3.6.x release notes
What's new
SAML support for WebSudo authentication in Jira and Confluence, support for separate IdP POST binding logout response URL
Upgrade consideration
No special considerations apply for this update.
Data Center
This version is fully compatible with Jira, Confluence and Bitbucket Data Center.
Changelog
3.6.8
Released on 12 January 2023 for Jira, Confluence and Bitbucket (Server and Data Center).
- Fix a medium level security vulnerability potentially allowing replay attacks, see https://wiki.resolution.de/doc/saml-sso/latest/jira/security-advisories/2023-01-12-response-can-be-replayed-with-modified-id-when-only-the-assertion-is-signed. 
3.6.6/3.6.6.1
Released on 29 July 2021 for Jira, Confluence, Bitbucket (Server and Data Center) and Bamboo.
- Fixes a critical security vulnerability. 
Please update to this version or one of the other fix versions (5.0.5, 4.0.12, 2.5.9) as soon as possible. Existing customers should have received or will soon receive a mailing with some details. They will be published in a few days.
Due to technical reasons the Jira version is released as 3.6.6.1.
3.6.5
Released on 8 October 2020 for Jira, Confluence, Bitbucket (Server and Data Center) and Bamboo
- Fixed possible open redirect vulnerability (minor severity) in logged out page template. 
- Added documentation for WebSudo usage, check this knowledge base article for more information. 
- This update includes the bugfix release of User Sync 1.5.4. 
Changes specific to Jira
- None 
Changes specific to Confluence
- None 
Changes specific to Bitbucket
- None 
Changes specific to Bamboo
- None 
3.6.4
Released on 9 September 2020 for Jira, Confluence, Bitbucket (Server and Data Center) and Bamboo
- Fixed possible path traversal vulnerability in SSO redirection. 
- Added additional default non-SSO user agents for Microsoft Office. 
- This update includes the bugfix release of User Sync 1.5.3. 
Changes specific to Jira
- Fixed some minor user interface bugs in Jira 8.12. 
Changes specific to Confluence
- None 
Changes specific to Bitbucket
- None 
Changes specific to Bamboo
- None 
3.6.3
Released on 11 August 2020 for Jira, Confluence, Bitbucket (Server and Data Center) and Bamboo
- Fixed possbile XXE vulnerability in a REST endpoint that is only accessible with SYSADMIN privileges. 
- Updated AngularJS. 
- This update includes the bugfix release of User Sync 1.5.2. 
Changes specific to Jira
- None 
Changes specific to Confluence
- None 
Changes specific to Bitbucket
- None 
Changes specific to Bamboo
- None 
3.6.2
Released on 9 July 2020 for Jira and Confluence (Server and Data Center)
- Fixed a bug in WebSudo via SAML when the host application is running under a context path. 
Changes specific to Jira
- None 
Changes specific to Confluence
- None 
Changes specific to Bitbucket
- None 
Changes specific to Bamboo
- None 
3.6.1
Released on 2 July 2020 for Jira and Confluence (Server and Data Center)
- Due to a bug in 3.6.0 the app was not enabling correctly on older host application versions. This update restores the compatiblity with those versions. 
Changes specific to Jira
- This update restores the compatibility with Jira 7.11.0 and newer. 
Changes specific to Confluence
- This update restores the compatibility with Confluence 6.11.0 and newer. 
Changes specific to Bitbucket
- None 
Changes specific to Bamboo
- None 
3.6.0
Released on 1 July 2020 for Jira, Confluence, Bitbucket (Server and Data Center) and Bamboo
- Provides an API allowing other plugins to use SAML for additional authentication (e.g. for approval processes). 
- Allows using a separate response URL for Single Logout responses. 
- This update includes the bugfix release of User Sync 1.5.1. 
Changes specific to Jira
- Administrators logged in via SAML can now re-authenticate at the SAML IdP to start a WebSudo session. 
Changes specific to Confluence
- Administrators logged in via SAML can now re-authenticate at the SAML IdP to start a WebSudo session. 
Changes specific to Bitbucket
- None 
Changes specific to Bamboo
- None 
