Releases: cloudfoundry/uaa
Releases · cloudfoundry/uaa
77.20.5
What's Changed
Misc
- Introduce --guest ChromeOption so that we don't get password check popups 9fbe814
Dependency Bumps
- Bump gradle to 8.14 433f392
- bump jasmine-core from 5.7.0 to 5.7.1 2a8c1dd
- bump jasmine from 5.7.0 to 5.7.1 c05e637
- Update dependency versions in dependencies.gradle
- tomcatCargoVersion to 9.0.104
- guavaVersion to 33.4.1-jre
- seleniumVersion to 4.32.0
- braveVersion to 6.2.0
- jacksonVersion to 2.19.0
- snakeyaml to 2.4
- commonsIo to 2.19.0
- eclipseJgit to 7.2.0.202503040940-r
- xmlSecurity to 4.0.4
- jodaTime to 2.14.0
- jacocoAgent to 0.8.13
- sonarqubePlugin to 6.1.0.5360
- bump org.eclipse.jgit:org.eclipse.jgit a63fd5e
- bump org.sonarsource.scanner.gradle:sonarqube-gradle-plugin from 6.1.0.5360 to 6.2.0.5505 b9ca280
Full Changelog: v77.20.4...v77.20.5
77.33.0
What's Changed
Misc
- Replace org.springframework.util.StringUtils.isEmpty by @strehle in #3443
- XML Removal by @fhanik in #3436
- Sonar improvement by @strehle in #3448
- Refactor deprecate String.Format by @strehle in #3444
- Replace deprecate from Spring Framework by @strehle in #3446
- Refactor [tests only] deprecated query for object by @strehle in #3449
- Refactor (prepare) before Spring Update by @strehle in #3445
- Add constructor to InvalidRequestException by @alexnik99 in #3455
Fixes
- Fix SAML authentication by @strehle in #3439
- Fix setup integration test by @strehle in #3456
- Fix client authentication before spring security 6x by @strehle in #3458
- disable state in pool by @strehle in #3442
Dependency Bumps
- build(deps): bump versions.seleniumVersion from 4.31.0 to 4.32.0 by @dependabot in #3441
- build(deps): bump versions.tomcatCargoVersion from 9.0.104 to 9.0.105 by @dependabot in #3462
- build(deps): bump rack from 2.2.13 to 2.2.14 in /uaa/slate by @dependabot in #3452
New Contributors
- @alexnik99 made their first contribution in #3455
Full Changelog: v77.32.0...v77.33.0
Contributors
fhanik, strehle, and 2 other contributors
Assets 2
77.32.0
What's Changed
Misc
- Remove spring-ldap-core-tiger by @gdgenchev in #3406
- spring-servlet.xml - removal of XML by @fhanik in #3412
- Revert "spring-servlet.xml - removal of XML" by @fhanik in #3431
- XML removal - final stage by @fhanik in #3433
- Revert "XML removal - final stage" by @fhanik in #3435
Fixes
- Exclude SAML Key from toString by @duanemay in #3419
- fix SAML IdP initiated SSO by @strehle in #3428
- Fix duplicate bean definition of rest templates -Alternative to PR #3430 by @strehle in #3434
- Fix for CVE-2025-22246
Dependency Bumps
- build(deps): bump com.nimbusds:nimbus-jose-jwt from 10.1 to 10.2 by @dependabot in #3390
- build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 in /k8s by @dependabot in #3407
- build(deps): bump k8s.io/client-go from 0.32.3 to 0.32.4 in /k8s by @dependabot in #3415
- build(deps): bump nokogiri from 1.18.4 to 1.18.8 in /uaa/slate by @dependabot in #3409
- Bump gradle to 8.14 by @duanemay in #3421
- build(deps): bump k8s.io/client-go from 0.32.4 to 0.33.0 in /k8s by @dependabot in #3418
- build(deps): bump versions.jacksonVersion from 2.18.3 to 2.19.0 by @dependabot in #3420
- build(deps): bump versions.braveVersion from 6.1.0 to 6.2.0 by @dependabot in #3424
- build(deps): bump jasmine from 5.6.0 to 5.7.0 in /uaa by @dependabot in #3425
- build(deps): bump jasmine-core from 5.6.0 to 5.7.0 in /uaa by @dependabot in #3426
- build(deps): bump jasmine-core from 5.7.0 to 5.7.1 in /uaa by @dependabot in #3437
- build(deps): bump jasmine from 5.7.0 to 5.7.1 in /uaa by @dependabot in #3438
New Contributors
- @gdgenchev made their first contribution in #3406
Full Changelog: v77.31.0...v77.32.0
Contributors
fhanik, duanemay, and 3 other contributors
Assets 2
77.31.0
What's Changed
Misc
Fixes
- Fix #3349 by @fhanik in #3389
- fix: allow external group names with quotes by @mikeroda in #3372
- fix class cast issue by @strehle in #3380
- import cleanup by @strehle in #3402
Fixes (tests)
- selenium tests: logout fix by @strehle in #3394
- add wait in OIDC and SAML by @strehle in #3397
- more waits before next UI step by @strehle in #3398
- refactor home login by @strehle in #3399
- Add more checks and indirect waits to get known state by @strehle in #3400
- fix correct usage [TESTS ONLY] by @strehle in #3404
Dependency Bumps
- Bump snakeyaml from 2.3 to v2.4 by @strehle in #3379
- build(deps): bump org.jacoco:org.jacoco.agent from 0.8.12 to 0.8.13 by @dependabot in #3382
- build(deps): bump github.com/onsi/gomega from 1.36.3 to 1.37.0 in /k8s by @dependabot in #3383
- build(deps): bump com.nimbusds:nimbus-jose-jwt from 10.0.2 to 10.1 by @dependabot in #3381
- build(deps): bump versions.seleniumVersion from 4.30.0 to 4.31.0 by @dependabot in #3385
- build(deps): bump versions.tomcatCargoVersion from 9.0.102 to 9.0.104 by @dependabot in #3392
- build(deps): bump versions.guavaVersion from 33.4.6-jre to 33.4.7-jre by @dependabot in #3391
- build(deps): bump org.apache.commons:commons-text from 1.13.0 to 1.13.1 by @dependabot in #3396
- build(deps): bump org.apache.santuario:xmlsec from 4.0.3 to 4.0.4 by @dependabot in #3395
- build(deps): bump commons-io:commons-io from 2.18.0 to 2.19.0 by @dependabot in #3403
- build(deps): bump versions.guavaVersion from 33.4.7-jre to 33.4.8-jre by @dependabot in #3405
Full Changelog: v77.30.0...v77.31.0
Contributors
mikeroda, fhanik, and 3 other contributors
Assets 2
77.30.0
What's Changed
Fixes
- fix: accept application/jwk-set+json when fetching JWKs by @mikeroda in #3365
- fix cast exception with login_hint to /login by @strehle in #3368
- fix saml validation and allow again only encrypted assertions by @strehle in #3361
- fix federated credential administration by @strehle in #3377
- Remove response X-XSS-Protection header by @strehle in #3362
Misc
- Move multitenant-endpoints.xml to javaconfig by @Kehrlann in #3355
- remove oauth-endpoints.xml by @fhanik in #3364
Dependency Bumps
- build(deps): bump nokogiri from 1.18.3 to 1.18.4 in /uaa/slate by @dependabot in #3367
- build(deps): bump versions.seleniumVersion from 4.29.0 to 4.30.0 by @dependabot in #3369
- build(deps): bump github.com/onsi/gomega from 1.36.2 to 1.36.3 in /k8s by @dependabot in #3371
- build(deps): bump org.sonarsource.scanner.gradle:sonarqube-gradle-plugin from 6.0.1.5171 to 6.1.0.5360 by @dependabot in #3373
- build(deps): bump org.eclipse.jgit:org.eclipse.jgit from 7.1.0.202411261347-r to 7.2.0.202503040940-r by @dependabot in #3359
- build(deps): bump versions.guavaVersion from 33.4.0-jre to 33.4.5-jre by @dependabot in #3358
- build(deps): bump versions.guavaVersion from 33.4.5-jre to 33.4.6-jre by @dependabot in #3375
- build(deps): bump joda-time:joda-time from 2.13.1 to 2.14.0 by @dependabot in #3378
Full Changelog: v77.29.0...v77.30.0
Contributors
mikeroda, fhanik, and 3 other contributors
Assets 2
77.29.0
What's Changed
Fixes
- fix: Jwt Bearer should be able to return id_token by @strehle in #3344
- Integration tests: add an option for the web driver to click and wait for a page reload by @Kehrlann in #3330
- Improve UaaWebDriver#clickAndWait by @Kehrlann in #3336
Feature
- Proxy jwt bearer to support corporate trust by @strehle in #3309
- feature test: JWT bearer across zones by @strehle in #3348
Misc
- scim beans to java config by @fhanik in #3310
- Revert "Fix cargo local with Tomcat 9.0.100" by @strehle in #3325
- Move login-ui.xml to java config, second part by @Kehrlann in #3316
- remove identity-zones.xml by @Kehrlann in #3326
- Move codestore-endpints endpoints javaconfig by @Kehrlann in #3337
- Move /userinfo endpoint to java config by @Kehrlann in #3339
- Move /oauth/clients/** filter chains to java configuration by @Kehrlann in #3350
- resource-endpoints.xml to java config by @fhanik in #3343
- move approvalsSecurity filterchain to java by @fhanik in #3345
- remove authentication.xml by @Kehrlann in #3334
- replace Spring Security filters in scim-endpoints.xml by @fhanik in #3329
- Remove the rate limiter filter from the resource-endpoints.xml by @fhanik in https://github.com/cloudfoundry/uaa
- Create client with jwt bearer with empty secret by @strehle in #3301
Dependency Bumps
- build(deps): bump versions.tomcatCargoVersion from 9.0.100 to 9.0.102 by @dependabot in #3324
- build(deps): bump rack from 2.2.12 to 2.2.13 in /uaa/slate by @dependabot in #3332
- build(deps): bump k8s.io/client-go from 0.32.2 to 0.32.3 in /k8s by @dependabot in #3342
/pull/3338 - build(deps): bump golang.org/x/net from 0.33.0 to 0.36.0 in /k8s by @dependabot in #3346
Full Changelog: v77.28.0...v77.29.0
Contributors
fhanik, Kehrlann, and 2 other contributors
Assets 2
77.20.4
Contributors
strehle
Assets 2
77.28.0
What's Changed
Fixes
Dependency Bumps
- build(deps): bump versions.jacksonVersion from 2.18.2 to 2.18.3 by @dependabot in #3320
- build(deps): bump rack from 2.2.11 to 2.2.12 in /uaa/slate by @dependabot in #3322
Full Changelog: v77.27.0...v77.28.0
Contributors
strehle and dependabot
Assets 2
77.27.0
What's Changed
Fixes
- Login Info Endpoint: optimize OAuth IdPs for JSON Response by @adrianhoelzl-sap in #3254
- Fix tail_uaa_log by @duanemay in #3294
- Fix cargo local with Tomcat 9.0.100 by @Kehrlann in #3313
- refactor: show client jwt configuration by @strehle in #3302
Misc
- Move login-ui.xml to java configuration by @Kehrlann in #3262
- Remove experimental status by @strehle in #3287
- Add jwt bearer to cf client by @strehle in #3307
Dependency Bumps
- build(deps): bump jasmine-core from 5.5.0 to 5.6.0 in /uaa by @dependabot in #3283
- build(deps): bump jasmine from 5.5.0 to 5.6.0 in /uaa by @dependabot in #3282
- build(deps): bump rack from 2.2.10 to 2.2.11 in /uaa/slate by @dependabot in #3291
- build(deps): bump k8s.io/client-go from 0.32.1 to 0.32.2 in /k8s by @dependabot in #3296
- build(deps): bump versions.tomcatCargoVersion from 9.0.98 to 9.0.100 by @dependabot in #3298
- build(deps): bump versions.braveVersion from 6.0.3 to 6.1.0 by @dependabot in #3299
- build(deps): bump nokogiri from 1.16.7 to 1.18.3 in /uaa/slate by @dependabot in #3304
- build(deps): bump versions.seleniumVersion from 4.28.1 to 4.29.0 by @dependabot in #3306
- build(deps): bump org.awaitility:awaitility from 4.2.2 to 4.3.0 by @dependabot in #3308
- Bump gradle to 8.13 by @duanemay in #3311
- build(deps): bump com.nimbusds:nimbus-jose-jwt from 10.0.1 to 10.0.2 by @dependabot in #3312
- build(deps): bump org.bouncycastle:bcpkix-fips from 2.0.7 to 2.1.9 by @dependabot in #3315
- Revert "build(deps): bump org.bouncycastle:bcpkix-fips from 2.0.7 to 2.1.9" by @strehle in #3318
Full Changelog: v77.26.0...v77.27.0
Contributors
duanemay, Kehrlann, and 3 other contributors
Assets 2
77.20.3
What's Changed
Downport Fixes
- Forbid client authentication with empty secret
- Add check for parsed accept header to not be blank
- fix: concurrent group membership race conditions
Dependency Bumps
- Bump gradle to 8.12.1
- deps: update dependency go to v1.23.5
- build(deps): bump k8s.io/client-go from 0.32.0 to 0.32.1 in /k8s
- build(deps): bump jasmine-core from 5.5.0 to 5.6.0 in /uaa
- build(deps): bump k8s.io/client-go from 0.32.1 to 0.32.2 in /k8s
- build(deps): bump versions.tomcatCargoVersion from 9.0.98 to 9.0.100
- build(deps): bump versions.braveVersion from 6.0.3 to 6.1.0
- build(deps): bump rack from 2.2.10 to 2.2.11 in /uaa/slate
- bump joda-time:joda-time from 2.13.0 to 2.13.1
- bump commons-codec:commons-codec from 1.17.2 to 1.18.0
- bump versions.seleniumVersion from 4.27.0 to 4.28.1
Full Changelog: v77.20.2...v77.20.3