OpenSSO 8.0 U2 Patch 2 has just been released on 12th March 2011. That's a pretty fast release since the last patch release (U2 Patch 1) was just in Jan 2011.
(from 141655-06) U2 Patch 2
7002787 OpenSSO 8.0 u2 & u2p1 not working with Active Directory DataStore
6987837 OpenSSO8U1P3 - SystemTimerPool - Throws ArrayIndexOutOfBoundsException message regularily
7006491 ERROR: "Not a supported type: FILTEREDROLE" following opensso upgrade when assigning privileges
6994715 OpenSSO update 1 patch 3 oracle db logging error: ORA-01704: String Literal Too Long
7000981 Upgrading Am 7.1 patch3 deployment as a site to OpenSSO 8 U1 patch3 Servers and sites tab dissapear
7005627 Opensso8.0U1P3-sfo enabled attribute in the Secondary instance was missing
6993122 SPNameQualifier element should be removed from NameIDPolicy in SAML AuthnRequest
6935201 OpenSSO U1P3: DAUI sends errors after user reloads DAUI login url thrice
6677966 HttpServletRequest/HttpServletResponse not available in AMLoginModule when using Dist AuthUI
6982882 Browser goes into loop condition for an OpenSSO login when a policy requires realm authentication
6982149 OpenSSO - Null Pointer Exception during session upgrade
6979889 8.0u2 patch 1: Update version of jss4.jar in opensso
6996134 OpenSSO Authentication allows access to users to a Realm to which Users who do not belong to
6986916 problem with AM 7.1 patch 4 DAUI
6992299 problem with AM 7.1 patch 4
6982233 Migrate AM7.0p11 to OpenSSO 8.0u2: legacy agent profiles are still not shown on the console properly
7003167 CDCClientServlet regression with bugfix 6896456 using distauth
7007659 ssopreupgrade.bat stop in initialize with Can't find bundle for name ssoUpgrade
7012182 URI is considered as URL in the goto parameter when it is URL-encoded
7018596 AM 7.1 patch3 to OpenSSO 8.0 update2 upgrade displays configuration page post upgrade
7019578 After Upgrade from AM7.1p3 to OpenSSO 8.0:"Server error" while hitting "platform" button on admin console
7016248 problem with Accessmanager
The Jan release (U2 Patch 1) was a major for us in the project I am currently in for the local Education ministry.
There was a bug in the SJSWS 7 Policy Agent which happily redirecting a POST request as a GET request. This broke our single sign-on integration with Sun IdM. In this particular case, the Forget Password Wizard broke.
We tested U2 Patch 1 and the bug was resolved. What was fixed? I do not know since it's a closed source now.