Skip to content

Releases: cloudfoundry/uaa

77.9.0

08 May 17:57
Compare
Choose a tag to compare

What's Changed

  • Move OAuth2 Core Server Classes to UAA namespace by @strehle in #2813
  • test-refactoring: remove forked class in tests by @strehle in #2845
  • build(deps): bump versions.guavaVersion from 33.1.0-jre to 33.2.0-jre by @dependabot in #2865
  • build(deps): bump versions.jacksonVersion from 2.17.0 to 2.17.1 by @dependabot in #2869
  • Refactoring: testable code in JdbcScimUserProvisioning by @strehle in #2863
  • Refactoring: use namedJdbcTemplate bean instead of internal new object by @strehle in #2864
  • Update tool chain by @strehle in #2873
  • build(deps): bump versions.tomcatCargoVersion from 9.0.88 to 9.0.89 by @dependabot in #2872

Full Changelog: v77.8.0...v77.9.0

77.8.0

30 Apr 17:51
Compare
Choose a tag to compare

What's Changed

Full Changelog: v77.7.0...v77.8.0

77.7.0

29 Apr 22:17
Compare
Choose a tag to compare

What's Changed

This release addresses a serious performance issue that can affect installations using a MySQL database for UAA and has a large number of users (10,000+).

Fix

Full Changelog: v77.6.0...v77.7.0

77.6.0

26 Apr 20:56
Compare
Choose a tag to compare

What's Changed

Security

Fix

  • fix: load static resources from default zone if zone not found by @tack-sap in #2828

Misc

Dependency Bumps

  • build(deps): bump versions.springSecurityVersion from 5.8.11 to 5.8.12 by @dependabot in #2829
  • build(deps): bump versions.tomcatCargoVersion from 9.0.87 to 9.0.88 by @dependabot in #2832
  • build(deps): bump k8s.io/client-go from 0.29.3 to 0.29.4 in /k8s by @dependabot in #2835
  • build(deps): bump org.apache.commons:commons-text from 1.11.0 to 1.12.0 by @dependabot in #2833
  • build(deps): bump k8s.io/client-go from 0.29.4 to 0.30.0 in /k8s by @dependabot in #2839
  • build(deps): bump github.com/onsi/gomega from 1.32.0 to 1.33.0 in /k8s by @dependabot in #2842
  • build(deps): bump org.gradle:test-retry-gradle-plugin from 1.5.8 to 1.5.9 by @dependabot in #2852
  • build(deps): bump org.bouncycastle:bc-fips from 1.0.2.4 to 1.0.2.5 by @dependabot in #2853

Full Changelog: v77.5.0...v77.6.0

77.5.0

12 Apr 09:05
Compare
Choose a tag to compare

What's Changed

Security Fix

Misc

Dependency Bumps

  • build(deps): bump commons-io:commons-io from 2.15.1 to 2.16.0 by @dependabot in #2811
  • build(deps): bump commons-io:commons-io from 2.16.0 to 2.16.1 by @dependabot in #2819
  • build(deps): bump versions.braveVersion from 6.0.2 to 6.0.3 by @dependabot in #2823
  • update dependency nokogiri to v1.16.4 by @strehle in #2827

Full Changelog: v77.4.0...v77.5.0

77.4.0

27 Mar 14:13
Compare
Choose a tag to compare

What's Changed

Full Changelog: v77.3.0...v77.4.0

77.3.0

20 Mar 00:21
Compare
Choose a tag to compare

What's Changed

  • Load jwtClientAuthentication in uaa.yml by @strehle in #2758
  • build(deps): bump org.eclipse.jgit:org.eclipse.jgit from 6.8.0.202311291450-r to 6.9.0.202403050737-r by @dependabot in #2772
  • Update rack in Gemfile.lock by @strehle in #2773
  • Optimize "/ids/Users" endpoint by @adrianhoelzl-sap in #2704
  • feat: Use Database availability as indicator for /healthz response by @tack-sap in #2763
  • build(deps): bump versions.jacksonVersion from 2.16.1 to 2.16.2 by @dependabot in #2774
  • Fix sonar by @strehle in #2770
  • build(deps): bump versions.springFrameworkVersion from 5.3.32 to 5.3.33 by @dependabot in #2777
  • build(deps): bump versions.guavaVersion from 33.0.0-jre to 33.1.0-jre by @dependabot in #2778
  • build(deps): bump org.postgresql:postgresql from 42.7.2 to 42.7.3 by @dependabot in #2781
  • build(deps): bump versions.tomcatCargoVersion from 9.0.86 to 9.0.87 by @dependabot in #2780
  • build(deps): bump versions.jacksonVersion from 2.16.2 to 2.17.0 by @dependabot in #2776
  • build(deps): bump k8s.io/client-go from 0.29.2 to 0.29.3 in /k8s by @dependabot in #2786
  • update dependency nokogiri to v1.16.3 by @strehle in #2787
  • build(deps): bump versions.springSecurityVersion from 5.8.10 to 5.8.11 by @dependabot in #2788
  • Fix uaa start. Prevent exception if encryption section missing by @strehle in #2767
  • build(deps): bump github.com/onsi/gomega from 1.31.1 to 1.32.0 in /k8s by @dependabot in #2791
  • fix: saml signatureAlgorithm in AuthnRequest by @swalchemist in #2792

Full Changelog: v77.2.0...v77.3.0

77.2.0

08 Mar 06:18
Compare
Choose a tag to compare

What's Changed

Fixes

Misc

Dependency Bumps

  • build(deps): bump org.apache.santuario:xmlsec from 4.0.1 to 4.0.2 by @dependabot in #2746
  • build(deps): bump versions.braveVersion from 6.0.1 to 6.0.2 by @dependabot in #2748
  • update dependency org.seleniumhq.selenium:selenium-java to v4.18.1 by @strehle in #2744
  • build(deps): bump org.json:json from 20240205 to 20240303 by @dependabot in #2761

Known Issues

  • During the upgrade to this version from UAA v76 or below with canary deployment (where briefly both new and old UAA servers could be running), UAA delete user endpoint might respond with an error even though the user deletion is successful. Mitigation: Delete users after the canary deployment finishes. But if you do run into this issue, you can ignore the error and check whether the user has been successfully deleted after the canary deployment finishes.

Full Changelog: v77.1.0...v77.2.0

77.1.0

23 Feb 06:40
Compare
Choose a tag to compare

What's Changed

Fixes

Misc

Dependency Bumps

  • build(deps): bump versions.springFrameworkVersion from 5.3.31 to 5.3.32 by @dependabot in #2733
  • build(deps): bump versions.springSecurityVersion from 5.8.9 to 5.8.10 by @dependabot in #2734
  • build(deps): bump versions.tomcatCargoVersion from 9.0.85 to 9.0.86 by @dependabot in #2736
  • renovate: update dependency org.mariadb.jdbc:mariadb-java-client to v2.7.12 by @strehle in #2740
  • build(deps): bump org.postgresql:postgresql from 42.7.1 to 42.7.2 by @dependabot in #2739
  • build(deps): bump jasmine-core from 5.1.1 to 5.1.2 in /uaa by @dependabot in #2720
  • build(deps): bump versions.braveVersion from 6.0.0 to 6.0.1 by @dependabot in #2726
  • build(deps): bump k8s.io/api from 0.29.1 to 0.29.2 in /k8s by @dependabot in #2728
  • build(deps): bump k8s.io/client-go from 0.29.1 to 0.29.2 in /k8s by @dependabot in #2730

Known Issues

  • During the upgrade to this version from UAA v76 or below with canary deployment (where briefly both new and old UAA servers could be running), UAA delete user endpoint might respond with an error even though the user deletion is successful. Mitigation: Delete users after the canary deployment finishes. But if you do run into this issue, you can ignore the error and check whether the user has been successfully deleted after the canary deployment finishes.

Full Changelog: v77.0.0...v77.1.0

77.0.0

14 Feb 12:32
Compare
Choose a tag to compare

What's Changed

⚠️ Breaking Changes

  • Remove UAA's ability to act as a SAML identity provider by @hsinn0 in #2638
    • feat: clean up unused DB table service_provider used by UAA-as-SAML-IDP feature by @peterhaochen47 in #2701
  • Remove: deprecated native MFA feature by @peterhaochen47 in #2717
  • Please note that upgrading to this release will clean up all persisted data related to the removed features mentioned above, so please proceed with caution.

Misc

Dependency Bumps

  • Bump Gradle to 8.6 by @strehle in #2707
  • renovate: update dependency nokogiri to v1.16.2 by @strehle in #2713
  • build(deps): bump org.json:json from 20231013 to 20240205 by @dependabot in #2714
  • build(deps): bump org.apache.directory.api:api-ldap-model from 2.1.5 to 2.1.6 by @dependabot in #2715
  • build(deps): bump com.google.zxing:javase from 3.5.2 to 3.5.3 by @dependabot in #2698
  • renovate: update dependency middleman-syntax to v3.4.0 by @strehle in #2706
  • renovate: update dependency nokogiri to v1.16.1 by @strehle in #2709
  • build(deps): bump joda-time:joda-time from 2.12.6 to 2.12.7 by @dependabot in #2710
  • Bump json path from version 2.7.0 to 2.9.0 by @strehle in #2686
  • build(deps): bump actions/dependency-review-action from 3 to 4 by @dependabot in #2685
  • build(deps): bump github.com/onsi/gomega from 1.31.0 to 1.31.1 in /k8s by @dependabot in #2687

Known Issues

  • During the upgrade to this version from UAA v76 or below with canary deployment (where briefly both new and old UAA servers could be running), UAA delete user endpoint might respond with an error even though the user deletion is successful. Mitigation: Delete users after the canary deployment finishes. But if you do run into this issue, you can ignore the error and check whether the user has been successfully deleted after the canary deployment finishes.

Full Changelog: v76.31.0...v77.0.0