Connect2id server 12.5.3
This release of the Connect2id server fixes a bug that affected the override of a configuration property and updates several dependencies.
The extra web applications included in the ZIP package (sample login page, OpenID relying party, etc) also receive the Log4j security patch for the CVE-2021-45046 announced on Monday. The Connect2id server itself was patched for this CVE in the prior 12.5.2 release.
Maven Central is currently experiencing an overload, due to the enormous number of packages being updated, with release uploads timing out. This situation has made it difficult for us to publish updates to various open source components that we maintain. If the difficulties persist we will consider setting up a private repo for their distribution.
This release also marks a change in the Connect2id server Docker images and their naming:
The Docker image built from
Connect2id-server.zip, which includes a complete package with the latest stable Apache Tomcat and the extra web applications will now be published under the c2id/c2id-server-demo tag. Previously this was c2id/c2id-server. This naming change is to make it clear that the image is chiefly intended for demo and evaluation purposes. For production consider using a purpose built image (see next).
A new type of Docker image becomes available now, under the c2id/c2id-server-min tag. It builds from an official Apache Tomcat Docker image, with only
c2id.wardeployed in it. This makes for a minimal image containing only an instance of the Connect2id server and nothing else. In a OpenID provider / OAuth 2.0 server deployment it will be complemented with containers for the backend database, the front-end, etc.
The minimal image can be tweaked, for example to reconfigure logging output.
Standard Connect2id server edition
Apache Tomcat package with Connect2id server 12.5.3: Connect2id-server.zip
Connect2id server 12.5.3 WAR package: c2id.war
Apache Tomcat package with Connect2id server 12.5.3: Connect2id-server-mt.zip
Connect2id server 12.5.3 WAR package: c2id-multi-tenant.war
Contact Connect2id support.
- Fixes op.checkSession.iframe and op.checkSession.cookieName configuration property parsing to support Java system property override (issue server/709).
Updates to com.nimbusds:software-statement-verifier:2.2.2
Updates to org.apache.commons:commons-compress:1.21