Important Update Effective February 1, 2024!
Due to recent changes in Jira and Confluence, we've made the tough decision to discontinue the OpenID Connect (OIDC)/OAuth app and no longer provide new versions for the newest Jira/Confluence releases as of January 31, 2024.
This is due to some necessary components no longer shipping with Jira/Confluence, which would require some extensive rewrites of the OIDC App.
Important Update! This app will be discontinued soon!
Due to recent changes in Jira, which no longer ships with some components required for our Read Receipts app to run, we've made the tough decision to discontinue the app, as of Februar 5, 2025.
Important Update! This app will be discontinued soon!
We've made the tough business decision to discontinue the app, as of January 11, 2025.
3.6.x release notes
What's new
SAML support for WebSudo authentication in Jira and Confluence, support for separate IdP POST binding logout response URL
Upgrade consideration
No special considerations apply for this update.
Data Center
This version is fully compatible with Jira, Confluence and Bitbucket Data Center.
Changelog
3.6.8
Released on 12 January 2023 for Jira, Confluence and Bitbucket (Server and Data Center).
Fix a medium level security vulnerability potentially allowing replay attacks, see https://wiki.resolution.de/doc/saml-sso/latest/jira/security-advisories/2023-01-12-response-can-be-replayed-with-modified-id-when-only-the-assertion-is-signed.
3.6.6/3.6.6.1
Released on 29 July 2021 for Jira, Confluence, Bitbucket (Server and Data Center) and Bamboo.
Fixes a critical security vulnerability.
Please update to this version or one of the other fix versions (5.0.5, 4.0.12, 2.5.9) as soon as possible. Existing customers should have received or will soon receive a mailing with some details. They will be published in a few days.
Due to technical reasons the Jira version is released as 3.6.6.1.
3.6.5
Released on 8 October 2020 for Jira, Confluence, Bitbucket (Server and Data Center) and Bamboo
Fixed possible open redirect vulnerability (minor severity) in logged out page template.
Added documentation for WebSudo usage, check this knowledge base article for more information.
This update includes the bugfix release of User Sync 1.5.4.
Changes specific to Jira
None
Changes specific to Confluence
None
Changes specific to Bitbucket
None
Changes specific to Bamboo
None
3.6.4
Released on 9 September 2020 for Jira, Confluence, Bitbucket (Server and Data Center) and Bamboo
Fixed possible path traversal vulnerability in SSO redirection.
Added additional default non-SSO user agents for Microsoft Office.
This update includes the bugfix release of User Sync 1.5.3.
Changes specific to Jira
Fixed some minor user interface bugs in Jira 8.12.
Changes specific to Confluence
None
Changes specific to Bitbucket
None
Changes specific to Bamboo
None
3.6.3
Released on 11 August 2020 for Jira, Confluence, Bitbucket (Server and Data Center) and Bamboo
- Fixed possbile XXE vulnerability in a REST endpoint that is only accessible with SYSADMIN privileges.
- Updated AngularJS.
- This update includes the bugfix release of User Sync 1.5.2.
Changes specific to Jira
- None
Changes specific to Confluence
- None
Changes specific to Bitbucket
- None
Changes specific to Bamboo
- None
3.6.2
Released on 9 July 2020 for Jira and Confluence (Server and Data Center)
- Fixed a bug in WebSudo via SAML when the host application is running under a context path.
Changes specific to Jira
- None
Changes specific to Confluence
- None
Changes specific to Bitbucket
- None
Changes specific to Bamboo
- None
3.6.1
Released on 2 July 2020 for Jira and Confluence (Server and Data Center)
- Due to a bug in 3.6.0 the app was not enabling correctly on older host application versions. This update restores the compatiblity with those versions.
Changes specific to Jira
- This update restores the compatibility with Jira 7.11.0 and newer.
Changes specific to Confluence
- This update restores the compatibility with Confluence 6.11.0 and newer.
Changes specific to Bitbucket
- None
Changes specific to Bamboo
- None
3.6.0
Released on 1 July 2020 for Jira, Confluence, Bitbucket (Server and Data Center) and Bamboo
- Provides an API allowing other plugins to use SAML for additional authentication (e.g. for approval processes).
- Allows using a separate response URL for Single Logout responses.
- This update includes the bugfix release of User Sync 1.5.1.
Changes specific to Jira
- Administrators logged in via SAML can now re-authenticate at the SAML IdP to start a WebSudo session.
Changes specific to Confluence
- Administrators logged in via SAML can now re-authenticate at the SAML IdP to start a WebSudo session.
Changes specific to Bitbucket
- None
Changes specific to Bamboo
- None