Skip to content
Connect2id
Connect2id server

Connect2id server 19.12.1

Connect2id server 19.12.1 is a maintenance release that fixes issues affecting the authorisation request validation changes introduced in version 19.10.

Those changes added validation of the OAuth 2.0 state and OpenID Connect nonce parameters as part of the server’s protections against browser-swap attacks. In some cases, however, the new validation could interfere with otherwise valid client requests.

The 19.12.1 update resolves two issues:

  • For Connect2id server deployments that use redirect URI templates, error responses produced early during authorisation request processing now correctly apply redirect_uri_template_param, including invalid_request errors caused by nonce validation failures.

  • The state parameter validator is updated to prevent false positives for valid BASE64 and BASE64URL encoded values that resemble SQL injection patterns.

Deployments running Connect2id server 19.10, 19.11 or 19.12 should upgrade to 19.12.1.

This release also updates the PostgreSQL JDBC driver to version 42.7.11.

Download 19.12.1

For the signature validation: Public GPG key

Standard Connect2id server edition

Apache Tomcat package with Connect2id server 19.12.1: Connect2id-server.zip

GPG signature: Connect2id-server.zip.asc

SHA-256: 74cf15438ee4ec4cc31701cda9ecb7a62b52f11270b4ee884eb57e01bfafd8d5

Connect2id server 19.12.1 WAR package: c2id.war

GPG signature: c2id.war.asc

SHA-256: ebb4d0e63f097ff8fb2e7e1332dae427da3c97beb41f7ddb1e8cc64ffe6b9007

Multi-tenant edition

Apache Tomcat package with Connect2id server 19.12.1: Connect2id-server-mt.zip

GPG signature: Connect2id-server-mt.zip.asc

SHA-256: 9c0b606cb4c435c60c577b19f8c2ad8d9abd42f6b68078b3d95e1e1c7ad106b4

Connect2id server 19.12.1 WAR package: c2id-mt.war

GPG signature: c2id-mt.war.asc

SHA-256: 1e083c6757bb3b3fbc2285962bce2db4fca83a09ca9fadf8b9992f22d92de826

Questions?

For technical questions about this new release contact Connect2id support. To purchase a production license for the Connect2id server, renew or upgrade your support and updates subscription, email our sales.

Release notes

19.12.1 (2026-05-13)

Summary

  • Fixes issues introduced in Connect2id server 19.10 with the validation of the state and nonce authorisation request parameters, which was added as a security measure against browser-swap attacks. Deployments using 19.10, 19.11 and 19.12 should upgrade to 19.12.1.

Resolved issues

  • The authorisation endpoint must apply the redirect_uri_template_param to error responses produced during initial OAuth 2.0 authorisation / OpenID authentication request processing, including invalid_request errors due to nonce parameter validation failures (issue server / 1196).

  • Updates the state parameter validator to skip SQL injection pattern checks for valid BASE64 and BASE64URL encoded strings, preventing false positives and ensuring compatibility with clients that use such encodings (issue server/1197).

Dependency changes

  • Updates to org.postgresql:postgresql:42.7.11