Releases: cloudfoundry/uaa
Releases · cloudfoundry/uaa
76.18.0
What's Changed
Fixes
- UAA startup if postgresql is used for session store in #2414
- Expired X509 certificates should be ignored for JWT usage in #2423
Features
- Allow refresh flow for public usages in #2402
- Use custom key in private_key_jwt towards OAuth2/OIDC IdP in #2420
Dependency Bumps
- build(deps): bump jasmine-core from 5.0.1 to 5.1.0 in /uaa by @dependabot in #2418
- build(deps): bump github.com/onsi/gomega from 1.27.8 to 1.27.9 in /k8s by @dependabot in #2419
- build(deps): bump jasmine from 4.6.0 to 5.1.0 in /uaa by @dependabot in #2417
- build(deps): bump github.com/onsi/gomega from 1.27.9 to 1.27.10 in /k8s by @dependabot in #2421
- Gradle to 8.2.1
Misc
- Delete unused script & dockerfile by @peterhaochen47 in #2422
- Change default of refresh token format by @strehle in #2406
- uaa-ci: use RS256 key as default by @strehle in #2405
Full Changelog: v76.17.0...v76.18.0
Contributors
strehle, peterhaochen47, and dependabot
Assets 2
76.17.0
What's Changed
Fixes
- fix: Skip reset password requests with HEAD method (#2381) by @jbilandzija in #2389
- fix: Handle verify user requests with HEAD method by @jbilandzija in #2392
- fix: make kill more reliable by @swalchemist in #2347
Features
- feature: Store client authentication method in JWT by @strehle in #2385
- feature: Allow sending static key/value pairs to the configured IdP by @strehle in #2397
Dependency Bumps
- build(deps): bump versions.guavaVersion from 32.1.0-jre to 32.1.1-jre by @dependabot in #2393
- Bump Gradle to 8.2 by @strehle in #2396
- build(deps): bump versions.tomcatCargoVersion from 9.0.76 to 9.0.78 by @dependabot in #2400
- build(deps): bump versions.springBootVersion from 2.7.13 to 2.7.14 by @dependabot in #2409
- build(deps): bump k8s.io/client-go from 0.27.3 to 0.27.4 in /k8s by @dependabot in #2411
Misc
- Extend test coverage in OauthIDPWrapperFactoryBean by @strehle in #2399
- Add Introspection Claims Test by @strehle in #2404
- internal tests only: define more values in uaa.yml by @strehle in #2403
- Refactor: Add Instant to TimeService interface and use TimeService in UaaTokenStore by @strehle in #2315
New Contributors
- @jbilandzija made their first contribution in #2389
Full Changelog: v76.16.0...v76.17.0
Contributors
strehle, swalchemist, and 2 other contributors
Assets 2
76.16.0
Test ONLY
- No need to consume it but created because of pipeline fixes
Full Changelog: v76.15.0...v76.16.0
76.15.0
What's Changed
Fixes
- Fixes from version bump versions.bouncyCastleVersion from 1.73 to 1.75 by @dependabot in #2374 and #2382
- Fixes from version bump versions.springBootVersion from 2.7.12 to 2.7.13 by @dependabot in #2383
- Delete all user group members if user is deleted by @strehle in #2372
Features
Dependency Bumps
- build(deps): bump github.com/onsi/gomega from 1.27.7 to 1.27.8 in /k8s by @dependabot in #2350
- build(deps): bump commons-io:commons-io from 2.12.0 to 2.13.0 by @dependabot in #2352
- build(deps): bump versions.guavaVersion from 32.0.0-jre to 32.0.1-jre by @dependabot in #2357
- Upgrade Tomcat cargo version 9.0.76 by @strehle in #2361
- build(deps): bump org.eclipse.jgit:org.eclipse.jgit from 6.5.0.202303070854-r to 6.6.0.202305301015-r by @dependabot in #2369
- build(deps): bump versions.seleniumVersion from 4.9.1 to 4.10.0 by @dependabot in #2351
- build(deps): bump jasmine-core from 5.0.0 to 5.0.1 in /uaa by @dependabot in #2365
- build(deps): bump k8s.io/client-go from 0.27.2 to 0.27.3 in /k8s by @dependabot in #2373
- Bump jackson version 2.14.3 to 2.15.2 in #2377
- build(deps): bump org.json:json from 20230227 to 20230618 by @dependabot in #2379
Misc
- Dependency refactoring by @strehle in #2362
- Remove deprecated code for performance logs by @strehle in #2363
Full Changelog: v76.14.0...v76.15.0
Contributors
strehle and dependabot
Assets 2
76.14.0
What's Changed
- build(deps): bump versions.guavaVersion from 31.1-jre to 32.0.0-jre by @dependabot in #2345
Full Changelog: v76.13.0...v76.14.0
Contributors
dependabot
Assets 2
76.13.0
What's Changed
Fixes
- Fix regression from 76.12.0 in #2340
- Exclude unsupported response types in exception by @mikeroda in #2329
- CVE-2023-20883: Spring-Boot bump from 2.7.11 to 2.7.12 by @dependabot in #2332
Dependency Bumps
- build(deps): bump commons-io:commons-io from 2.11.0 to 2.12.0 by @dependabot in #2327
- build(deps): bump k8s.io/apimachinery from 0.27.1 to 0.27.2 in /k8s by @dependabot in #2330
- build(deps): bump k8s.io/api from 0.27.1 to 0.27.2 in /k8s by @dependabot in #2331
- build(deps): bump k8s.io/client-go from 0.27.1 to 0.27.2 in /k8s by @dependabot in #2333
- build(deps): bump github.com/onsi/gomega from 1.27.6 to 1.27.7 in /k8s by @dependabot in #2337
- Bump jackson 2.14.2 to 2.14.3 by @strehle in #2336
Misc
- Rrefactor while condition by @bruce-ricard in #2341
Full Changelog: v76.12.0...v76.13.0
Contributors
mikeroda, bruce-ricard, and 2 other contributors
Assets 2
DO NOT USE 76.12.0
DO NOT USE
Contains a regression with regards to OIDC IdPs. A fix has been included in release 76.13.0
What's Changed
Fixes
- KeyInfo fixes by @strehle in #2284
- fix: mysql 5 to mysql 8 back-and-restore by aligning collation shared in both mysql 5 and 8. by @Tallicia in #2326
Dependency Bumps
- build(deps): bump versions.seleniumVersion from 4.9.0 to 4.9.1 by @dependabot in #2319
- Upgrade Tomcat cargo version 9.0.75 by @strehle in #2321
- build(deps): bump jasmine-core from 4.6.0 to 5.0.0 in /uaa by @dependabot in #2323
Misc
Full Changelog: v76.11.0...v76.12.0
Contributors
Tallicia, strehle, and dependabot
Assets 2
76.11.0
What's Changed
Fixes
- Update gem setting to latest slate version by @strehle in #2257
- Fix issue #2303 in #2304
- Fix for ldap.ssl.skipverification by @cache-sk in #2273
- Fix auth code cleanup function in #2292
Dependency Bumps
- build(deps): bump versions.springBootVersion from 2.7.10 to 2.7.11 by @dependabot in #2295
- build(deps): bump org.seleniumhq.selenium:selenium-java from 4.8.3 to 4.9.0 by @dependabot in #2300
- build(deps): bump org.seleniumhq.selenium:selenium-http-jdk-client from 4.8.3 to 4.9.0 by @dependabot in #2299
- Update UAA image reference in k8s to 76.10.0 by @strehle in #2306
- Consolidate selenium version by @strehle in #2307
- build(deps): bump nokogiri from 1.13.10 to 1.14.3 in /uaa/slate by @dependabot in #2276
- Bump mariadb from 2.7.8 to 2.7.9 by @strehle in #2308
- Bump Gradle to 8.1.1 by @strehle in #2312
Misc
- TDD: add test for userinfo compare by @strehle in #2294
- TDD for UaaTokenStore: count DB usage in performExpirationClean by @strehle in #2293
- Test PR 2273 by @strehle in #2313
New Contributors
Full Changelog: v76.10.0...v76.11.0
Contributors
strehle, dependabot, and cache-sk
Assets 2
76.10.0
What's Changed
Fixes
- Update Spring Boot from 2.7.10 to 2.7.11 in #2297, Fixes CVE-2023-20873, CVE-2023-20862, CVE-2023-20863
- Fix: Fixing performance while calling containsAll over list by @saurabh-rahate in #2272
- Fix indexOf Checks in KeystoneAuthenticationManager by @adrianhoelzl-sap in #2268
- fix for code smells by @strehle in #2285
- fix: incorrect elapsed time determination by @bruce-ricard in #2281
Features
- Feature: Add 2 new options to JWT token policy by @strehle in #2116, Solution for issues #2109 and #1816
Dependency Bumps
- Remove unused Variable in LoginInfoEndpoint.evaluateLoginHint by @adrianhoelzl-sap in #2270
- refactor UAA token store: use good time types by @bruce-ricard in #2271
- build(deps): bump org.apache.directory.api:api-ldap-model from 2.1.2 to 2.1.3 by @dependabot in #2274
- build(deps): bump k8s.io/client-go from 0.26.3 to 0.27.0 in /k8s by @dependabot in #2277
- build(deps): bump versions.bouncyCastleVersion from 1.72 to 1.73 by @dependabot in #2278
- build(deps): bump org.owasp.esapi:esapi from 2.5.1.0 to 2.5.2.0 by @dependabot in #2282
- Remove unnecessary References to "apache.directory" Library by @adrianhoelzl-sap in #2269
- build(deps): bump k8s.io/client-go from 0.27.0 to 0.27.1 in /k8s by @dependabot in #2286
- Upgrade Tomcat cargo version 9.0.74 by @strehle in #2290
New Contributors
- @saurabh-rahate made their first contribution in #2272
Full Changelog: v76.9.0...v76.10.0
Contributors
bruce-ricard, strehle, and 3 other contributors
Assets 2
76.9.0
What's Changed
Fixes
Dependency Bumps
- build(deps): bump org.passay:passay from 1.6.2 to 1.6.3 by @dependabot in #2247
- build(deps): bump k8s.io/client-go from 0.26.2 to 0.26.3 in /k8s by @dependabot in #2249
- build(deps): bump org.postgresql:postgresql from 42.5.4 to 42.6.0 by @dependabot in #2246
- build(deps): bump jasmine from 4.5.0 to 4.6.0 in /uaa by @dependabot in #2242
- build(deps): bump jasmine-core from 4.5.0 to 4.6.0 in /uaa by @dependabot in #2241
- build(deps): bump versions.springBootVersion from 2.7.9 to 2.7.10 by @dependabot in #2254
- Bump mariadb from 2.7.7 to 2.7.8 by @strehle in #2255
- build(deps): bump github.com/onsi/gomega from 1.27.4 to 1.27.5 in /k8s by @dependabot in #2258
- Bump snakeyaml from 1.33 to 2.0 by @strehle in #2219
- build(deps): bump org.seleniumhq.selenium:selenium-java from 4.8.1 to 4.8.3 by @dependabot in #2259
- build(deps): bump org.seleniumhq.selenium:selenium-http-jdk-client from 4.8.1 to 4.8.3 by @dependabot in #2260
- build(deps): bump github.com/onsi/gomega from 1.27.5 to 1.27.6 in /k8s by @dependabot in #2266
- build(deps): bump org.apache.santuario:xmlsec from 3.0.1 to 3.0.2 by @dependabot in #2267
Misc
- Refactor snakeyaml usage: Use newer method signatures by @strehle in #2237
- fix: Use short-circuit or operator in UserIdConversionEndpoints.checkFilter by @adrianhoelzl-sap in #2265
New Contributors
- @jaristiz made their first contribution in #2252
- @adrianhoelzl-sap made their first contribution in #2265
Full Changelog: v76.8.0...v76.9.0
Contributors
strehle, jaristiz, and 2 other contributors