Bot releases are hidden (Show)
What's Changed
Security Fix
- Spring Framework update from 5.3.33 to 5.3.34 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2822, solves https://spring.io/security/cve-2024-22262
Misc
- Fix flaky test in ScimUserEndpointsMockMvcTests by @adrianhoelzl-sap in https://github.com/cloudfoundry/uaa/pull/2804
- Further Integration Tests for Alias Identity Providers Feature by @adrianhoelzl-sap in https://github.com/cloudfoundry/uaa/pull/2722
- Set default SAML signatureAlgorithm value to SHA256 by @hsinn0 in https://github.com/cloudfoundry/uaa/pull/2807
- Misc API docs improvements by @peterhaochen47 in https://github.com/cloudfoundry/uaa/pull/2795
- fix: gradle test might give false green by @peterhaochen47 in https://github.com/cloudfoundry/uaa/pull/2801
- backfill tests: SAML SP metadata by @peterhaochen47 in https://github.com/cloudfoundry/uaa/pull/2794
- Prevent Update and Delete of Entities with Alias if Alias Feature is disabled by @adrianhoelzl-sap in https://github.com/cloudfoundry/uaa/pull/2803
- Sonar fix by @strehle in https://github.com/cloudfoundry/uaa/pull/2816
- Move OAuth2 classes BaseClientDetails to UaaClientDetails by @strehle in https://github.com/cloudfoundry/uaa/pull/2806
Dependency Bumps
- build(deps): bump commons-io:commons-io from 2.15.1 to 2.16.0 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2811
- build(deps): bump commons-io:commons-io from 2.16.0 to 2.16.1 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2819
- build(deps): bump versions.braveVersion from 6.0.2 to 6.0.3 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2823
- update dependency nokogiri to v1.16.4 by @strehle in https://github.com/cloudfoundry/uaa/pull/2827
Full Changelog: https://github.com/cloudfoundry/uaa/compare/v77.4.0...v77.5.0
uaa
- 77.4.0
Published by cf-identity 7 months ago
What's Changed
- Add 'aliasId' and 'aliasZid' Fields to ScimUser by @adrianhoelzl-sap in https://github.com/cloudfoundry/uaa/pull/2765
- Cleanup from PR 2765 by @strehle in https://github.com/cloudfoundry/uaa/pull/2797
- Bump Gradle to 8.7 by @strehle in https://github.com/cloudfoundry/uaa/pull/2798
- Support own key and cert for jwtClientAuthentication by @strehle in https://github.com/cloudfoundry/uaa/pull/2771
- build(deps): bump org.sonarsource.scanner.gradle:sonarqube-gradle-plugin from 4.4.1.3373 to 5.0.0.4638 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2800
Full Changelog: https://github.com/cloudfoundry/uaa/compare/v77.3.0...v77.4.0
uaa
- 77.3.0
Published by cf-identity 7 months ago
What's Changed
- Load jwtClientAuthentication in uaa.yml by @strehle in https://github.com/cloudfoundry/uaa/pull/2758
- build(deps): bump org.eclipse.jgit:org.eclipse.jgit from 6.8.0.202311291450-r to 6.9.0.202403050737-r by @dependabot in https://github.com/cloudfoundry/uaa/pull/2772
- Update rack in Gemfile.lock by @strehle in https://github.com/cloudfoundry/uaa/pull/2773
- Optimize "/ids/Users" endpoint by @adrianhoelzl-sap in https://github.com/cloudfoundry/uaa/pull/2704
- feat: Use Database availability as indicator for /healthz response by @tack-sap in https://github.com/cloudfoundry/uaa/pull/2763
- build(deps): bump versions.jacksonVersion from 2.16.1 to 2.16.2 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2774
- Fix sonar by @strehle in https://github.com/cloudfoundry/uaa/pull/2770
- build(deps): bump versions.springFrameworkVersion from 5.3.32 to 5.3.33 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2777
- build(deps): bump versions.guavaVersion from 33.0.0-jre to 33.1.0-jre by @dependabot in https://github.com/cloudfoundry/uaa/pull/2778
- build(deps): bump org.postgresql:postgresql from 42.7.2 to 42.7.3 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2781
- build(deps): bump versions.tomcatCargoVersion from 9.0.86 to 9.0.87 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2780
- build(deps): bump versions.jacksonVersion from 2.16.2 to 2.17.0 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2776
- build(deps): bump k8s.io/client-go from 0.29.2 to 0.29.3 in /k8s by @dependabot in https://github.com/cloudfoundry/uaa/pull/2786
- update dependency nokogiri to v1.16.3 by @strehle in https://github.com/cloudfoundry/uaa/pull/2787
- build(deps): bump versions.springSecurityVersion from 5.8.10 to 5.8.11 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2788
- Fix uaa start. Prevent exception if encryption section missing by @strehle in https://github.com/cloudfoundry/uaa/pull/2767
- build(deps): bump github.com/onsi/gomega from 1.31.1 to 1.32.0 in /k8s by @dependabot in https://github.com/cloudfoundry/uaa/pull/2791
- fix: saml signatureAlgorithm in AuthnRequest by @swalchemist in https://github.com/cloudfoundry/uaa/pull/2792
Full Changelog: https://github.com/cloudfoundry/uaa/compare/v77.2.0...v77.3.0
uaa
- 77.2.0
Published by cf-identity 7 months ago
What's Changed
Fixes
- Fix audience type by @strehle in https://github.com/cloudfoundry/uaa/pull/2757
- avoid NPE by @klaus-sap in https://github.com/cloudfoundry/uaa/pull/2747
- Sonar fixes by @strehle in https://github.com/cloudfoundry/uaa/pull/2760
- Solve sonar bug by @strehle in https://github.com/cloudfoundry/uaa/pull/2768
- more methods for sanitized logging by @klaus-sap in https://github.com/cloudfoundry/uaa/pull/2764
Misc
- refactor: Remove a use of a constant from opensaml library by @hsinn0 in https://github.com/cloudfoundry/uaa/pull/2743
- Move IdP Alias Handling to separate Class by @adrianhoelzl-sap in https://github.com/cloudfoundry/uaa/pull/2737
- remove more IdP tests by @swalchemist in https://github.com/cloudfoundry/uaa/pull/2742
- doc: clarify token revocation by @peterhaochen47 in https://github.com/cloudfoundry/uaa/pull/2749
Dependency Bumps
- build(deps): bump org.apache.santuario:xmlsec from 4.0.1 to 4.0.2 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2746
- build(deps): bump versions.braveVersion from 6.0.1 to 6.0.2 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2748
- update dependency org.seleniumhq.selenium:selenium-java to v4.18.1 by @strehle in https://github.com/cloudfoundry/uaa/pull/2744
- build(deps): bump org.json:json from 20240205 to 20240303 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2761
Full Changelog: https://github.com/cloudfoundry/uaa/compare/v77.1.0...v77.2.0
uaa
- 77.1.0
Published by cf-identity 8 months ago
What's Changed
Fixes
- Fix invalid identity zone by @klaus-sap in https://github.com/cloudfoundry/uaa/pull/2711
- Fix filter check in ids/Users endpoint by @adrianhoelzl-sap in https://github.com/cloudfoundry/uaa/pull/2702
- Revert "Ignore failing integration test" by @peterhaochen47 in https://github.com/cloudfoundry/uaa/pull/2731
Misc
- refactor: split test by @swalchemist in https://github.com/cloudfoundry/uaa/pull/2725
- Misc SAML tests refactors by @peterhaochen47 in https://github.com/cloudfoundry/uaa/pull/2727
- Maintain tomcat version by @strehle in https://github.com/cloudfoundry/uaa/pull/2721
- refactor: use non-deprecated saml configs in uaa.yml by @peterhaochen47 in https://github.com/cloudfoundry/uaa/pull/2732
Dependency Bumps
- build(deps): bump versions.springFrameworkVersion from 5.3.31 to 5.3.32 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2733
- build(deps): bump versions.springSecurityVersion from 5.8.9 to 5.8.10 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2734
- build(deps): bump versions.tomcatCargoVersion from 9.0.85 to 9.0.86 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2736
- renovate: update dependency org.mariadb.jdbc:mariadb-java-client to v2.7.12 by @strehle in https://github.com/cloudfoundry/uaa/pull/2740
- build(deps): bump org.postgresql:postgresql from 42.7.1 to 42.7.2 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2739
- build(deps): bump jasmine-core from 5.1.1 to 5.1.2 in /uaa by @dependabot in https://github.com/cloudfoundry/uaa/pull/2720
- build(deps): bump versions.braveVersion from 6.0.0 to 6.0.1 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2726
- build(deps): bump k8s.io/api from 0.29.1 to 0.29.2 in /k8s by @dependabot in https://github.com/cloudfoundry/uaa/pull/2728
- build(deps): bump k8s.io/client-go from 0.29.1 to 0.29.2 in /k8s by @dependabot in https://github.com/cloudfoundry/uaa/pull/2730
Full Changelog: https://github.com/cloudfoundry/uaa/compare/v77.0.0...v77.1.0
uaa
- 77.0.0
Published by cf-identity 8 months ago
What's Changed
⚠️ Breaking Changes
- Remove UAA's ability to act as a SAML identity provider by @hsinn0 in https://github.com/cloudfoundry/uaa/pull/2638
- feat: clean up unused DB table service_provider used by UAA-as-SAML-IDP feature by @peterhaochen47 in https://github.com/cloudfoundry/uaa/pull/2701
- Remove: deprecated native MFA feature by @peterhaochen47 in https://github.com/cloudfoundry/uaa/pull/2717
- Please note that upgrading to this release will clean up all persisted data related to the removed features mentioned above, so please proceed with caution.
Misc
- Import refactor for SAML by @swalchemist in https://github.com/cloudfoundry/uaa/pull/2689
- Refactor BouncyCastleProvider to BouncyCastleFipsProvider by @strehle in https://github.com/cloudfoundry/uaa/pull/2693
- Refactor saml dependencies 186822654 by @bruce-ricard in https://github.com/cloudfoundry/uaa/pull/2700
- fix: check origin of user by @klaus-sap in https://github.com/cloudfoundry/uaa/pull/2688
- Sonar recommendation by @strehle in https://github.com/cloudfoundry/uaa/pull/2708
- refactor: remove a SAML dependency by @bruce-ricard in https://github.com/cloudfoundry/uaa/pull/2699
- Inconsistent Update Behavior for SCIM "/Users/{userId}" by @adrianhoelzl-sap in https://github.com/cloudfoundry/uaa/pull/2712
- Alias ID and Alias ZID for Identity Providers by @adrianhoelzl-sap in https://github.com/cloudfoundry/uaa/pull/2637
- fix: Duplicate Version Numbers in Flyway Migrations for IdP Alias Columns by @adrianhoelzl-sap in https://github.com/cloudfoundry/uaa/pull/2723
- refactor: reduce test dependency on EOL lib by @peterhaochen47 in https://github.com/cloudfoundry/uaa/pull/2719
Dependency Bumps
- Bump Gradle to 8.6 by @strehle in https://github.com/cloudfoundry/uaa/pull/2707
- renovate: update dependency nokogiri to v1.16.2 by @strehle in https://github.com/cloudfoundry/uaa/pull/2713
- build(deps): bump org.json:json from 20231013 to 20240205 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2714
- build(deps): bump org.apache.directory.api:api-ldap-model from 2.1.5 to 2.1.6 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2715
- build(deps): bump com.google.zxing:javase from 3.5.2 to 3.5.3 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2698
- renovate: update dependency middleman-syntax to v3.4.0 by @strehle in https://github.com/cloudfoundry/uaa/pull/2706
- renovate: update dependency nokogiri to v1.16.1 by @strehle in https://github.com/cloudfoundry/uaa/pull/2709
- build(deps): bump joda-time:joda-time from 2.12.6 to 2.12.7 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2710
- Bump json path from version 2.7.0 to 2.9.0 by @strehle in https://github.com/cloudfoundry/uaa/pull/2686
- build(deps): bump actions/dependency-review-action from 3 to 4 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2685
- build(deps): bump github.com/onsi/gomega from 1.31.0 to 1.31.1 in /k8s by @dependabot in https://github.com/cloudfoundry/uaa/pull/2687
Full Changelog: https://github.com/cloudfoundry/uaa/compare/v76.31.0...v77.0.0
uaa
- 76.31.0
Published by cf-identity 9 months ago
What's Changed
- Dependabot cleanup by @swalchemist in https://github.com/cloudfoundry/uaa/pull/2669
- Refactor: remove spring security jwt and use nimbus jose by @strehle in https://github.com/cloudfoundry/uaa/pull/2624
- Post jwt token library refactoring by @strehle in https://github.com/cloudfoundry/uaa/pull/2679
- remove spring-security-jwt license statement by @strehle in https://github.com/cloudfoundry/uaa/pull/2678
- minor: add maxUsers to sample configuration by @klaus-sap in https://github.com/cloudfoundry/uaa/pull/2680
Dependency Bumps
- build(deps): bump k8s.io/client-go from 0.29.0 to 0.29.1 in /k8s by @dependabot in https://github.com/cloudfoundry/uaa/pull/2684
- build(deps): bump github.com/onsi/gomega from 1.30.0 to 1.31.0 in /k8s by @dependabot in https://github.com/cloudfoundry/uaa/pull/2682
Full Changelog: https://github.com/cloudfoundry/uaa/compare/v76.30.0...v76.31.0
uaa
- 76.30.0
Published by cf-identity 9 months ago
What's Changed
- refactor jackson dependency setting by @strehle in https://github.com/cloudfoundry/uaa/pull/2656
- build(deps): bump versions.jacksonVersion from 2.16.0 to 2.16.1 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2657
- Limit user creation in zone by @strehle in https://github.com/cloudfoundry/uaa/pull/2618
- refactor spring version dependency by @strehle in https://github.com/cloudfoundry/uaa/pull/2659
- upgrade spring security version 5.8.9 by @strehle in https://github.com/cloudfoundry/uaa/pull/2660
- More page objects - @Before and testSimpleSamlLoginWithAddShadowUserOnLoginFalse() by @swalchemist in https://github.com/cloudfoundry/uaa/pull/2655
- fix: Running a command that does not exist in the docker container by @hsinn0 in https://github.com/cloudfoundry/uaa/pull/2672
Dependency Bumps
- renovate: update dependency nokogiri to '~> 1.16.0' by @strehle in https://github.com/cloudfoundry/uaa/pull/2666
- build(deps): bump versions.braveVersion from 5.17.0 to 5.17.1 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2665
- build(deps): bump versions.braveVersion from 5.17.1 to 5.18.1 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2668
- build(deps): bump versions.braveVersion from 5.18.1 to 6.0.0 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2670
- build(deps): bump versions.tomcatCargoVersion from 9.0.84 to 9.0.85 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2674
- update ruby version by @strehle in https://github.com/cloudfoundry/uaa/pull/2667
- Setup latest stable go runtime for codeql and bump go to 1.21.6 by @strehle in https://github.com/cloudfoundry/uaa/pull/2677
Full Changelog: https://github.com/cloudfoundry/uaa/compare/v76.29.0...v76.30.0
uaa
- 76.29.0
Published by cf-identity 10 months ago
What's Changed
- fix: check for existing groups by @strehle in https://github.com/cloudfoundry/uaa/pull/2653
Full Changelog: https://github.com/cloudfoundry/uaa/compare/v76.28.0...v76.29.0
uaa
- 76.28.0
Published by cf-identity 10 months ago
What's Changed
- Add allowedGroups to UserConfig in IdZ configuration by @klaus-sap in https://github.com/cloudfoundry/uaa/pull/2606
- Sonar fix for split by @strehle in https://github.com/cloudfoundry/uaa/pull/2641
- Update documentation for adding SAP IAS as OIDC Provider by @vlast3k in https://github.com/cloudfoundry/uaa/pull/2613
Dependency Bumps
- build(deps): bump versions.tomcatCargoVersion from 9.0.83 to 9.0.84 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2642
- build(deps): bump github/codeql-action from 2 to 3 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2644
- build(deps): bump k8s.io/client-go from 0.28.4 to 0.29.0 in /k8s by @dependabot in https://github.com/cloudfoundry/uaa/pull/2646
- build(deps): bump actions/upload-artifact from 3 to 4 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2648
- build(deps): bump versions.braveVersion from 5.16.0 to 5.17.0 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2649
- build(deps): bump versions.guavaVersion from 32.1.3-jre to 33.0.0-jre by @dependabot in https://github.com/cloudfoundry/uaa/pull/2650
New Contributors
- @vlast3k made their first contribution in https://github.com/cloudfoundry/uaa/pull/2613
Full Changelog: https://github.com/cloudfoundry/uaa/compare/v76.27.0...v76.28.0
uaa
- 76.27.0
Published by cf-identity 10 months ago
What's Changed
- build(deps): bump org.owasp.esapi:esapi from 2.5.2.0 to 2.5.3.0 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2619
- build(deps): bump org.apache.santuario:xmlsec from 4.0.0 to 4.0.1 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2621
- renovate: update dependency org.gradle:test-retry-gradle-plugin to v1.5.7 by @strehle in https://github.com/cloudfoundry/uaa/pull/2623
- Bump Gradle to 8.5 by @strehle in https://github.com/cloudfoundry/uaa/pull/2626
- build(deps): bump commons-io:commons-io from 2.15.0 to 2.15.1 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2627
- build(deps): bump actions/setup-java from 3 to 4 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2629
- build(deps): bump org.owasp.esapi:esapi from 2.5.3.0 to 2.5.3.1 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2631
- build(deps): bump com.icegreen:greenmail from 1.6.14 to 1.6.15 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2632
- build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.37.1 to 9.37.2 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2633
- Update account menu for keyboard accessibility by @ystros in https://github.com/cloudfoundry/uaa/pull/2587
- Bump dependency org.gradle:test-retry-gradle-plugin to v1.5.8 by @strehle in https://github.com/cloudfoundry/uaa/pull/2634
- Check zone id by @strehle in https://github.com/cloudfoundry/uaa/pull/2617
- Check zone id before jdbc access by @strehle in https://github.com/cloudfoundry/uaa/pull/2616
- build(deps): bump org.eclipse.jgit:org.eclipse.jgit from 6.7.0.202309050840-r to 6.8.0.202311291450-r by @dependabot in https://github.com/cloudfoundry/uaa/pull/2636
- build(deps): bump org.postgresql:postgresql from 42.7.0 to 42.7.1 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2639
- build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.37.2 to 9.37.3 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2640
Full Changelog: https://github.com/cloudfoundry/uaa/compare/v76.26.0...v76.27.0
uaa
- 76.26.0
Published by cf-identity 11 months ago
What's Changed
Remarks
Deprecation notice: UAA can currently function as a SAML identity provider (IdP). This functionality will be removed in a future release. This will facilitate ongoing efforts to upgrade the Spring Boot library that UAA uses. However, UAA's ability to be a service provider (SP) that integrates with an external SAML-based IdP will still be supported.
Fixes
- return invalid_client in oauth2 error code by @strehle in https://github.com/cloudfoundry/uaa/pull/2596
- fix slack in readme by @strehle in https://github.com/cloudfoundry/uaa/pull/2609
- fix sonar finding by @strehle in https://github.com/cloudfoundry/uaa/pull/2592
New
- Add config to control whether to perform "OpenID Connect RP-Initiated Logout" when using an external OIDC provider by @peterhaochen47 in https://github.com/cloudfoundry/uaa/pull/2590
- Add label text to all form controls by @ystros in https://github.com/cloudfoundry/uaa/pull/2588
Misc
- Add SAML IdP deprecation notice by @swalchemist in https://github.com/cloudfoundry/uaa/pull/2607
- Update OIDC integration documentation by @strehle in https://github.com/cloudfoundry/uaa/pull/2585
- refactor two SAML tests to use page objects by @swalchemist in https://github.com/cloudfoundry/uaa/pull/2543
- Miscellaneous refactors by @peterhaochen47 in https://github.com/cloudfoundry/uaa/pull/2608
- refactor: move jakarta mail dependency to spring boot mail by @strehle in https://github.com/cloudfoundry/uaa/pull/2611
Dependency Bumps
- build(deps): bump versions.springBootVersion from 2.7.17 to 2.7.18 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2614
- Bump mariadb from 2.7.10 to 2.7.11 by @strehle in https://github.com/cloudfoundry/uaa/pull/2594
- build(deps): bump github.com/onsi/gomega from 1.29.0 to 1.30.0 in /k8s by @dependabot in https://github.com/cloudfoundry/uaa/pull/2595
- build(deps): bump k8s.io/client-go from 0.28.3 to 0.28.4 in /k8s by @dependabot in https://github.com/cloudfoundry/uaa/pull/2603
- build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.37 to 9.37.1 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2593
- build(deps): bump org.postgresql:postgresql from 42.6.0 to 42.7.0 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2612
- build(deps): bump versions.bouncyCastleVersion from 1.76 to 1.77 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2600
- build(deps): bump versions.tomcatCargoVersion from 9.0.82 to 9.0.83 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2601
- Bump jackson from 2.15.3 to 2.16.0 by @strehle in https://github.com/cloudfoundry/uaa/pull/2605
New Contributors
- @ystros made their first contribution in https://github.com/cloudfoundry/uaa/pull/2588
Full Changelog: https://github.com/cloudfoundry/uaa/compare/v76.25.0...v76.26.0
uaa
- 76.25.0
Published by cf-identity 12 months ago
What's Changed
- build(deps): bump commons-io:commons-io from 2.14.0 to 2.15.0 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2579
- build(deps): bump github.com/onsi/gomega from 1.28.1 to 1.29.0 in /k8s by @dependabot in https://github.com/cloudfoundry/uaa/pull/2578
- build(deps): bump org.apache.commons:commons-text from 1.10.0 to 1.11.0 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2582
- update dependency middleman to v4.5.1 by @strehle in https://github.com/cloudfoundry/uaa/pull/2580
Full Changelog: https://github.com/cloudfoundry/uaa/compare/v76.24.0...v76.25.0
uaa
- 76.24.0
Published by cf-identity 12 months ago
What's Changed
Remarks
- The versions 76.22.0 and 76.23.0 contain a regression regarding the empty secret change. If you need to have an empty secret in your clients and you create them later via REST calls, use this version.
- This version was created with Java 17
Regression Fix
- validate secrets only with text by @strehle in https://github.com/cloudfoundry/uaa/pull/2574
Feature
- feature: add client_auth_method=none into tokens for clients with empty secret by @strehle in https://github.com/cloudfoundry/uaa/pull/2504
Misc
- fix: java version requirement in README by @peterhaochen47 in https://github.com/cloudfoundry/uaa/pull/2563
- fix flaky test by @strehle in https://github.com/cloudfoundry/uaa/pull/2565
- fix: unnecessary method call by @klaus-sap in https://github.com/cloudfoundry/uaa/pull/2549
- sonar fix by @strehle in https://github.com/cloudfoundry/uaa/pull/2526
- documentation: update system admin guide by @strehle in https://github.com/cloudfoundry/uaa/pull/2520
- doc: announcement for private_key_jwt by @strehle in https://github.com/cloudfoundry/uaa/pull/2551
Dependency Bumps
- Bump: Java version to 17 by @peterhaochen47 in https://github.com/cloudfoundry/uaa/pull/2562
- build(deps): bump github.com/onsi/gomega from 1.28.0 to 1.28.1 in /k8s by @dependabot in https://github.com/cloudfoundry/uaa/pull/2568
- build(deps): bump org.apache.directory.server:apacheds-protocol-ldap from 2.0.0.AM26 to 2.0.0.AM27 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2567
Full Changelog: https://github.com/cloudfoundry/uaa/compare/v76.23.0...v76.24.0
uaa
- 76.23.0
Published by cf-identity 12 months ago
What's Changed
Experimental Feature
Client Authentication with JWT assertions, Howto
Features
- feature: add runtime support for private_key_jwt client authentication by @strehle in https://github.com/cloudfoundry/uaa/pull/2507
- feature: add change size to pull request by @bruce-ricard in https://github.com/cloudfoundry/uaa/pull/2546
- feature: enhance well-known and document private_key_jwt parameters in rest API by @strehle in https://github.com/cloudfoundry/uaa/pull/2509
Fixes
- fix sonar findings by @strehle in https://github.com/cloudfoundry/uaa/pull/2528
- fix sonar finding: duplicate string literals by @klaus-sap in https://github.com/cloudfoundry/uaa/pull/2531
- fix sonar issue: Utility classes should not have public constructors by @klaus-sap in https://github.com/cloudfoundry/uaa/pull/2533
- fix sonar findings by @strehle in https://github.com/cloudfoundry/uaa/pull/2527
- Bump org.json:json from 20230618 to 20231013 , fixes CVE-2023-5072 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2544
Misc
- Make it easier to find test failures in CI output by @swalchemist in https://github.com/cloudfoundry/uaa/pull/2511
- test: Add Client Authentication Integration Tests by @strehle in https://github.com/cloudfoundry/uaa/pull/2508
Dependency Bumps
- build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.35 to 9.36 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2529
- build(deps): bump versions.guavaVersion from 32.1.2-jre to 32.1.3-jre by @dependabot in https://github.com/cloudfoundry/uaa/pull/2534
- build(deps): bump org.apache.directory.api:api-ldap-model from 2.1.4 to 2.1.5 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2536
- build(deps): bump golang.org/x/net from 0.14.0 to 0.17.0 in /k8s by @dependabot in https://github.com/cloudfoundry/uaa/pull/2538
- build(deps): bump versions.tomcatCargoVersion from 9.0.80 to 9.0.82 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2540
- Bump jackson version 2.15.2 to 2.15.3, https://github.com/cloudfoundry/uaa/pull/2541
- build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.36 to 9.37 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2548
- build(deps): bump k8s.io/client-go from 0.28.2 to 0.28.3 in /k8s by @dependabot in https://github.com/cloudfoundry/uaa/pull/2555
- build(deps): bump versions.springBootVersion from 2.7.16 to 2.7.17 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2553
- build(deps): bump org.apache.santuario:xmlsec from 3.0.2 to 4.0.0 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2554
Full Changelog: https://github.com/cloudfoundry/uaa/compare/v76.22.0...v76.23.0
uaa
- 76.22.0
Published by cf-identity about 1 year ago
What's Changed
Features
- feature: allow setting SameSite on X-Uaa-Csrf cookie by @mikeroda in https://github.com/cloudfoundry/uaa/pull/2439
- feature: add persistence support for private_key_jwt client authentication by @strehle in https://github.com/cloudfoundry/uaa/pull/2449
Fixes
- fix: Flaky test by @strehle in https://github.com/cloudfoundry/uaa/pull/2491
- fix: do not default a missing secret to an empty one by @strehle in https://github.com/cloudfoundry/uaa/pull/2455
- fix: missing shebang by @bruce-ricard in https://github.com/cloudfoundry/uaa/pull/2497
- fix: ClientAdminEndpointsValidator should allow authorization_code with empty secret by @strehle in https://github.com/cloudfoundry/uaa/pull/2461
- fix: json syntax error by @peterhaochen47 in https://github.com/cloudfoundry/uaa/pull/2521
Misc
- Page object refactoring for two additional tests by @swalchemist in https://github.com/cloudfoundry/uaa/pull/2490
- Passcode test refactor by @swalchemist in https://github.com/cloudfoundry/uaa/pull/2501
- test clean-up: switch back to using standard simplesamlPHP server URL by @peterhaochen47 in https://github.com/cloudfoundry/uaa/pull/2516
- delete unused pom.xml by @swalchemist in https://github.com/cloudfoundry/uaa/pull/2519
- refactor: use page objects for favicon test by @swalchemist in https://github.com/cloudfoundry/uaa/pull/2498
Dependency Bumps
- build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.32 to 9.34 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2489
- build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.34 to 9.35 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2492
- update module github.com/onsi/ginkgo/v2 to v2.12.1 by @strehle in https://github.com/cloudfoundry/uaa/pull/2494
- build(deps): bump versions.springBootVersion from 2.7.15 to 2.7.16 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2495
- build(deps): bump org.passay:passay from 1.6.3 to 1.6.4 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2499
- build(deps): bump versions.seleniumVersion from 4.12.1 to 4.13.0 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2502
- build(deps): bump github.com/onsi/gomega from 1.27.10 to 1.28.0 in /k8s by @dependabot in https://github.com/cloudfoundry/uaa/pull/2510
- build(deps): bump commons-io:commons-io from 2.13.0 to 2.14.0 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2512
- Upgrade to be compatible with simplesamlphp v2 by @bruce-ricard in https://github.com/cloudfoundry/uaa/pull/2506
- Bump dependency org.gradle:test-retry-gradle-plugin to v1.5.6 by @strehle in https://github.com/cloudfoundry/uaa/pull/2518
- build: change sonar runner to java 17 by @strehle in https://github.com/cloudfoundry/uaa/pull/2513
- build(deps-dev): bump open from 0.0.5 to 6.0.0 in /uaa/slate by @dependabot in https://github.com/cloudfoundry/uaa/pull/2522
- Bump Gradle to 8.4 by @strehle in https://github.com/cloudfoundry/uaa/pull/2524
- Bump dependencies in package.json of slate (doc) by @strehle in https://github.com/cloudfoundry/uaa/pull/2525
Full Changelog: https://github.com/cloudfoundry/uaa/compare/v76.21.0...v76.22.0
uaa
- 76.21.0
Published by cf-identity about 1 year ago
What's Changed
Features
- feature: activate PKCE by default in requests to external OIDC providers by @strehle in https://github.com/cloudfoundry/uaa/pull/2448
Fixes
- Fix: UAA login page breaks when the product logo image is over 100000 characters by @Tallicia in https://github.com/cloudfoundry/uaa/pull/2453
Misc
- Rearchitect two integration tests to use page objects by @swalchemist in https://github.com/cloudfoundry/uaa/pull/2468
- Refactor: prepare for private_key_jwt in oauth_client_details by @strehle in https://github.com/cloudfoundry/uaa/pull/2433
- doc: reason for ignoring library bumps by @swalchemist in https://github.com/cloudfoundry/uaa/pull/2485
- test: Authorization Grant Flow without Redirect URI by @strehle in https://github.com/cloudfoundry/uaa/pull/2484
Dependency Bumps
- build(deps): bump versions.springBootVersion from 2.7.14 to 2.7.15 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2450
- bump activesupport from 6.1.7.3 to 6.1.7.5 in https://github.com/cloudfoundry/uaa/pull/2451
- build(deps): bump jasmine-core from 5.1.0 to 5.1.1 in /uaa by @dependabot in https://github.com/cloudfoundry/uaa/pull/2457
- build(deps): bump k8s.io/client-go from 0.28.0 to 0.28.1 in /k8s by @dependabot in https://github.com/cloudfoundry/uaa/pull/2460
- build(deps): bump versions.tomcatCargoVersion from 9.0.79 to 9.0.80 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2462
- build(deps): bump org.apache.directory.api:api-ldap-model from 2.1.3 to 2.1.4 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2464
- build(deps): bump versions.seleniumVersion from 4.11.0 to 4.12.0 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2466
- build(deps): bump org.eclipse.jgit:org.eclipse.jgit from 6.6.0.202305301015-r to 6.6.1.202309021850-r by @dependabot in https://github.com/cloudfoundry/uaa/pull/2469
- build(deps): bump versions.seleniumVersion from 4.12.0 to 4.12.1 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2471
- build(deps): bump actions/checkout from 3 to 4 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2473
- build(deps): bump org.eclipse.jgit:org.eclipse.jgit from 6.6.1.202309021850-r to 6.7.0.202309050840-r by @dependabot in https://github.com/cloudfoundry/uaa/pull/2475
- Bump Gradle to 8.3 by @strehle in https://github.com/cloudfoundry/uaa/pull/2476
- update dependency org.gradle:test-retry-gradle-plugin to v1.5.4 by @strehle in https://github.com/cloudfoundry/uaa/pull/2479
- Bump mariadb from 2.7.9 to 2.7.10 by @strehle in https://github.com/cloudfoundry/uaa/pull/2478
- Bump gradle plugins by @strehle in https://github.com/cloudfoundry/uaa/pull/2480
- Bump SnakeYaml from 2.0 to 2.2 by @strehle in https://github.com/cloudfoundry/uaa/pull/2481
- update dependency org.gradle:test-retry-gradle-plugin to v1.5.5 by @strehle in https://github.com/cloudfoundry/uaa/pull/2482
- Go 1.21 by @swalchemist in https://github.com/cloudfoundry/uaa/pull/2483
- build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.31 to 9.32 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2487
- k8s updates, k8s.io 0.28.1 to 0.28.2 by @strehle in https://github.com/cloudfoundry/uaa/pull/2488
Full Changelog: https://github.com/cloudfoundry/uaa/compare/v76.20.0...v76.21.0
uaa
- 76.20.0
Published by cf-identity about 1 year ago
What's Changed
Features
- Added log tracing using B3 headers so transactions between TAS components will use the same trace ID, in https://github.com/cloudfoundry/uaa/pull/2446. Log file parsers might need to be updated to reflect this addition to the logs. In the example below,
- [ebf4f18ff75a4cfc64a70c2de8ff493b,64a70c2de8ff493b]is the part that is added:
[2023-08-16T00:56:46.060135Z] uaa - 13 [https-jsse-nio-8443-exec-1] - [ebf4f18ff75a4cfc64a70c2de8ff493b,64a70c2de8ff493b] .... DEBUG --- UaaMetricsFilter: Successfully matched URI: /oauth/token to a group: /oauth-oidc
In some cases, the trace and span IDs will be blank:
[2023-08-17T01:53:42.790149Z] uaa/uaa - 17490 [main] - [,] .... INFO --- SpringSecurityCoreVersion: You are running with Spring Security Core 5.7.10
Fixes
- Move refresh rotate check to refresh flow in https://github.com/cloudfoundry/uaa/pull/2437
Full Changelog: https://github.com/cloudfoundry/uaa/compare/v76.19.0...v76.20.0
uaa
- 76.19.0
Published by cf-identity about 1 year ago
What's Changed
Dependency Bumps
- build(deps): bump com.google.zxing:javase from 3.5.1 to 3.5.2 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2426
- build(deps): bump versions.bouncyCastleVersion from 1.75 to 1.76 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2425
- build(deps): bump versions.guavaVersion from 32.1.1-jre to 32.1.2-jre by @dependabot in https://github.com/cloudfoundry/uaa/pull/2429
- build(deps): bump versions.seleniumVersion from 4.10.0 to 4.11.0 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2428
- fix: update k8s to go 1.20 by @Tallicia in https://github.com/cloudfoundry/uaa/pull/2432
- Bump hsqldb version 2.7.1 to 2.7.2 by @strehle in https://github.com/cloudfoundry/uaa/pull/2436
- build(deps): bump versions.tomcatCargoVersion from 9.0.78 to 9.0.79 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2442
- build(deps): bump k8s.io/apimachinery from 0.27.4 to 0.28.0 in /k8s by @dependabot in https://github.com/cloudfoundry/uaa/pull/2443
- build(deps): bump k8s.io/client-go from 0.27.4 to 0.28.0 in /k8s by @dependabot in https://github.com/cloudfoundry/uaa/pull/2444
Misc
- integrationTest: Add IT for user_token grant variants by @strehle in https://github.com/cloudfoundry/uaa/pull/2194
- fix: Dependabot can't authenticate to the private package registry ht… by @hsinn0 in https://github.com/cloudfoundry/uaa/pull/2434
Full Changelog: https://github.com/cloudfoundry/uaa/compare/v76.18.0...v76.19.0
uaa
- 76.18.0
Published by cf-identity about 1 year ago
What's Changed
Fixes
- UAA startup if postgresql is used for session store in https://github.com/cloudfoundry/uaa/pull/2414
- Expired X509 certificates should be ignored for JWT usage in https://github.com/cloudfoundry/uaa/pull/2423
Features
- Allow refresh flow for public usages in https://github.com/cloudfoundry/uaa/pull/2402
- Use custom key in private_key_jwt towards OAuth2/OIDC IdP in https://github.com/cloudfoundry/uaa/pull/2420
Dependency Bumps
- build(deps): bump jasmine-core from 5.0.1 to 5.1.0 in /uaa by @dependabot in https://github.com/cloudfoundry/uaa/pull/2418
- build(deps): bump github.com/onsi/gomega from 1.27.8 to 1.27.9 in /k8s by @dependabot in https://github.com/cloudfoundry/uaa/pull/2419
- build(deps): bump jasmine from 4.6.0 to 5.1.0 in /uaa by @dependabot in https://github.com/cloudfoundry/uaa/pull/2417
- build(deps): bump github.com/onsi/gomega from 1.27.9 to 1.27.10 in /k8s by @dependabot in https://github.com/cloudfoundry/uaa/pull/2421
- Gradle to 8.2.1
Misc
- Delete unused script & dockerfile by @peterhaochen47 in https://github.com/cloudfoundry/uaa/pull/2422
- Change default of refresh token format by @strehle in https://github.com/cloudfoundry/uaa/pull/2406
- uaa-ci: use RS256 key as default by @strehle in https://github.com/cloudfoundry/uaa/pull/2405
Full Changelog: https://github.com/cloudfoundry/uaa/compare/v76.17.0...v76.18.0
Package Rankings
Top 4.5% on Proxy.golang.org
Top 9.82% on Repo1.maven.org
Badges
Extracted from project README
