after upgrading. There may be edge cases where adjusting the Groovy code is beneficial or required. If unsure, please open a support ticket and attach your configuration before upgrading so we can validate it.
- When using Crowd directories backed by LDAP, triggering the LDAP update in Crowd uses a builtin REST endpoint, so our Crowd plugin is no longer required.
- SAML Single Sign-On 5.1.2 comes with the User Sync 2.1.1 bugfix release, see 2.1.x release notes.
5.1.2Confluence Data Center 7.1.0 - 7.14.42021-09-14Communardo User Profiles, Better Groovy transformations and Crowd support Version 5.1.2 • Released 2021-09-14 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- Support for Communardo User Profiles: When Communardo User Profiles is installed, attributes configured in Communardo User Profiles can be mapped in User Sync connectors and SAML Just-in-Time Provisioning.
- Improved Groovy attribute transformations. If you're using custom Groovy based attribute transformations, please check that user attributes are assigned properly after upgrading. There may be edge cases where adjusting the Groovy code is beneficial or required. If unsure, please open a support ticket and attach your configuration before upgrading so we can validate it.
- When using Crowd directories backed by LDAP, triggering the LDAP update in Crowd uses a builtin REST endpoint, so our Crowd plugin is no longer required.
- SAML Single Sign-On 5.1.2 comes with the User Sync 2.1.1 bugfix release, see 2.1.x release notes.
5.0.7Confluence Server 7.0.1 - 7.13.72021-09-06Bugfix release Version 5.0.7 • Released 2021-09-06 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- SAML Single Sign-On 5.0.7 comes with the User Sync 2.0.5 bugfix release, see 2.0.x release notes.
5.0.7Confluence Data Center 7.0.1 - 7.13.72021-09-06Bugfix release Version 5.0.7 • Released 2021-09-06 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- SAML Single Sign-On 5.0.7 comes with the User Sync 2.0.5 bugfix release, see 2.0.x release notes.
5.0.6Confluence Server 7.0.1 - 7.13.72021-08-12Improved Security Update Version 5.0.6 • Released 2021-08-12 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialThis version (released August 12th) addresses additional scenarios in the critical security vulnerability that was fixed with versions issued on July 29th. This is expected to be the final fix.
To allow upgrades to a fix version without major upgrades in the Atlassian application, all public versions in the marketplace will include the fix to the security vulnerability.
Please reference the version history for the most relevant version for your instance. https://marketplace.atlassian.com/apps/1212129/saml-single-sign-on-confluence-sso-confluence-saml-sso/version-history
Please refer to this wiki page for the latest status: https://wiki.resolution.de/doc/saml-sso/latest/jira/security-advisories/2021-07-29-authentication-bypass-network-attacker-can-login-to-users-accounts-when-usernames-are-known
5.0.6Confluence Data Center 7.0.1 - 7.13.72021-08-12Improved Security Update Version 5.0.6 • Released 2021-08-12 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialThis version (released August 12th) addresses additional scenarios in the critical security vulnerability that was fixed with versions issued on July 29th. This is expected to be the final fix.
To allow upgrades to a fix version without major upgrades in the Atlassian application, all public versions in the marketplace will include the fix to the security vulnerability.
Please reference the version history for the most relevant version for your instance. https://marketplace.atlassian.com/apps/1212129/saml-single-sign-on-confluence-sso-confluence-saml-sso/version-history
Please refer to this wiki page for the latest status: https://wiki.resolution.de/doc/saml-sso/latest/jira/security-advisories/2021-07-29-authentication-bypass-network-attacker-can-login-to-users-accounts-when-usernames-are-known
4.0.14Confluence Server 6.13.0 - 7.12.52021-10-25Bugfix release Version 4.0.14 • Released 2021-10-25 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialThis update includes the bugfix release of User Sync 1.9.7, which fixes the synchronization with OneLogin.
4.0.14Confluence Data Center 6.13.0 - 7.12.52021-10-25Bugfix release Version 4.0.14 • Released 2021-10-25 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialThis update includes the bugfix release of User Sync 1.9.7, which fixes the synchronization with OneLogin.
4.0.13Confluence Server 6.13.0 - 7.12.52021-08-12Improved Security Update Version 4.0.13 • Released 2021-08-12 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialThis version (released August 12th) addresses additional scenarios in the critical security vulnerability that was fixed with versions issued on July 29th. This is expected to be the final fix.
To allow upgrades to a fix version without major upgrades in the Atlassian application, all public versions in the marketplace will include the fix to the security vulnerability.
Please reference the version history for the most relevant version for your instance. https://marketplace.atlassian.com/apps/1212129/saml-single-sign-on-confluence-sso-confluence-saml-sso/version-history
Please refer to this wiki page for the latest status: https://wiki.resolution.de/doc/saml-sso/latest/jira/security-advisories/2021-07-29-authentication-bypass-network-attacker-can-login-to-users-accounts-when-usernames-are-known
4.0.13Confluence Data Center 6.13.0 - 7.12.52021-08-12Improved Security Update Version 4.0.13 • Released 2021-08-12 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialThis version (released August 12th) addresses additional scenarios in the critical security vulnerability that was fixed with versions issued on July 29th. This is expected to be the final fix.
To allow upgrades to a fix version without major upgrades in the Atlassian application, all public versions in the marketplace will include the fix to the security vulnerability.
Please reference the version history for the most relevant version for your instance. https://marketplace.atlassian.com/apps/1212129/saml-single-sign-on-confluence-sso-confluence-saml-sso/version-history
Please refer to this wiki page for the latest status: https://wiki.resolution.de/doc/saml-sso/latest/jira/security-advisories/2021-07-29-authentication-bypass-network-attacker-can-login-to-users-accounts-when-usernames-are-known
3.6.7Confluence Server 6.8.0 - 7.8.32021-08-12Improved Security Update Version 3.6.7 • Released 2021-08-12 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialThis version (released August 12th) addresses additional scenarios in the critical security vulnerability that was fixed with versions issued on July 29th. This is expected to be the final fix.
To allow upgrades to a fix version without major upgrades in the Atlassian application, all public versions in the marketplace will include the fix to the security vulnerability.
Please reference the version history for the most relevant version for your instance. https://marketplace.atlassian.com/apps/1212129/saml-single-sign-on-confluence-sso-confluence-saml-sso/version-history
Please refer to this wiki page for the latest status: https://wiki.resolution.de/doc/saml-sso/latest/jira/security-advisories/2021-07-29-authentication-bypass-network-attacker-can-login-to-users-accounts-when-usernames-are-known
3.6.7Confluence Data Center 6.8.0 - 7.8.32021-08-12Improved Security Update Version 3.6.7 • Released 2021-08-12 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialThis version (released August 12th) addresses additional scenarios in the critical security vulnerability that was fixed with versions issued on July 29th. This is expected to be the final fix.
To allow upgrades to a fix version without major upgrades in the Atlassian application, all public versions in the marketplace will include the fix to the security vulnerability.
Please reference the version history for the most relevant version for your instance. https://marketplace.atlassian.com/apps/1212129/saml-single-sign-on-confluence-sso-confluence-saml-sso/version-history
Please refer to this wiki page for the latest status: https://wiki.resolution.de/doc/saml-sso/latest/jira/security-advisories/2021-07-29-authentication-bypass-network-attacker-can-login-to-users-accounts-when-usernames-are-known
3.5.7Confluence Server 6.3.0 - 7.5.22021-08-12Improved Security Update Version 3.5.7 • Released 2021-08-12 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialThis version (released August 12th) addresses additional scenarios in the critical security vulnerability that was fixed with versions issued on July 29th. This is expected to be the final fix.
To allow upgrades to a fix version without major upgrades in the Atlassian application, all public versions in the marketplace will include the fix to the security vulnerability.
Please reference the version history for the most relevant version for your instance. https://marketplace.atlassian.com/apps/1212129/saml-single-sign-on-confluence-sso-confluence-saml-sso/version-history
Please refer to this wiki page for the latest status: https://wiki.resolution.de/doc/saml-sso/latest/jira/security-advisories/2021-07-29-authentication-bypass-network-attacker-can-login-to-users-accounts-when-usernames-are-known
3.5.7Confluence Data Center 6.3.0 - 7.5.22021-08-12Improved Security Update Version 3.5.7 • Released 2021-08-12 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialThis version (released August 12th) addresses additional scenarios in the critical security vulnerability that was fixed with versions issued on July 29th. This is expected to be the final fix.
To allow upgrades to a fix version without major upgrades in the Atlassian application, all public versions in the marketplace will include the fix to the security vulnerability.
Please reference the version history for the most relevant version for your instance. https://marketplace.atlassian.com/apps/1212129/saml-single-sign-on-confluence-sso-confluence-saml-sso/version-history
Please refer to this wiki page for the latest status: https://wiki.resolution.de/doc/saml-sso/latest/jira/security-advisories/2021-07-29-authentication-bypass-network-attacker-can-login-to-users-accounts-when-usernames-are-known
2.0.14Confluence Server 5.10.0 - 6.8.52021-08-12Improved Security Update Version 2.0.14 • Released 2021-08-12 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialThis version (released August 12th) addresses additional scenarios in the critical security vulnerability that was fixed with versions issued on July 29th. This is expected to be the final fix.
To allow upgrades to a fix version without major upgrades in the Atlassian application, all public versions in the marketplace will include the fix to the security vulnerability.
Please reference the version history for the most relevant version for your instance. https://marketplace.atlassian.com/apps/1212129/saml-single-sign-on-confluence-sso-confluence-saml-sso/version-history
Please refer to this wiki page for the latest status: https://wiki.resolution.de/doc/saml-sso/latest/jira/security-advisories/2021-07-29-authentication-bypass-network-attacker-can-login-to-users-accounts-when-usernames-are-known