Release notes: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/983957505/Kantega+SSO+Enterprise+5.8.x+release+notes#Changes-in-5.8.10
Version history
5.8.10Bitbucket Data Center 7.2.0 - 8.1.12022-06-07Reintroduce V1 API Tokens REST Service and customizable texts improvements 5.8.10Bitbucket Server 7.2.0 - 8.1.12022-06-07Reintroduce V1 API Tokens REST Service and customizable texts improvements Release notes: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/983957505/Kantega+SSO+Enterprise+5.8.x+release+notes#Changes-in-5.8.105.8.9Bitbucket Data Center 7.2.0 - 8.1.12022-06-07Reintroduce V1 API Tokens REST Service and customizable texts improvements Release notes: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/983957505/Kantega+SSO+Enterprise+5.8.x+release+notes#Changes-in-5.8.95.8.9Bitbucket Server 7.2.0 - 8.1.12022-06-07Reintroduce V1 API Tokens REST Service and customizable texts improvements Release notes: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/983957505/Kantega+SSO+Enterprise+5.8.x+release+notes#Changes-in-5.8.95.8.7Bitbucket Data Center 7.2.0 - 8.1.12022-05-23Allowlist exception to REST API access URLs, improvements and bugfixes 5.8.7Bitbucket Server 7.2.0 - 8.1.12022-05-23Allowlist exception to REST API access URLs, improvements and bugfixes 5.7.2Bitbucket Data Center 7.0.0 - 7.21.22022-05-02Bump API tokens REST API, SCIM in Backup & restore and IDP Wizard improvements Release notes: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/975241217/Kantega+SSO+Enterprise+5.7.x+release+notes#Changes-in-5.7.2
P.S. This version contains a database migration for API tokens. Make sure to take a Backup of your configuration (Snapshot of config) before this update, in case you have to revert back.
5.7.2Bitbucket Server 7.0.0 - 7.21.22022-05-02Bump API tokens REST API, SCIM in Backup & restore and IDP Wizard improvements Release notes: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/975241217/Kantega+SSO+Enterprise+5.7.x+release+notes#Changes-in-5.7.2
P.S. This version contains a database migration for API tokens. Make sure to take a Backup of your configuration (Snapshot of config) before this update, in case you have to revert back.
5.6.2Bitbucket Data Center 7.0.0 - 7.21.22022-03-17Bug fixes and UI improvements 5.6.2Bitbucket Server 7.0.0 - 7.21.22022-03-17Bug fixes and UI improvements 5.6.0Bitbucket Data Center 7.0.0 - 7.21.22022-03-08Support for WSO2 Agardeo Identity Provider. SAML/OIDC Wizard fixes Release notes: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/962461705/Kantega+SSO+Enterprise+5.6.x+release+notes
5.6.0Bitbucket Server 7.0.0 - 7.21.22022-03-08Support for WSO2 Agardeo Identity Provider. SAML/OIDC Wizard fixes Release notes: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/962461705/Kantega+SSO+Enterprise+5.6.x+release+notes
5.5.4Bitbucket Data Center 7.0.0 - 7.21.22022-02-20Temporary roll back kerberos bouncy castle and bug fixes SAML/OIDC setup wizard 5.5.4Bitbucket Server 7.0.0 - 7.21.22022-02-20Temporary roll back kerberos bouncy castle and bug fixes SAML/OIDC setup wizard 5.5.2Bitbucket Data Center 7.0.0 - 7.21.22022-02-04Dependency security updates, improvements and bug fixes 5.5.2Bitbucket Server 7.0.0 - 7.21.22022-02-04Dependency security updates, improvements and bug fixes 5.5.0Bitbucket Data Center 6.8.0 - 7.21.22022-01-31Refactor and improve setup wizard, other improvements and bug fixes 5.5.0Bitbucket Server 6.8.0 - 7.21.22022-01-31Refactor and improve setup wizard, other improvements and bug fixes 5.3.2Bitbucket Data Center 6.8.0 - 7.21.22022-01-19Dependency updates with security patches 5.3.2Bitbucket Server 6.8.0 - 7.21.22022-01-19Dependency updates with security patches 5.3.0Bitbucket Data Center 6.8.0 - 7.21.22022-01-11REST API for managing API tokens and more settings in group memberships 5.3.0Bitbucket Server 6.8.0 - 7.21.22022-01-11REST API for managing API tokens and more settings in group memberships 5.2.0Bitbucket Data Center 6.8.0 - 7.21.22021-12-16Introducing REST API for management of configuration snapshots, create, restore 5.2.0Bitbucket Server 6.8.0 - 7.21.22021-12-16Introducing REST API for management of configuration snapshots, create, restore 5.1.2Bitbucket Data Center 6.8.0 - 7.21.22021-12-15Consolidate logging to Slf4j framework only Please note that Kantega SSO is not affected by Log4shell (CVE-2021-44228), but this is a consolidation to avoid other potential vulnerabilities. Read the whole release note here: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/925892617/Kantega+SSO+Enterprise+5.1.x+release+notes#Changes-in-5.1.2
5.1.2Bitbucket Server 6.8.0 - 7.21.22021-12-15Consolidate logging to Slf4j framework only Please note that Kantega SSO is not affected by Log4shell (CVE-2021-44228), but this is a consolidation to avoid other potential vulnerabilities. Read the whole release note here: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/925892617/Kantega+SSO+Enterprise+5.1.x+release+notes#Changes-in-5.1.2
4.14.8Bitbucket Data Center 6.8.0 - 7.21.22021-12-15Backport: Consolidate logging to Slf4j framework only Consolidated logging by replacing all remaining direct references to the provided dependency of Log4j 1.2.17 with the facade Slf4j. Older versions of Kantega SSO are not affected by CVE-2021-44228, but this release mitigates risk of other vulnerabilities. Read more about the log4j vulnerability here: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/932118634/About+the+Log4j+vulnerability+CVE-2021-44228
4.14.8Bitbucket Server 6.8.0 - 7.21.22021-12-15Backport: Consolidate logging to Slf4j framework only Consolidated logging by replacing all remaining direct references to the provided dependency of Log4j 1.2.17 with the facade Slf4j. Older versions of Kantega SSO are not affected by CVE-2021-44228, but this release mitigates risk of other vulnerabilities. Read more about the log4j vulnerability here: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/932118634/About+the+Log4j+vulnerability+CVE-2021-44228
5.1.1Bitbucket Data Center 6.8.0 - 7.21.22021-12-10Fix rest filter SQL query performance issue and bug fixes 5.1.1Bitbucket Server 6.8.0 - 7.21.22021-12-10Fix rest filter SQL query performance issue and bug fixes 4.14.7Bitbucket Data Center 6.7.0 - 7.21.22021-12-10Fix performance issue with unnecessary database queries to REST API filter Fix performance issue with unnecessary database queries to AO_xx_RESTRICT_APIENDPOINT on REST API filter
4.14.7Bitbucket Server 6.7.0 - 7.21.22021-12-10Fix performance issue with unnecessary database queries to REST API filter Fix performance issue with unnecessary database queries to AO_xx_RESTRICT_APIENDPOINT on REST API filter
5.1.0Bitbucket Data Center 6.8.0 - 7.21.22021-11-26Support SAML or OIDC SSO re-auth with websudo and visual improvements/bug fixes 5.1.0Bitbucket Server 6.8.0 - 7.21.22021-11-26Support SAML or OIDC SSO re-auth with websudo and visual improvements/bug fixes 5.0.3Bitbucket Data Center 6.8.0 - 7.21.22021-11-19Fix for special characters in userPrincipalName lookup and other bug fixes 5.0.3Bitbucket Server 6.8.0 - 7.21.22021-11-19Fix for special characters in userPrincipalName lookup and other bug fixes 5.0.2Bitbucket Data Center 6.8.0 - 7.21.22021-11-10Temporarily disable origin requirement for CSRF and bug fixes 5.0.2Bitbucket Server 6.8.0 - 7.21.22021-11-10Temporarily disable origin requirement for CSRF and bug fixes 5.0.1Bitbucket Data Center 6.8.0 - 7.21.22021-10-29Major under-the-hood changes and new setup wizard for SAML and OIDC and bugfixes 5.0.1Bitbucket Server 6.8.0 - 7.21.22021-10-29Major under-the-hood changes and new setup wizard for SAML and OIDC and bugfixes 4.14.6Bitbucket Data Center 6.7.0 - 7.21.22021-10-20Bugfixes for API tokens and JIT provisioning Bugs
- API tokens are blocked when BasicAuth is disabled
- When using JIT provisioning and sending the email parameter as a list instead of a string, the first email is not extracted correctly
4.14.6Bitbucket Server 6.7.0 - 7.21.22021-10-20Bugfixes for API tokens and JIT provisioning Bugs
- API tokens are blocked when BasicAuth is disabled
- When using JIT provisioning and sending the email parameter as a list instead of a string, the first email is not extracted correctly
4.14.5Bitbucket Data Center 6.7.0 - 7.21.22021-10-15Small improvements and bugfixes Improvements
- Allow user lookup in an AD directory where the user is a member of a subdomain of the directory baseDn
- Allow Jira Crowd requests to pass through when Basic Auth and API tokens are restricted
Bugs
- Just-in-time provisioning does not work with a delegated user directory
4.14.5Bitbucket Server 6.7.0 - 7.21.22021-10-15Small improvements and bugfixes Improvements
- Allow user lookup in an AD directory where the user is a member of a subdomain of the directory baseDn
- Allow Jira Crowd requests to pass through when Basic Auth and API tokens are restricted
Bugs
- Just-in-time provisioning does not work with a delegated user directory
4.14.4Bitbucket Data Center 6.7.0 - 7.21.22021-09-17Fix SCIM issue with authorization on API server URL No release notes.4.14.4Bitbucket Server 6.7.0 - 7.21.22021-09-17Fix SCIM issue with authorization on API server URL No release notes.4.14.3Bitbucket Data Center 6.7.0 - 7.21.22021-09-16Fix possible path traversal on delete snapshot action No release notes.4.14.3Bitbucket Server 6.7.0 - 7.21.22021-09-16Fix possible path traversal on delete snapshot action No release notes.4.14.2Bitbucket Data Center 6.2.0 - 7.21.22021-09-01Authenticated anonymous browsing, SCIM and OIDC improvements, and bugfixes Features:
- [User Provisioning] Authenticated anonymous browsing: allow users to browse "anonymous" to the Atlassian product after SAML/OIDC login instead of Just-in-time create user
- [Kerberos] Toggle Kerberos based on user directory
Improvements:
- [OIDC] Support incoming list in OIDC email claim
- [OIDC/SAML] Support \L and \U for lowercase/uppercase in OIDC/SAML user lookup regular expressions
- [SCIM] Support externalId claim for filter in SCIM
- [API Tokens] REST API Access blocking non-API token requests reduced to DEBUG level logging and added to access log
Bugs:
- [API Connector] Bad handling of incorrect tenant name input
- [OIDC] OIDC single logout not triggered from Jira Service Management
4.14.2Bitbucket Server 6.2.0 - 7.21.22021-09-01Authenticated anonymous browsing, SCIM and OIDC improvements, and bugfixes Features:
- [User Provisioning] Authenticated anonymous browsing: allow users to browse "anonymous" to the Atlassian product after SAML/OIDC login instead of Just-in-time create user
- [Kerberos] Toggle Kerberos based on user directory
Improvements:
- [OIDC] Support incoming list in OIDC email claim
- [OIDC/SAML] Support \L and \U for lowercase/uppercase in OIDC/SAML user lookup regular expressions
- [SCIM] Support externalId claim for filter in SCIM
- [API Tokens] REST API Access blocking non-API token requests reduced to DEBUG level logging and added to access log
Bugs:
- [API Connector] Bad handling of incorrect tenant name input
- [OIDC] OIDC single logout not triggered from Jira Service Management
4.13.2Bitbucket Data Center 6.2.0 - 7.21.22021-08-06Fix issue where Basic Auth in SCIM could trigger login event No release notes.4.13.2Bitbucket Server 6.2.0 - 7.21.22021-08-06Fix issue where Basic Auth in SCIM could trigger login event No release notes.4.13.1Bitbucket Data Center 6.2.0 - 7.21.22021-08-05Added Basic Auth as authentication option for SCIM No release notes.4.13.1Bitbucket Server 6.2.0 - 7.21.22021-08-05Added Basic Auth as authentication option for SCIM No release notes.4.12.0Bitbucket Data Center 6.2.0 - 7.21.22021-07-26Improved Kerberos help for UPN issues and ability to disable SCIM request auth Features:
- Kerberos: Wizard helps to fix UPN bound to incorrect AD account issues
- SCIM: Ability to turn off SCIM request authentication using bearer tokens
Improvements:
- SCIM is now out of BETA
Bugs:
- Depreciation warning when configuring CDN with Kantega SSO installed
4.12.0Bitbucket Server 6.2.0 - 7.21.22021-07-26Improved Kerberos help for UPN issues and ability to disable SCIM request auth Features:
- Kerberos: Wizard helps to fix UPN bound to incorrect AD account issues
- SCIM: Ability to turn off SCIM request authentication using bearer tokens
Improvements:
- SCIM is now out of BETA
Bugs:
- Depreciation warning when configuring CDN with Kantega SSO installed
4.11.0Bitbucket Data Center 6.2.0 - 7.21.22021-07-02Support for OIDC login without userinfo endpoint No release notes.4.11.0Bitbucket Server 6.2.0 - 7.21.22021-07-02Support for OIDC login without userinfo endpoint No release notes.4.10.2Bitbucket Data Center 6.2.0 - 7.21.22021-06-18Added support for configuring additional Forced SSO URLs No release notes.4.10.2Bitbucket Server 6.2.0 - 7.21.22021-06-18Added support for configuring additional Forced SSO URLs No release notes.4.10.1Bitbucket Data Center 6.2.0 - 7.21.22021-06-04Ability to turn off sending login hint to identity provider No release notes.4.10.1Bitbucket Server 6.2.0 - 7.21.22021-06-04Ability to turn off sending login hint to identity provider No release notes.4.10.0Bitbucket Data Center 6.2.0 - 7.21.22021-05-28New feature to allow API token authentication for specified non-REST URLs No release notes.4.10.0Bitbucket Server 6.2.0 - 7.21.22021-05-28New feature to allow API token authentication for specified non-REST URLs No release notes.4.9.1Bitbucket Data Center 6.2.0 - 7.21.22021-05-26Fix for a regression introduced in 4.2.4 Fix:
- Redirect based on user directory is no longer independent of user lookup attribute
4.9.1Bitbucket Server 6.2.0 - 7.21.22021-05-26Fix for a regression introduced in 4.2.4 Fix:
- Redirect based on user directory is no longer independent of user lookup attribute
4.9.0Bitbucket Data Center 6.2.0 - 7.21.22021-05-12Increased config security level and SCIM updates New features
- [SCIM] Added support for filtered sub-attribute targets in PATCH requests
Security
- App configuration access level increased to system administrator to avoid the possibility for ordinary administrators to elevate privileges
4.9.0Bitbucket Server 6.2.0 - 7.21.22021-05-12Increased config security level and SCIM updates New features
- [SCIM] Added support for filtered sub-attribute targets in PATCH requests
Security
- App configuration access level increased to system administrator to avoid the possibility for ordinary administrators to elevate privileges
4.8.1Bitbucket Data Center 6.2.0 - 7.21.22021-05-03Support tab, debug info, backup improvements, and more New features
- Added support tab with ability to search documentation and quickly contact support
- Added page for debug information about entire app configuration
- Allow username/password login only for specific user groups
Improvements
- Backup of API tokens and Restrict API endpoint settings in "Snapshot of config"
4.8.1Bitbucket Server 6.2.0 - 7.21.22021-05-03Support tab, debug info, backup improvements, and more New features
- Added support tab with ability to search documentation and quickly contact support
- Added page for debug information about entire app configuration
- Allow username/password login only for specific user groups
Improvements
- Backup of API tokens and Restrict API endpoint settings in "Snapshot of config"
4.7.0Bitbucket Data Center 6.2.0 - 7.21.22021-03-24Restrict REST API, auto-refresh metadata, Azure multi-tenant, default group rule New features
- Restrict rest API endpoints only to use API tokens for Authentication
- [SAML] Schedule automatic metadata refresh
- [OIDC] Support for Azure AD multi-tenant architecture • Disable traditional login based on the user directory
- Assign default groups based on regex rules
Improvements
- Rewritten license warnings to give a better understanding of why the license is not valid
Fixes
- NoSuchElementException in logs when loading the login page
- SCIM does not accept usernames with apostrophes
- Possible NullPointerException during Single Logout
- Moved away from using CLOB values
4.7.0Bitbucket Server 6.2.0 - 7.21.22021-03-24Restrict REST API, auto-refresh metadata, Azure multi-tenant, default group rule New features
- Restrict rest API endpoints only to use API tokens for Authentication
- [SAML] Schedule automatic metadata refresh
- [OIDC] Support for Azure AD multi-tenant architecture • Disable traditional login based on the user directory
- Assign default groups based on regex rules
Improvements
- Rewritten license warnings to give a better understanding of why the license is not valid
Fixes
- NoSuchElementException in logs when loading the login page
- SCIM does not accept usernames with apostrophes
- Possible NullPointerException during Single Logout
- Moved away from using CLOB values
4.5.1Bitbucket Data Center 5.5.0 - 7.21.22021-03-02Fixes for RML auto-redirect and SAML certificate page Fixes:
- SAML/OIDC: Inconsistent behavior with auto redirect mode using remember-my-login
- SAML: Test page for certificate shows variables instead of actual values
4.5.1Bitbucket Server 5.5.0 - 7.21.22021-03-02Fixes for RML auto-redirect and SAML certificate page Fixes:
- SAML/OIDC: Inconsistent behavior with auto redirect mode using remember-my-login
- SAML: Test page for certificate shows variables instead of actual values
4.5.0Bitbucket Data Center 5.5.0 - 7.21.22021-02-18Login test improvements and SAML security fix New features:
- OIDC: support for "client_secret_post" client authentication method
- Kerberos: toggle to disable Kerberos on JSM/JSD knowledge base
Improvements:
- OIDC: more robust and richer test login flow and more details in debug info
- OIDC/SAML: test result page has better tracking with a unique ID
Fixes:
- SAML: missing sanitization of URL on SAML response page
4.5.0Bitbucket Server 5.5.0 - 7.21.22021-02-18Login test improvements and SAML security fix New features:
- OIDC: support for "client_secret_post" client authentication method
- Kerberos: toggle to disable Kerberos on JSM/JSD knowledge base
Improvements:
- OIDC: more robust and richer test login flow and more details in debug info
- OIDC/SAML: test result page has better tracking with a unique ID
Fixes:
- SAML: missing sanitization of URL on SAML response page
4.4.9Bitbucket Data Center 5.5.0 - 7.21.22021-02-05Bug fixes and improvements Improvements
- ForceSSO for JEditor
Fixes
- Possible NullPointerException on API Tokens
4.4.9Bitbucket Server 5.5.0 - 7.21.22021-02-05Bug fixes and improvements Improvements
- ForceSSO for JEditor
Fixes
- Possible NullPointerException on API Tokens
4.4.8Bitbucket Data Center 5.5.0 - 7.21.22021-01-28Upgraded dependencies with security vulnerabilities No release notes.4.4.8Bitbucket Server 5.5.0 - 7.21.22021-01-28Upgraded dependencies with security vulnerabilities No release notes.4.4.7Bitbucket Data Center 5.5.0 - 7.21.22021-01-18Fixes for OIDC Single Logout and API Tokens Fixes
- [OIDC] Single Logout issues with activation, incorrect return URL, and improved error handling
- API Tokens incorrectly logs error on version upgrade
4.4.7Bitbucket Server 5.5.0 - 7.21.22021-01-18Fixes for OIDC Single Logout and API Tokens Fixes
- [OIDC] Single Logout issues with activation, incorrect return URL, and improved error handling
- API Tokens incorrectly logs error on version upgrade
4.4.6Bitbucket Data Center 5.5.0 - 7.21.22020-12-18Improvements to API Tokens and CSRF Improvements:
- Remove use of API_TOKEN prefix
- Added origin validation as part of CSRF check
4.4.6Bitbucket Server 5.5.0 - 7.21.22020-12-18Improvements to API Tokens and CSRF Improvements:
- Remove use of API_TOKEN prefix
- Added origin validation as part of CSRF check
4.4.3Bitbucket Data Center 5.5.0 - 7.21.22020-11-27SAML metadata updates and dependency updates Features
- SAML: Added support for changing SSL fingerprint during metadata refresh
- SAML: Added support for HTTP (not only HTTPS) in metadata URL
Fixes
- Kerberos: Fixed logging and improved exception handling for AD server DNS lookup
Also, the following third party libraries were updated:
- commons-io 1.4 to 2.4
- commons-fileupload 1.2.1 to 1.4
- guava 19.0 to 30.0-jre
- jetty 9.4.7.v20170914 to 9.4.34.v20201102
- jackson-databind 2.9.8 to 2.9.10.6
- jackson-module-parameter-names 2.9.8 to 2.9.10
- jackson-datatype-jdk8 2.9.8 to 2.9.10
- jackson-datatype-jsr310 2.9.8 to 2.9.10
- jackson-module-jaxb-annotations 2.9.8 to 2.9.10
- opensaml-saml-impl 3.4.2 to 3.4.5
- slf4j-api 1.7.5 to 1.7.30
4.4.3Bitbucket Server 5.5.0 - 7.21.22020-11-27SAML metadata updates and dependency updates Features
- SAML: Added support for changing SSL fingerprint during metadata refresh
- SAML: Added support for HTTP (not only HTTPS) in metadata URL
Fixes
- Kerberos: Fixed logging and improved exception handling for AD server DNS lookup
Also, the following third party libraries were updated:
- commons-io 1.4 to 2.4
- commons-fileupload 1.2.1 to 1.4
- guava 19.0 to 30.0-jre
- jetty 9.4.7.v20170914 to 9.4.34.v20201102
- jackson-databind 2.9.8 to 2.9.10.6
- jackson-module-parameter-names 2.9.8 to 2.9.10
- jackson-datatype-jdk8 2.9.8 to 2.9.10
- jackson-datatype-jsr310 2.9.8 to 2.9.10
- jackson-module-jaxb-annotations 2.9.8 to 2.9.10
- opensaml-saml-impl 3.4.2 to 3.4.5
- slf4j-api 1.7.5 to 1.7.30
4.4.2Bitbucket Data Center 5.5.0 - 7.21.22020-11-12Support SAML POST Binding and fixes for Certificates, Header Auth and API Tokens Features
- Support for Identity Providers requiring POST binding of SAML Request
Fixes
- X509 Certificates for SAML does not display correctly
- Header Authentication does not work for REST
- API Tokens does not work if there exists an inactive user in Internal Directory and an active user in Active Directory with the same username
4.4.2Bitbucket Server 5.5.0 - 7.21.22020-11-12Support SAML POST Binding and fixes for Certificates, Header Auth and API Tokens Features
- Support for Identity Providers requiring POST binding of SAML Request
Fixes
- X509 Certificates for SAML does not display correctly
- Header Authentication does not work for REST
- API Tokens does not work if there exists an inactive user in Internal Directory and an active user in Active Directory with the same username
4.4.1Bitbucket Data Center 5.5.0 - 7.21.22020-10-28OIDC id_token validation fix Fixes
- OIDC: aud (Audience) claim in id_token only accepts string value and not array
4.4.1Bitbucket Server 5.5.0 - 7.21.22020-10-28OIDC id_token validation fix Fixes
- OIDC: aud (Audience) claim in id_token only accepts string value and not array
4.4.0Bitbucket Data Center 5.5.0 - 7.21.22020-10-27Internal OIDC changes and fixes New features
- OIDC: Rewritten library for OIDC
- OIDC: Configure scopes used in OIDC request
- OIDC: Support for domain hint for Azure AD and hosted domain for Google
Fixes
- Kerberos: Kerberos for REST does not work with mirror nodes in Bitbucket Data Center
Improvements
- OIDC: Better feedback when something goes wrong
4.4.0Bitbucket Server 5.5.0 - 7.21.22020-10-27Internal OIDC changes and fixes New features
- OIDC: Rewritten library for OIDC
- OIDC: Configure scopes used in OIDC request
- OIDC: Support for domain hint for Azure AD and hosted domain for Google
Fixes
- Kerberos: Kerberos for REST does not work with mirror nodes in Bitbucket Data Center
Improvements
- OIDC: Better feedback when something goes wrong
4.3.3Bitbucket Data Center 5.5.0 - 7.21.22020-10-06API token session cookie and SAML hosted domain fix Fixes
- API token authentication can now receive a request with session cookie without account lockout.
- Hosted Domain is not added to the SAML authentication URL in a two-step login flow.
4.3.3Bitbucket Server 5.5.0 - 7.21.22020-10-06API token session cookie and SAML hosted domain fix Fixes
- API token authentication can now receive a request with session cookie without account lockout.
- Hosted Domain is not added to the SAML authentication URL in a two-step login flow.
4.3.2Bitbucket Data Center 5.5.0 - 7.21.22020-09-25API tokens no longer locks out user Fixes
- API Tokens: Valid token requests counted as failed password attempts. Prefix old tokens with API_TOKEN_ to make use of the new functionality.
4.3.2Bitbucket Server 5.5.0 - 7.21.22020-09-25API tokens no longer locks out user Fixes
- API Tokens: Valid token requests counted as failed password attempts. Prefix old tokens with API_TOKEN_ to make use of the new functionality.
4.3.1Bitbucket Data Center 5.5.0 - 7.21.22020-09-24Hosted domain and API token fixes New features
- SAML: Hosted domain (hd) support for suggesting domain to the identity provider.
Fixes
- API Tokens: Storage format not compatible with the Atlassian backup mechanism.
- API Tokens: Failed token requests counted as failed password attempts. Prefix old tokens with API_TOKEN_ to make use of the new functionality.
4.3.1Bitbucket Server 5.5.0 - 7.21.22020-09-24Hosted domain and API token fixes New features
- SAML: Hosted domain (hd) support for suggesting domain to the identity provider.
Fixes
- API Tokens: Storage format not compatible with the Atlassian backup mechanism.
- API Tokens: Failed token requests counted as failed password attempts. Prefix old tokens with API_TOKEN_ to make use of the new functionality.
4.3.0Bitbucket Data Center 5.5.0 - 7.21.22020-09-08Enhanced API token restrictions and login hint New features
- API tokens: Ability to restrict requests based on IP addresses, and user permissions can be set based on group memberships.
- Kerberos: Possibility to enable SSO for user avatar URLs.
- SAML: Support for login hint when using 2-step login.
Fixes
- OIDC: Redirect based on user directory does not save selected user directories.
Improvements
- Name change of IP restriction modes to prevent confusion with IP lists.
- Improved SAML test page debug info.
- More robust test login incognito mode detection.
4.3.0Bitbucket Server 5.5.0 - 7.21.22020-09-08Enhanced API token restrictions and login hint New features
- API tokens: Ability to restrict requests based on IP addresses, and user permissions can be set based on group memberships.
- Kerberos: Possibility to enable SSO for user avatar URLs.
- SAML: Support for login hint when using 2-step login.
Fixes
- OIDC: Redirect based on user directory does not save selected user directories.
Improvements
- Name change of IP restriction modes to prevent confusion with IP lists.
- Improved SAML test page debug info.
- More robust test login incognito mode detection.
4.2.4Bitbucket Data Center 5.5.0 - 7.21.22020-08-25SAML/OIDC: Improved redirect based on username. Kerberos: Improved test. New features
- SAML/OIDC: Redirect based on username now respects all configured lookup attributes when using redirect by user directory or redirect by selected groups.
- SAML/OIDC: Possibility to require SAML/OIDC response to contain at least one group to allow Just-in-Time provisioning to create users.
- Kerberos: CNAME alias check added on the test page when using Kerberos for Git in Bitbucket.
Fixes
- Active Directory test does not support multi-domain.
- Broken Just-in-Time provisioning link on the Group memberships page.
Improvements
- Changed wording from whitelist/blacklist to unblocked list/blacked list.
4.2.4Bitbucket Server 5.5.0 - 7.21.22020-08-25SAML/OIDC: Improved redirect based on username. Kerberos: Improved test. New features
- SAML/OIDC: Redirect based on username now respects all configured lookup attributes when using redirect by user directory or redirect by selected groups.
- SAML/OIDC: Possibility to require SAML/OIDC response to contain at least one group to allow Just-in-Time provisioning to create users.
- Kerberos: CNAME alias check added on the test page when using Kerberos for Git in Bitbucket.
Fixes
- Active Directory test does not support multi-domain.
- Broken Just-in-Time provisioning link on the Group memberships page.
Improvements
- Changed wording from whitelist/blacklist to unblocked list/blacked list.
4.2.2Bitbucket Server 5.5.0 - 7.21.22020-08-08Fix: Okta user API changes Okta has changed the attributes and pagination in their user APIs.
If you use the API Connector features to synchronize Okta users and experience that you are only able to sync 200 users but have a larger user base, you are most likely hit by this change and should upgrade to version 4.2.2 of Kantega SSO.
4.2.2Bitbucket Data Center 5.5.0 - 7.21.22020-08-08Fix: Okta user API changes Okta has changed the attributes and pagination in their user APIs.
If you use the API Connector features to synchronize Okta users and experience that you are only able to sync 200 users but have a larger user base, you are most likely hit by this change and should upgrade to version 4.2.2 of Kantega SSO.
4.2.1Bitbucket Data Center 5.5.0 - 7.21.22020-08-07OIDC/SAML: Group memberships improvements - New feature OIDC/SAML: Group creation and synchronization of all incoming group claims as an alternative to managed groups
- SAML fix: Error on test page when incoming SAML response is incomplete
4.2.1Bitbucket Server 5.5.0 - 7.21.22020-08-07OIDC/SAML: Group memberships improvements - New feature OIDC/SAML: Group creation and synchronization of all incoming group claims as an alternative to managed groups
- SAML fix: Error on test page when incoming SAML response is incomplete
4.2.0Bitbucket Data Center 5.5.0 - 7.21.22020-07-31Fix OIDC logins not working. Regular expression improvements SAML/OIDC and more. - OIDC fix: Logins not working in Bitbucket
- SAML/OIDC improvement: Regular expressions in username transformation will now also try original username if no match is found
- Cloud User Sync performance improvements when adding synced users to local groups
- Internal technical improvements
4.2.0Bitbucket Server 5.5.0 - 7.21.22020-07-31Fix OIDC logins not working. Regular expression improvements SAML/OIDC and more. - OIDC fix: Logins not working in Bitbucket
- SAML/OIDC improvement: Regular expressions in username transformation will now also try original username if no match is found
- Cloud User Sync performance improvements when adding synced users to local groups
- Internal technical improvements
4.1.13Bitbucket Data Center 5.5.0 - 7.21.22020-06-30Fix regression introduced in 4.1.12 - potential 401 for basic auth REST requests Fix regression introduced in 4.1.12, where basic auth REST requests would give 401 response code when Kerberos is enabled
4.1.13Bitbucket Server 5.5.0 - 7.21.22020-06-30Fix regression introduced in 4.1.12 - potential 401 for basic auth REST requests Fix regression introduced in 4.1.12, where basic auth REST requests would give 401 response code when Kerberos is enabled
4.1.12Bitbucket Data Center 5.5.0 - 7.21.22020-06-29Rate limit delay for Okta API Connector and updated guides - Feat: Rate limit delay for Okta API Connector. Avoid creating too many API requests within a short timeframe.
- Improvement: Update Keycloak setup guides
4.1.12Bitbucket Server 5.5.0 - 7.21.22020-06-29Rate limit delay for Okta API Connector and updated guides - Feat: Rate limit delay for Okta API Connector. Avoid creating too many API requests within a short timeframe.
- Improvement: Update Keycloak setup guides