Releases: cloudfoundry/uaa
Releases · cloudfoundry/uaa
78.6.0
What's Changed
Fixes
- Fix SAML Metadata when EntityID is a URL by @fhanik in #3662
- Fix SCIM DateTime Filter Timezone Parsing by @neddp in #3700
- Add index on group_membership(identity_zone_id, origin) by @tack-sap in #3679
Misc
- Cargo migration & Upgrade Gradle to version 9.0.0 by @ireneGonzalezRuiz in #3648
- Debug test failures by @duanemay in #3654
- Increase boot timeout from 60 to 300 by @strehle in #3657
- Update memory settings on the integration test script by @duanemay in #3658
- Update Integration Test Params by @duanemay in #3659
- Revert to legacy behavior of showing
passcodeas a prompt in /info JSON response. by @fhanik in #3660 - Adjust JVM memory settings in integration test script by @duanemay in #3665
- [bc-212-test]: testing memory pressure issues by @joemahady-comm in #3666
- Adjust test settings to gather timing data by @duanemay in #3683
- Eliminate test setup on skipped tests by @duanemay in #3690
- Add debug mode with -Pdebug and -Pdebugs by @duanemay in #3678
- Restore UaaWebApplicationInitializer by @duanemay in #3677
- Add optional UaaTokenEnhancer injection by @gdgenchev in #3686
- Relax URL match assertion in ResetPasswordIT test by @duanemay in #3693
- Increase timeout and polling constants for WebDriverWait by @duanemay in #3682
Dependency Bumps
- build(deps): bump versions.springBootVersion from 3.5.6 to 3.5.7 by @dependabot[bot] in #3651
- build(deps): bump actions/upload-artifact from 4 to 5 by @dependabot[bot] in #3653
- Bump Selenium version to 4.38.0 by @duanemay in #3664
- build(deps): bump jasmine-core from 5.12.0 to 5.12.1 in /uaa by @dependabot[bot] in #3656
- build(deps): bump k8s.io/client-go from 0.34.1 to 0.34.2 in /k8s by @dependabot[bot] in #3673
- build(deps): bump glob from 10.4.5 to 10.5.0 in /uaa by @dependabot[bot] in #3676
- build(deps): bump versions.springBootVersion from 3.5.7 to 3.5.8 by @dependabot[bot] in #3680
- build(deps): bump actions/checkout from 5 to 6 by @dependabot[bot] in #3681
- Bump Gradle to 9.2.1 by @duanemay in #3685
- build(deps): bump github.com/onsi/gomega from 1.38.2 to 1.38.3 in /k8s by @dependabot[bot] in #3694
- build(deps): bump jasmine-core from 5.12.1 to 5.13.0 in /uaa by @dependabot[bot] in #3688
- build(deps): bump jasmine from 5.12.0 to 5.13.0 in /uaa by @dependabot[bot] in #3687
- build(deps): bump k8s.io/client-go from 0.34.2 to 0.34.3 in /k8s by @dependabot[bot] in #3697
New Contributors
- @ireneGonzalezRuiz made their first contribution in #3648
- @neddp made their first contribution in #3700
Full Changelog: v78.5.0...v78.6.0
Contributors
fhanik, duanemay, and 7 other contributors
Assets 2
78.5.0
What's Changed
Fixes
- Fix broken OAUTH2.0 authorization_code flow. by @fhanik in #3643
- Remove ThreadLocal for Origin in ExternalOAuthAuthenticationManager by @adrianhoelzl-sap in #3636
- Change nonce and state to length 22 by @cweibel in #3645
- Add env vars for Gradle commands in test scripts by @duanemay in #3649
Misc
- Update database matrix to include PostgreSQL 17, remove 11 by @duanemay in #3629
- Delete "remove.me" by @adrianhoelzl-sap in #3632
- Boot Migration - Backwards compatible request mappings (end with slash) by @fhanik in #3635
- Add Comments to Authentication Managers !minor by @adrianhoelzl-sap in #3608
- Explicitly set up instrumentation for inline mocking by @duanemay in #3637
- Update database matrix to include MySQL 8.4 and 9, remove MySQL 5 by @duanemay in #3611
- Refactor ExternalLoginAuthenticationManager by @adrianhoelzl-sap in #3607
Dependency Bumps
- build(deps): bump jasmine-core from 5.10.0 to 5.11.0 in /uaa by @dependabot[bot] in #3634
- build(deps): bump rack from 2.2.17 to 2.2.18 in /uaa/slate by @dependabot[bot] in #3631
- build(deps): bump jasmine from 5.10.0 to 5.11.0 in /uaa by @dependabot[bot] in #3633
- build(deps): bump jasmine-core from 5.11.0 to 5.12.0 in /uaa by @dependabot[bot] in #3639
- build(deps): bump jasmine from 5.11.0 to 5.12.0 in /uaa by @dependabot[bot] in #3638
- build(deps): bump rack from 2.2.18 to 2.2.19 in /uaa/slate by @dependabot[bot] in #3640
- build(deps): bump versions.tomcatCargoVersion from 10.1.46 to 10.1.47 by @dependabot[bot] in #3641
- build(deps): bump github/codeql-action from 3 to 4 by @dependabot[bot] in #3642
- build(deps): bump rack from 2.2.19 to 2.2.20 in /uaa/slate by @dependabot[bot] in #3646
- build(deps): bump versions.tomcatCargoVersion from 10.1.47 to 10.1.48 by @dependabot[bot] in #3647
New Contributors
Full Changelog: v78.4.0...v78.5.0
Contributors
fhanik, duanemay, and 3 other contributors
Assets 2
78.4.0
What's Changed
Fixes
- [TNZ-27070]: Fix UAA on standard ports by @joemahady-comm in #3621
- Clear Origin ThreadLocal after AuthN in ExternalOAuthAuthenticationManager by @adrianhoelzl-sap in #3619
Misc
- Update dependabot by @strehle in #3599
- Simplify dependency versions defined in spring-boot-dependencies by @duanemay in #3604
- Add to PR #3622 by @fhanik in #3623
- Enable LDAP integration tests based on profile by @duanemay in #3627
- add userinfo test case by @fhanik in #3622
Dependency Bumps
- build(deps): bump versions.springBootVersion from 3.5.5 to 3.5.6 by @dependabot[bot] in #3625
- build(deps): bump versions.tomcatCargoVersion from 10.1.44 to 10.1.45 by @dependabot[bot] in #3615
- build(deps): bump versions.tomcatCargoVersion from 10.1.45 to 10.1.46 by @dependabot[bot] in #3620
- update dependency redcarpet to v3.6.1 by @strehle in #3592
- build(deps): bump github.com/onsi/gomega from 1.38.1 to 1.38.2 in /k8s by @dependabot[bot] in #3600
- build(deps): bump k8s.io/client-go from 0.33.4 to 0.34.0 in /k8s by @dependabot[bot] in #3603
- build(deps): bump jasmine-core from 5.9.0 to 5.10.0 in /uaa by @dependabot[bot] in #3606
- build(deps): bump jasmine from 5.9.0 to 5.10.0 in /uaa by @dependabot[bot] in #3605
- build(deps): bump actions/setup-go from 5 to 6 by @dependabot[bot] in #3610
- build(deps): bump k8s.io/client-go from 0.34.0 to 0.34.1 in /k8s by @dependabot[bot] in #3616
- update dependency org.sonarsource.scanner.gradle:sonarqube-gradle-plu… by @strehle in #3612
- update dependency com.nimbusds:nimbus-jose-jwt to v10.5 by @strehle in #3613
- build(deps): bump rexml from 3.3.9 to 3.4.2 in /uaa/slate by @dependabot[bot] in #3624
Full Changelog: v78.3.0...v78.4.0
Contributors
fhanik, duanemay, and 4 other contributors
Assets 2
78.3.0
What's Changed
Fixes
- Fix dependabot by @strehle in #3596
- Fix StaleUrlCache test by @fhanik in #3567
- Fix 3428 saml bug by @fhanik in #3593
Misc
- Refactor ExternalOAuthAuthenticationManager by @adrianhoelzl-sap in #3575
- Revert "fix flaky test" by @strehle in #3557
- Add "urn:ietf:params:oauth:grant-type:token-exchange" as a grant by @fhanik in #3552
- parse JWK from RSA public key value only if exists by @mikeroda in #3571
- The jwt-bearer grant confuses internal/external groups by @fhanik in #3582
Dependency Bumps
- Bump versions.springBootVersion from 3.5.4 3.5.5 by @dependabot[bot] in #1732
- build(deps): bump commons-codec:commons-codec from 1.18.0 to 1.19.0 by @dependabot[bot] in #3565
- build(deps): bump org.bouncycastle:bc-fips from 2.1.0 to 2.1.1 by @dependabot[bot] in #3572
- build(deps): bump github.com/onsi/gomega from 1.37.0 to 1.38.0 in /k8s by @dependabot[bot] in #3566
- build(deps): bump k8s.io/client-go from 0.33.3 to 0.33.4 in /k8s by @dependabot[bot] in #3585
- build(deps): bump com.nimbusds:nimbus-jose-jwt from 10.4.1 to 10.4.2 by @dependabot[bot] in #3588
- build(deps): bump com.icegreen:greenmail from 2.1.4 to 2.1.5 by @dependabot[bot] in #3578
- Update middleman by @strehle in #3576
- build(deps): bump actions/checkout from 4 to 5 by @dependabot[bot] in #3581
- build(deps): bump versions.seleniumVersion from 4.34.0 to 4.35.0 by @dependabot[bot] in #3583
- Update dependencies by @strehle in #3590
- build(deps): bump versions.byteBuddyVersion from 1.17.6 to 1.17.7 by @dependabot[bot] in #3591
- build(deps): bump nokogiri from 1.18.8 to 1.18.9 in /uaa/slate by @dependabot[bot] in #3564
- build(deps): bump actions/setup-java from 4 to 5 by @dependabot[bot] in #3594
- build(deps): bump github.com/onsi/gomega from 1.38.0 to 1.38.1 in /k8s by @dependabot[bot] in #3597
- build(deps): bump com.nimbusds:nimbus-jose-jwt from 10.4 to 10.4.1 by @dependabot[bot] in #3574
Full Changelog: v78.2.0...v78.3.0
Contributors
mikeroda, fhanik, and 3 other contributors
Assets 2
78.2.0
What's Changed
Misc
- Push UAA Docker images to cfidentity/uaa by @strehle in #3551
- Add GH Action for Docker-CI by @strehle in #3543
- fix flaky test by @strehle in #3546
Dependency Bumps
- Upgrade Tomcat to version 10.1.43 by @strehle in #3544
- Update gradle to v8.14.3 by @strehle in #3545
- build(deps): bump actions/setup-java from 3 to 4 by @dependabot[bot] in #3549
- build(deps): bump com.icegreen:greenmail from 2.1.3 to 2.1.4 by @dependabot[bot] in #3550
- build(deps): bump k8s.io/client-go from 0.33.2 to 0.33.3 in /k8s by @dependabot[bot] in #3554
- update spring core to v6.2.9 by @strehle in #3556
- build(deps): bump versions.jacksonVersion from 2.19.1 to 2.19.2 by @dependabot[bot] in #3559
- build(deps): bump commons-io:commons-io from 2.19.0 to 2.20.0 by @dependabot[bot] in #3562
- build(deps): bump jasmine-core from 5.8.0 to 5.9.0 in /uaa by @dependabot[bot] in #3558
- build(deps): bump jasmine from 5.8.0 to 5.9.0 in /uaa by @dependabot[bot] in #3560
- build(deps): bump com.nimbusds:nimbus-jose-jwt from 10.3.1 to 10.4 by @dependabot[bot] in #3561
Full Changelog: v78.1.0...v78.2.0
Contributors
strehle and dependabot
Assets 2
77.20.7
- Bump Tomcat to 9.0.107
- Bump Nimbus to 10.3.1
- Bump LDAP SDK to 6.0.11
Full Changelog: v77.20.6...v77.20.7
77.20.6
What's Changed
- Update gradle to v8.14.3 by @duanemay
- fixing SAML tests by @joemahady-comm
- Update LDAP schema and data files by @duanemay
- Update Java version to 21 in CI by @duanemay
- Bump Tomcat Cargo, Selenium, Brave, Jackson, JGit, ByteBuddy, and PostgreSQL versions by @duanemay
- Update to Java 21 by @duanemay
- Bump Kubernetes dependencies by @duanemay
- Bump jasmine and jasmine-core by @duanemay
- Bump gradle to 8.14.2 by @duanemay
- Update Mockito to 4.11.0, PostgreSQL to 42.7.6, and JSON library to 20250517 and add bytebuddy by @duanemay
- Bump Selenium version 4.32 and fix timeouts by @duanemay
- build(deps): update Go version and dependencies to latest versions by @duanemay
- build(deps): bump com.nimbusds:nimbus-jose-jwt from 10.2 to 10.3 by @duanemay
- build(deps): bump rack from 2.2.13 to 2.2.14 in /uaa/slate by @duanemay
- build(deps): bump versions.tomcatCargoVersion from 9.0.104 to 9.0.105 by @duanemay
- Bump gradle to 8.14.1 by @duanemay
Full Changelog: v77.20.5...v77.20.6
Contributors
duanemay and joemahady-comm
Assets 2
78.1.0
What's Changed
Fixes
- Spring 6 refactorings by @strehle in #3537
- Spring 6 refactorings because of CSRF cookie by @strehle in #3542
Dependency Bumps
- build(deps): bump versions.seleniumVersion from 4.33.0 to 4.34.0 by @dependabot in #3538
- build(deps): bump com.nimbusds:nimbus-jose-jwt from 10.3 to 10.3.1 by @dependabot in #3541
Full Changelog: v78.0.0...v78.1.0
Contributors
strehle and dependabot
Assets 2
78.0.0
What's Changed
New
- Spring 6.2.8 upgrade
- Spring Security 6.5.1 upgrade
- Spring Boot 3.5.3 upgrade
- Tomcat 10.1.42 upgrade
- Java 21 development upgrade
New details
- Upgrade to Spring Boot 3.4.7 by @fhanik in #3517
- Upgrade Spring Boot to 3.5.3 by @duanemay in #3530
- Require Java 21 by @duanemay in #3535
Misc
- typo by @strehle in #3529
- Update dependabot after boot update by @strehle in #3532
- Improve documentation by @duanemay in #3533
- Use fromUriString instead of fromHttpUrl by @duanemay in #3531
- fix typo in spring boot startup by @strehle in #3536
Full Changelog: v77.35.0...v78.0.0
Contributors
fhanik, duanemay, and strehle
Assets 2
77.35.0
What's Changed
Misc
- Spring Boot Final Touches by @fhanik in #3502
- Prepare the move towards java 21 by @strehle in #3496
- Ensure that all Singular URLs can be used. Singular app sometimes app… by @fhanik in #3505
- Refactor AutoLoginIT by @strehle in #3527
- Boot with Dual Ports by @fhanik in #3510
- Refactor versioning because of dependabot by @strehle in #3522
Fixes
- Potential fix for code scanning alert no. 44: HTTP response splitting by @strehle in #3504
- Potential fix for code scanning alert no. 43: Failure to use secure cookies by @strehle in #3503
- Fix UAA Singular application by @fhanik in #3506
- Fix request errors by @strehle in #3528
Dependency Bumps
- build(deps): bump versions.tomcatCargoVersion from 9.0.105 to 9.0.106 by @dependabot in #3514
- build(deps): bump org.postgresql:postgresql from 42.7.6 to 42.7.7 by @dependabot in #3515
- build(deps): bump brace-expansion from 2.0.1 to 2.0.2 in /uaa by @dependabot in #3516
- build(deps): bump org.mockito:mockito-core from 4.11.0 to 5.18.0 by @dependabot in #3499
- build(deps): bump versions.braveVersion from 6.2.0 to 6.3.0 by @dependabot in #3501
- build(deps): bump jasmine-core from 5.7.1 to 5.8.0 in /uaa by @dependabot in #3513
- build(deps): bump jasmine from 5.7.1 to 5.8.0 in /uaa by @dependabot in #3512
- build(deps): bump org.eclipse.jgit:org.eclipse.jgit from 7.2.1.202505142326-r to 7.3.0.202506031305-r by @dependabot in #3511
- build(deps): bump versions.jacksonVersion from 2.19.0 to 2.19.1 by @dependabot in #3518
- build(deps): bump k8s.io/client-go from 0.33.1 to 0.33.2 in /k8s by @dependabot in #3525
- build(deps): bump org.xmlunit:xmlunit-assertj from 2.10.2 to 2.10.3 by @dependabot in #3526
- Update Gradle to v8.14.2 by @duanemay in #3509
Full Changelog: v77.34.0...v77.35.0
Contributors
fhanik, duanemay, and 2 other contributors