- SAML Single Sign-On 6.4.0 comes with the User Sync 2.7.1 release, see 2.7.x release notes.
- Added preset for OIDC with Ping One.
- Fixed logout issues when using OIDC.
- Fixed flickering authentication tracker UI for OIDC logins.
- Allow sending SAML authentication requests to a different URLs.
- Added metadata file import to the IdP page.
Version history
6.4.0Bamboo Server 6.10.2 - 9.2.12023-02-06Several minor improvements and bug fixes Version 6.4.0 • Released 2023-02-06 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial6.4.0Bamboo 8.0.0 - 9.2.12023-02-06Several minor improvements and bug fixes Version 6.4.0 • Released 2023-02-06 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- SAML Single Sign-On 6.4.0 comes with the User Sync 2.7.1 release, see 2.7.x release notes.
- Added preset for OIDC with Ping One.
- Fixed logout issues when using OIDC.
- Fixed flickering authentication tracker UI for OIDC logins.
- Allow sending SAML authentication requests to a different URLs.
- Added metadata file import to the IdP page.
6.3.0Bamboo Server 6.10.2 - 9.1.12023-01-12OAuth2 authentication, IdP specific metadata, security fix Version 6.3.0 • Released 2023-01-12 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- Allow OAuth2 authentication with Atlassian, LinkedIn, GitHub, Twitter or Facebook
- Specific SP metadata can be provided per IdP
- Fix a medium level security vulnerability potentially allowing replay attacks, see https://wiki.resolution.de/doc/saml-sso/latest/jira/security-advisories/2023-01-12-response-can-be-replayed-with-modified-id-when-only-the-assertion-is-signed .
- Please check our release notes for more details.
6.3.0Bamboo 8.0.0 - 9.1.12023-01-12OAuth2 authentication, IdP specific metadata, security fix Version 6.3.0 • Released 2023-01-12 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- Allow OAuth2 authentication with Atlassian, LinkedIn, GitHub, Twitter or Facebook
- Specific SP metadata can be provided per IdP
- Fix a medium level security vulnerability potentially allowing replay attacks, see https://wiki.resolution.de/doc/saml-sso/latest/jira/security-advisories/2023-01-12-response-can-be-replayed-with-modified-id-when-only-the-assertion-is-signed .
- Please check our release notes for more details.
6.2.5Bamboo Server 6.10.2 - 9.1.12023-01-12Security update Version 6.2.5 • Released 2023-01-12 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialFixed a medium level security vulnerability potentially allowing replay attacks, see https://wiki.resolution.de/doc/saml-sso/latest/jira/security-advisories/2023-01-12-response-can-be-replayed-with-modified-id-when-only-the-assertion-is-signed.
6.2.5Bamboo 8.0.0 - 9.1.12023-01-12Security update Version 6.2.5 • Released 2023-01-12 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialFixed a medium level security vulnerability potentially allowing replay attacks, see https://wiki.resolution.de/doc/saml-sso/latest/jira/security-advisories/2023-01-12-response-can-be-replayed-with-modified-id-when-only-the-assertion-is-signed.
4.0.15Bamboo Server 6.8.0 - 7.2.102023-01-12Security update Version 4.0.15 • Released 2023-01-12 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialFixed a medium level security vulnerability potentially allowing replay attacks, see https://wiki.resolution.de/doc/saml-sso/latest/jira/security-advisories/2023-01-12-response-can-be-replayed-with-modified-id-when-only-the-assertion-is-signed.
2.5.11Bamboo Server 5.12.0.2 - 6.10.62023-01-12Security update Version 2.5.11 • Released 2023-01-12 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialFixed a medium level security vulnerability potentially allowing replay attacks, see https://wiki.resolution.de/doc/saml-sso/latest/jira/security-advisories/2023-01-12-response-can-be-replayed-with-modified-id-when-only-the-assertion-is-signed.