Bot releases are visible (Hide)
Published by cf-identity over 3 years ago
Features
- Address performance issue when using several IdPs via the account chooser (#1439)
Dependency Bumps
- Update node-mime module to fix CVE
- Bump k8s.io/client-go to 0.20.5 in /k8s (#1541)
- Bump github.com/onsi/ginkgo to 1.15.2 in /k8s (#1535)
- Bump k8s.io/api to 0.20.5 in /k8s (#1542)
- Misc dependency updates (spring boot 2.4.4, spring framework 5.3.5, tomcat 9.0.44) (#1538)
Published by cf-identity over 3 years ago
Features
- Update logging timestamp format to RFC3339 with microseconds and UTC+0 timezone (breaking change)
- Allow multiple oauth client secrets to be configured in uaa.yml for rotation (#1313)
- The Authorization Code that UAA issues sometimes include certain non-alphanumeric characters (such as
-) to increase the code's complexity.
Dependency Bumps
- Bump k8s.io/api to 0.20.2 in /k8s
- Bump jasmine to 3.6.4
- Bump velocity to 2.2 (#1486)
- Bump Spring Boot to 2.4.2 & Spring framework to 5.3.3 (#1484 #1501)
- Bump spring oauth to 2.5.0.RELEASE (#1462)
- Bump bouncyCastleVersion to 1.68 (#1510)
- Update jQuery version to v3.5.1 (#1513)
Fixes
- Fixes #1497
- Fixes #1509
Notes
UAA server docker images will now be available on cloudfoundry/uaa dockerhub repository.
Published by cf-identity almost 4 years ago
Features
- externalId an updateable attribute of the user [#1330]
- UAA release handles OpenSUSE/SLE system certs uaa-release
Dependencies
- Bump nokogiri uaa-release
- Bump i18n uaa-release
- Bump zeitwerk uaa-release
- Bump tzinfo uaa-release
- Bump activesupport uaa-release
Published by cf-identity almost 4 years ago
Dependency Bumps
Upgrades Spring Boot to version 2.3.7.RELEASE (#1475)
Bumps guava to version 30.0 (#1479)
Bumps commons-beanutils to version 1.9.4 (#1478 )
Bumps passay to version 1.6.0 (#1478 )
Bumps Tomcat to version 9.0.41
Bumps Newrelic to version 6.3.0
Features
Adds configuration options for HttpClient (https://github.com/cloudfoundry/uaa-release/pull/246/files)
Fixes
Sets the default size of the http connection pool to 5 per route, up to a maximum of 10 (#1460)
Solves issue #1436
Solves issue #1464
Solves issue #1477
Published by cf-identity almost 4 years ago
Dependency Bumps
Upgrade Spring Boot version 2.3.6.RELEASE
Upgrade Bouncy Castle version 1.67
Features
Add configuration options for HttpClient (#1434 )
Published by cf-identity almost 4 years ago
Dependency Bumps
Upgrade Bellsoft JDK to version 11.0.9+12
Published by cf-identity almost 4 years ago
Published by cf-identity about 4 years ago
Bug fixes
Dependency bumps
- Upgrade Newrelic to version 6.1.0
- Upgrade Tomcat to version 9.0.39
Published by cf-identity about 4 years ago
Features
- Increase the size of the session store columns in mysql https://www.pivotaltracker.com/story/show/172851963
Bug fixes
- Users are consistently logged out after changing their password. https://github.com/cloudfoundry/uaa/pull/1385
- Improve secure cookie setting check https://github.com/cloudfoundry/uaa/pull/1398
Dependency updates
- Bump tomcat from 9.0.37 to 9.0.38
- Bump Newrelic from 5.14.0 to 6.0.0
Published by cf-identity about 4 years ago
DEPENDENCY UPDATES
- newrelic to version 5.14.0
- i18n from 1.8.3 to 1.8.5
- spring-framework-bom from 5.2.7.RELEASE to 5.2.8.RELEASE
- commons-text from 1.8 to 1.9
Published by cf-identity over 4 years ago
Published by cf-identity over 4 years ago
UAA can be configured to emit metrics to statsd
Improved db query performance when retrieving access tokens
Bump spring-framework-bom from 5.2.6.RELEASE to 5.2.7.RELEASE
Bump scim-sdk from 1.8.22 to 1.8.24
Bump Tomcat to version 9.0.37
Published by cf-identity over 4 years ago
Dependency Bumps
- Bump i18n from 1.8.2 to 1.8.3
- Bump tomcat-embed-core from 9.0.33 to 9.0.35
- Bump scim-sdk from 1.8.22 to 1.8.24
- Bump spring-framework-bom from 5.2.6.RELEASE to 5.2.7.RELEASE
PRs
Published by cf-identity over 4 years ago
Dependency Bumps
Bump spring-security-jwt from 1.1.0.RELEASE to 1.1.1.RELEASE …
Bump commons-io from 2.6 to 2.7
PRs
https://github.com/cloudfoundry/uaa/pull/1283
https://github.com/cloudfoundry/uaa/pull/1292
https://github.com/cloudfoundry/uaa/pull/1307
https://github.com/cloudfoundry/uaa/pull/1308
Published by cf-identity over 4 years ago
Dependency bumps
bouncy castle: 1.64 => 1.65
spring boot: 2.2.6.RELEASE => 2.3.0.RELEASE
migrate from AdoptOpenJDK 11.0.7_10 to BellSoft Liberica 11.0.7_10
PRs
https://github.com/cloudfoundry/uaa/pull/975
https://github.com/cloudfoundry/uaa/pull/979
https://github.com/cloudfoundry/uaa/pull/1259
https://github.com/cloudfoundry/uaa/pull/1271
https://github.com/cloudfoundry/uaa/pull/1277
https://github.com/cloudfoundry/uaa/pull/1286
https://github.com/cloudfoundry/uaa/pull/1290
https://github.com/cloudfoundry/uaa/pull/1293
Tracker Stories:
https://www.pivotaltracker.com/story/show/172658073
Published by cf-identity over 4 years ago
BUG FIX
Addresses Account chooser ignores origin and instead uses default [#172158373, UAA PR #1271]
DEPENDENCY UPDATES
Bump OpenJDK from 11.0.6_10 to 11.0.7_10
Upgrade Newrelic to version 5.12.0
Bump versions.xmlBind from 2.3.0 to 2.3.0.1
Bump guava from 28.2-jre to 29.0-jre
Bump googleauth from 1.4.0 to 1.5.0
Bump spring-framework-bom from 5.2.5.RELEASE to 5.2.6.RELEASE
Published by cf-identity over 4 years ago
FEATURES
Improve error messaging for unexpected SAML requests
Access logs should provide better visibility into a request
DEPENDENCY UPDATES
Bump spring boot from 2.2.5.RELEASE to 2.2.6.RELEASE
Bump mariadb from 2.2.0 to 2.3.0
Bump Tomcat libraries from 9.0.30 to 9.0.33
Bump apacheds-protocol-ldap from 2.0.0.AM25 to 2.0.0.AM26
Bump tomcat-embed-core from 9.0.30 to 9.0.31 in /uaa
Bump tomcat-embed-core from 9.0.30 to 9.0.31 in /statsd
Bump tomcat-embed-core from 9.0.30 to 9.0.31 in /server
Bump tomcat-embed-core from 9.0.30 to 9.0.31 in /samples/app
Bump tomcat-embed-core from 9.0.30 to 9.0.31 in /samples/api
Bump apacheds-protocol-ldap from 2.0.0.AM25 to 2.0.0.AM26
Bump tzinfo from 1.2.6 to 1.2.7
Published by cf-identity over 4 years ago
BUG FIX
The dependency bump to Tomcat version 9.0.33 fixes intermittent SAML login failures that were traced back to an issue with the earlier release's (UAA v74.15.0) use of Tomcat 9.0.29.
DEPENDENCY UPDATES
Upgrade Tomcat to version 9.0.33 > SAML issue fix
Upgrade Newrelic to version 5.11.0
Bump spring boot from 2.2.4.RELEASE to 2.2.5.RELEASE
Bump versions.springBootVersion from 2.2.4.RELEASE to 2.2.6.RELEASE
Bump spring-framework-bom from 5.2.4.RELEASE to 5.2.5.RELEASE
Bump tomcat-embed-core from 9.0.30 to 9.0.31 in /uaa, /statsd, /samples/app
Bump nokogiri from 1.10.8 to 1.10.9
Bump zeitwerk from 2.2.2 to 2.3.0
Bump rspec-expectations from 3.9.0 to 3.9.1
Update json_pure requirement from ~> 1.8, >= 1.8.1 to >= 1.8.1, ~> 2.2
Bump activesupport from 6.0.2.1 to 6.0.2.2
Bump pry from 0.12.2 to 0.13.0
Bump pry-byebug from 3.8.0 to 3.9.0
Bump method_source from 0.9.2 to 1.0.0
Bump org.eclipse.jgit from 5.6.1.202002131546-r to 5.7.0.202003110725-r
Published by cf-identity over 4 years ago
KNOWN ISSUE
Important: Use of this version has generated reports of intermittent SAML login failures which has been traced back to an issue with the release's use of Apache Tomcat 9.0.29. We're actively working to cut a new release that will utilize Apache Tomcat 9.0.33 or higher. If you rely on SAML connectivity, please continue to use UAA v74.14.0 until our next release is available.
DOCUMENTATION
Make the openid parameter clearer in the documentation - PR#1206
BUG FIX
UAA no longer unsuccessfully attempts to create logs in incorrect directory
DEPENDENCY UPDATES
Bump spring-framework-bom from 5.2.3.RELEASE to 5.2.4.RELEASE
Bump concurrent-ruby from 1.1.5 to 1.1.6
Bump nokogiri from 1.10.7 to 1.10.8
Bump github.com/onsi/gomega from 1.8.1 to 1.9.0 in /src/acceptance_tests
Bump org.eclipse.jgit from 5.6.0.201912101111-r to 5.6.1.202002131546-r
Published by cf-identity over 4 years ago
SECURITY
UAA switched from /dev/random to /dev/urandom as a source of cryptographic randomness. As such, the java process running the UAA will need to be started with -D java.security.egd=file:/dev/urandom.
General improvements to UAA to better conform to OAuth recommendations regarding state parameter management, including:
- UAA now uses a more secure random number generator for state parameters.
- UAA now persists the state parameter and validates its value throughout the request.
DEPENDENCY UPDATES
Bump spring-framework-bom from 5.2.2.RELEASE to 5.2.3.RELEASE.
Bump spring-boot from 2.2.2.RELEASE to 2.2.4.RELEASE
Bump UAA's OpenJDK to 11.0.6
