What's Changed
- CVE-2025-8916 Allocation of Resources Without Limits or Throttling vulnerability by @maximthomas in #909
- CVE-2025-9288 ha.js is missing type checks leading to hash rewind and passing on crafted data by @dependabot[bot] in #908
- CVE-2025-26467 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions by @dependabot[bot] in #911
- CVE-2025-5889 brace-expansion Regular Expression Denial of Service vulnerability by @dependabot[bot] in #914
- [#913] CVE-2024-38999 requirejs v2.3.6 was discovered to contain a prototype pollution by @maximthomas in #915
- CVE-2025-58056 Netty vulnerable to request smuggling due to incorrect parsing of chunk extensions by @dependabot[bot] in #919
- CVE-2025-8662 Tampering with request parameters may modify OpenAM’s internal cache, causing the SAML IdP to not function properly by @tsujiguchitky in #920
- Fix JavaDoc build error in GitHub actions by @maximthomas in #906
- Update README.md: add backers and sponsor by @vharseko in #907
- ISSUE_TEMPLATE: add "Vote to raise the priority" by @vharseko in #910
- Bump org.openidentityplatform.opendj 4.10.2 by @vharseko in #918
- Generate authentication modules reference in AsciiDoc format by @maximthomas in #916
Full Changelog: 15.2.1...15.2.2
Contributors
vharseko, maximthomas, and 2 other contributors