What's Changed
- CVE-2025-67735 Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder by @dependabot[bot] in #949
- CVE-2025-15284 qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion by @dependabot[bot] in #950
- CVE-2025-13465 Lodash has Prototype Pollution Vulnerability in
_.unsetand_.omitfunctions by @dependabot[bot] in #953 - CVE-2025-13465 Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. by @maximthomas in #954
- [#951] Set explicit xmlsec dependency for openam-federation-library by @maximthomas in #952 thanks @igieon
- [#955] Update JSTL to Jakarta 2.0.0 version by @maximthomas in #957 thanks @FireBurn
- [#956] Add OpenAM secondary instances to the Docker test in build.yml by @maximthomas in #959 thanks @FireBurn
- Update org.openidentityplatform.opendj to 5.0.3 by @vharseko in #947
- fix javadoc build by @maximthomas in #948
Full Changelog: 16.0.4...16.0.5