3.2.3¶
Release Date: March 5, 2026
🐛 Bug Fixes¶
Project Templates¶
Oracle saif-api-sys Secrets Variable Group Scoping 🔧¶
Template: saif-feature-api
Fixed a bug in the saif-api-sys Oracle pipeline template where the secrets variable group was incorrectly added as a top-level pipeline variable group instead of being forwarded through secretsVariableGroupName in extends.parameters.
What was wrong:
The saif-feature-api pipeline templates used a top-level - group: reference for the Oracle variable group. This caused two issues: secrets were exposed to the entire pipeline rather than being scoped to the Terraform deployment job, and the orchestrator (azure-app-orchestrator-v3.yml) never received the group name, so secrets were never injected into Terraform at all.
The fix:
The secrets variable group name is now passed via secretsVariableGroupName in extends.parameters, matching the established pattern used by saif-dynatrace-config. The template chain scopes the group exclusively to the Terraform deployment job via v2/deployments/terraform/variables.yml.
PR: #487
NuGet Packages¶
APIM Backward-Compatible SaifApimIdentity Cookie Decoding 🔐¶
Package: SAIF.Platform.Authentication.AspNetCore
Fixed production 500 errors on experience APIs caused by the APIM policy not handling URL-encoded (standard base64) SaifApimIdentity cookies from applications running the pre-3.x NuGet package.
Root cause:
PR #413 dropped the UrlDecode call from the APIM policy. Applications still on the old NuGet package write the cookie as URL-encoded standard base64 (+ → %2B, / → %2F). Without UrlDecode, Convert.FromBase64String rejected % characters with a 500 error.
The fix:
Added System.Net.WebUtility.UrlDecode(cookie) before the base64 normalization step in the APIM policy. This is a no-op for new-format cookies (URL-safe base64 characters are never percent-encoded), so both old and new cookie encodings are handled correctly:
| Application version | Cookie format | Outcome |
|---|---|---|
| Pre-3.x (old NuGet) | URL-encoded standard base64 (%2B %2F %3D) |
✅ Works |
| 3.x+ (new NuGet) | URL-safe base64 (- and _, no padding) |
✅ Works |
PR: #486
📚 Documentation¶
Updated Documentation¶
JWT Testing Guide — Broken Link Fixed 🔗¶
Fixed a broken link to the "Personal test tools repository" in the JWT testing guide.
PR: #488
📦 Dependencies¶
NPM Packages¶
- 📦 minimatch — bumped from
3.1.2to3.1.4(security patch) (#485) - 📦 @opentelemetry/auto-instrumentations-web — bumped from
0.57.0to0.58.0(#484) - 📦 TypeScript dependencies group — 4 updates applied (#482)
🔄 Breaking Changes¶
None in this release ✅
📋 Additional Notes¶
- Total commits: 6
- Files changed: ~8
- Contributors: Emmitt Johnson, Copilot, dependabot[bot]
Support¶
- 📧 Teams Support Channel: Support