Releases: cloudfoundry/uaa
Releases · cloudfoundry/uaa
75.19.0
Bug Fixes
- Bump spring-framework-bom from 5.3.18 to 5.3.19 (#1836), CVE-2022-22968
- Bump spring-security-oauth2 from 2.5.1.RELEASE to 2.5.2.RELEASE (#1840), CVE-2022-22969
- XML External Entity (XXE) fixes reported from Sonar, https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing
- Removed deprecated gradle plugins (#1850)
Code Quality
- Enabled github actions for static code checks, e.g. Sonarcloud
Dependency bumps
- Bump versions.springBootVersion from 2.6.6 to 2.6.7 (#1844)
- Bump versions.bouncyCastleVersion from 1.70 to 1.71 (#1845)
- Bump k8s.io from 0.22.8 to 0.23.6 in /k8s (#1843)
- Bump spring-framework-bom from 5.3.18 to 5.3.19 (#1836)
- Bump tomcat for cargo 9.0.62
- Bump nokogiri from 1.13.2 to 1.13.4 in /uaa/slate (#1835)
- Bump jasmine-core from 4.0.1 to 4.1.0 in /uaa (#1833)
- Bump jasmine from 4.0.2 to 4.1.0 in /uaa (#1834)
- Bump greenmail from 1.6.7 to 1.6.8 (#1830)
Full Changelog
75.18.0
CVE-2022-22965 Bug Fixes
- Bump spring-framework-bom from 5.3.17 to 5.3.18 (#1826)
- Bump versions.springBootVersion from 2.6.5 to 2.6.6 (#1827)
Full Changelog
75.17.0
Bug Fixes
- Fix: do not rely on default signature algorithms (#1813)
- Bump jackson-databind only to 2.13.2.2, solves CVE-2020-36518 (#1825)
Dependency bumps
- Bump versions.springBootVersion from 2.6.4 to 2.6.5 (#1820)
- Bump json from 20211205 to 20220320 (#1815)
- Bump k8s version 0.22.8 (#1814)
- Bump spring-framework-bom from 5.3.16 to 5.3.17 (#1812)
- Bump trim-newlines to 4.0.2 (#1808)
- Bump tomcat for cargo 9.0.60
- Bump github.com/onsi/gomega from 1.18.1 to 1.19.0 in /k8s (#1823)
Full Changelog
75.16.0
Bug Fixes
Dependency bumps
- Bump versions.springBootVersion from 2.6.3 to 2.6.4 (#1802) see changelog
- Bump spring-framework-bom from 5.3.15 to 5.3.16 (#1795)
- Bump greenmail from 1.6.5 to 1.6.7 (#1801)(#1805)
- Bump versions.guavaVersion from 31.0.1-jre to 31.1-jre (#1804)
- Bump org.eclipse.jgit from 6.0.0.202111291000-r to 6.1.0.202203080745-r (#1807)
- Bump nokogiri from 1.12.5 to 1.13.2 in /uaa/slate (#1803)
Full Changelog
75.15.0
Features
- Add group mapping mode AS_SCOPES for OIDC IdPs (#1737)
- Spring Boot Major Upgrade 2.4.13 to 2.6.3 (#1725) (#1779)
Bug Fixes
Dependency bumps
- XercesImpl update 2.12.2 (#1786), see CVE
- Spring Boot 2.6.3(#1725) (#1779) , see changelog
- Spring Framework 5.3.15
- Tomcat 9.0.58, see Security Fixes
- Gradle 6.9.2
- ThymeleafVersion 3.0.15 (#1787)
Full Changelog
75.14.0
Dependency Bumps
- Bumps various dependencies
- update library json (#1754)
Bug Fixes
- Redirect URIs with commas are badly treated upon creating Oauth2 client (#1766)
Security Fixes
- Addresses CVE with Log4j library and its prior incomplete fix by bumping to log4j2
2.17.1 - Upgrades Newrelic to version 7.5.0
- Fixes an issue where the previous fix for CVE-2021-22098 can be bypassed by using multiple '@' chars in the redirect URI for some endpoints PR
75.13.0
Dependency Bumps
- Bumps various dependencies
Security Fixes
- Addresses CVE with Log4j library and its prior incomplete fix by bumping to log4j2
2.17.0 - Upgrades Newrelic to version 7.4.3
75.12.0
Disclaimer: Please do not use this version but 75.13.0, because of recommandation from github and apache
Changelog
Dependency Bumps
- Bumps various dependencies
Security Fixes
- Addresses CVE with Log4j library and its prior incomplete fix by bumping to log4j2
2.16.0 - Addresses CVE with Apache MINA
- Upgrades Newrelic to version 7.4.2
75.11.0
75.10.0
Features
- JWT header deserializer (#1710)
- Updated OIDC related documentation parts (#1726)
- Migration tests from JUnit4 to JUnit5 - first iteration (#1685)
Bug Fixes
- Ensure that application/json is set as mediatype (#1731)
- Postgresql: Add "FOR UPDATE SKIP LOCKED" DeleteExpiredQuery (#1719)
- Fix error mapping /error (#1716)
- Bump xmlsec from 2.2.3 to 2.3.0 due to CVE-2021-40690 (#1711)
- Bump thymeleaf-spring5 to 3.0.13.RELEASE due to CVE-2021-43466
Dependency bumps
- Spring Boot 2.4.13
- Spring Framework 5.3.13
- Tomcat 9.0.55
- K8s.io 0.22.4
- Gradle 6.9.1