Red Hat Single Sign-On 7.6 Update 1 Release Notes
This software patch resolves a number of security defects and customer reported bugs in Red Hat Single Sign-On 7.5. RH-SSO will deliver patches on a repeating schedule to resolve security defects and customer reported bugs. Fixes for RH-SSO 7.5 will continue until RH-SSO 7.6 is released, and at that time maintenance will be delivered on RH-SSO 7.6.
Updated client adapters are released as needed to resolve customer reported issues or security fixes. The adapters are released as needed so often a given cumulative patch version will not have an associated client adapter for all products.
Red Hat Single Sign-On Server component also includes Red Hat JBoss Enterprise Application Platform and this update includes JBoss Enterprise Application Platform 7.4 Update 3 and Update 4. See the JBoss Enterprise Application Platform 7.4 Update 3 Release Notes and JBoss Enterprise Application Platform 7.4 Update 4 Release Notes for a list of changes included in that release.
Download This content is not included.Red Hat Single Sign-On 7.6 Update 1
Resolved Issues
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2022-0225 | Server | keycloak: Stored XSS in groups dropdown |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| This content is not included.RHSSO-2072 | Admin API | Deadlock when calling removeUser for Service Account Linked Users |
| This content is not included.RHSSO-2151 | Server | RH SSO offline token causing Violation of PRIMARY KEY constraint 'CONSTRAINT_OFFL_CL_SES_PK3' |
| This content is not included.RHSSO-2153 | RPM Distribution | RH SSO 7.6 rpm issues while installing with Jboss EAP 7.4.5 on the same machine |
| This content is not included.RHSSO-2160 | Server | Offline User Session dead lock caused by PersisterLastSessionRefreshStore |
| This content is not included.RHSSO-2161 | Server | NullPointerException when confirming logout |
| This content is not included.RHSSO-2169 | Server | Expired cache objects in infinispan cache are never garbage collected in standalone configuration |
| This content is not included.RHSSO-2181 | Server | Fetch group by attribute |
| This content is not included.RHSSO-2183 | Server, Admin API | admin console groups UI does not show all sub-groups when searching |
| This content is not included.RHSSO-2185 | Server | SAML javascript protocol mapper: disable uploading scripts through admin console |
| This content is not included.RHSSO-2186 | Server | keycloak.v2 theme not present in product keycloak-themes.json #8804 |
| This content is not included.RHSSO-2187 | Server | RH SSO exception due to requirement of client_id" presence within Request Object |
| This content is not included.RHSSO-2191 | OpenShift - xPaaS | S2I with custom Maven mirror url settings fails due to undefined AUS value |
| This content is not included.RHSSO-2194 | OpenShift - xPaaS | Need to be able to install RH-SSO operator using command line |
| This content is not included.RHSSO-2199 | Server | KEYCLOAK_SESSION is not accepting special characters for user |
| This content is not included.RHSSO-2202 | OpenShift - xPaaS | Use explicit URLs for txn-recovery-marker-jdbc-common and txn-recovery-marker-jdbc-hibernate5 artifacts |
| This content is not included.RHSSO-2203 | OpenShift - xPaaS, Server | Expired cache objects in infinispan cache are never garbage collected in standalone configuration |
| This content is not included.RHSSO-2204 | Server | Escape all XML special characters (AKA incomplete fix for CLOUD-3198) |
| This content is not included.RHSSO-2206 | Documentation, OpenShift - xPaaS | Document the difference between available reencrypt templates intended solely for OCP v3.X vs those expected to be installed on OCP v4.X only |
| This content is not included.RHSSO-2207 | Documentation, OpenShift - xPaaS | Update the documented RH-SSO OpenShift templates installation step to be OpenShift cluster version (3.X vs 4.X) specific |
| This content is not included.RHSSO-2211 | OpenShift - xPaaS | "getConfigurationMode: command not found" issue |
| This content is not included.RHSSO-2224 | Server | RH-SSO 7.6 admin-console doesn't work when frontendUrl is configured with a URL without tailing slash |
| This content is not included.RHSSO-2236 | OpenShift - xPaaS | Add RH-SSO 7.6 ("sso76-dev") templates to XPaaS testsuite |
| This content is not included.RHSSO-2238 | OpenShift - xPaaS | Using ENABLE_ACCESS_LOG=true env var makes the resulting "standalone-openshift.xml" config file not to be well-formed |
| This content is not included.RHSSO-2243 | Distribution RPM | RH-SSO 7.6.1 RPM can't be installed in RHEL9 |
Installation
Note: This update should only be applied to zip-based installations.
For instructions on applying Red Hat Single Sign-On cumulative patch (also referred to as a Micro Release) see Micro Upgrades in Red Hat Single Sign-On 7.5 Patching And Upgrading Guide.
The adapters are distributed as a full release which is intended to replace the existing adapter. Full details are available in Upgrading Red Hat Single Sign-On Adapters.