ANNOUNCEMENT The following Production environments will be upgraded to the April 2025 Platform Update Release of IAM. What's New: Upgrade the Apache Tomcat version to the non-vulnerable minor version to fix a critical vulnerability. Resolution of the bugs: Unsupported request GET "/authorize/oauth2/token" call not getting blocked at the Gateway application level and reaching to IAM application. IAM API(s) Rate limit working inconsistently during high request loads,resulting in latency in the response. IAM Cloud Foundry frontend Gateway and AM applications observe crashes when there is a high request queueing happening due to backend latency. IAM application logs full stack traces for client errors such as 400 and 401, which results in the exposure of technical details. IAM API "/userinfo" returns 400 Bad Request When 'x-forwarded-host' header is present. Environments Impacted, Dates and Times: IAM Production/US-East 28-April-2025 05:00 UTC IAM Production/AP-SE 29-April-2025 05:00 UTC IAM Production/SA-East 30-April-2025 9:00 UTC IAM Production/AP-NE 05-May-2025 10:00 UTC IAM Production/EU-West 06-May-2025 02:00 UTC *Potential Impact on Customers*: During the deployment window, you may experience intermittent failures for few authentication and Authorization calls. We will post an announcement before and after the deployment. Duration of the upgrade: approximately 6 hours Primary Contact:@pooja Release notes are available on the HSDP’s Client Portal: - https://www.hsdp.io/documentation/identity-and-access-management-iam/release-notes#_april_2025_platform_update
Posted Apr 23, 2025 - 17:32 UTC
This scheduled maintenance affects: Identity and Access Management (IAM) (EU-West Production Access Management API, EU-West Production Authentication User Interface, EU-West Production Identity Management API, EU-West Production Identity Management SCIM API).