Skip to main content
Version: 6.17

Security and authentication improvements

The following improvements regarding security and authentication have been made.

Validation for OIDC client ID added (#664835)

The OIDC client ID should contain only ASCII characters in order to avoid authentication problems when using OIDC. A validation has been added to the Client ID fields on the Authentication, Portal configurations and Global portal settings pages, so that it is not possible to save the OIDC configuration if the client ID contains non-ASCII characters such as umlauts.

Information about two-factor authentication improved (#664904)

An info box explaining that two-factor authentication is only available if an internal OIDC provider is used has been added to the Two-factor authentication section of the Authentication page of the Web Admin Suite. In addition, the section is hidden if an external OIDC provider is configured for both the Web Client and the Web Admin Suite. In this situation, the status indicator of two-factor authentication is not displayed in the header neither.

Third-party library changes

The following third-party libraries have been updated or replaced in this ConSol CM version:

  • axios (#665746): Updated from version 1.8.4 to 1.11.0
  • babel (#664878): Updated to version 7.27.0
  • commons-beanutil (#665570): Updated from version 1.9.4 to 1.11.0
  • commons-fileupload (#665570): Updated from version 1.5 to 1.6.0
  • commons-io (#665572): Updated from version 2.14.0 to 2.18.0
  • commons-lang (#665661, #665782): Updated from version 3.11 to 3.18.0
  • form-data (#665714): Updated from version 3.0.1 to 3.0.4
  • http-proxy-middleware (#664850): Updated from version 3.0.3 to 3.0.5
  • jackson (#665574, #665570): Updated to version 2.16.0 in CM/Doc and to version 2.19.1 in ETL Runner
  • nimbus-jose-jwt (#665661): Updated from version 9.37.3 to 10.0.2
  • on-headers (#665714): Updated to version 1.1.0
  • poi (#665572): Updated from version 4.1.1 to 5.4.0
  • reactor-netty (#665661): Updated to version 1.2.8
  • spring (#665572): Updated to version 5.3.39
  • vite (#664850, #664984, #665566): Updated to version 6.2.7 in the Web Admin Suite and to version 5.4.19 in CM/Track V3
  • tomcat-embed (#665565, #665662, #665747): Updated from version 9.0.102 to version 9.0.107
  • wicket (#665629): Updated from version 9.13.0 to 9.21.0.
  • xmlbeans (#665572): Updated from version 3.1.0 to 5.2.0
info

The users need to update CM/Doc for this change to become effective.