By: Alexandre Zia Account Admin 04 May 2020 at 11:35 a.m. CDT

2 Responses
Alexandre Zia gravatar
Hi, We were testing Gluu for a while, and today we 've noticed something strange. If you don't mind, may I ask why this file has been replaced on: https://ox.gluu.org/maven/org/gluu/oxshibbolethIdp/4.1.1.Final/oxshibbolethIdp-4.1.1.Final.war Previous file had the SHA256: 1d632a6060d461f533f68b9ee849edd5c262aac2ced0e2042cf7128ad20fc7a9 But now it has SHA256: 64f53fb92432da7ea82cda6b5a390d2d2383ee175da0eaab1f5266aa8c745e2f This has raised a security alarm in our monitoring system, because as this is an authentication component, we are afraid it has been tampered. We understand that if you are fixing bugs you should deploy perhaps 4.1.2 version. Thanks in advance.

By Alexandre Zia Account Admin 04 May 2020 at 11:48 a.m. CDT

Alexandre Zia gravatar
the same for : https://ox.gluu.org/maven/org/gluu/oxtrust-server/4.1.1.Final/oxtrust-server-4.1.1.Final.war sha256 before: 64f53fb92432da7ea82cda6b5a390d2d2383ee175da0eaab1f5266aa8c745e2f sha256 after: e0182db3aa70a82bf5080a6a82bb7720880c3524c24b61d7aad1e465d39a6642

By Samuel Morris staff 04 May 2020 at 12:28 p.m. CDT

Samuel Morris gravatar
Hi, Alexandre Version 4.1.1 is not actually released yet. We're still working on some final fixes for it as we go through the QA process, so it's possibly going to change. It will be moved to the stable repository when it's released. I'm going to go ahead and close this ticket, but feel free to reopen if you have additional questions.