Connect2id server 13.7.4

This release of the Connect2id server fixes a bug that caused incorrect encoding of the state parameter in post-logout redirect URIs. Deployments that implement an OpenID provider logout endpoint are encouraged to update. Details are available in the release notes below.

This week we also released a preview of the upcoming Connect2id server 14.0.

Download 13.7.4

For the signature validation: Public GPG key

Standard Connect2id server edition

Apache Tomcat package with Connect2id server 13.7.4:

GPG signature:

SHA-256: 97442463a2d50000eb41478ee285dbe78ddf959d5e1f0d35868771fa6896be3b

Connect2id server 13.7.4 WAR package: c2id.war

GPG signature: c2id.war.asc

SHA-256: f94347483b3d04f06bbd1d38bba57aa23d6b6b4ddcb39708fec90e4933b2b7b8

Multi-tenant edition

Apache Tomcat package with Connect2id server 13.7.4:

GPG signature:

SHA-256: 95a547da885cbcd33ae5468ce928502bec4572fa5ab45771f7e48e8bdc30a349

Connect2id server 13.7.4 WAR package: c2id-mt.war

GPG signature: c2id-mt.war.asc

SHA-256: 48c63e817000d8f9116e1b532e547998a9a4708e71e1fb1d7564cc10f34a159a


If you have technical questions about this new release contact Connect2id support. To purchase a production license for the Connect2id server, renew or upgrade your support and updates subscription, email our sales.

Release notes

13.7.4 (2023-05-09)

Resolved issues

  • The /logout-sessions/rest/v1 API must URL-encode the state parameter in the final post-logout redirection URI (issue server/873).

Dependency changes

  • Updates to com.nimbusds:software-statement-verifier:2.2.4