Releases: cloudfoundry/uaa
Releases · cloudfoundry/uaa
77.25.0
What's Changed
Fixes
Feature
Misc
- Add a docker service using openldap/slapd by @fhanik in #3228
- Refactor test complexity by @strehle in #3241
Dependency Bumps
- build(deps): bump k8s.io/client-go from 0.32.0 to 0.32.1 in /k8s by @dependabot in #3237
Full Changelog: v77.24.0...v77.25.0
Contributors
fhanik, strehle, and dependabot
Assets 2
77.20.2
What's Changed
Fixes
Dependency Bumps
- Bump Gradle to 8.12 by @duanemay
- build(deps): bump org.postgresql:postgresql from 42.7.4 to 42.7.5 by @dependabot
Full Changelog: v77.20.1...v77.20.2
Contributors
duanemay and dependabot
Assets 2
77.24.0
What's Changed
Fixes
- Fix Metadata ID to conform to NCName by @duanemay in #3221
- Fix DB unit tests by @Kehrlann in #3186
- fix AuditCheckMockMvcTests with
ldapprofile by @Kehrlann in #3206 - Do not add whitespaces in XML signature of /saml/metadata by @strehle in #3222
Misc
- Add legacy SAML configuration for uaa-ci by @strehle in #3198
- tests: in-memory ldap server runs on a random port by @Kehrlann in #3202
- tests: enable parallel testing to speed up database-backed tests by @Kehrlann in #3203
- Add documentation on how to generate documentation on the local machine by @fhanik in #3205
- Move
login-uiService classes to Javaconfig by @Kehrlann in #3208 - Remove unused EncryptionService and EncryptionKeyService by @Kehrlann in #3207
- tests: address flakyness in ScimUserEndpointsAliasMockMvcTests by @Kehrlann in #3209
- Testing Updates by @duanemay in #3195
Dependency Bumps
- Bump golang.org/x/net to v0.33.0 by @strehle in #3204
- build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.47 to 9.48 by @dependabot in #3210
- build(deps): bump github.com/onsi/gomega from 1.36.1 to 1.36.2 in /k8s by @dependabot in #3211
- Bump Gradle to 8.12 by @duanemay in #3212
- build(deps): bump org.json:json from 20240303 to 20241224 by @dependabot in #3214
- build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.48 to 10.0.1 by @dependabot in #3217
- build(deps): bump commons-codec:commons-codec from 1.17.1 to 1.17.2 by @dependabot in #3224
- build(deps): bump org.json:json from 20241224 to 20250107 by @dependabot in #3225
- build(deps): bump org.postgresql:postgresql from 42.7.4 to 42.7.5 by @dependabot in #3231
Full Changelog: v77.23.0...v77.24.0
Contributors
fhanik, duanemay, and 3 other contributors
Assets 2
77.20.1
What's Changed
Fixes
- build(deps): bump versions.tomcatCargoVersion from 9.0.97 to 9.0.98
Dependency Bumps
tomcat to 9.0.98
guava to 33.4.0-jre
jackson to 2.18.2
awaitility to 4.2.2
apacheCommonsText to 1.13.0
commonsCodec to 1.17.2
eclipseJgit to 7.1.0.202411261347-r
nimbusJwt to 10.0.1
orgJson to 20250107
sonarqubePlugin to 6.0.1.5171
Full Changelog: v77.20.0...v77.20.1
77.23.0
What's Changed
Fixes
- build(deps): bump versions.tomcatCargoVersion from 9.0.97 to 9.0.98 by @dependabot in #3183
- workload identity by @strehle in #3197
- tests: fix missing BCFIPS provider in DefaultRelyingPartyRegistrationRepositoryTest by @Kehrlann in #3201
Misc
Dependency Bumps
- build(deps): bump github.com/onsi/gomega from 1.36.0 to 1.36.1 in /k8s by @dependabot in #3185
- build(deps): bump k8s.io/client-go from 0.31.3 to 0.31.4 in /k8s by @dependabot in #3188
- build(deps): bump k8s.io/client-go from 0.31.4 to 0.32.0 in /k8s by @dependabot in #3192
- deps: remove code dependencies on hsqldb by @Kehrlann in #3194
- build(deps): bump org.apache.commons:commons-text from 1.12.0 to 1.13.0 by @dependabot in #3196
- build(deps): bump versions.guavaVersion from 33.3.1-jre to 33.4.0-jre by @dependabot in #3199
Full Changelog: v77.22.0...v77.23.0
Contributors
duanemay, Kehrlann, and 2 other contributors
Assets 2
77.22.0
What's Changed
Feature - major opensaml library upgrade
Fixes
- Fix new SAML. Re-establish SAML setup for legacy by @strehle in #3164
- fix velocity dependency by @strehle in #3169
- Fix flaky StaleUrlCacheTests by @duanemay in #3179
- Fix retrieval of login.saml.providers by @strehle in #3178
- Fix issue #3104 by @strehle in #3182
Misc
- Support SAML keypair without a passphrase by @strehle in #3172
- Add logs in case of SAML issues by @strehle in #3173
- Refactor password grant by @strehle in #3165
Dependency Bumps
- build(deps): bump versions.jacksonVersion from 2.18.1 to 2.18.2 by @dependabot in #3166
- build(deps): bump org.sonarsource.scanner.gradle:sonarqube-gradle-plugin from 6.0.0.5145 to 6.0.1.5171 by @dependabot in #3167
- build(deps): bump jasmine from 5.4.0 to 5.5.0 in /uaa by @dependabot in #3176
- build(deps): bump jasmine-core from 5.4.0 to 5.5.0 in /uaa by @dependabot in #3175
- build(deps): bump org.eclipse.jgit:org.eclipse.jgit from 7.0.0.202409031743-r to 7.1.0.202411261347-r by @dependabot in #3177
Deprecation information
The setup of UAA with YAML setting
login.serviceProviderKey
login.serviceProviderCertificate
was set to deprecation a while ago, but the support is still in there. Please prepare your UAA configuration to change either towards
login.saml.serviceProviderKey
login.saml.serviceProviderCertificate
or if you want support key-rotation with SAML make use of the map in
login.saml.keys
similar to JWT signing keys
Full Changelog: v77.20.0...v77.22.0
Contributors
duanemay, Tallicia, and 2 other contributors
Assets 2
77.21.0
77.20.0
What's Changed
Fix
Misc
- Improve Performance of LoginInfoEndpoint by @adrianhoelzl-sap in #3141
Dependency Bumps
- build(deps): bump commons-io:commons-io from 2.17.0 to 2.18.0 by @dependabot in #3146
- feature: ingtegration test coverage by @hsinn0 in #3147
- Bump Gradle to 8.11.1 by @duanemay in #3148
- build(deps): bump k8s.io/client-go from 0.31.2 to 0.31.3 in /k8s by @dependabot in #3149
- build(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /uaa by @dependabot in #3152
- build(deps): bump org.owasp.esapi:esapi from 2.5.5.0 to 2.6.0.0 by @dependabot in #3159
- build(deps): bump versions.seleniumVersion from 4.26.0 to 4.27.0 by @dependabot in #3158
- build(deps): bump github.com/onsi/gomega from 1.35.1 to 1.36.0 in /k8s by @dependabot in #3160
Full Changelog: v77.19.0...v77.20.0
Contributors
fhanik, duanemay, and 3 other contributors
Assets 2
77.19.0
What's Changed
Fix
- pr/upgrade docs slate gems take 2 by @fhanik in #3091
- fix(k8s): fix
JAVA_HOMEby @achrinza in #3093 - Refactor and fix duplicate by @strehle in #3112
Misc
- Unjava-doc-ify the copyright notices by @duanemay in #3108
- Only show failed tests by @duanemay in #3115
- Migrate to Caffeine Caching by @duanemay in #3114
Dependency Bumps
- build(deps): bump k8s.io/client-go from 0.31.1 to 0.31.2 in /k8s by @dependabot in #3096
- build(deps): bump rexml from 3.3.8 to 3.3.9 in /uaa/slate by @dependabot in #3100
- build(deps): bump versions.jacksonVersion from 2.18.0 to 2.18.1 by @dependabot in #3101
- build(deps): bump versions.seleniumVersion from 4.25.0 to 4.26.0 by @dependabot in #3103
- build(deps): bump github.com/onsi/gomega from 1.34.2 to 1.35.0 in /k8s by @dependabot in #3102
- build(deps): bump github.com/onsi/gomega from 1.35.0 to 1.35.1 in /k8s by @dependabot in #3105
- renovate: update dependency org.hsqldb:hsqldb to v2.7.4 by @strehle in #3106
- build(deps): bump org.apache.santuario:xmlsec from 4.0.2 to 4.0.3 by @dependabot in #3110
- renovate: : update dependency webrick to v1.9.0 by @strehle in #3111
- build(deps): bump versions.tomcatCargoVersion from 9.0.96 to 9.0.97 by @dependabot in #3120
- Bump Gradle to 8.11 by @strehle in #3124
- build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.41.2 to 9.46 by @dependabot in #3098
- build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.46 to 9.47 by @dependabot in #3134
- build(deps): bump versions.springSecurityVersion from 5.8.15 to 5.8.16 by @dependabot in #3142
- build(deps): bump org.sonarsource.scanner.gradle:sonarqube-gradle-plugin from 5.1.0.4882 to 6.0.0.5145 by @dependabot in #3143
New Contributors
Full Changelog: v77.18.0...v77.19.0
Contributors
fhanik, duanemay, and 3 other contributors
Assets 2
77.18.0
What's Changed
Fix
- Fix issue 3083: check user_name claim type by @strehle in #3084
- Allow Dynamic Value Lookup in Custom Zone for Private Key JWT when IdP has Alias by @adrianhoelzl-sap in #3078
- CVE-2024-38821, build(deps): bump versions.springSecurityVersion from 5.8.14 to 5.8.15 by @dependabot in #3089
Misc
Dependency Bumps
- build(deps): bump versions.tomcatCargoVersion from 9.0.95 to 9.0.96 by @dependabot in #3080
- build(deps): bump jasmine-core from 5.3.0 to 5.4.0 in /uaa by @dependabot in #3085
- build(deps): bump jasmine from 5.3.1 to 5.4.0 in /uaa by @dependabot in #3086
- build(deps): bump org.passay:passay from 1.6.5 to 1.6.6 by @dependabot in #3087
- build(deps): bump org.apache.velocity:velocity-engine-core from 2.4 to 2.4.1 by @dependabot in #3090
Full Changelog: v77.17.0...v77.18.0
Contributors
strehle, dependabot, and 2 other contributors