6.4.3

Security update

• Bumped socket.io version.

Features and fixes

• Ensured hitting the reset button on the WAYF shows the default IDP
• Ensured that if you click the default idp, it prefills it in the search field, hides all other idps and focuses it.
• Remove weird transition in safari.
• Ensured search works in IE11.
• Amended faulty arrow behaviour.
• Ensured selected idp cookie behaviour works as expected.
• Redesigned the spinner page (form page).
• Added a hover style for disabled accounts.
• Added arrow behaviour on hover as in the old WAYF.
• Coupled cypress tests to the same selectors as the JS.
• Adjusted styling & wording of the PEP page.

6.4.2

Security Update

A bug was present when using trusted proxies. When evaluating the whitelist of the SP behind a trusted proxy, the whitelist of the trusted proxy itself was checked instead of the whitelist of the SP.

In addition to this, some of the translations for the new theme have also been updated

6.3.7

Security Update

A bug was present when using trusted proxies. When evaluating the whitelist of the SP behind a trusted proxy, the whitelist of the trusted proxy itself was checked instead of the whitelist of the SP.

6.4.1

Features and fixes

• The index, debug and cookie pages have been styled to prevent the mixed new and old style that happened. They now all look like the previous OpenConext theme used to look.
• Security and compatibility improvements have been applied.
• The new theme is now the default theme

6.4.0

This release consists of the UI redesign of the WAYF, Consent and other user facing screens.
The complete list of changes is excessive. Details can be found on GitHub under the ui-redesign tag. Some highlights include:

Features

• Complete redesign of the WAYF
  • The WAYF now includes an optional default IdP banner, making advertising a default IdP possible (eduId)
  • The WAYF is optimized for keyboard navigation
• Redesigned the consent screen
  • The previously optional minimal consent screen is now the default
  • Tooltips are now pure HTML/CSS, no eternal JS libraries are used
  • Keyboard navigation was improved greatly
• Both the WAYF and the consent screen are optimized for the optically or visually impaired. The interface is not yet audited, but a WCAG 2.1 AA is to be expected.

Most, if not all important features are included in this release. For now it is targeted for test, so this is considered a pre-release.

6.3.6

After some testing, @tvdijen opened issue #920, identifying several issues with the 3.6.x releases. Those issues
have been addressed in this release.

Bugfixes

• Allow responses without NameID #919
• Add c14n method to the reference transforms in XML metadata. #921
• Prevent undefined access in Assembler #923

Chore

• Remove the remaining eduGAIN metada fields #922

6.3.0.1

This is an intermediate release between 6.3.0 and the rest of the 6.3 release tier.

This release is created in order to move forward with the 6.3.0 release without adding all the other fixes and features that where later added to the 6.3 release branch.

Bugfixes

• Whether MFA AuthnContext must be added should be based on original SP #893 #894

6.3.5

Bugfix

• Clean up unused usage of AuthnRequest destination #898

6.3.4

Bugfix

• Whether MFA AuthnContext must be added should be based on

6.3.3

Bugfixes:

• Move NoPassive response processing up in the ACS proces #890
• Print the key-id in the SSO locations of the IdP metadata #891

Security

• Upgrade jpeg-js to v0.4.0 #892