Security Advisories
- 2017-05-23-01 XXE Out Of Band Extraction Vulnerability
- 2018-03-01 Values in SAML Response can be shortened
- 2019-02-12 XSS Vulnerability on Logged Out Page
- 2019-07-11 Users are always re-enabled during login when updated
- 2019-09-09 Host-Header Injection
- 2021-07-29 Authentication Bypass: Network Attacker Can Login to Users’ Accounts when Usernames are Known
- 2021-12-09 Apache Log4j2 library CVE-2021-44228
- 2023-01-12 Response can be replayed with modified id when only the Assertion is signed