77.18.0

What's Changed

Fix

• Fix issue 3083: check user_name claim type by @strehle in #3084
• Allow Dynamic Value Lookup in Custom Zone for Private Key JWT when IdP has Alias by @adrianhoelzl-sap in #3078
• CVE-2024-38821, build(deps): bump versions.springSecurityVersion from 5.8.14 to 5.8.15 by @dependabot in #3089

Misc

• Deprecate SAML assertionConsumerIndex config property by @hsinn0 in #3088

Dependency Bumps

• build(deps): bump versions.tomcatCargoVersion from 9.0.95 to 9.0.96 by @dependabot in #3080
• build(deps): bump jasmine-core from 5.3.0 to 5.4.0 in /uaa by @dependabot in #3085
• build(deps): bump jasmine from 5.3.1 to 5.4.0 in /uaa by @dependabot in #3086
• build(deps): bump org.passay:passay from 1.6.5 to 1.6.6 by @dependabot in #3087
• build(deps): bump org.apache.velocity:velocity-engine-core from 2.4 to 2.4.1 by @dependabot in #3090

Full Changelog: v77.17.0...v77.18.0

77.17.0

What's Changed

Fix

• fix: support id_token_hint parameter on oidc logout by @mikeroda in #3049
• fix: replace regex usage with simple search by @strehle in #2866
• fix: refer to JavaPluginConvention for g9 compat by @alexanderankin in #3073
• Test-Fix of chromdriver129 issue by @strehle in #3062
• fix: add external saml groups with empty whitelist by @mikeroda in #3061

Misc

• Misc LDAP docs and examples fixes by @peterhaochen47 in #3047
• dependabot: no longer operates on 74.5.x branch by @peterhaochen47 in #3065
• doc: add UAA.yml example for UAA login page inputs help texts by @peterhaochen47 in #3071
• use java 17 for codeql by @strehle in #3075

Dependency Bumps

• build(deps): bump org.apache.velocity:velocity-engine-core from 2.3 to 2.4 by @dependabot in #3060
• build(deps): bump commons-io:commons-io from 2.16.1 to 2.17.0 by @dependabot in #3054
• build(deps): bump versions.guavaVersion from 33.3.0-jre to 33.3.1-jre by @dependabot in #3063
• build(deps): bump webrick from 1.8.1 to 1.8.2 in /uaa/slate by @dependabot in #3066
• build(deps): bump org.seleniumhq.selenium:selenium-java from 4.18.1 to 4.25.0 by @dependabot in #3059
• build(deps): bump versions.jacksonVersion from 2.17.2 to 2.18.0 by @dependabot in #3068
• build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.41.1 to 9.41.2 by @dependabot in #3070
• build(deps): bump jasmine from 5.3.0 to 5.3.1 in /uaa by @dependabot in #3074
• renovate: update dependency gradle to v8.10.2 by @strehle in #3067
• build(deps): bump org.owasp.esapi:esapi from 2.5.4.0 to 2.5.5.0 by @dependabot in #3079

New Contributors

• @alexanderankin made their first contribution in #3073

Full Changelog: v77.16.0...v77.17.0

77.16.0

What's Changed

Fix

• fix Update of Users with Alias during Login by @adrianhoelzl-sap in #3014
• Sonar fix by @strehle in #3028
• fix: use up-to-date jwt sigining key config fields in local UAA.yml by @peterhaochen47 in #3006
• fix error in integration tests by @strehle in #3020
• fix: external group memberships should have correct origin by @mikeroda in #3033
• Add exception handler for SCIM by @strehle in #3027

Misc

• doc: explain UI logo configs format by @peterhaochen47 in #3013
• Add Response Status Code Checks to IntegrationTestUtils by @adrianhoelzl-sap in #3025
• Refactor ScimUserProvisioning Dependency Injection by @adrianhoelzl-sap in #3026
• fix: reduce DB calls in password grant flow by @strehle in #3017
• doc: uaa.yml config oauth.user.authorities by @peterhaochen47 in #3036

Dependency Bumps

• build(deps): bump versions.guavaVersion from 33.2.1-jre to 33.3.0-jre by @dependabot in #3008
• build(deps): bump versions.springSecurityVersion from 5.8.13 to 5.8.14 by @dependabot in #3009
• chore(deps): update dependency nokogiri to v1.16.7 by @strehle in #3010
• renovate: update dependency gradle to v8.10 by @strehle in #3012
• build(deps): bump rexml from 3.3.3 to 3.3.6 in /uaa/slate by @dependabot in #3011
• build(deps): bump org.postgresql:postgresql from 42.7.3 to 42.7.4 by @dependabot in #3015
• build(deps): bump org.passay:passay from 1.6.4 to 1.6.5 by @dependabot in #3018
• build(deps): bump github.com/onsi/gomega from 1.34.1 to 1.34.2 in /k8s by @dependabot in #3023
• Update snakeyaml to 2.3 by @strehle in #3024
• build(deps): bump jasmine-core from 5.2.0 to 5.3.0 in /uaa by @dependabot in #3032
• build(deps): bump jasmine from 5.2.0 to 5.3.0 in /uaa by @dependabot in #3031
• Gradle Update 8.10.1 by @strehle in #3035
• build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.40 to 9.41 by @dependabot in #3034
• build(deps): bump versions.tomcatCargoVersion from 9.0.91 to 9.0.94 by @dependabot in #3039
• build(deps): bump org.eclipse.jgit:org.eclipse.jgit from 6.10.0.202406032230-r to 7.0.0.202409031743-r by @dependabot in #3038
• build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.41 to 9.41.1 by @dependabot in #3042
• build(deps): bump org.gradle:test-retry-gradle-plugin from 1.5.10 to 1.6.0 by @dependabot in #3043
• build(deps): bump k8s.io/client-go from 0.31.0 to 0.31.1 in /k8s by @dependabot in #3045
• build(deps): bump joda-time:joda-time from 2.12.7 to 2.13.0 by @dependabot in #3048
• build(deps): bump versions.tomcatCargoVersion from 9.0.94 to 9.0.95 by @dependabot in #3051
• Update send 0.19.0 by @strehle in #3052

Full Changelog: v77.15.0...v77.16.0

77.15.0

What's Changed

Fix

• Fix Alias Validation when no Identity Zone ID is set in the Request Body by @adrianhoelzl-sap in #2967
• fix: ErrorRoutingIT test by @peterhaochen47 in #2977
• Sonar fix by @strehle in #2954

Misc

• New: Return a sorted IdP list by @strehle in #2980
• clean-up: IdentityZone samlConfig properties for UAA-as-SAML-IdP feature by @hsinn0 in #2983
• Adjust Section about IdZ Deletion in Alias Documentation by @adrianhoelzl-sap in #2969
• Update UAA image reference in k8s deployment template to 77.14.0 by @coolgang123 in #2996
• Optional BC-FIPS upgrade to 2.0.0 by @strehle in #2987

Dependency Bumps

• build(deps): bump k8s.io/client-go from 0.30.2 to 0.30.3 in /k8s by @dependabot in #2964
• Dependabot fix for rexml by @strehle in #2968
• build(deps): bump jasmine-core from 5.1.2 to 5.2.0 in /uaa by @dependabot in #2975
• build(deps): bump jasmine from 5.1.0 to 5.2.0 in /uaa by @dependabot in #2974
• build(deps): bump github.com/onsi/gomega from 1.33.1 to 1.34.0 in /k8s by @dependabot in #2979
• build(deps): bump github.com/onsi/gomega from 1.34.0 to 1.34.1 in /k8s by @dependabot in #2984
• build(deps): bump versions.tomcatCargoVersion from 9.0.91 to 9.0.93 by @dependabot in #2992
• Revert "build(deps): bump versions.tomcatCargoVersion from 9.0.91 to 9.0.93" by @hsinn0 in #2997
• build(deps): bump org.hamcrest:hamcrest from 2.2 to 3.0 by @dependabot in #2990
• build(deps): bump rexml from 3.3.2 to 3.3.3 in /uaa/slate by @dependabot in #2991
• build(deps): bump org.apache.directory.api:api-ldap-model from 2.1.6 to 2.1.7 by @dependabot in #2995
• build(deps): bump k8s.io/client-go from 0.30.3 to 0.31.0 in /k8s by @dependabot in #3004
• build(deps): bump versions.springFrameworkVersion from 5.3.37 to 5.3.39 by @dependabot in #3005 , solve https://spring.io/security/cve-2024-38809

New Contributors

• @coolgang123 made their first contribution in #2996

Full Changelog: v77.14.0...v77.15.0

77.14.0

What's Changed

Fix

Regression in Release before, see #2963 , PR: Fix regression in identity-provider endpoint by @strehle in #2962

Misc

• Show error in IT by @strehle in #2960
• build(deps): bump org.gradle:test-retry-gradle-plugin from 1.5.9 to 1.5.10 by @dependabot in #2961

Full Changelog: v77.13.0...v77.14.0

77.13.0

What's Changed

Fix

• fix: test bug (SamlLoginIT) by @peterhaochen47 in #2957
• fix: Integration test bootstrap fixed by @strehle in #2959
• fix Injection of 'aliasEntitiesEnabled' into IdentityProviderEndpoints by @adrianhoelzl-sap in
• fix documentation for OpenID connect clientJWT by @strehle in #2937
• fix Version Handling during Update of User with Alias by @adrianhoelzl-sap in #2944

Misc

• Add performance index for token resolution by @strehle in #2932
• Refactor: throw an exception if reference in uaa.yml is missing by @strehle in #2952
• Refactor: Load UserConfig as bean by @strehle in #2934

Dependency Bumps

• build(deps): bump org.sonarsource.scanner.gradle:sonarqube-gradle-plugin from 5.0.0.4638 to 5.1.0.4872 by @dependabot in #2946
• build(deps): bump org.sonarsource.scanner.gradle:sonarqube-gradle-plugin from 5.1.0.4872 to 5.1.0.4882 by @dependabot in #2947
• build(deps): bump versions.jacksonVersion from 2.17.1 to 2.17.2 by @dependabot in #2949
• build(deps): bump versions.tomcatCargoVersion from 9.0.90 to 9.0.91 by @dependabot in #2951
  #2943
• Bump Gradle to 8.9 by @strehle in #2953
• build(deps): bump org.apache.commons:commons-rng-core from 1.5 to 1.6 by @dependabot in #2956
• build(deps): bump org.apache.commons:commons-rng-simple from 1.5 to 1.6 by @dependabot in #2955
• build(deps): bump commons-codec:commons-codec from 1.17.0 to 1.17.1 by @dependabot in #2958

Full Changelog: v77.12.0...v77.13.0

77.12.0

What's Changed

Fix

• fix: Support authMethod=none in proxy password grant by @strehle in #2918
• fix: bearer token in oauth2 UserInfo flow by @strehle in #2924
• fix potential typo in OauthIDPWrapperFactoryBean.java by @adrianhoelzl-sap in #2940
• fix: publish an external group auth event only with registered IDPs by @mikeroda in #2941

Misc

• Reject IdZ deletion if an IdP with alias exists in the zone by @adrianhoelzl-sap in #2850
• Add postgresql 16 tests to github actions by @iprotsiuk in #2938
• Add 'identity_zone_id' column to indexes for 'alias_zid' by @adrianhoelzl-sap in #2942

Dependency Bumps

• build(deps): bump k8s.io/client-go from 0.30.1 to 0.30.2 in /k8s by @dependabot in #2929
• build(deps): bump versions.springFrameworkVersion from 5.3.36 to 5.3.37 by @dependabot in #2926
• build(deps): bump org.eclipse.jgit:org.eclipse.jgit from 6.9.0.202403050737-r to 6.10.0.202406032230-r by @dependabot in #2927
• build(deps): bump versions.springSecurityVersion from 5.8.12 to 5.8.13 by @dependabot in #2933
• renovate: : update dependency nokogiri to v1.16.6 by @strehle in #2931
• build(deps): bump versions.tomcatCargoVersion from 9.0.89 to 9.0.90 by @dependabot in #2935

New Contributors

• @iprotsiuk made their first contribution in #2938

Full Changelog: v77.11.0...v77.12.0

77.11.0

What's Changed

Fix

• fix issue #2917 by @strehle in #2923
• fix: generate email if it is the empty string on external login by @mikeroda in #2868
• fix: Zone creation fails when allow list does not contain all default groups by @adrianhoelzl-sap in #2870

Feature

• Support Alias feature in experimental mode
• Documentation for Alias Feature by @adrianhoelzl-sap in #2919
• Alias ID and Alias ZID for Users by @adrianhoelzl-sap in #2663
• Alias Handler for SCIM Users by @adrianhoelzl-sap in #2769
• feature: filter IdP retrival by @strehle in #2882
• Identity provider key caching behavior configurable by @strehle in #2920

Misc

• Add kill_uaa script before run and integrationTest tasks by @duanemay in #2903
• Sonar refactoring - IdentityProviderEndpoints class by @strehle in #2890
• IT for testing a fix of issue #2917 by @strehle in #2922

Dependency Bumps

• Update rexml to 3.2.7 by @strehle in #2902
• build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.39.1 to 9.39.2 by @dependabot in #2905
• build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.39.2 to 9.39.3 by @dependabot in #2909
• build(deps): bump org.owasp.esapi:esapi from 2.5.3.1 to 2.5.4.0 by @dependabot in #2906
• deps: update dependency org.hsqldb:hsqldb to v2.7.3 by @strehle in #2910
• Bump Gradle to 8.8 by @strehle in #2912
• build(deps): bump versions.guavaVersion from 33.2.0-jre to 33.2.1-jre by @dependabot in #2911
• build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.39.3 to 9.40 by @dependabot in #2921

Full Changelog: v77.10.0...v77.11.0

77.10.0

What's Changed

Fix

• fix: allow to change or delete a relyingPartySecret on IdP by @strehle in #2896
• fix: always rotate refresh tokens for public clients by @mikeroda in #2846
• fix: /info docs test expectation by @peterhaochen47 in #2884

Misc

• Misc dev script improvements by @peterhaochen47 in #2876
• refactor: avoid indirect dep from EOL lib spring-security-saml2-core by @peterhaochen47 in #2879
• Sonar refactoring - AbstractUaaEvent class by @strehle in #2891

Dependency Bumps

• build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.37.3 to 9.38 by @dependabot in #2877
• build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.38 to 9.39 by @dependabot in #2881
• build(deps): bump nokogiri from 1.16.4 to 1.16.5 in /uaa/slate by @dependabot in #2886
• build(deps): bump k8s.io/client-go from 0.30.0 to 0.30.1 in /k8s by @dependabot in #2893
• build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.39 to 9.39.1 by @dependabot in #2892
• build(deps): bump versions.springFrameworkVersion from 5.3.34 to 5.3.35 by @dependabot in #2897
• build(deps): bump versions.springFrameworkVersion from 5.3.35 to 5.3.36 by @dependabot in #2901

Full Changelog: v77.9.0...v77.10.0

77.9.0

What's Changed

• Move OAuth2 Core Server Classes to UAA namespace by @strehle in #2813
• test-refactoring: remove forked class in tests by @strehle in #2845
• build(deps): bump versions.guavaVersion from 33.1.0-jre to 33.2.0-jre by @dependabot in #2865
• build(deps): bump versions.jacksonVersion from 2.17.0 to 2.17.1 by @dependabot in #2869
• Refactoring: testable code in JdbcScimUserProvisioning by @strehle in #2863
• Refactoring: use namedJdbcTemplate bean instead of internal new object by @strehle in #2864
• Update tool chain by @strehle in #2873
• build(deps): bump versions.tomcatCargoVersion from 9.0.88 to 9.0.89 by @dependabot in #2872

Full Changelog: v77.8.0...v77.9.0