Bot releases are hidden (Show)
Published by tnwang almost 7 years ago
Backport of a performance related fix:
Published by tnwang almost 7 years ago
Fixes a performance issue found with 4.8.0 related to concurrent requests timing out.
Published by cf-identity almost 7 years ago
This release introduces a performance issue related to concurrent requests timing out that is resolved in 4.8.1
Stories included in release
Skip SSL Validation on Identity Provider configurations should also skip SSL Hostname verification
cloudfoundry/uaa #714: use isBlank form apache instead of isEmpty for hsqldb
[cfid-4999] cloudfoundry/uaa #320: Setting UAA session timeout (backend) in config
Send static claim assertions configured for SAML SP Providers as part of SAML assertions
Allow operators to configure static claim assertions for SAML SP Provider configs
Revoke all tokens for a user and client combination
Published by tnwang almost 7 years ago
This release addresses the breaking change around SSL hostname verification for self-signed SAML and OIDC connections introduced in UAA 4.7.1.
Please use this release instead of 4.7.1
Published by tnwang almost 7 years ago
This release introduces a breaking change around SSL hostname verification for self-signed SAML and OIDC connections that has been addressed in 4.7.2
The update of the httpclient dependency introduced SSL hostname verification which checks alternative names or the certificate CN to prevent man-in-the-middle attacks. This affects the following identity provider configurations, which will require the target to have a self-signed certificate with valid alternative names or certificate CN:
In addition, MySQL JBDC connections will now perform SSL Hostname Verification when SSL is enabled. The driver checks against the server's identity as presented in the server's certificate (checking alternative names or the certificate CN) to prevent man-in-the-middle attacks. Valid certificates will not be affected.
This is a security release addressing the following issues:
Additionally, UAA dependencies have been updated:
Published by tnwang almost 7 years ago
This is a security release addressing the following issues:
Published by tnwang almost 7 years ago
This is a security release addressing the following issues:
Published by cf-identity about 7 years ago
Stories included in release
disable
flag for logout redirectPublished by sreetummidi about 7 years ago
This release fixes a performance issue with /Users endpoint
Published by sreetummidi about 7 years ago
This is a critical release which addresses a memory leak issue introduced in UAA 4.6.0.
Please use this release instead of 4.6.0
Published by sreetummidi about 7 years ago
Please use 4.5.2 instead
Published by cf-identity about 7 years ago
This release introduces a memory leak that has been addressed in 4.6.1
The default mapping for deriving username from external OIDC has been switched from preferred_username to sub to maintain compliance with the spec. If you have an explicit mapping in place for username, you are not affected. However, if you are relying on the default, it will lead to creation of a new external user (aka shadow user in UAA).
The best approach is to create an explicit mapping for username and perform a one time database change on each external OIDC account in UAA to update to the right username
Published by cf-identity about 7 years ago
Stories included in release
Starting with UAA bosh release v43 the following Default Authorities will be set by default for all new identity zones:
The following Default Authorities will be set by default for the system zone:
These values can be changed via the UAA Bosh release manifest or UAA identity zone APIs.
The following dependencies have been updated:
Published by tnwang about 7 years ago
This is a security release addressing the following issues:
Published by tnwang about 7 years ago
This is a security release addressing the following issues:
Published by tnwang about 7 years ago
This is a security release addressing the following issues:
Published by sreetummidi about 7 years ago
Fixed Old SAML Identity Provider Metadata being cached on certain nodes in a HA deployment of UAA which causes SAML Authentication failure
Published by sreetummidi about 7 years ago
Exposed the OpenID Connect Discovery Endpoint. Details can be found here
Published by cf-identity about 7 years ago
This is a security release addressing the following issues:
Published by sreetummidi over 7 years ago
This is a security release addressing the following issues