2.4.x release notes
What's new
Block password authentication in Bitbucket, disable automatic user activation, better logging.
Upgrade consideration
- We introduced the new JSON configuration version 6. Automated scripts using the undocumented PUT /config REST API might have to be modified: - Non SSO URLs have been migrated to regular expressions. 
 
Data Center
No special considerations apply for this update, general (2.0.x) Datacenter installations guidelines apply.
Changelog
2.4.8
Released on 12 February 2019 for Bitbucket, Bamboo and Fisheye/Crucible
- Fixed a cross-site scripting vulnerability on the logged out page: 2019-02-12 XSS Vulnerability on Logged Out Page. 
- Fixed caching issue with redirects 
- Minor bug fixes. 
2.4.7
Released on 19 December 2018 for Bitbucket, Bamboo and Fisheye/Crucible
- Fixed decrypting encrypted assertions in special cases. 
- Fixed importing metadata on Windows installations. 
- Fixed creating authentication trackers on IdP initiated sign on. 
2.4.6
Released on 3 December 2018 for Bitbucket, Bamboo and Fisheye/Crucible
- Updated opensaml3 library to version 3.4.0. 
- Fixed "skip untransformed groups". 
2.4.5
Released on 8 November 2018 for Jira (Data Center), Confluence (Data Center), Bitbucket (Sever and Data Center), Bamboo and Fisheye/Crucible
- Improved UI/UX in System & Support section. It's now easier to create and export authentication trackers. 
- Fixed reading of userid attribute during authentication by email address. 
- Fixed a bug where the user creation could be enabled even though the user update was disabled. 
2.4.4
Released on 26 October 2018 for Fisheye/Crucible
- Fixed accessing deep links by sending the correct Relay State to the IdP. 
- Fixed resetting captcha after successful Single Sign On. 
- Fixed local login on Dashboard so that it does not redirect to IdP anymore. 
- Added the Base URL to the Force SSO URLs for new installations. 
2.4.3
Released on 4 October 2018 for Jira, Confluence, Bitbucket and Bamboo
- Added support for "Deny Password Authenticator", see here. 
- Handle long relay states differently to avoid misleading errors in log. 
- Fixed redirection to invalid URLs to avoid misleading errors in log. 
Changes specific to JIRA
- Fixed bug during user creation if no users with Jira administrators permission are available in system. 
Changes specific to Confluence
- None 
Changes specific to Bitbucket
- None 
Changes specific to Bamboo
- None 
2.4.2
Released on 28 September 2018 for Fisheye/Crucible
- Fixed logout redirection for non-SAML users. 
- The POST binding is removed because of incompatibilities with most Fisheye/Crucible versions. The REDIRECT binding is now set as default binding. If your Identity Provider does not support REDIRECT binding please contact our support. 
2.4.1
Released on 21 September 2018 for Fisheye/Crucible
- Fixed ClassCastException for SAML responses with embedded signatures. 
2.4.0
Released on 12 September 2018 for Jira, Confluence, Bitbucket, Bamboo and Fisheye/Crucible
- Added REST endpoint to reset the Entity ID. 
- It's now possible to disable the automatic activation of inactive users during login. 
- Force SSO URLs are now respecting the Non-SSO URLs. 
- Fixed the selection of the authentication attribute in the wizard. 
- Changed log levels in several cases to make the default logging less verbose. 
- Fixed duplicate error messages on error page. 
Changes specific to JIRA
- None 
Changes specific to Confluence
- None 
Changes specific to Bitbucket
- Optionally block password authentication. If this feature is enabled user can no longer login at the default Bitbucket login page unless they are system administrators or members of the group "allow-password-login". Git operations need to be done via SSH. 
Changes specific to Bamboo
- None 
Changes specific to Fisheye/Crucible
- Fixed error page. 
