New in v4.2.1.17

OpenIAM release 4.2.1.17 includes new capabilities for Kubernetes backup and recovery and Google account management, along with several bug fixes and dependency upgrades. Below is an overview of the changes.

New features

Backup and recovery for single-node Kubernetes with external Postgres on AWS

OpenIAM now supports backup and recovery for single-node Kubernetes deployments using an external Postgres database hosted on AWS. This improves resilience and recoverability for organizations running OpenIAM in this configuration.

Enhancing attributes for Google user account creation

The attributes available during Google user account creation have been expanded, enabling more complete and flexible provisioning of Google accounts directly from OpenIAM.

Bug fixes

This release resolves the following issues:

• Expired AD password reset loop. Users with expired Active Directory passwords were being forced to reset their passwords repeatedly when AD authentication was enabled. This has been corrected.
• SelfService synchronization report and CSV import. The Synchronization Report button in SelfService was not functioning, and CSV import counts were being reported incorrectly. Both issues have been resolved.
• Token leakage and multiple auth calls. A vulnerability causing token leakage alongside redundant authentication calls has been fixed, improving security and reducing unnecessary overhead.
• Revoke access flow for multiple approvers. The revoke access workflow has been corrected to handle scenarios involving multiple approvers reliably.

Improvements

This release includes the following dependency upgrades to address upstream package removals:

• Redis has been bumped from version 8.6.2 to 8.8.0. The version pin has been removed; OpenIAM now installs the latest available Redis package from the official repository.
• Maven has been bumped from version 3.9.15 to 3.9.16, and Tomcat from 9.0.115 to 9.0.118.