Security by Sweden

Latest posts

Maintenance release PAS 4.7.4 thumb

This release brings a host of significant improvements, focusing on security, performance, and functionality. Key highlights include enhanced QR code synchronization, critical security updates, and improved SAML support. These changes reflect our ongoing commitment to providing a secure, efficient, and user-friendly platform.

Highlights:

  1. Improved QR Code Synchronization (PHX-3475): We have completely revamped the QR code sync implementation, allowing for flexible polling intervals. This ensures that BankID QR codes remain in sync, providing a seamless authentication process.
  2. Security Enhancements (PHX-3481, PHX-3674): We have addressesd and mitigated several security vulnerabilities (CVE-2020-23064, CVE-2020-11022, CVE-2020-11023, CVE-2019-11358, CVE-2021-23337, CVE-2020-28500, CVE-2024-34342 and CVE-2024-4367). These updates significantly bolster the security of our platform, ensuring a safer environment for our users.
  3. Enhanced SAML Support (PHX-3494, PHX-3495, PHX-3496, PHX-3497): We have resolved several issues related to SAML bindings and signatures. Our SAML Service Provider (SP) and Identity Provider (IdP) can now handle inbound Redirect-binding for deflated requests, verify detached signatures, and ensure valid signatures on SAMLResponses. These enhancements improve the reliability and security of our SAML integrations.

 

For a detailed list of all changes and improvements, please read more on our release notes page.

Read full release notes

PAS 5.1.1

Hits: 0

PhenixID is proud to announce the new release of PhenixID Authentication Services (PAS) 5.1.1. This new release includes defect fixes and addition of minor functions for the 5.1 release, and is recommended for all 5.1 installations.

Read full release notes

Bug fixes
 

The 5.1.1 release includes 21 important bug fixes for the 5.1 release, including: 

  • LDAP connections can leak upon reconfiguration
  • SAML SP will not verify detached signatures
  • Vulnerabilities mitigation
  • BankID issues

New/updated features

The 5.1.1 version also includes 15 improvements adding value to your solution. Improvements includes for example:

  • Possibility for the administrator to decide behavior when visible signature cannot be added
  • Signature assignements in PhenixID OneTouch
  • NiAS, SITHs and FIDO2 protocol agnostic authenticators

    Read full release

    PAS 5.1.0

    Hits: 0

    PhenixID is proud to announce the new release of PhenixID Authentication Services (PAS) 5.1.0. The new release improves the stability, compatibility, and security of your solution, and is recommended for all installations.

    Read full release notes

    HIGHLIGHTS
     

    The 5.1.0 version introduces a new way of configurating Authenticators, exceptionally simplifying for administrators by giving more control of authentication flows. In addition to this, increased built in support for SAML and OIDC protocols and updated guides for configuration makes this 5.1.0 release something that will not just make PAS more secure but also reduce complexity. 

    Authenticators architecture

    Clear separation of protocols versus authentication methods, new simplified configuration guides to support easier and faster configuration. Read more about how this will make the administrators life easier here.

     

    OpenID Connect support

    Significantly more OIDC functionality now available “out-of-the-box” in code instead of via manual configuration. Also some new OIDC support not previously possible, e.g Hybrid Flow support. Link to documentation here.

     

    SIGN transaction for BankID and Freja EID

    Force a SIGN request to BankID or Freja eID with clear information to the user on the intention of signing.

      Read full release

      PAS 5.0.1

      New maintenance release

      This new release includes defect fixes and addition of minor functions for the 5.0 release, and is recommended for all 5.0 installations.

      Bug fixes

      The 5.0.1 release includes important bug fixes for the 5.0 release, including:

      • MSSQL using integrated authentication
      • ACS-URL validation
      • security vulnerabilities mitigation
      • TLS version for MiuLookupValveApp

      New/updated features

      The 5.0.1 version does only contain defect fixes

      1. PAS 4.7.3
      2. PAS 5.0
      3. PAS 4.7.2
      4. PAS 4.7.1
      © 2024 PhenixID AB. All Rights Reserved.