Releases: cloudfoundry/uaa
Releases · cloudfoundry/uaa
77.9.0
What's Changed
- Move OAuth2 Core Server Classes to UAA namespace by @strehle in #2813
- test-refactoring: remove forked class in tests by @strehle in #2845
- build(deps): bump versions.guavaVersion from 33.1.0-jre to 33.2.0-jre by @dependabot in #2865
- build(deps): bump versions.jacksonVersion from 2.17.0 to 2.17.1 by @dependabot in #2869
- Refactoring: testable code in JdbcScimUserProvisioning by @strehle in #2863
- Refactoring: use namedJdbcTemplate bean instead of internal new object by @strehle in #2864
- Update tool chain by @strehle in #2873
- build(deps): bump versions.tomcatCargoVersion from 9.0.88 to 9.0.89 by @dependabot in #2872
Full Changelog: v77.8.0...v77.9.0
77.8.0
What's Changed
- build(deps): bump github.com/onsi/gomega from 1.33.0 to 1.33.1 in /k8s by @dependabot in #2858
- fix: MySQL Performance Issues in "/ids/Users" Endpoint by @adrianhoelzl-sap in #2859
Full Changelog: v77.7.0...v77.8.0
77.7.0
What's Changed
This release addresses a serious performance issue that can affect installations using a MySQL database for UAA and has a large number of users (10,000+).
Fix
- Fix: performance issue in MySQL -- revert #2704 by @bruce-ricard in #2857
Full Changelog: v77.6.0...v77.7.0
77.6.0
What's Changed
Security
- The bc-fips bump addresses CVE-2024-29857.
Fix
Misc
- Remove direct usage of commons-httpclient 3.1 by @strehle in #2826
- Refactor tests for EntityAliasHandler.ensureConsistencyOfAliasEntity by @adrianhoelzl-sap in #2824
Dependency Bumps
- build(deps): bump versions.springSecurityVersion from 5.8.11 to 5.8.12 by @dependabot in #2829
- build(deps): bump versions.tomcatCargoVersion from 9.0.87 to 9.0.88 by @dependabot in #2832
- build(deps): bump k8s.io/client-go from 0.29.3 to 0.29.4 in /k8s by @dependabot in #2835
- build(deps): bump org.apache.commons:commons-text from 1.11.0 to 1.12.0 by @dependabot in #2833
- build(deps): bump k8s.io/client-go from 0.29.4 to 0.30.0 in /k8s by @dependabot in #2839
- build(deps): bump github.com/onsi/gomega from 1.32.0 to 1.33.0 in /k8s by @dependabot in #2842
- build(deps): bump org.gradle:test-retry-gradle-plugin from 1.5.8 to 1.5.9 by @dependabot in #2852
- build(deps): bump org.bouncycastle:bc-fips from 1.0.2.4 to 1.0.2.5 by @dependabot in #2853
Full Changelog: v77.5.0...v77.6.0
77.5.0
What's Changed
Security Fix
- Spring Framework update from 5.3.33 to 5.3.34 by @dependabot in #2822, solves https://spring.io/security/cve-2024-22262
Misc
- Fix flaky test in ScimUserEndpointsMockMvcTests by @adrianhoelzl-sap in #2804
- Further Integration Tests for Alias Identity Providers Feature by @adrianhoelzl-sap in #2722
- Set default SAML signatureAlgorithm value to SHA256 by @hsinn0 in #2807
- Misc API docs improvements by @peterhaochen47 in #2795
- fix: gradle test might give false green by @peterhaochen47 in #2801
- backfill tests: SAML SP metadata by @peterhaochen47 in #2794
- Prevent Update and Delete of Entities with Alias if Alias Feature is disabled by @adrianhoelzl-sap in #2803
- Sonar fix by @strehle in #2816
- Move OAuth2 classes BaseClientDetails to UaaClientDetails by @strehle in #2806
Dependency Bumps
- build(deps): bump commons-io:commons-io from 2.15.1 to 2.16.0 by @dependabot in #2811
- build(deps): bump commons-io:commons-io from 2.16.0 to 2.16.1 by @dependabot in #2819
- build(deps): bump versions.braveVersion from 6.0.2 to 6.0.3 by @dependabot in #2823
- update dependency nokogiri to v1.16.4 by @strehle in #2827
Full Changelog: v77.4.0...v77.5.0
77.4.0
What's Changed
- Add 'aliasId' and 'aliasZid' Fields to ScimUser by @adrianhoelzl-sap in #2765
- Cleanup from PR 2765 by @strehle in #2797
- Bump Gradle to 8.7 by @strehle in #2798
- Support own key and cert for jwtClientAuthentication by @strehle in #2771
- build(deps): bump org.sonarsource.scanner.gradle:sonarqube-gradle-plugin from 4.4.1.3373 to 5.0.0.4638 by @dependabot in #2800
Full Changelog: v77.3.0...v77.4.0
77.3.0
What's Changed
- Load jwtClientAuthentication in uaa.yml by @strehle in #2758
- build(deps): bump org.eclipse.jgit:org.eclipse.jgit from 6.8.0.202311291450-r to 6.9.0.202403050737-r by @dependabot in #2772
- Update rack in Gemfile.lock by @strehle in #2773
- Optimize "/ids/Users" endpoint by @adrianhoelzl-sap in #2704
- feat: Use Database availability as indicator for /healthz response by @tack-sap in #2763
- build(deps): bump versions.jacksonVersion from 2.16.1 to 2.16.2 by @dependabot in #2774
- Fix sonar by @strehle in #2770
- build(deps): bump versions.springFrameworkVersion from 5.3.32 to 5.3.33 by @dependabot in #2777
- build(deps): bump versions.guavaVersion from 33.0.0-jre to 33.1.0-jre by @dependabot in #2778
- build(deps): bump org.postgresql:postgresql from 42.7.2 to 42.7.3 by @dependabot in #2781
- build(deps): bump versions.tomcatCargoVersion from 9.0.86 to 9.0.87 by @dependabot in #2780
- build(deps): bump versions.jacksonVersion from 2.16.2 to 2.17.0 by @dependabot in #2776
- build(deps): bump k8s.io/client-go from 0.29.2 to 0.29.3 in /k8s by @dependabot in #2786
- update dependency nokogiri to v1.16.3 by @strehle in #2787
- build(deps): bump versions.springSecurityVersion from 5.8.10 to 5.8.11 by @dependabot in #2788
- Fix uaa start. Prevent exception if encryption section missing by @strehle in #2767
- build(deps): bump github.com/onsi/gomega from 1.31.1 to 1.32.0 in /k8s by @dependabot in #2791
- fix: saml signatureAlgorithm in AuthnRequest by @swalchemist in #2792
Full Changelog: v77.2.0...v77.3.0
77.2.0
What's Changed
Fixes
- Fix audience type by @strehle in #2757
- avoid NPE by @klaus-sap in #2747
- Sonar fixes by @strehle in #2760
- Solve sonar bug by @strehle in #2768
- more methods for sanitized logging by @klaus-sap in #2764
Misc
- refactor: Remove a use of a constant from opensaml library by @hsinn0 in #2743
- Move IdP Alias Handling to separate Class by @adrianhoelzl-sap in #2737
- remove more IdP tests by @swalchemist in #2742
- doc: clarify token revocation by @peterhaochen47 in #2749
Dependency Bumps
- build(deps): bump org.apache.santuario:xmlsec from 4.0.1 to 4.0.2 by @dependabot in #2746
- build(deps): bump versions.braveVersion from 6.0.1 to 6.0.2 by @dependabot in #2748
- update dependency org.seleniumhq.selenium:selenium-java to v4.18.1 by @strehle in #2744
- build(deps): bump org.json:json from 20240205 to 20240303 by @dependabot in #2761
Known Issues
- During the upgrade to this version from UAA v76 or below with canary deployment (where briefly both new and old UAA servers could be running), UAA delete user endpoint might respond with an error even though the user deletion is successful. Mitigation: Delete users after the canary deployment finishes. But if you do run into this issue, you can ignore the error and check whether the user has been successfully deleted after the canary deployment finishes.
Full Changelog: v77.1.0...v77.2.0
77.1.0
What's Changed
Fixes
- Fix invalid identity zone by @klaus-sap in #2711
- Fix filter check in ids/Users endpoint by @adrianhoelzl-sap in #2702
- Revert "Ignore failing integration test" by @peterhaochen47 in #2731
Misc
- refactor: split test by @swalchemist in #2725
- Misc SAML tests refactors by @peterhaochen47 in #2727
- Maintain tomcat version by @strehle in #2721
- refactor: use non-deprecated saml configs in uaa.yml by @peterhaochen47 in #2732
Dependency Bumps
- build(deps): bump versions.springFrameworkVersion from 5.3.31 to 5.3.32 by @dependabot in #2733
- build(deps): bump versions.springSecurityVersion from 5.8.9 to 5.8.10 by @dependabot in #2734
- build(deps): bump versions.tomcatCargoVersion from 9.0.85 to 9.0.86 by @dependabot in #2736
- renovate: update dependency org.mariadb.jdbc:mariadb-java-client to v2.7.12 by @strehle in #2740
- build(deps): bump org.postgresql:postgresql from 42.7.1 to 42.7.2 by @dependabot in #2739
- build(deps): bump jasmine-core from 5.1.1 to 5.1.2 in /uaa by @dependabot in #2720
- build(deps): bump versions.braveVersion from 6.0.0 to 6.0.1 by @dependabot in #2726
- build(deps): bump k8s.io/api from 0.29.1 to 0.29.2 in /k8s by @dependabot in #2728
- build(deps): bump k8s.io/client-go from 0.29.1 to 0.29.2 in /k8s by @dependabot in #2730
Known Issues
- During the upgrade to this version from UAA v76 or below with canary deployment (where briefly both new and old UAA servers could be running), UAA delete user endpoint might respond with an error even though the user deletion is successful. Mitigation: Delete users after the canary deployment finishes. But if you do run into this issue, you can ignore the error and check whether the user has been successfully deleted after the canary deployment finishes.
Full Changelog: v77.0.0...v77.1.0
77.0.0
What's Changed
⚠️ Breaking Changes
- Remove UAA's ability to act as a SAML identity provider by @hsinn0 in #2638
- feat: clean up unused DB table service_provider used by UAA-as-SAML-IDP feature by @peterhaochen47 in #2701
- Remove: deprecated native MFA feature by @peterhaochen47 in #2717
- Please note that upgrading to this release will clean up all persisted data related to the removed features mentioned above, so please proceed with caution.
Misc
- Import refactor for SAML by @swalchemist in #2689
- Refactor BouncyCastleProvider to BouncyCastleFipsProvider by @strehle in #2693
- Refactor saml dependencies 186822654 by @bruce-ricard in #2700
- fix: check origin of user by @klaus-sap in #2688
- Sonar recommendation by @strehle in #2708
- refactor: remove a SAML dependency by @bruce-ricard in #2699
- Inconsistent Update Behavior for SCIM "/Users/{userId}" by @adrianhoelzl-sap in #2712
- Alias ID and Alias ZID for Identity Providers by @adrianhoelzl-sap in #2637
- fix: Duplicate Version Numbers in Flyway Migrations for IdP Alias Columns by @adrianhoelzl-sap in #2723
- refactor: reduce test dependency on EOL lib by @peterhaochen47 in #2719
Dependency Bumps
- Bump Gradle to 8.6 by @strehle in #2707
- renovate: update dependency nokogiri to v1.16.2 by @strehle in #2713
- build(deps): bump org.json:json from 20231013 to 20240205 by @dependabot in #2714
- build(deps): bump org.apache.directory.api:api-ldap-model from 2.1.5 to 2.1.6 by @dependabot in #2715
- build(deps): bump com.google.zxing:javase from 3.5.2 to 3.5.3 by @dependabot in #2698
- renovate: update dependency middleman-syntax to v3.4.0 by @strehle in #2706
- renovate: update dependency nokogiri to v1.16.1 by @strehle in #2709
- build(deps): bump joda-time:joda-time from 2.12.6 to 2.12.7 by @dependabot in #2710
- Bump json path from version 2.7.0 to 2.9.0 by @strehle in #2686
- build(deps): bump actions/dependency-review-action from 3 to 4 by @dependabot in #2685
- build(deps): bump github.com/onsi/gomega from 1.31.0 to 1.31.1 in /k8s by @dependabot in #2687
Known Issues
- During the upgrade to this version from UAA v76 or below with canary deployment (where briefly both new and old UAA servers could be running), UAA delete user endpoint might respond with an error even though the user deletion is successful. Mitigation: Delete users after the canary deployment finishes. But if you do run into this issue, you can ignore the error and check whether the user has been successfully deleted after the canary deployment finishes.
Full Changelog: v76.31.0...v77.0.0