Blog »

Connect2id server 14.6

2023-09-28

This Connect2id server release received a sweeping update of the Redis connector. It fixes a bug that affected the max_idle expiration of sessions, addressed concurrency issues on scan operations and purges max_idle expired sessions eagerly to conserve Redis server memory. 14.x Connect2id servers deployed with a Redis for caching and storing sessions are strongly recommended to upgrade to 14.6.

The session store received a minor configuration change, increasing the maximum concurrent session quota per user from 10 to 25.

Additional information about the new releaese can be found in the release notes below.

Download 14.6

For the signature validation: Public GPG key

Standard Connect2id server edition

Apache Tomcat package with Connect2id server 14.6: Connect2id-server.zip

GPG signature: Connect2id-server.zip.asc

SHA-256: 6ca441cccd264296bbaabcbeeeabf0fd609146004d431ce4cbeb7c1e30d0b2e0

Connect2id server 14.6 WAR package: c2id.war

GPG signature: c2id.war.asc

SHA-256: 8ac75fb6fa7f0c6ebb9ab54aa70b481081bb6ea85540aceef736cb83239d3e1c

Multi-tenant edition

Apache Tomcat package with Connect2id server 14.6: Connect2id-server-mt.zip

GPG signature: Connect2id-server-mt.zip.asc

SHA-256: a8a06c6b8482d714e39ead566635273a0e18b32fba862b7c43d76db006c2ce7d

Connect2id server 14.6 WAR package: c2id-mt.war

GPG signature: c2id-mt.war.asc

SHA-256: 72417e06dd9b21fe167ee9ca8566e84bee0c674f7d4e85a42b2c58298428fa9f

Questions?

If you have technical questions about this new release contact Connect2id support. To purchase a production license for the Connect2id server, renew or upgrade your support and updates subscription, email our sales.

Release notes

14.6 (2023-09-28)

  • /WEB-INF/sessionStore.properties

    • sessionStore.quotaPerSubject -- The maximum configurable session quota per subject (end-user) is increased from 10 to 25 sessions.

Resolved issues

  • Enhances and refactors the Redis store debug and trace level logging (issue redis-store/7).

  • Prune max_idle expired entries on Redis store retrieval or iteration (scan) instead of waiting for the final max_lifetime expiration in the Redis store (issue/redis-store/10).

  • Adds an entry expiration check on Redis store retrieval based on the stored Infinispan entry metadata to prevent situations where a max_idle expired entry is assumed as not expired by Infinispan (since v14.x) (issue server/899, issue redis-store/8).

  • Makes Redis store iteration (scan) safe with concurrent key deletion or expiration (issue redis-store/11).

Dependency changes

  • Upgrades to com.nimbusds:oauth2-oidc-sdk:11.0

  • Updates to com.nimbusds:oidc-session-store:16.5

  • Updates to com.nimbusds:nimbus-jose-jwt:9.35

  • Upgrades to Infinispan to 14.0.17.Final

  • Updates to com.nimbusds:infinispan-cachestore-sql:7.0.5

  • Updates to com.microsoft.sqlserver:mssql-jdbc:12.2.0.jre11

  • Updates to com.oracle.database.jdbc:ojdbc11:21.9.0.0

  • Updates to com.nimbusds:infinispan-cachestore-redis:10.1.1

  • Updates to com.nimbusds:infinispan-cachestore-dynamodb:5.0.2

  • Updates to com.unboundid:unboundid-ldapsdk:6.0.10

  • Updates to commons-io:commons-io:2.11.0