-
Notifications
You must be signed in to change notification settings - Fork 843
Releases: cloudfoundry/uaa
Releases · cloudfoundry/uaa
79.1.0
@cf-identity
cf-identity
3910b05
This commit was created on GitHub.com and signed with GitHub’s verified signature.
What's Changed
⚠️ Known Issues
- A change to Spring Security 7's BCryptPasswordEncoder causes empty client secrets to fail.
🛠️ Stability & Fixes
- Prevent issue with SPRING_JDBC in Flyway by @strehle in #3949
- Pr/issue 3701 by @fhanik in #3951
- fix: handle race condition on addUser by @mikeroda in #3952
- Potential fix for code scanning alert no. 106: Disabled Spring CSRF protection by @strehle in #3946
⬆️ Dependency Bumps
- build(deps): bump the selenium group with 3 updates by @dependabot[bot] in #3948
- build(deps): bump org.opensaml:opensaml-saml-api from 5.2.2 to 5.2.3 by @dependabot[bot] in #3956
- build(deps): bump gradle-wrapper from 9.5.1 to 9.6.0 by @dependabot[bot] in #3955
- build(deps): bump actions/checkout from 6 to 7 by @dependabot[bot] in #3957
- build(deps): bump tomcat from 11.0.22 to 11.0.23 by @dependabot[bot] in #3959
Full Changelog: v79.0.0...v79.1.0
Assets 2
1 person reacted
79.0.0
@cf-identity
cf-identity
a5d62d2
This commit was created on GitHub.com and signed with GitHub’s verified signature.
What's Changed
🚨 New Feature - Spring Boot 4.1
- Migrate to spring boot 4 by @gdgenchev in #3805
- Migrate to Java 25 by @duanemay in #3705
- Bump minimum Java to 25 (LTS) by @duanemay in #3932
- build(deps): bump tomcat from 10.1.55 to 11.0.22 by @dependabot[bot] in #3920
- refactor: allow multiple UaaTokenEnhancers by @peterhaochen47 in #3904
- expand refresh token validity resolver by @fhanik in #3942
🛠️ Stability & Fixes
- Update redirect matching for oidc10 site by @duanemay in #3925
- Fix CodeQL finding - regex by @strehle in #3926
- Review on spring boot 4 migration - leftover by @strehle in #3924
- Call helper function for
killUaatask by @duanemay in #3934 - Migrate Gradle to Kotlin by @duanemay in #3684
- fix: resolve SAML entity ID from metadata when external_key is null by @fhanik in #3933
- Remove unused dependency: aspectjrt by @duanemay in #3935
- Potential fix for code scanning alert no. 27: Query built from user-controlled sources by @strehle in #3930
- Migrate to scim2-sdk-common by @duanemay in #3939
- Migrate from TimGroup's java-statsd-client to Datadog's java-dogstatsd-client by @duanemay in #3940
- Unsigned SAML logout message validation by @duanemay in #3945
⬆️ Dependency Bumps
- build(deps): bump org.jacoco:org.jacoco.agent from 0.8.14 to 0.8.15 by @dependabot[bot] in #3938
- build(deps): bump jasmine from 6.2.0 to 6.3.0 in /uaa by @dependabot[bot] in #3937
- build(deps): bump jasmine-core from 6.2.0 to 6.3.0 in /uaa by @dependabot[bot] in #3936
- build(deps): bump org.apache.directory.api:api-ldap-model from 2.1.7 to 2.1.8 by @dependabot[bot] in #3928
- build(deps): bump com.nimbusds:nimbus-jose-jwt from 10.9 to 10.9.1 by @dependabot[bot] in #3927
- Update openapi version to 3.0.3 by @strehle in #3931
- build(deps): bump org.sonarsource.scanner.gradle:sonarqube-gradle-plugin from 7.3.0.8198 to 7.3.1.8318 by @dependabot[bot] in #3929
- build(deps): bump org.eclipse.jgit:org.eclipse.jgit from 7.6.0.202603022253-r to 7.7.0.202606012155-r by @dependabot[bot] in #3941
- build(deps): bump springBoot from 4.0.6 to 4.1.0 by @dependabot[bot] in #3943
- build(deps): bump com.icegreen:greenmail from 2.1.8 to 2.1.9 by @dependabot[bot] in #3947
Known Issue - #3950
Full Changelog: v78.16.0...v79.0.0
Contributors
fhanik, duanemay, and 4 other contributors
Assets 2
78.16.0
@cf-identity
cf-identity
b0d6299
This commit was created on GitHub.com and signed with GitHub’s verified signature.
What's Changed
🛠️ Stability & Fixes
- fix: restore X-Frame-Options: none on /session and /session_management by @fhanik in #3922
- Fix DuplicateKeyException on concurrent JDBC session writes by @fhanik in #3921
⬆️ Dependency Bumps
- build(deps): bump org.json:json from 20251224 to 20260522 by @dependabot[bot] in #3923
Full Changelog: v78.15.0...v78.16.0
Assets 2
78.15.0
@cf-identity
cf-identity
c5dda86
This commit was created on GitHub.com and signed with GitHub’s verified signature.
What's Changed
Fixes
- Fix SAML encrypted assertion handling by @duanemay in #3908
- Fix duplicate group membership preventing user deletion (#3479) by @strehle in #3896
- review subdomain zone selection by @fhanik in #3918
- Fix: SAML metadata ACS URL ignores zone subdomain when entityBaseURL is set by @fhanik in #3915
- Enhance flaky job rerun summary with detailed logs for failed tests by @duanemay in #3885
- Update default redirect url matching to be more secure by @duanemay in #3913
Misc
- Migrate DaoAuthenticationProvider from deprecated no-arg constructor by @gdgenchev in #3867
- Replace Spring Security Base64 with java.util equivalent by @gdgenchev in #3857
- Remove unneeded Maven repository declarations by @duanemay in #3902
- Remove deprecated setIgnoreDefaultModelOnRedirect by @gdgenchev in #3868
- Migrate MediaType.sortByQualityValue() to local implementation by @gdgenchev in #3856
- Migrate to Gradle Version Catalog by @duanemay in #3910
- Rename integration_test_properties to mockmvc_unittest_properties by @duanemay in #3914
- Configure HttpClient connection timeout via ConnectionConfig by @strehle in #3892
Dependency Bumps
- build(deps): bump nokogiri from 1.19.2 to 1.19.3 in /uaa/slate by @dependabot[bot] in #3906
- build(deps): bump actions/dependency-review-action from 4 to 5 by @dependabot[bot] in #3907
- build(deps): bump gradle-wrapper from 9.5.0 to 9.5.1 by @dependabot[bot] in #3909
- build(deps): bump versions.seleniumVersion from 4.43.0 to 4.44.0 by @dependabot[bot] in #3911
- build(deps): bump brace-expansion from 5.0.5 to 5.0.6 in /uaa by @dependabot[bot] in #3916
- Align and lock library versions by @duanemay in #3917 and update with this to Upgrade Tomcat to version 10.1.55
- Pin cryptacular dependency to version 1.2.6 to consume Opensaml5 updates by @strehle in #3903
- dependency: OpenSAML 5.1.6 upgrade by @strehle in #3840
- build(deps): bump org.opensaml:opensaml-saml-api from 5.2.1 to 5.2.2 by @dependabot[bot] in #3912
Full Changelog: v78.14.0...v78.15.0
Contributors
fhanik, duanemay, and 3 other contributors
Assets 2
78.14.0
@cf-identity
cf-identity
1de2ffe
This commit was created on GitHub.com and signed with GitHub’s verified signature.
What's Changed
New Feature
- Initial AI agent rules by @duanemay in #3884
- Replace Dumbster with GreenMail for SMTP testing by @duanemay in #3888
Fixes
- Fix missing leading slash in requestMatcher pattern by @gdgenchev in #3880
- Fix: improve invitations flow by @fhanik in #3891
- Fix potential ClassCastException during shadow user create by @strehle in #3893
- Fix for Issue #3650 by @strehle in #3894
- Fix bean field naming conflict in SpringServletXmlBeansConfiguration by @mortenrie in #3836
- Fix: Update saml-legacy-uaa.yml by @fhanik in #3898
Misc
- Refactor JavaScript bundling in API docs by @duanemay in #3879
- Remove joda-time dependency and replace with java.time API by @duanemay in #3886
- Remove deprecated PortResolver by @gdgenchev in #3869
- Remove deprecated setters in SpringServletXmlBeansConfiguration by @gdgenchev in #3870
- Add explicit bcutil-fips dependency declaration by @duanemay in #3897
- Replace deprecated APPLICATION_JSON_UTF8 import with local constant by @gdgenchev in #3876
- Remove deprecated XSS protection setter from HttpHeaderSecurityFilter by @gdgenchev in #3871
- Consolidate JWT keys usage stored in Clients for client authentication by @fhanik in #3878
- Improve JWT keys validation furthermore - based on AI review by @strehle in #3895
- Migrate deprecated RestTemplate.doExecute by @gdgenchev in #3873
- Migrate ResponseErrorHandler.handleError by @gdgenchev in #3872
- Migrate deprecated getStatusCodeValue/getRawStatusCode by @gdgenchev in #3875
- Remove Unused dependencies by @duanemay in #3887
- Remove ApacheDS dependencies by @duanemay in #3889
Dependency Bumps
- build(deps): bump commons-codec:commons-codec from 1.21.0 to 1.22.0 by @dependabot[bot] in #3877
- build(deps): bump joda-time:joda-time from 2.14.1 to 2.14.2 by @dependabot[bot] in #3881
- build(deps): bump org.sonarsource.scanner.gradle:sonarqube-gradle-plugin from 7.2.3.7755 to 7.3.0.8198 by @dependabot[bot] in #3890
- build(deps): bump gradle-wrapper from 9.4.1 to 9.5.0 by @dependabot[bot] in #3882
New Contributors
- @mortenrie made their first contribution in #3836
Full Changelog: v78.13.0...v78.14.0
Contributors
fhanik, duanemay, and 4 other contributors
Assets 2
78.13.0
@cf-identity
cf-identity
f394798
This commit was created on GitHub.com and signed with GitHub’s verified signature.
What's Changed
🚨 Breaking Change
- SAML authentication now requires signed responses or assertions; unsigned responses with only encrypted assertions will be rejected.
New Feature
- Add an optional consent modal before login by @duanemay in #3792
- feat: token exchange for UAA-issued opaque access tokens by @mikeroda in #3845
Fixes
- Fix YAML validator by preventing Spring expression evaluation by @gdgenchev in #3843
- Respect skipSslVerification flag in TLS hostname verification logic by @duanemay in #3850
- fix: allow removing group names with quotes by @duanemay in #3851
- feat: omit explicit DB Statement for health check by @tack-sap in #3731
- Add full /oauth/token support for SAML2 bearer grant by @strehle in #3846
- saml improvements by @fhanik in #3859
- Ensure EC keys work as expected by @duanemay in #3861
- Remove the decline button when there is no declineLink by @duanemay in #3862
Misc
- Use WebDriverWait on some flaky tests by @duanemay in #3798
- docs(oauth): refresh token API docs, Slate, and client-auth notes by @fhanik in #3842
- Add documentation for SAML Bearer Grant (two endpoints) by @fhanik in #3844
- Backfill tests for #3845 by @fhanik in #3853
- Integration test for the yaml validation fix by @strehle in #3847
- Migrate from AntPathRequestMatcher to PathPatternRequestMatcher by @gdgenchev in #3854
- Migrate from NestedServletException to ServletException by @gdgenchev in #3855
- Replace UriComponentsBuilder.fromHttpUrl with fromUriString by @gdgenchev in #3858
- Explicitly require safe ActiveSupport version by @duanemay in #3863
Dependency Bumps
- build(deps): bump versions.guavaVersion from 33.5.0-jre to 33.6.0-jre by @dependabot[bot] in #3841
- build(deps): bump org.bouncycastle:bcpkix-fips from 2.1.10 to 2.1.11 by @dependabot[bot] in #3848
- build(deps): bump org.bouncycastle:bctls-fips from 2.1.22 to 2.1.23 by @dependabot[bot] in #3849
- build(deps): bump commons-io:commons-io from 2.21.0 to 2.22.0 by @dependabot[bot] in #3865
- build(deps): bump versions.springBootVersion from 3.5.13 to 3.5.14 by @dependabot[bot] in #3866
Full Changelog: v78.12.0...v78.13.0
Contributors
mikeroda, fhanik, and 5 other contributors
Assets 2
78.12.0
@cf-identity
cf-identity
06303ee
This commit was created on GitHub.com and signed with GitHub’s verified signature.
What's Changed
Fixes
- Fix UAA start with legacy key setup by @strehle in #3837
- Move signingKey back to legacy structure by @strehle in #3839
Dependency Bumps
- build(deps): bump jasmine-core from 6.1.0 to 6.2.0 in /uaa by @dependabot[bot] in #3832
- build(deps): bump jasmine from 6.1.0 to 6.2.0 in /uaa by @dependabot[bot] in #3831
Full Changelog: v78.11.0...v78.12.0
Assets 2
78.11.0
@cf-identity
cf-identity
1232f7f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
What's Changed
Known Issue
- UAA may fail to start with some legacy key setups
New Feature
- OpenAPI document endpoints by @joemahady-comm in #3689
Fixes
- Fallback to client_id when cid is missing by @duanemay in #3790
- Restrict HTTP Methods returned by OPTIONS Call to Login Endpoint by @adrianhoelzl-sap in #3804
- Handle custom issuer configuration in
getTokenEndpointUrlmethod by @duanemay in #3815 - Resolve session concurrency issues with static resources by @duanemay in #3817
- Add OpenSaml work around for FIPS initialization by @strehle in #3809
- Fix Issuer URI Configuration for Default Identity Zone by @duanemay in #3823
- Allow configuration of logged_out page content by @duanemay in #3824
- Revert "Add OpenSaml work around for FIPS initialization" by @strehle in #3826
- OAuth Group Mapping Behavior - Combine #3814 and #3820 by @fhanik in #3821
- Run boot war on standalone Apache Tomcat by @fhanik in #3825
- Fix Apache Http Client dependency by @strehle in #3830
- Add OpenSaml work around for FIPS initialization by @strehle in #3829
Misc
Dependency Bumps
- build(deps): bump versions.braveVersion from 6.3.0 to 6.3.1 by @dependabot[bot] in #3799
- build(deps): bump versions.springBootVersion from 3.5.12 to 3.5.13 by @dependabot[bot] in #3801
- build(deps): bump org.springdoc:springdoc-openapi-starter-webmvc-ui from 2.7.0 to 2.8.16 by @dependabot[bot] in #3802
- build(deps): bump brace-expansion from 5.0.2 to 5.0.5 in /uaa by @dependabot[bot] in #3803
- build(deps): bump rack from 2.2.22 to 2.2.23 in /uaa/slate by @dependabot[bot] in #3806
- build(deps): bump com.nimbusds:nimbus-jose-jwt from 10.8 to 10.9 by @dependabot[bot] in #3807
- build(deps): bump org.passay:passay from 1.6.6 to 2.0.0 by @dependabot[bot] in #3808
- build(deps): bump addressable from 2.8.7 to 2.9.0 in /uaa/slate by @dependabot[bot] in #3816
- build(deps): bump versions.seleniumVersion from 4.41.0 to 4.42.0 by @dependabot[bot] in #3818
- build(deps): bump versions.seleniumVersion from 4.42.0 to 4.43.0 by @dependabot[bot] in #3828
- build(deps): bump org.barfuin.gradle.jacocolog:gradle-jacoco-log from 4.0.1 to 4.0.2 by @dependabot[bot] in #3834
- build(deps): bump org.springdoc:springdoc-openapi-starter-webmvc-ui from 2.8.16 to 2.8.17 by @dependabot[bot] in #3833
Full Changelog: v78.10.0...v78.11.0
Contributors
fhanik, duanemay, and 4 other contributors
Assets 2
78.10.0
@cf-identity
cf-identity
0abf21e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
What's Changed
New Feature
- Path based Identity Zone by @fhanik in #3730
- AI generated configuration reference by @fhanik in #3768
Fixes
- Cleanup dependabot configuration by removing redundant Gradle entries... by @duanemay in #3770
- Fix unbound variable issues by @duanemay in #3786
- Use single boot start check logic by @duanemay in #3787
Misc
- Update password change audit events to include principal name by @joemahady-comm in #3760
- Change userDatabase autowired type to UaaUserDatabase by @gdgenchev in #3789
- Remove scripts by @duanemay in #3783
- Remove unused
tail_uaa_logscript by @duanemay in #3785 - Improve rerun flaky tests by @duanemay in #3788
Dependency Bumps
- Update Bouncy Castle FIPS dependency versions by @strehle in #3763
- Update Gradle wrapper to version 9.4.0 by @strehle in #3765
- Update nimbus-jose-jwt library version to 10.8 by @strehle in #3766
- Update joda-time dependency to version 2.14.1 by @strehle in #3764
- Update commons-io version to 2.21.0 by @strehle in #3769
- build(deps): bump org.json:json from 20250517 to 20251224 by @dependabot[bot] in #3772
- build(deps): bump com.unboundid.product.scim:scim-sdk from 1.8.26 to 2.0.0 by @dependabot[bot] in #3777
- build(deps): bump org.jacoco:org.jacoco.agent from 0.8.13 to 0.8.14 by @dependabot[bot] in #3780
- build(deps): bump versions.guavaVersion from 33.4.8-jre to 33.5.0-jre by @dependabot[bot] in #3775
- build(deps): bump com.icegreen:greenmail from 2.1.5 to 2.1.8 by @dependabot[bot] in #3776
- build(deps): bump versions.seleniumVersion from 4.40.0 to 4.41.0 by @dependabot[bot] in #3778
- build(deps): bump org.eclipse.jgit:org.eclipse.jgit from 7.3.0.202506031305-r to 7.6.0.202603022253-r by @dependabot[bot] in #3771
- build(deps): bump org.barfuin.gradle.jacocolog:gradle-jacoco-log from 3.1.0 to 4.0.1 by @dependabot[bot] in #3774
- build(deps): bump org.sonarsource.scanner.gradle:sonarqube-gradle-plugin from 7.0.1.6134 to 7.2.3.7755 by @dependabot[bot] in #3773
- build(deps): bump commons-codec:commons-codec from 1.19.0 to 1.21.0 by @dependabot[bot] in #3781
- chore(deps): update ubuntu docker tag to v24 by @strehle in #3782
- Bump Gradle to 9.4.0 by @duanemay in #3791
- build(deps): bump k8s.io/client-go from 0.35.2 to 0.35.3 in /k8s by @dependabot[bot] in #3793
- build(deps): bump gradle-wrapper from 9.4.0 to 9.4.1 by @dependabot[bot] in #3796
- build(deps): bump versions.springBootVersion from 3.5.11 to 3.5.12 by @dependabot[bot] in #3797
Full Changelog: v78.9.0...v78.10.0
Contributors
fhanik, duanemay, and 4 other contributors
Assets 2
78.9.0
@cf-identity
cf-identity
2638973
This commit was created on GitHub.com and signed with GitHub’s verified signature.
What's Changed
Security
- Addresses CVE-2026-22724
Fixes
- Add ProxyRestriction Validator by @mikeroda in #3758
- fix saml and invitations beans by @fhanik in #3762
Misc
Dependency Bumps
- build(deps): bump k8s.io/client-go from 0.35.1 to 0.35.2 in /k8s by @dependabot[bot] in #3754
- build(deps): bump actions/upload-artifact from 6 to 7 by @dependabot[bot] in #3756
- build(deps): bump minimatch from 10.2.2 to 10.2.4 in /uaa by @dependabot[bot] in #3757
- build(deps): bump docker/login-action from 3 to 4 by @dependabot[bot] in #3759
Full Changelog: v78.8.0...v78.9.0