Releases: cloudfoundry/uaa
Releases · cloudfoundry/uaa
76.28.0
What's Changed
- Add allowedGroups to UserConfig in IdZ configuration by @klaus-sap in #2606
- Sonar fix for split by @strehle in #2641
- Update documentation for adding SAP IAS as OIDC Provider by @vlast3k in #2613
Dependency Bumps
- build(deps): bump versions.tomcatCargoVersion from 9.0.83 to 9.0.84 by @dependabot in #2642
- build(deps): bump github/codeql-action from 2 to 3 by @dependabot in #2644
- build(deps): bump k8s.io/client-go from 0.28.4 to 0.29.0 in /k8s by @dependabot in #2646
- build(deps): bump actions/upload-artifact from 3 to 4 by @dependabot in #2648
- build(deps): bump versions.braveVersion from 5.16.0 to 5.17.0 by @dependabot in #2649
- build(deps): bump versions.guavaVersion from 32.1.3-jre to 33.0.0-jre by @dependabot in #2650
New Contributors
Full Changelog: v76.27.0...v76.28.0
Contributors
vlast3k, strehle, and 2 other contributors
Assets 2
76.27.0
What's Changed
- build(deps): bump org.owasp.esapi:esapi from 2.5.2.0 to 2.5.3.0 by @dependabot in #2619
- build(deps): bump org.apache.santuario:xmlsec from 4.0.0 to 4.0.1 by @dependabot in #2621
- renovate: update dependency org.gradle:test-retry-gradle-plugin to v1.5.7 by @strehle in #2623
- Bump Gradle to 8.5 by @strehle in #2626
- build(deps): bump commons-io:commons-io from 2.15.0 to 2.15.1 by @dependabot in #2627
- build(deps): bump actions/setup-java from 3 to 4 by @dependabot in #2629
- build(deps): bump org.owasp.esapi:esapi from 2.5.3.0 to 2.5.3.1 by @dependabot in #2631
- build(deps): bump com.icegreen:greenmail from 1.6.14 to 1.6.15 by @dependabot in #2632
- build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.37.1 to 9.37.2 by @dependabot in #2633
- Update account menu for keyboard accessibility by @ystros in #2587
- Bump dependency org.gradle:test-retry-gradle-plugin to v1.5.8 by @strehle in #2634
- Check zone id by @strehle in #2617
- Check zone id before jdbc access by @strehle in #2616
- build(deps): bump org.eclipse.jgit:org.eclipse.jgit from 6.7.0.202309050840-r to 6.8.0.202311291450-r by @dependabot in #2636
- build(deps): bump org.postgresql:postgresql from 42.7.0 to 42.7.1 by @dependabot in #2639
- build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.37.2 to 9.37.3 by @dependabot in #2640
Full Changelog: v76.26.0...v76.27.0
Contributors
ystros, strehle, and dependabot
Assets 2
76.26.0
What's Changed
Remarks
Deprecation notice: UAA can currently function as a SAML identity provider (IdP). This functionality will be removed in a future release. This will facilitate ongoing efforts to upgrade the Spring Boot library that UAA uses. However, UAA's ability to be a service provider (SP) that integrates with an external SAML-based IdP will still be supported.
Fixes
- return invalid_client in oauth2 error code by @strehle in #2596
- fix slack in readme by @strehle in #2609
- fix sonar finding by @strehle in #2592
New
- Add config to control whether to perform "OpenID Connect RP-Initiated Logout" when using an external OIDC provider by @peterhaochen47 in #2590
- Add label text to all form controls by @ystros in #2588
Misc
- Add SAML IdP deprecation notice by @swalchemist in #2607
- Update OIDC integration documentation by @strehle in #2585
- refactor two SAML tests to use page objects by @swalchemist in #2543
- Miscellaneous refactors by @peterhaochen47 in #2608
- refactor: move jakarta mail dependency to spring boot mail by @strehle in #2611
Dependency Bumps
- build(deps): bump versions.springBootVersion from 2.7.17 to 2.7.18 by @dependabot in #2614
- Bump mariadb from 2.7.10 to 2.7.11 by @strehle in #2594
- build(deps): bump github.com/onsi/gomega from 1.29.0 to 1.30.0 in /k8s by @dependabot in #2595
- build(deps): bump k8s.io/client-go from 0.28.3 to 0.28.4 in /k8s by @dependabot in #2603
- build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.37 to 9.37.1 by @dependabot in #2593
- build(deps): bump org.postgresql:postgresql from 42.6.0 to 42.7.0 by @dependabot in #2612
- build(deps): bump versions.bouncyCastleVersion from 1.76 to 1.77 by @dependabot in #2600
- build(deps): bump versions.tomcatCargoVersion from 9.0.82 to 9.0.83 by @dependabot in #2601
- Bump jackson from 2.15.3 to 2.16.0 by @strehle in #2605
New Contributors
Full Changelog: v76.25.0...v76.26.0
Contributors
ystros, strehle, and 3 other contributors
Assets 2
76.25.0
What's Changed
- build(deps): bump commons-io:commons-io from 2.14.0 to 2.15.0 by @dependabot in #2579
- build(deps): bump github.com/onsi/gomega from 1.28.1 to 1.29.0 in /k8s by @dependabot in #2578
- build(deps): bump org.apache.commons:commons-text from 1.10.0 to 1.11.0 by @dependabot in #2582
- update dependency middleman to v4.5.1 by @strehle in #2580
Full Changelog: v76.24.0...v76.25.0
Contributors
strehle and dependabot
Assets 2
76.24.0
What's Changed
Remarks
- The versions 76.22.0 and 76.23.0 contain a regression regarding the empty secret change. If you need to have an empty secret in your clients and you create them later via REST calls, use this version.
- This version was created with Java 17
Regression Fix
Feature
Misc
- fix: java version requirement in README by @peterhaochen47 in #2563
- fix flaky test by @strehle in #2565
- fix: unnecessary method call by @klaus-sap in #2549
- sonar fix by @strehle in #2526
- documentation: update system admin guide by @strehle in #2520
- doc: announcement for private_key_jwt by @strehle in #2551
Dependency Bumps
- Bump: Java version to 17 by @peterhaochen47 in #2562
- build(deps): bump github.com/onsi/gomega from 1.28.0 to 1.28.1 in /k8s by @dependabot in #2568
- build(deps): bump org.apache.directory.server:apacheds-protocol-ldap from 2.0.0.AM26 to 2.0.0.AM27 by @dependabot in #2567
Full Changelog: v76.23.0...v76.24.0
Contributors
strehle, peterhaochen47, and 2 other contributors
Assets 2
76.23.0
What's Changed
Experimental Feature
Client Authentication with JWT assertions, Howto
Features
- feature: add runtime support for private_key_jwt client authentication by @strehle in #2507
- feature: add change size to pull request by @bruce-ricard in #2546
- feature: enhance well-known and document private_key_jwt parameters in rest API by @strehle in #2509
Fixes
- fix sonar findings by @strehle in #2528
- fix sonar finding: duplicate string literals by @klaus-sap in #2531
- fix sonar issue: Utility classes should not have public constructors by @klaus-sap in #2533
- fix sonar findings by @strehle in #2527
- Bump org.json:json from 20230618 to 20231013 , fixes CVE-2023-5072 by @dependabot in #2544
Misc
- Make it easier to find test failures in CI output by @swalchemist in #2511
- test: Add Client Authentication Integration Tests by @strehle in #2508
Dependency Bumps
- build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.35 to 9.36 by @dependabot in #2529
- build(deps): bump versions.guavaVersion from 32.1.2-jre to 32.1.3-jre by @dependabot in #2534
- build(deps): bump org.apache.directory.api:api-ldap-model from 2.1.4 to 2.1.5 by @dependabot in #2536
- build(deps): bump golang.org/x/net from 0.14.0 to 0.17.0 in /k8s by @dependabot in #2538
- build(deps): bump versions.tomcatCargoVersion from 9.0.80 to 9.0.82 by @dependabot in #2540
- Bump jackson version 2.15.2 to 2.15.3, #2541
- build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.36 to 9.37 by @dependabot in #2548
- build(deps): bump k8s.io/client-go from 0.28.2 to 0.28.3 in /k8s by @dependabot in #2555
- build(deps): bump versions.springBootVersion from 2.7.16 to 2.7.17 by @dependabot in #2553
- build(deps): bump org.apache.santuario:xmlsec from 3.0.2 to 4.0.0 by @dependabot in #2554
Full Changelog: v76.22.0...v76.23.0
Contributors
bruce-ricard, strehle, and 3 other contributors
Assets 2
76.22.0
What's Changed
Features
- feature: allow setting SameSite on X-Uaa-Csrf cookie by @mikeroda in #2439
- feature: add persistence support for private_key_jwt client authentication by @strehle in #2449
Fixes
- fix: Flaky test by @strehle in #2491
- fix: do not default a missing secret to an empty one by @strehle in #2455
- fix: missing shebang by @bruce-ricard in #2497
- fix: ClientAdminEndpointsValidator should allow authorization_code with empty secret by @strehle in #2461
- fix: json syntax error by @peterhaochen47 in #2521
Misc
- Page object refactoring for two additional tests by @swalchemist in #2490
- Passcode test refactor by @swalchemist in #2501
- test clean-up: switch back to using standard simplesamlPHP server URL by @peterhaochen47 in #2516
- delete unused pom.xml by @swalchemist in #2519
- refactor: use page objects for favicon test by @swalchemist in #2498
Dependency Bumps
- build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.32 to 9.34 by @dependabot in #2489
- build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.34 to 9.35 by @dependabot in #2492
- update module github.com/onsi/ginkgo/v2 to v2.12.1 by @strehle in #2494
- build(deps): bump versions.springBootVersion from 2.7.15 to 2.7.16 by @dependabot in #2495
- build(deps): bump org.passay:passay from 1.6.3 to 1.6.4 by @dependabot in #2499
- build(deps): bump versions.seleniumVersion from 4.12.1 to 4.13.0 by @dependabot in #2502
- build(deps): bump github.com/onsi/gomega from 1.27.10 to 1.28.0 in /k8s by @dependabot in #2510
- build(deps): bump commons-io:commons-io from 2.13.0 to 2.14.0 by @dependabot in #2512
- Upgrade to be compatible with simplesamlphp v2 by @bruce-ricard in #2506
- Bump dependency org.gradle:test-retry-gradle-plugin to v1.5.6 by @strehle in #2518
- build: change sonar runner to java 17 by @strehle in #2513
- build(deps-dev): bump open from 0.0.5 to 6.0.0 in /uaa/slate by @dependabot in #2522
- Bump Gradle to 8.4 by @strehle in #2524
- Bump dependencies in package.json of slate (doc) by @strehle in #2525
Full Changelog: v76.21.0...v76.22.0
Contributors
mikeroda, bruce-ricard, and 4 other contributors
Assets 2
76.21.0
What's Changed
Features
Fixes
- Fix: UAA login page breaks when the product logo image is over 100000 characters by @Tallicia in #2453
Misc
- Rearchitect two integration tests to use page objects by @swalchemist in #2468
- Refactor: prepare for private_key_jwt in oauth_client_details by @strehle in #2433
- doc: reason for ignoring library bumps by @swalchemist in #2485
- test: Authorization Grant Flow without Redirect URI by @strehle in #2484
Dependency Bumps
- build(deps): bump versions.springBootVersion from 2.7.14 to 2.7.15 by @dependabot in #2450
- bump activesupport from 6.1.7.3 to 6.1.7.5 in #2451
- build(deps): bump jasmine-core from 5.1.0 to 5.1.1 in /uaa by @dependabot in #2457
- build(deps): bump k8s.io/client-go from 0.28.0 to 0.28.1 in /k8s by @dependabot in #2460
- build(deps): bump versions.tomcatCargoVersion from 9.0.79 to 9.0.80 by @dependabot in #2462
- build(deps): bump org.apache.directory.api:api-ldap-model from 2.1.3 to 2.1.4 by @dependabot in #2464
- build(deps): bump versions.seleniumVersion from 4.11.0 to 4.12.0 by @dependabot in #2466
- build(deps): bump org.eclipse.jgit:org.eclipse.jgit from 6.6.0.202305301015-r to 6.6.1.202309021850-r by @dependabot in #2469
- build(deps): bump versions.seleniumVersion from 4.12.0 to 4.12.1 by @dependabot in #2471
- build(deps): bump actions/checkout from 3 to 4 by @dependabot in #2473
- build(deps): bump org.eclipse.jgit:org.eclipse.jgit from 6.6.1.202309021850-r to 6.7.0.202309050840-r by @dependabot in #2475
- Bump Gradle to 8.3 by @strehle in #2476
- update dependency org.gradle:test-retry-gradle-plugin to v1.5.4 by @strehle in #2479
- Bump mariadb from 2.7.9 to 2.7.10 by @strehle in #2478
- Bump gradle plugins by @strehle in #2480
- Bump SnakeYaml from 2.0 to 2.2 by @strehle in #2481
- update dependency org.gradle:test-retry-gradle-plugin to v1.5.5 by @strehle in #2482
- Go 1.21 by @swalchemist in #2483
- build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.31 to 9.32 by @dependabot in #2487
- k8s updates, k8s.io 0.28.1 to 0.28.2 by @strehle in #2488
Full Changelog: v76.20.0...v76.21.0
Contributors
Tallicia, strehle, and 2 other contributors
Assets 2
76.20.0
What's Changed
Features
- Added log tracing using B3 headers so transactions between TAS components will use the same trace ID, in #2446. Log file parsers might need to be updated to reflect this addition to the logs. In the example below,
- [ebf4f18ff75a4cfc64a70c2de8ff493b,64a70c2de8ff493b]is the part that is added:
[2023-08-16T00:56:46.060135Z] uaa - 13 [https-jsse-nio-8443-exec-1] - [ebf4f18ff75a4cfc64a70c2de8ff493b,64a70c2de8ff493b] .... DEBUG --- UaaMetricsFilter: Successfully matched URI: /oauth/token to a group: /oauth-oidc
In some cases, the trace and span IDs will be blank:
[2023-08-17T01:53:42.790149Z] uaa/uaa - 17490 [main] - [,] .... INFO --- SpringSecurityCoreVersion: You are running with Spring Security Core 5.7.10
Fixes
- Move refresh rotate check to refresh flow in #2437
Full Changelog: v76.19.0...v76.20.0
76.19.0
What's Changed
Dependency Bumps
- build(deps): bump com.google.zxing:javase from 3.5.1 to 3.5.2 by @dependabot in #2426
- build(deps): bump versions.bouncyCastleVersion from 1.75 to 1.76 by @dependabot in #2425
- build(deps): bump versions.guavaVersion from 32.1.1-jre to 32.1.2-jre by @dependabot in #2429
- build(deps): bump versions.seleniumVersion from 4.10.0 to 4.11.0 by @dependabot in #2428
- fix: update k8s to go 1.20 by @Tallicia in #2432
- Bump hsqldb version 2.7.1 to 2.7.2 by @strehle in #2436
- build(deps): bump versions.tomcatCargoVersion from 9.0.78 to 9.0.79 by @dependabot in #2442
- build(deps): bump k8s.io/apimachinery from 0.27.4 to 0.28.0 in /k8s by @dependabot in #2443
- build(deps): bump k8s.io/client-go from 0.27.4 to 0.28.0 in /k8s by @dependabot in #2444
Misc
- integrationTest: Add IT for user_token grant variants by @strehle in #2194
- fix: Dependabot can't authenticate to the private package registry ht… by @hsinn0 in #2434
Full Changelog: v76.18.0...v76.19.0
Contributors
Tallicia, strehle, and 2 other contributors