76.10.0

What's Changed

Fixes

• Update Spring Boot from 2.7.10 to 2.7.11 in #2297, Fixes CVE-2023-20873, CVE-2023-20862, CVE-2023-20863
• Fix: Fixing performance while calling containsAll over list by @saurabh-rahate in #2272
• Fix indexOf Checks in KeystoneAuthenticationManager by @adrianhoelzl-sap in #2268
• fix for code smells by @strehle in #2285
• fix: incorrect elapsed time determination by @bruce-ricard in #2281

Features

• Feature: Add 2 new options to JWT token policy by @strehle in #2116, Solution for issues #2109 and #1816

Dependency Bumps

• Remove unused Variable in LoginInfoEndpoint.evaluateLoginHint by @adrianhoelzl-sap in #2270
• refactor UAA token store: use good time types by @bruce-ricard in #2271
• build(deps): bump org.apache.directory.api:api-ldap-model from 2.1.2 to 2.1.3 by @dependabot in #2274
• build(deps): bump k8s.io/client-go from 0.26.3 to 0.27.0 in /k8s by @dependabot in #2277
• build(deps): bump versions.bouncyCastleVersion from 1.72 to 1.73 by @dependabot in #2278
• build(deps): bump org.owasp.esapi:esapi from 2.5.1.0 to 2.5.2.0 by @dependabot in #2282
• Remove unnecessary References to "apache.directory" Library by @adrianhoelzl-sap in #2269
• build(deps): bump k8s.io/client-go from 0.27.0 to 0.27.1 in /k8s by @dependabot in #2286
• Upgrade Tomcat cargo version 9.0.74 by @strehle in #2290

New Contributors

• @saurabh-rahate made their first contribution in #2272

Full Changelog: v76.9.0...v76.10.0

76.9.0

What's Changed

Fixes

• Fix missing whitelist check for authority mapping by @strehle in #2263

Dependency Bumps

• build(deps): bump org.passay:passay from 1.6.2 to 1.6.3 by @dependabot in #2247
• build(deps): bump k8s.io/client-go from 0.26.2 to 0.26.3 in /k8s by @dependabot in #2249
• build(deps): bump org.postgresql:postgresql from 42.5.4 to 42.6.0 by @dependabot in #2246
• build(deps): bump jasmine from 4.5.0 to 4.6.0 in /uaa by @dependabot in #2242
• build(deps): bump jasmine-core from 4.5.0 to 4.6.0 in /uaa by @dependabot in #2241
• build(deps): bump versions.springBootVersion from 2.7.9 to 2.7.10 by @dependabot in #2254
• Bump mariadb from 2.7.7 to 2.7.8 by @strehle in #2255
• build(deps): bump github.com/onsi/gomega from 1.27.4 to 1.27.5 in /k8s by @dependabot in #2258
• Bump snakeyaml from 1.33 to 2.0 by @strehle in #2219
• build(deps): bump org.seleniumhq.selenium:selenium-java from 4.8.1 to 4.8.3 by @dependabot in #2259
• build(deps): bump org.seleniumhq.selenium:selenium-http-jdk-client from 4.8.1 to 4.8.3 by @dependabot in #2260
• build(deps): bump github.com/onsi/gomega from 1.27.5 to 1.27.6 in /k8s by @dependabot in #2266
• build(deps): bump org.apache.santuario:xmlsec from 3.0.1 to 3.0.2 by @dependabot in #2267

Misc

• Refactor snakeyaml usage: Use newer method signatures by @strehle in #2237
• fix: Use short-circuit or operator in UserIdConversionEndpoints.checkFilter by @adrianhoelzl-sap in #2265

New Contributors

• @jaristiz made their first contribution in #2252
• @adrianhoelzl-sap made their first contribution in #2265

Full Changelog: v76.8.0...v76.9.0

76.8.0

What's Changed

Features

• Increase the client redirect_uri length limit by @hsinn0 @jaristiz @peterhaochen47 in #2245

Dependency Bumps

• Upgrade Tomcat cargo version 9.0.73 by @strehle in #2222
• Update jQuery version to v3.6.3 by @strehle in #2226
• build(deps): bump org.eclipse.jgit:org.eclipse.jgit by @dependabot in #2232
• build(deps): bump com.icegreen:greenmail from 1.6.14 to 2.0.0 by @dependabot in #2227
• build(deps): bump rack from 2.0.9.2 to 2.1.4.3 in /uaa/slate by @dependabot in #2234
• build(deps): bump github.com/onsi/gomega from 1.27.2 to 1.27.3 by @dependabot in /k8s in #2238
• build(deps): bump github.com/onsi/gomega from 1.27.3 to 1.27.4 by @dependabot in /k8s in #2239

Fixes

• Fix selenium issue by @strehle in #2236

Full Changelog: v76.7.0...v76.8.0

76.7.0

What's Changed

Fixes

• Fix pemEncodePublicKey by @strehle in #2210

Dependency Bumps

• build(deps): bump org.json:json from 20220924 to 20230227 by @dependabot in #2212
• build(deps): bump com.icegreen:greenmail from 1.6.13 to 1.6.14 by @dependabot in #2207
• build(deps): bump github.com/onsi/gomega from 1.27.1 to 1.27.2 in /k8s by @dependabot in #2211
• Bump Gradle to 8.0.1 by @strehle in #2197
• build(deps): bump k8s.io/client-go from 0.26.1 to 0.26.2 in /k8s by @dependabot in #2218

Full Changelog: v76.6.0...v76.7.0

76.6.0

What's Changed

Features

• Configure Content Security Policy script-src by @jameshochadel in #2168

Fixes

• Documentation fix by @strehle in #2151
• Fix: add scope parameter if defined in password grant by @strehle in #2155
• Fix k8s start of SAML SP by @strehle in #2156
• wip: Updating usage of postgres SQL for v15 to avoid system tables in… by @Tallicia in #2166
• Fix SAML config: convert SamlConfig toLower by @strehle in #2158

Dependency bumps

• Bump Gradle to 7.6 by @strehle in #2139
• build(deps): bump github.com/onsi/gomega from 1.24.1 to 1.24.2 in /k8s by @dependabot in #2140
• build(deps): bump versions.springBootVersion from 2.7.6 to 2.7.7 by @dependabot in #2146
• build(deps): bump greenmail from 1.6.11 to 1.6.12 by @dependabot in #2148
• build(deps): bump nimbus-jose-jwt from 9.25.6 to 9.26 by @dependabot in #2149
• build(deps): bump nimbus-jose-jwt from 9.26 to 9.27 by @dependabot in #2152
• build(deps): bump nimbus-jose-jwt from 9.27 to 9.28 by @dependabot in #2154
• Upgrade Tomcat cargo version 9.0.71 by @strehle in #2164
• build(deps): bump github.com/onsi/gomega from 1.24.2 to 1.25.0 in /k8s by @dependabot in #2167
• build(deps): bump k8s.io/client-go from 0.26.0 to 0.26.1 in /k8s by @dependabot in #2171
• fix: bump rack from 2.1.4.2 to 2.0.9.2 in /uaa/slate by @strehle in #2177
• build(deps): bump versions.springBootVersion from 2.7.7 to 2.7.8 by @dependabot in #2176
• build(deps): bump nimbus-jose-jwt from 9.28 to 9.29 by @dependabot in #2182
• build(deps): bump github.com/onsi/gomega from 1.25.0 to 1.26.0 in /k8s by @dependabot in #2184
• build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.29 to 9.30.1 by @dependabot in #2187
• build(deps): bump com.icegreen:greenmail from 1.6.12 to 1.6.13 by @dependabot in #2191
• build(deps): bump org.postgresql:postgresql from 42.5.1 to 42.5.3 by @dependabot in #2192
• build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.30.1 to 9.30.2 by @dependabot in #2198
• build(deps): bump org.postgresql:postgresql from 42.5.3 to 42.5.4 by @dependabot in #2199
• build(deps): bump github.com/onsi/gomega from 1.26.0 to 1.27.0 in /k8s by @dependabot in #2200
• build(deps): bump golang.org/x/net from 0.6.0 to 0.7.0 in /k8s by @dependabot in #2201
• build(deps): bump versions.springBootVersion from 2.7.8 to 2.7.9 by @dependabot in #2204
• build(deps): bump github.com/onsi/gomega from 1.27.0 to 1.27.1 in /k8s by @dependabot in #2202
• build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.30.2 to 9.31 by @dependabot in #2203

New Contributors

• @jameshochadel made their first contribution in #2168

Full Changelog: v76.5.0...v76.6.0

76.5.0

What's Changed

• Docs for setting up ldap local (#2107) in #2108
• build(deps): bump postgresql from 42.5.0 to 42.5.1 in #2110
• build(deps): bump versions.springBootVersion from 2.7.5 to 2.7.6 #2111
• build(deps): bump esapi from 2.5.0.0 to 2.5.1.0 #2118
• RateLimit Change: Use nanoTime time instead of currentTimeMillis #2105
• Rate limit: protected status page #2112
• build(deps): bump org.eclipse.jgit from 6.3.0.202209071007-r to 6.4.0.202211300538-r #2123
• Upgrade Tomcat cargo version 9.0.70 #2127
• build(deps): bump nokogiri from 1.13.9 to 1.13.10 in /uaa/slate #2128
• No trace method dispatch #2129
• Feature: Add private_key_jwt for OIDC Identity Providers #2106
• delete: dead code #2133
• build(deps): bump k8s.io/client-go from 0.25.4 to 0.26.0 in /k8s #2131
• build(deps): bump nimbus-jose-jwt from 9.24.4 to 9.25.6 #2135

Full Changelog: v76.4.0...v76.5.0

76.4.0

Feature

• Support refresh token rotation (#1969)
• Add a section decsribing how to run local UAA server with PostgreSQL (#2091)

Fixes

• Fix error "rawPassword cannot be null" and prevent null in password encoder (#2101)
• Increase randomness of passcode (#2072)

Dependency bumps

• Bump nimbus-jose-jwt from 8.23 to 9.24.4 (#2075)
• Use jackson in jsonpath and exclude json-smart library (#2076)
• build(deps): bump passay from 1.6.1 to 1.6.2 (#2077)
• build(deps): bump github.com/onsi/gomega from 1.22.1 to 1.23.0 (#2080)
• build(deps): bump jasmine-core from 4.4.0 to 4.5.0 (#2082)
• build(deps): bump jasmine from 4.4.0 to 4.5.0 (#2083)
• build(deps): bump javase from 3.5.0 to 3.5.1 (#2088)
• build(deps): bump github.com/onsi/gomega from 1.23.0 to 1.24.0 (#2090)
• build(deps): bump github.com/onsi/gomega from 1.24.0 to 1.24.1 in /k8s (#2092)
• build(deps): bump k8s.io/client-go from 0.25.3 to 0.25.4 (#2096)
• Upgrade Tomcat cargo version 9.0.69 (#2099)
• Bump snakeyaml 1.33 (#2104)
• Bump mariadb version 2.7.7 (#2103)

Full Changelog

• v76.3.0...v76.4.0

76.3.0

Experimental Feature

• UAA Rate Limiting on API level, Howto

Full Changelog

• v76.2.0...v76.3.0

76.2.0

Feature

• Set LDAP connection timeout to 30 minutes (#2063)

Fixes

• Revert codestore random generator (#2070)
• Jackson Update 2.13.4.2 because of CVE-2022-42003

Dependency bumps

• Fix sonar smells (#2049)
• Bump greenmail from 1.6.10 to 1.6.11 (#2050)
• Add test for copy-to-clipboard functionality in passcode page 0 (#2051)
• Bump github.com/onsi/gomega from 1.20.2 to 1.21.1 in /k8s (#2052)
• Update UAA server debug mode run options 0 (#2054)
• Bump k8s.io/client-go from 0.25.2 to 0.25.3 in /k8s (#2061)
• Bump commons-rng-core from 1.4 to 1.5 (#2057)
• Bump commons-rng-simple from 1.4 to 1.5 (#2056)
• Bump github.com/onsi/gomega from 1.21.1 to 1.22.1 in /k8s (#2058)
• Upgrade Tomcat cargo version 9.0.68 (#2064)
• Bump versions.springBootVersion from 2.7.4 to 2.7.5 (#2065)
• Bump nokogiri from 1.13.6 to 1.13.9 in /uaa/slate (#2066)
• Refactor refreshAccessToken() (#2069)

Full Changelog

• v76.1.0...v76.2.0

76.1.0

Regression fixes

• Regression with broken copy button (#2034)
• Regression with legacy redirect patterns (#2035)

Security fixes

• Bump snakeyaml version from 1.30 to 1.32 (#2023), solves CVE-2022-38751 and CVE-2022-38752

Dependency bumps

• Bumps api-ldap-model from 1.0.3 to 2.1.2
• Bump xmlsec from 3.0.0 to 3.0.1 (#2026)
• Bump k8s.io/client-go from 0.25.0 to 0.25.1 (#2028)
• Bump jQuery version to v3.6.1 (#2033)
• Bump versions.springBootVersion from 2.7.3 to 2.7.4 (#2040)
• Bump k8s.io/client-go from 0.25.1 to 0.25.2 in /k8s (#2037)
• Bump json from 20220320 to 20220924 (#2042)
• Bump Tomcat cargo version 9.0.67 (#2045)
• Bump commons-text from 1.9 to 1.10.0 (#2047)
• Bump versions.bouncyCastleVersion from 1.71.1 to 1.72 (#2048)

Full Changelog

• v76.0.0...v76.1.0