Red Hat Single Sign-On 7.6 Update 12 Release Notes
This software patch resolves a number of security defects and customer reported bugs in Red Hat Single Sign-On 7.6.
RH-SSO will deliver patches based on the ELS policy.
Updated client adapters are released as needed to resolve customer reported issues or security fixes. The adapters are released as needed so often a given cumulative patch version will not have an associated client adapter for all products.
See Red Hat Single Sign-On Extended Lifecycle Support (ELS-1) Availability, Red Hat Application Services Product Update and Support Policy.
Red Hat Single Sign-On Server component also includes Red Hat JBoss Enterprise Application Platform and this update includes JBoss Enterprise Application Platform 7.4 Update 23. See the JBoss Enterprise Application Platform 7.4 Update 23 Release Notes for a list of changes included in that release.
Download This content is not included.Red Hat Single Sign-On 7.6 Update 12
Resolved Issues
This update includes fixes for the following security related issues:
| ID | Summary |
|---|---|
| This content is not included.CVE-2024-7885 | undertow: Improper State Management in Proxy Protocol parsing causes information leakage This content is not included.RHSSO-3117 |
| This content is not included.CVE-2024-10039 | org.keycloak/keycloak-core: mTLS passthrough This content is not included.RHSSO-3227 |
This update includes the following bug fixes or changes:
| ID | Summary |
|---|---|
| This content is not included.RHSSO-2544 | Intermittent ConcurrentModificationException during JBoss EAP startup |
| This content is not included.RHSSO-2706 | Add proper variable declaration for AuthZ JS |
| This content is not included.RHSSO-2880 | If User Federation's "Edit Mode" is "WRITABLE", when an RH-SSO account is disabled and then the corresponding AD account is enabled again, the account in RH-SSO left disabled |
| This content is not included.RHSSO-3031 | Fix CRL verification failing due to client cert not being in chain |
| This content is not included.RHSSO-3123 | Incorrect error messages used during failed OIDC client authentication |
| This content is not included.RHSSO-3236 | RH-SSO container images rely on no longer supported OpenJDK 11 |
| This content is not included.RHSSO-3246 | Conflict with the "no username" policy in Red Hat Single Sign-On |
Installation
Note: This update should only be applied to zip-based installations.
For instructions on applying Red Hat Single Sign-On cumulative patch (also referred to as a Micro Release) see Micro Upgrades in Red Hat Single Sign-On 7.6 Patching And Upgrading Guide.
The adapters are distributed as a full release which is intended to replace the existing adapter. Full details are available in Upgrading Red Hat Single Sign-On Adapters.