Releases: cloudfoundry/uaa
Releases · cloudfoundry/uaa
76.20.0
What's Changed
Features
- Added log tracing using B3 headers so transactions between TAS components will use the same trace ID, in #2446. Log file parsers might need to be updated to reflect this addition to the logs. In the example below,
- [ebf4f18ff75a4cfc64a70c2de8ff493b,64a70c2de8ff493b]is the part that is added:
[2023-08-16T00:56:46.060135Z] uaa - 13 [https-jsse-nio-8443-exec-1] - [ebf4f18ff75a4cfc64a70c2de8ff493b,64a70c2de8ff493b] .... DEBUG --- UaaMetricsFilter: Successfully matched URI: /oauth/token to a group: /oauth-oidc
In some cases, the trace and span IDs will be blank:
[2023-08-17T01:53:42.790149Z] uaa/uaa - 17490 [main] - [,] .... INFO --- SpringSecurityCoreVersion: You are running with Spring Security Core 5.7.10
Fixes
- Move refresh rotate check to refresh flow in #2437
Full Changelog: v76.19.0...v76.20.0
76.19.0
What's Changed
Dependency Bumps
- build(deps): bump com.google.zxing:javase from 3.5.1 to 3.5.2 by @dependabot in #2426
- build(deps): bump versions.bouncyCastleVersion from 1.75 to 1.76 by @dependabot in #2425
- build(deps): bump versions.guavaVersion from 32.1.1-jre to 32.1.2-jre by @dependabot in #2429
- build(deps): bump versions.seleniumVersion from 4.10.0 to 4.11.0 by @dependabot in #2428
- fix: update k8s to go 1.20 by @Tallicia in #2432
- Bump hsqldb version 2.7.1 to 2.7.2 by @strehle in #2436
- build(deps): bump versions.tomcatCargoVersion from 9.0.78 to 9.0.79 by @dependabot in #2442
- build(deps): bump k8s.io/apimachinery from 0.27.4 to 0.28.0 in /k8s by @dependabot in #2443
- build(deps): bump k8s.io/client-go from 0.27.4 to 0.28.0 in /k8s by @dependabot in #2444
Misc
- integrationTest: Add IT for user_token grant variants by @strehle in #2194
- fix: Dependabot can't authenticate to the private package registry ht… by @hsinn0 in #2434
Full Changelog: v76.18.0...v76.19.0
Contributors
Tallicia, strehle, and 2 other contributors
Assets 2
76.18.0
What's Changed
Fixes
- UAA startup if postgresql is used for session store in #2414
- Expired X509 certificates should be ignored for JWT usage in #2423
Features
- Allow refresh flow for public usages in #2402
- Use custom key in private_key_jwt towards OAuth2/OIDC IdP in #2420
Dependency Bumps
- build(deps): bump jasmine-core from 5.0.1 to 5.1.0 in /uaa by @dependabot in #2418
- build(deps): bump github.com/onsi/gomega from 1.27.8 to 1.27.9 in /k8s by @dependabot in #2419
- build(deps): bump jasmine from 4.6.0 to 5.1.0 in /uaa by @dependabot in #2417
- build(deps): bump github.com/onsi/gomega from 1.27.9 to 1.27.10 in /k8s by @dependabot in #2421
- Gradle to 8.2.1
Misc
- Delete unused script & dockerfile by @peterhaochen47 in #2422
- Change default of refresh token format by @strehle in #2406
- uaa-ci: use RS256 key as default by @strehle in #2405
Full Changelog: v76.17.0...v76.18.0
Contributors
strehle, peterhaochen47, and dependabot
Assets 2
76.17.0
What's Changed
Fixes
- fix: Skip reset password requests with HEAD method (#2381) by @jbilandzija in #2389
- fix: Handle verify user requests with HEAD method by @jbilandzija in #2392
- fix: make kill more reliable by @swalchemist in #2347
Features
- feature: Store client authentication method in JWT by @strehle in #2385
- feature: Allow sending static key/value pairs to the configured IdP by @strehle in #2397
Dependency Bumps
- build(deps): bump versions.guavaVersion from 32.1.0-jre to 32.1.1-jre by @dependabot in #2393
- Bump Gradle to 8.2 by @strehle in #2396
- build(deps): bump versions.tomcatCargoVersion from 9.0.76 to 9.0.78 by @dependabot in #2400
- build(deps): bump versions.springBootVersion from 2.7.13 to 2.7.14 by @dependabot in #2409
- build(deps): bump k8s.io/client-go from 0.27.3 to 0.27.4 in /k8s by @dependabot in #2411
Misc
- Extend test coverage in OauthIDPWrapperFactoryBean by @strehle in #2399
- Add Introspection Claims Test by @strehle in #2404
- internal tests only: define more values in uaa.yml by @strehle in #2403
- Refactor: Add Instant to TimeService interface and use TimeService in UaaTokenStore by @strehle in #2315
New Contributors
- @jbilandzija made their first contribution in #2389
Full Changelog: v76.16.0...v76.17.0
Contributors
strehle, swalchemist, and 2 other contributors
Assets 2
76.16.0
Test ONLY
- No need to consume it but created because of pipeline fixes
Full Changelog: v76.15.0...v76.16.0
76.15.0
What's Changed
Fixes
- Fixes from version bump versions.bouncyCastleVersion from 1.73 to 1.75 by @dependabot in #2374 and #2382
- Fixes from version bump versions.springBootVersion from 2.7.12 to 2.7.13 by @dependabot in #2383
- Delete all user group members if user is deleted by @strehle in #2372
Features
Dependency Bumps
- build(deps): bump github.com/onsi/gomega from 1.27.7 to 1.27.8 in /k8s by @dependabot in #2350
- build(deps): bump commons-io:commons-io from 2.12.0 to 2.13.0 by @dependabot in #2352
- build(deps): bump versions.guavaVersion from 32.0.0-jre to 32.0.1-jre by @dependabot in #2357
- Upgrade Tomcat cargo version 9.0.76 by @strehle in #2361
- build(deps): bump org.eclipse.jgit:org.eclipse.jgit from 6.5.0.202303070854-r to 6.6.0.202305301015-r by @dependabot in #2369
- build(deps): bump versions.seleniumVersion from 4.9.1 to 4.10.0 by @dependabot in #2351
- build(deps): bump jasmine-core from 5.0.0 to 5.0.1 in /uaa by @dependabot in #2365
- build(deps): bump k8s.io/client-go from 0.27.2 to 0.27.3 in /k8s by @dependabot in #2373
- Bump jackson version 2.14.3 to 2.15.2 in #2377
- build(deps): bump org.json:json from 20230227 to 20230618 by @dependabot in #2379
Misc
- Dependency refactoring by @strehle in #2362
- Remove deprecated code for performance logs by @strehle in #2363
Full Changelog: v76.14.0...v76.15.0
Contributors
strehle and dependabot
Assets 2
76.14.0
What's Changed
- build(deps): bump versions.guavaVersion from 31.1-jre to 32.0.0-jre by @dependabot in #2345
Full Changelog: v76.13.0...v76.14.0
Contributors
dependabot
Assets 2
76.13.0
What's Changed
Fixes
- Fix regression from 76.12.0 in #2340
- Exclude unsupported response types in exception by @mikeroda in #2329
- CVE-2023-20883: Spring-Boot bump from 2.7.11 to 2.7.12 by @dependabot in #2332
Dependency Bumps
- build(deps): bump commons-io:commons-io from 2.11.0 to 2.12.0 by @dependabot in #2327
- build(deps): bump k8s.io/apimachinery from 0.27.1 to 0.27.2 in /k8s by @dependabot in #2330
- build(deps): bump k8s.io/api from 0.27.1 to 0.27.2 in /k8s by @dependabot in #2331
- build(deps): bump k8s.io/client-go from 0.27.1 to 0.27.2 in /k8s by @dependabot in #2333
- build(deps): bump github.com/onsi/gomega from 1.27.6 to 1.27.7 in /k8s by @dependabot in #2337
- Bump jackson 2.14.2 to 2.14.3 by @strehle in #2336
Misc
- Rrefactor while condition by @bruce-ricard in #2341
Full Changelog: v76.12.0...v76.13.0
Contributors
mikeroda, bruce-ricard, and 2 other contributors
Assets 2
DO NOT USE 76.12.0
DO NOT USE
Contains a regression with regards to OIDC IdPs. A fix has been included in release 76.13.0
What's Changed
Fixes
- KeyInfo fixes by @strehle in #2284
- fix: mysql 5 to mysql 8 back-and-restore by aligning collation shared in both mysql 5 and 8. by @Tallicia in #2326
Dependency Bumps
- build(deps): bump versions.seleniumVersion from 4.9.0 to 4.9.1 by @dependabot in #2319
- Upgrade Tomcat cargo version 9.0.75 by @strehle in #2321
- build(deps): bump jasmine-core from 4.6.0 to 5.0.0 in /uaa by @dependabot in #2323
Misc
Full Changelog: v76.11.0...v76.12.0
Contributors
Tallicia, strehle, and dependabot
Assets 2
76.11.0
What's Changed
Fixes
- Update gem setting to latest slate version by @strehle in #2257
- Fix issue #2303 in #2304
- Fix for ldap.ssl.skipverification by @cache-sk in #2273
- Fix auth code cleanup function in #2292
Dependency Bumps
- build(deps): bump versions.springBootVersion from 2.7.10 to 2.7.11 by @dependabot in #2295
- build(deps): bump org.seleniumhq.selenium:selenium-java from 4.8.3 to 4.9.0 by @dependabot in #2300
- build(deps): bump org.seleniumhq.selenium:selenium-http-jdk-client from 4.8.3 to 4.9.0 by @dependabot in #2299
- Update UAA image reference in k8s to 76.10.0 by @strehle in #2306
- Consolidate selenium version by @strehle in #2307
- build(deps): bump nokogiri from 1.13.10 to 1.14.3 in /uaa/slate by @dependabot in #2276
- Bump mariadb from 2.7.8 to 2.7.9 by @strehle in #2308
- Bump Gradle to 8.1.1 by @strehle in #2312
Misc
- TDD: add test for userinfo compare by @strehle in #2294
- TDD for UaaTokenStore: count DB usage in performExpirationClean by @strehle in #2293
- Test PR 2273 by @strehle in #2313
New Contributors
Full Changelog: v76.10.0...v76.11.0
Contributors
strehle, dependabot, and cache-sk