PIM 6.1.3 – Release Notes

The new release of PhenixID Identity Manager (PIM) improves the stability, compatibility and security of your solution, and is recommended for all installations.

PIM-1489 Vulnerabilities in jQuery

Upgraded jQuery to 3.7.1 to mitigate vulnerabilities. Issue resolved

PIM-1510 Attributes flagged as variable are always set as modified

Implementation of solving PIM-1382 Default value Hidden is sent to as empty value to PIP resulted in attributes flagged as variable was always set as modified. The implementation is reverted and replaced with a new implementation. Issue resolved

PIM-1511 Outdated and vulnerable third party libraries

jQuery 3.2.1 and Lodash 4.17.20 have reported vulnerabilities. Upgrade jQuery to 3.7.1 and Lodash to 4.17.21 to mitigate vulnerabilities. Issue resolved

PIM-1513 Improper authorization vulnerability

An issue with users being able get access to objects they otherwise should not have access. Issue resolved

Vulnerability mitigation

The following vulnerabilities (CVEs) have been resolved:

  • CVE-2021-3749
  • CVE-2024-30171
  • CVE-2024-21138
  • CVE-2021-46877
  • CVE-2020-11987
  • CVE-2021-44906
  • CVE-2020-28168
  • CVE-2022-21363
  • CVE-2019-10742
  • CVE-2013-5679
  • CVE-2020-11023
  • CVE-2014-3604
  • CVE-2022-38398
  • CVE-2022-44730
  • CVE-2023-22102
  • CVE-2023-26159
  • CVE-2022-42003
  • CVE-2022-45143
  • CVE-2022-42252
  • CVE-2023-35116
  • CVE-2023-44487
  • CVE-2022-3509
  • CVE-2022-29885
  • CVE-2023-46589
  • CVE-2020-36518
  • CVE-2022-42004
  • CVE-2012-5783
  • CVE-2024-21131
  • CVE-2022-0536
  • CVE-2022-3171
  • CVE-2023-24998
  • CVE-2023-45648
  • CVE-2015-1796
  • CVE-2023-33201
  • CVE-2022-40146
  • CVE-2022-24891
  • CVE-2020-8908
  • CVE-2022-34169
  • CVE-2023-28708
  • CVE-2023-45857
  • CVE-2023-5072
  • CVE-2018-8036
  • CVE-2023-33202
  • CVE-2020-28500
  • CVE-2018-10237
  • CVE-2024-34447
  • CVE-2022-38648
  • CVE-2021-23337
  • CVE-2017-10355
  • CVE-2015-6420
  • CVE-2024-29857
  • CVE-2022-31129
  • CVE-2022-34305
  • CVE-2022-0155
  • CVE-2023-46233
  • CVE-2020-13936
  • CVE-2022-24785
  • CVE-2021-2471
  • CVE-2022-42890
  • CVE-2019-17566
  • CVE-2022-26336
  • CVE-2024-21068
  • CVE-2019-11358
  • CVE-2022-3510
  • CVE-2023-44483
  • CVE-2021-43980
  • CVE-2021-22569
  • CVE-2022-44729
  • CVE-2024-21140
  • CVE-2022-23457
  • CVE-2022-40152
  • CVE-2023-41080
  • CVE-2022-41704
  • CVE-2013-5960
  • CVE-2020-11022
  • CVE-2018-8013
  • CVE-2022-23437
  • CVE-2022-23181
  • CVE-2023-34623
  • CVE-2023-2976
  • CVE-2023-22006
  • CVE-2020-36732
  • CVE-2024-28849
  • CVE-2023-42795
  • CVE-2020-13956