Skip to content

Commit 043dc26

Browse files
maximthomasmaximthomas
committed
OpenAM 16.0.3 Released
1 parent 0361eb3 commit 043dc26

File tree

2 files changed

+32
-1
lines changed

2 files changed

+32
-1
lines changed

_posts/2025-11-08-opendj-5-0-1-released.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
layout: home
33
landing-title: "OpenDJ 5.0.1 Released"
44
landing-title2: "OpenDJ 5.0.1 Released"
5-
description: OpenDJ 5.0.1 introduces Java 11 support, Jakarta EE 9 migration, critical security fixes for CVEs in dependencies, and improvements to monitoring and testing stability for the open-source LDAP directory server.
5+
description: OpenDJ 5.0.1 introduces Java 11 support, Jakarta EE 9 migration, critical security fixes for CVEs in dependencies
66
keywords: 'OpenDJ, LDAP server, directory services, security fixes, Java 11, Jakarta EE, CVE fixes'
77
imageurl: 'openam-og.png'
88
share-buttons: true

_posts/2025-11-11-openam-16-0-3-released.md

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
---
2+
layout: home
3+
landing-title: "OpenAM 16.0.3 Released"
4+
landing-title2: "OpenAM 16.0.3 Released"
5+
description: OpenAM 16.0.3 updates the target JDK to 11 and JakartaEE 9, adds support for LTS JDK 25, updates the base Docker image to Java 25, addresses multiple security vulnerabilities
6+
keywords: 'OpenAM release, access management, identity platform, security fixes, JDK 25 support, Java 11, Jakarta EE, CVE fixes, OpenAM Docker image'
7+
imageurl: 'openam-og.png'
8+
share-buttons: true
9+
---
10+
11+
# OpenAM 16.0.3 Released
12+
[Download](https://github.com/OpenIdentityPlatform/OpenAM/releases/tag/16.0.3)
13+
14+
## What's new
15+
* Update target JDK to 11 and move to JakartaEE 9
16+
* Add support LTS JDK 25
17+
* Update base docker image Java version to 25 LTS
18+
* Fix OAuth2 issues: Restore 'none' token endpoint auth method. Do not add default openid scope if non-empty
19+
* Update OpenDJ to 5.0.1
20+
* Addressed critical security vulnerabilities:
21+
* [CVE-2023-45133](https://nvd.nist.gov/vuln/detail/CVE-2023-45133): Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
22+
* [CVE-2024-53382](https://nvd.nist.gov/vuln/detail/CVE-2024-53382): PrismJS DOM Clobbering vulnerability (update swagger-ui)
23+
* [CVE-2025-64099](https://nvd.nist.gov/vuln/detail/CVE-2025-64099): Using arbitrary OIDC requested claims values in id_token and user_info is allowed
24+
25+
Full changeset ([more details](https://github.com/OpenIdentityPlatform/OpenAM/compare/15.2.2...16.0.3))
26+
27+
## Thanks for the contributions
28+
29+
<i id="maximthomas"><i>1. <a href="https://github.com/maximthomas" target="_blank">maximthomas</a></i>
30+
31+
<i id="vharseko"><i>2. <a href="https://github.com/vharseko" target="_blank">vharseko</a></i>

0 commit comments

Comments
 (0)