Security by Sweden

Latest posts

PAS 5.1.7

PAS 5.1.7 – Maintenance release is now available

This is a maintenance release that includes a selection of stability improvements and bug fixes, as we continue preparations for our upcoming major version, PAS 6.0, which is just around the corner.


What’s New in 5.1.7

While this release doesn’t introduce any major new features, several enhancements and fixes have been made to ensure a more stable and secure experience:

  • Improved support for Freja eID: New attributes such as uniquePersonalIdentifier and loaLevel are now supported, offering greater flexibility for organisations using Freja eID for authentication.

  • Better security insights: The included Software Bill of Materials (SBOM) now lists the Java Runtime Environment, making it easier to track vulnerabilities at a deeper level.

  • Improved user experience options: A new setting allows administrators to disable automatic sorting of authenticators based on last use, giving more control over the user flow.

Stability and Bug Fixes

This release addresses a number of issues related to performance, error handling, and edge cases in authentication flows. Highlights include:

  • Fixes for occasional token generation errors in OIDC authentication.

  • Improvements to large file uploads and stability in PRISM applications under load.

  • Adjustments to authenticator sequences, including a fix that may impact nested flows. If you are using nested SequenceAuthenticators, we recommend reviewing your configuration after upgrading.


For full details, please refer to the PAS 5.1.7 release notes.

If you have any questions or need support, don’t hesitate to reach out to your PhenixID representative or our support team.

,
PAS 5.1.6

Security update: Critical Vulnerability Mitigated

Today PAS 5.1.6 is released, including an important update addressing a critical security vulnerability affecting all versions based on the 5.x branch. We strongly recommend updating immediately to ensure the highest level of protection.

Read the full release here

,
PAS 5.1.5

We are excited to announce the release of PAS 5.1.5, an update with three primary areas of improvement:

  • Foundation for New Applications: Laid the groundwork for our upcoming internal web applications (PRISM modules).
  • New Web App for Digital Signatures: Introduced a completely revamped frontend for our FedSigning module.
  • Bug Fixes: Resolved several issues identified in PAS 5.1.3 and 5.1.4.

Important Note: If you are upgrading from a version earlier than PAS 5.1.4, please review the release notes for those versions to ensure a smooth transition.

 

Highlights: The New FedSigning Module

The digital signature module, phenix-prism-fedsigning, has been transformed with a brand-new look and functionality.

Key Features:

  • Enhanced Accessibility: WCAG compliance, responsive design, and support for custom themes and languages.
  • New Functionality: Sign multiple PDF documents and view appendices in one seamless experience.

This new functionality complements updates introduced in the upcoming PhenixID Signing Workflow (SWF) 2.5.7.

For the full release notes please follow this link:

PAS 5.1.4

We are excited to announce the release of PAS 5.1.4, which builds on the robust enhancements introduced in version 5.1.3. This latest release includes several major features, numerous improvements, and critical updates designed to strengthen performance, security, and user experience. Here’s what you can expect in PAS 5.1.4:

 

New Features and Enhancements

Backend Support for OneTouch v2.0

Our soon-to-be-released OneTouch v2.0 mobile app will deliver significant improvements in user experience, security, and configurability. PAS 5.1.4 introduces backend support for these updates, ensuring a seamless transition for current users. While existing configurations will remain functional, administrators can follow the upgrade guide to unlock the new features.

Built-in reCAPTCHA v3 Integration

Version 5.1.4 adds support for reCAPTCHA v3 in the DynamicAuthenticator. This integration enhances security by detecting automated login attempts without disrupting the user experience. It can be implemented alongside input fields or as a standalone element in authentication flows.

RelayAuthenticator for QR-Based Authentication

The all-new RelayAuthenticator enables QR-based authentication, ideal for devices with limited input capabilities, such as kiosks. This feature simplifies secure authentication by delegating it to another device, leveraging a two-step verification process for added security. RelayAuthenticator also seamlessly integrates with active SSO groups to maintain a consistent and efficient user experience.

 

Performance and Technical Improvements

Enhanced JavaScript Engine

We’ve replaced the Nashorn JavaScript engine with GraalVM’s JS engine, resulting in significant performance gains. With this update, server startup times have improved by approximately 25%, while response times in the configuration GUI are up to 40% faster.

Updated Heap Size Recommendations

To support modern workloads, the default heap size has been increased to 4GB. Updated recommendations for hardware and memory configurations are available to ensure optimal performance.

 

Expanded Protocol Support

SAML Improvements

PAS 5.1.4 introduces new configuration parameters for SAML Assertion Profiles, allowing greater flexibility in:

  • Keystore ID selection for signatures
  • Signature algorithm choices
  • Attribute NameFormat specifications
  • Scoped attribute configurations

Additionally, new tools simplify the transition from legacy SAML IdPs to updated configurations, streamlining your migration process.

OIDC / OAuth Enhancements

New features include:

  • Support for the client_credentials grant type, enabling third-party API access via PAS-issued tokens.
  • Granular control of Relying Party permissions, including allowed_scopes and allow_client_credentials_grant_type settings.
  • Customisable authorisation rules through client authorisation pipes, enabling advanced access control policies.

Pipe Import/Export Tool

Administrators can now easily transfer pipe configurations between environments with the new import/export tool in the configuration GUI. This feature simplifies migration and reduces manual effort.

PAS 5.1.4 demonstrates our commitment to delivering secure, high-performance identity solutions tailored to evolving organisational needs. For detailed guidance on implementing these features, explore our updated documentation and guides.

  1. PAS 5.1.3
  2. PAS 5.1.2
  3. PAS 4.7.4
  4. PAS 5.1.1
© 2025 PhenixID AB. All Rights Reserved.