Red Hat Single Sign-On 7.4 Update 8 Release Notes
This software patch resolves a number of security defects and customer reported bugs in Red Hat Single Sign-On 7.4. RH-SSO will deliver patches on a repeating schedule to resolve security defects and customer reported bugs. Fixes for RH-SSO 7.4 will continue until RH-SSO 7.5 is released, and at that time maintenance will be delivered on RH-SSO 7.5.
Updated client adapters are released as needed to resolve customer reported issues or security fixes. The adapters are released as needed so often a given cumulative patch version will not have an associated client adapter for all products.
This update includes all fixes and changes from Red Hat Single Sign-On 7.4 Update 7.
Red Hat Single Sign-On Server component also includes Red Hat JBoss Enterprise Application Platform and this update includes JBoss Enterprise Application Platform 7.3 Update 8. See the JBoss Enterprise Application Platform 7.3 Update 8 Release Notes for a list of changes included in that release.
Download This content is not included.Red Hat Single Sign-On 7.4 Update 8
Important Notices
Support for Red Hat Single Sign-On (RH-SSO) on Red Hat Enterprise Linux 6 (RHEL 6) is deprecated and the 7.5 release of RH-SSO will not be supported on RHEL 6. RHEL 6 entered the ELS phase of its lifecycle on November 30, 2020 and the Red Hat JBoss Enterprise Application Platform (EAP) that RH-SSO depends upon will drop support for RHEL 6 with the EAP 7.4 release. Customers should deploy their RH-SSO 7.5 upgrades on RHEL 7 or 8 versions.
Installation from an RPM is deprecated. Red Hat Single Sign-On will continue to deliver RPMs for the life of the 7.x product, but will not deliver RPMs with the next major version. The product will continue to support installation from a ZIP file and installation on OpenShift.
Red Hat Single Sign-On has deprecated Internet Explorer testing as a tested integration. Testing for Internet Explorer will be discontinued and replaced with Microsoft Edge in the next minor release.
Resolved Issues
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2021-3536 | Server | wildfly: XSS via admin console when creating roles in domain mode |
| CVE-2021-21409 | Server | netty: Request smuggling via content-length header |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| This content is not included.KEYCLOAK-18055 | Server | NPE in offline session loading |
| This content is not included.KEYCLOAK-16928 | Operator | AuthenticationFlow cannot be created with SubFlow |
| This content is not included.KEYCLOAK-17835 | Server | Account Permanent Lockout and login error messages |
| This content is not included.KEYCLOAK-17177 | Operator | Operator misses the permission to set a custom hostname |
| This content is not included.KEYCLOAK-17803 | Container | Container catalog: missing "-n openshift" when describing import-image |
| This content is not included.KEYCLOAK-17694 | Container | uid, username mapping is broken in rh-sso-7/sso74-openshift-rhel8:7.4-25 container |
| This content is not included.KEYCLOAK-16935 | Server | MySQL connector version >= 8.0.23 give ClassCastException: class java.time.LocalDateTime |
| This content is not included.KEYCLOAK-13047 | LDAP | LDAP no-import mode buggy behaviour |
| This content is not included.KEYCLOAK-10927 | LDAP | Keycloak doesn't support LDAPv3 password modify operation |
Installation
Note: This update should only be applied to zip-based installations.
For instructions on applying Red Hat Single Sign-On cumulative patch (also referred to as a Micro Release) see Micro Upgrades in Red Hat Single Sign-On 7.4 Patching And Upgrading Guide.
The adapters are distributed as a full release which is intended to replace the existing adapter. Full details are available in Upgrading Red Hat Single Sign-On Adapters.