Security by Sweden

Latest posts

PAS 6.0

Accessibility at the Forefront

We’re excited to announce PAS 6.0.1, a maintenance release that puts accessibility and user experience first while also rolling up security and stability fixes from PAS 6.0.0 and PAS 5.1.8.

 

Key Improvements

  • WCAG-compliant QR codes in mobile authenticators
    All QR codes used by BankID, Freja, OneID and SITHS eID now follow BankID’s accessibility guidelines. Administrators can also configure maximum QR-code duration and appearance, making it easier for everyone to scan and authenticate while giving organisations more control over the process.
  • Flexible mobile authentication flows
    New configuration options allow you to skip the QR step entirely or choose between QR-code mode and “same device” mode for an even smoother user experience.
  • Configurable HTTP header and field sizes
    Previously hard-coded maximums are now configurable, giving greater flexibility when deploying PAS in diverse environments.
  • Rebranding “OneTouch v2” to “OneID”
    The working title “OneTouch 2” has been replaced with “OneID” throughout the product, with localisation keys and enrolment components automatically updated.

 

 

Stability and Security Enhancements

PAS 6.0.1 also incorporates numerous fixes from 6.0.0 and 5.1.8, including:

  • Improved audit logging and metrics for mobile authenticators.
  • Updated documentation for SAML SP parameters, including ForceAuthn.
  • Resolved issues in NiasAuth, SPBroker discovery service, duplicate trace_id handling and more.
  • Multiple dependency updates to mitigate known vulnerabilities (CVE-2025-52999, CVE-2025-53864, CVE-2024-7254, CVE-2025-7962, etc.).

For the complete list of included bug fixes from PAS 5.1.8, please see the detailed release notes.

 

 

Why Upgrade

Upgrading to PAS 6.0.1 gives you the most accessible, secure and stable version of PAS to date. You’ll benefit from WCAG-compliant QR codes, more flexible mobile authentication flows, and the latest security patches — all in one release.

 

Read the full release notes ›

PAS 6.0

Fast, transparent and ready for the future

We’re proud to announce the release of PAS 6.0, a major step forward for performance, monitoring, user experience, and security. This release is packed with valuable upgrades designed to help you run smarter, gain deeper insight, and deliver a better experience for both administrators and users.

Key highlights

  • Upgraded to Java 21 for performance, security and long-term maintainability
  • Brand new audit log system with detailed traceability and SIEM integration
  • New metrics and dashboards for real-time operational insight
  • Modern OneTouch enrollment portal — WCAG-compliant and mobile-first
  • New internal application guides with simplified setup and better flexibility
  • Improved logout flows and SP/RP configuration — more secure, less complex

Reminder: As always, please read the upgrade notes before updating your environment.

Java 21 — Power and performance

PAS now runs on Java 21, the latest Long-Term Support (LTS) version. This upgrade brings:

  • Up to 40% faster server startup and API response times
  • Better security and dependency management
  • A future-proof foundation for continued innovation

Full Visibility with New Audit Logs

Our new audit log system provides significantly richer and more consistent data, enabling:

  • Integration with SIEM platforms for centralized security visibility
  • Proactive monitoring to detect issues before users are impacted
  • Detailed traceability to investigate events when something goes wrong

Read the deep-dive: Audit logs / Event logs in PAS 6.0

New Metrics & Dashboards — Ready Out of the Box

PAS 6.0 expands our monitoring capabilities with:

  • New metrics for authentication flows, pipe execution, license status, and more
  • Pre-built dashboards to visualize recommended metrics instantly
  • Faster root cause analysis and operational insights without extra setup

Read more: Recommended metrics and visualization

OneTouch Enrollment — Now Accessible for All

With the upcoming launch of OneTouch 2, we’re also releasing a new WCAG-compliant enrollment portal with:

  • A cleaner, more accessible user interface
  • Compatibility with both OneTouch 1 and 2
  • A more flexible enrollment experience across all devices

Read more: OneTouch Enrollment

Smarter Admin Experience

New Internal Application Guides

When creating new guide scenarios, the UI now leverages the modern authenticator architecture (introduced in PAS 5.1), offering:

  • More flexibility in selecting authenticators
  • Streamlined setup for internal apps like SelfService or Enrollment

Improved Logout & Federation Configuration

We’ve made logout handling more robust and SP/RP setup more straightforward:

  • Automatic logout from external IdPs (via SPBroker / RPBroker)
  • Auto-management of SLO/ACS/Redirect URIs
  • Full Single Logout (SLO) support and bug fixes in federation flows

Read more: SPBroker article

Fixes & Smaller Improvements

From improved container logging to new preset MFA sequences, PAS 6.0 includes many under-the-hood improvements. A few highlights:

  • JSON-based logs with MDC fields for containers
  • New method for end user IP resolution
  • New metrics for license expiration and pipe congestion
  • OTTokenVerifierValve now compatible with OneTouch 2

See the full changelog in our Release Notes

Ready to Upgrade?

PAS 6.0 is built to help you grow with confidence — more insight, better performance, and a smoother user experience. Make sure to review the upgrade instructions, and don’t hesitate to reach out if you need guidance.

PAS 5.1.7

PAS 5.1.7 – Maintenance release is now available

This is a maintenance release that includes a selection of stability improvements and bug fixes, as we continue preparations for our upcoming major version, PAS 6.0, which is just around the corner.


What’s New in 5.1.7

While this release doesn’t introduce any major new features, several enhancements and fixes have been made to ensure a more stable and secure experience:

  • Improved support for Freja eID: New attributes such as uniquePersonalIdentifier and loaLevel are now supported, offering greater flexibility for organisations using Freja eID for authentication.

  • Better security insights: The included Software Bill of Materials (SBOM) now lists the Java Runtime Environment, making it easier to track vulnerabilities at a deeper level.

  • Improved user experience options: A new setting allows administrators to disable automatic sorting of authenticators based on last use, giving more control over the user flow.

Stability and Bug Fixes

This release addresses a number of issues related to performance, error handling, and edge cases in authentication flows. Highlights include:

  • Fixes for occasional token generation errors in OIDC authentication.

  • Improvements to large file uploads and stability in PRISM applications under load.

  • Adjustments to authenticator sequences, including a fix that may impact nested flows. If you are using nested SequenceAuthenticators, we recommend reviewing your configuration after upgrading.


For full details, please refer to the PAS 5.1.7 release notes.

If you have any questions or need support, don’t hesitate to reach out to your PhenixID representative or our support team.

,
PAS 5.1.6

Security update: Critical Vulnerability Mitigated

Today PAS 5.1.6 is released, including an important update addressing a critical security vulnerability affecting all versions based on the 5.x branch. We strongly recommend updating immediately to ensure the highest level of protection.

Read the full release here

,
  1. PAS 5.1.5
  2. PAS 5.1.4
  3. PAS 5.1.3
  4. PAS 5.1.2
© 2025 PhenixID AB. All Rights Reserved.