Uaa Versions Save

CloudFoundry User Account and Authentication (UAA) Server

v76.23.0

8 months ago

What's Changed

Experimental Feature

Client Authentication with JWT assertions, Howto

Features

feature: add runtime support for private_key_jwt client authentication by @strehle in https://github.com/cloudfoundry/uaa/pull/2507
feature: add change size to pull request by @bruce-ricard in https://github.com/cloudfoundry/uaa/pull/2546
feature: enhance well-known and document private_key_jwt parameters in rest API by @strehle in https://github.com/cloudfoundry/uaa/pull/2509

Fixes

fix sonar findings by @strehle in https://github.com/cloudfoundry/uaa/pull/2528
fix sonar finding: duplicate string literals by @klaus-sap in https://github.com/cloudfoundry/uaa/pull/2531
fix sonar issue: Utility classes should not have public constructors by @klaus-sap in https://github.com/cloudfoundry/uaa/pull/2533
fix sonar findings by @strehle in https://github.com/cloudfoundry/uaa/pull/2527
Bump org.json:json from 20230618 to 20231013 , fixes CVE-2023-5072 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2544

Misc

Make it easier to find test failures in CI output by @swalchemist in https://github.com/cloudfoundry/uaa/pull/2511
test: Add Client Authentication Integration Tests by @strehle in https://github.com/cloudfoundry/uaa/pull/2508

Dependency Bumps

build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.35 to 9.36 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2529
build(deps): bump versions.guavaVersion from 32.1.2-jre to 32.1.3-jre by @dependabot in https://github.com/cloudfoundry/uaa/pull/2534
build(deps): bump org.apache.directory.api:api-ldap-model from 2.1.4 to 2.1.5 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2536
build(deps): bump golang.org/x/net from 0.14.0 to 0.17.0 in /k8s by @dependabot in https://github.com/cloudfoundry/uaa/pull/2538
build(deps): bump versions.tomcatCargoVersion from 9.0.80 to 9.0.82 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2540
Bump jackson version 2.15.2 to 2.15.3, https://github.com/cloudfoundry/uaa/pull/2541
build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.36 to 9.37 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2548
build(deps): bump k8s.io/client-go from 0.28.2 to 0.28.3 in /k8s by @dependabot in https://github.com/cloudfoundry/uaa/pull/2555
build(deps): bump versions.springBootVersion from 2.7.16 to 2.7.17 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2553
build(deps): bump org.apache.santuario:xmlsec from 3.0.2 to 4.0.0 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2554

Full Changelog: https://github.com/cloudfoundry/uaa/compare/v76.22.0...v76.23.0

v76.22.0

8 months ago

What's Changed

Features

feature: allow setting SameSite on X-Uaa-Csrf cookie by @mikeroda in https://github.com/cloudfoundry/uaa/pull/2439
feature: add persistence support for private_key_jwt client authentication by @strehle in https://github.com/cloudfoundry/uaa/pull/2449

Fixes

fix: Flaky test by @strehle in https://github.com/cloudfoundry/uaa/pull/2491
fix: do not default a missing secret to an empty one by @strehle in https://github.com/cloudfoundry/uaa/pull/2455
fix: missing shebang by @bruce-ricard in https://github.com/cloudfoundry/uaa/pull/2497
fix: ClientAdminEndpointsValidator should allow authorization_code with empty secret by @strehle in https://github.com/cloudfoundry/uaa/pull/2461
fix: json syntax error by @peterhaochen47 in https://github.com/cloudfoundry/uaa/pull/2521

Misc

Page object refactoring for two additional tests by @swalchemist in https://github.com/cloudfoundry/uaa/pull/2490
Passcode test refactor by @swalchemist in https://github.com/cloudfoundry/uaa/pull/2501
test clean-up: switch back to using standard simplesamlPHP server URL by @peterhaochen47 in https://github.com/cloudfoundry/uaa/pull/2516
delete unused pom.xml by @swalchemist in https://github.com/cloudfoundry/uaa/pull/2519
refactor: use page objects for favicon test by @swalchemist in https://github.com/cloudfoundry/uaa/pull/2498

Dependency Bumps

build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.32 to 9.34 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2489
build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.34 to 9.35 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2492
update module github.com/onsi/ginkgo/v2 to v2.12.1 by @strehle in https://github.com/cloudfoundry/uaa/pull/2494
build(deps): bump versions.springBootVersion from 2.7.15 to 2.7.16 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2495
build(deps): bump org.passay:passay from 1.6.3 to 1.6.4 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2499
build(deps): bump versions.seleniumVersion from 4.12.1 to 4.13.0 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2502
build(deps): bump github.com/onsi/gomega from 1.27.10 to 1.28.0 in /k8s by @dependabot in https://github.com/cloudfoundry/uaa/pull/2510
build(deps): bump commons-io:commons-io from 2.13.0 to 2.14.0 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2512
Upgrade to be compatible with simplesamlphp v2 by @bruce-ricard in https://github.com/cloudfoundry/uaa/pull/2506
Bump dependency org.gradle:test-retry-gradle-plugin to v1.5.6 by @strehle in https://github.com/cloudfoundry/uaa/pull/2518
build: change sonar runner to java 17 by @strehle in https://github.com/cloudfoundry/uaa/pull/2513
build(deps-dev): bump open from 0.0.5 to 6.0.0 in /uaa/slate by @dependabot in https://github.com/cloudfoundry/uaa/pull/2522
Bump Gradle to 8.4 by @strehle in https://github.com/cloudfoundry/uaa/pull/2524
Bump dependencies in package.json of slate (doc) by @strehle in https://github.com/cloudfoundry/uaa/pull/2525

Full Changelog: https://github.com/cloudfoundry/uaa/compare/v76.21.0...v76.22.0

v76.21.0

9 months ago

What's Changed

Features

feature: activate PKCE by default in requests to external OIDC providers by @strehle in https://github.com/cloudfoundry/uaa/pull/2448

Fixes

Fix: UAA login page breaks when the product logo image is over 100000 characters by @Tallicia in https://github.com/cloudfoundry/uaa/pull/2453

Misc

Rearchitect two integration tests to use page objects by @swalchemist in https://github.com/cloudfoundry/uaa/pull/2468
Refactor: prepare for private_key_jwt in oauth_client_details by @strehle in https://github.com/cloudfoundry/uaa/pull/2433
doc: reason for ignoring library bumps by @swalchemist in https://github.com/cloudfoundry/uaa/pull/2485
test: Authorization Grant Flow without Redirect URI by @strehle in https://github.com/cloudfoundry/uaa/pull/2484

Dependency Bumps

build(deps): bump versions.springBootVersion from 2.7.14 to 2.7.15 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2450
bump activesupport from 6.1.7.3 to 6.1.7.5 in https://github.com/cloudfoundry/uaa/pull/2451
build(deps): bump jasmine-core from 5.1.0 to 5.1.1 in /uaa by @dependabot in https://github.com/cloudfoundry/uaa/pull/2457
build(deps): bump k8s.io/client-go from 0.28.0 to 0.28.1 in /k8s by @dependabot in https://github.com/cloudfoundry/uaa/pull/2460
build(deps): bump versions.tomcatCargoVersion from 9.0.79 to 9.0.80 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2462
build(deps): bump org.apache.directory.api:api-ldap-model from 2.1.3 to 2.1.4 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2464
build(deps): bump versions.seleniumVersion from 4.11.0 to 4.12.0 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2466
build(deps): bump org.eclipse.jgit:org.eclipse.jgit from 6.6.0.202305301015-r to 6.6.1.202309021850-r by @dependabot in https://github.com/cloudfoundry/uaa/pull/2469
build(deps): bump versions.seleniumVersion from 4.12.0 to 4.12.1 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2471
build(deps): bump actions/checkout from 3 to 4 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2473
build(deps): bump org.eclipse.jgit:org.eclipse.jgit from 6.6.1.202309021850-r to 6.7.0.202309050840-r by @dependabot in https://github.com/cloudfoundry/uaa/pull/2475
Bump Gradle to 8.3 by @strehle in https://github.com/cloudfoundry/uaa/pull/2476
update dependency org.gradle:test-retry-gradle-plugin to v1.5.4 by @strehle in https://github.com/cloudfoundry/uaa/pull/2479
Bump mariadb from 2.7.9 to 2.7.10 by @strehle in https://github.com/cloudfoundry/uaa/pull/2478
Bump gradle plugins by @strehle in https://github.com/cloudfoundry/uaa/pull/2480
Bump SnakeYaml from 2.0 to 2.2 by @strehle in https://github.com/cloudfoundry/uaa/pull/2481
update dependency org.gradle:test-retry-gradle-plugin to v1.5.5 by @strehle in https://github.com/cloudfoundry/uaa/pull/2482
Go 1.21 by @swalchemist in https://github.com/cloudfoundry/uaa/pull/2483
build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.31 to 9.32 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2487
k8s updates, k8s.io 0.28.1 to 0.28.2 by @strehle in https://github.com/cloudfoundry/uaa/pull/2488

Full Changelog: https://github.com/cloudfoundry/uaa/compare/v76.20.0...v76.21.0

v76.20.0

10 months ago

What's Changed

Features

Added log tracing using B3 headers so transactions between TAS components will use the same trace ID, in https://github.com/cloudfoundry/uaa/pull/2446. Log file parsers might need to be updated to reflect this addition to the logs. In the example below, - [ebf4f18ff75a4cfc64a70c2de8ff493b,64a70c2de8ff493b] is the part that is added:

[2023-08-16T00:56:46.060135Z] uaa - 13 [https-jsse-nio-8443-exec-1] - [ebf4f18ff75a4cfc64a70c2de8ff493b,64a70c2de8ff493b] .... DEBUG --- UaaMetricsFilter: Successfully matched URI: /oauth/token to a group: /oauth-oidc

In some cases, the trace and span IDs will be blank:

[2023-08-17T01:53:42.790149Z] uaa/uaa - 17490 [main] - [,] .... INFO --- SpringSecurityCoreVersion: You are running with Spring Security Core 5.7.10

Fixes

Move refresh rotate check to refresh flow in https://github.com/cloudfoundry/uaa/pull/2437

Full Changelog: https://github.com/cloudfoundry/uaa/compare/v76.19.0...v76.20.0

v76.19.0

10 months ago

What's Changed

Dependency Bumps

build(deps): bump com.google.zxing:javase from 3.5.1 to 3.5.2 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2426
build(deps): bump versions.bouncyCastleVersion from 1.75 to 1.76 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2425
build(deps): bump versions.guavaVersion from 32.1.1-jre to 32.1.2-jre by @dependabot in https://github.com/cloudfoundry/uaa/pull/2429
build(deps): bump versions.seleniumVersion from 4.10.0 to 4.11.0 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2428
fix: update k8s to go 1.20 by @Tallicia in https://github.com/cloudfoundry/uaa/pull/2432
Bump hsqldb version 2.7.1 to 2.7.2 by @strehle in https://github.com/cloudfoundry/uaa/pull/2436
build(deps): bump versions.tomcatCargoVersion from 9.0.78 to 9.0.79 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2442
build(deps): bump k8s.io/apimachinery from 0.27.4 to 0.28.0 in /k8s by @dependabot in https://github.com/cloudfoundry/uaa/pull/2443
build(deps): bump k8s.io/client-go from 0.27.4 to 0.28.0 in /k8s by @dependabot in https://github.com/cloudfoundry/uaa/pull/2444

Misc

integrationTest: Add IT for user_token grant variants by @strehle in https://github.com/cloudfoundry/uaa/pull/2194
fix: Dependabot can't authenticate to the private package registry ht… by @hsinn0 in https://github.com/cloudfoundry/uaa/pull/2434

Full Changelog: https://github.com/cloudfoundry/uaa/compare/v76.18.0...v76.19.0

v76.18.0

10 months ago

What's Changed

Fixes

UAA startup if postgresql is used for session store in https://github.com/cloudfoundry/uaa/pull/2414
Expired X509 certificates should be ignored for JWT usage in https://github.com/cloudfoundry/uaa/pull/2423

Features

Allow refresh flow for public usages in https://github.com/cloudfoundry/uaa/pull/2402
Use custom key in private_key_jwt towards OAuth2/OIDC IdP in https://github.com/cloudfoundry/uaa/pull/2420

Dependency Bumps

build(deps): bump jasmine-core from 5.0.1 to 5.1.0 in /uaa by @dependabot in https://github.com/cloudfoundry/uaa/pull/2418
build(deps): bump github.com/onsi/gomega from 1.27.8 to 1.27.9 in /k8s by @dependabot in https://github.com/cloudfoundry/uaa/pull/2419
build(deps): bump jasmine from 4.6.0 to 5.1.0 in /uaa by @dependabot in https://github.com/cloudfoundry/uaa/pull/2417
build(deps): bump github.com/onsi/gomega from 1.27.9 to 1.27.10 in /k8s by @dependabot in https://github.com/cloudfoundry/uaa/pull/2421
Gradle to 8.2.1

Misc

Delete unused script & dockerfile by @peterhaochen47 in https://github.com/cloudfoundry/uaa/pull/2422
Change default of refresh token format by @strehle in https://github.com/cloudfoundry/uaa/pull/2406
uaa-ci: use RS256 key as default by @strehle in https://github.com/cloudfoundry/uaa/pull/2405

Full Changelog: https://github.com/cloudfoundry/uaa/compare/v76.17.0...v76.18.0

v76.17.0

11 months ago

What's Changed

Fixes

fix: Skip reset password requests with HEAD method (#2381) by @jbilandzija in https://github.com/cloudfoundry/uaa/pull/2389
fix: Handle verify user requests with HEAD method by @jbilandzija in https://github.com/cloudfoundry/uaa/pull/2392
fix: make kill more reliable by @swalchemist in https://github.com/cloudfoundry/uaa/pull/2347

Features

feature: Store client authentication method in JWT by @strehle in https://github.com/cloudfoundry/uaa/pull/2385
feature: Allow sending static key/value pairs to the configured IdP by @strehle in https://github.com/cloudfoundry/uaa/pull/2397

Dependency Bumps

build(deps): bump versions.guavaVersion from 32.1.0-jre to 32.1.1-jre by @dependabot in https://github.com/cloudfoundry/uaa/pull/2393
Bump Gradle to 8.2 by @strehle in https://github.com/cloudfoundry/uaa/pull/2396
build(deps): bump versions.tomcatCargoVersion from 9.0.76 to 9.0.78 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2400
build(deps): bump versions.springBootVersion from 2.7.13 to 2.7.14 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2409
build(deps): bump k8s.io/client-go from 0.27.3 to 0.27.4 in /k8s by @dependabot in https://github.com/cloudfoundry/uaa/pull/2411

Misc

Extend test coverage in OauthIDPWrapperFactoryBean by @strehle in https://github.com/cloudfoundry/uaa/pull/2399
Add Introspection Claims Test by @strehle in https://github.com/cloudfoundry/uaa/pull/2404
internal tests only: define more values in uaa.yml by @strehle in https://github.com/cloudfoundry/uaa/pull/2403
Refactor: Add Instant to TimeService interface and use TimeService in UaaTokenStore by @strehle in https://github.com/cloudfoundry/uaa/pull/2315

New Contributors

@jbilandzija made their first contribution in https://github.com/cloudfoundry/uaa/pull/2389

Full Changelog: https://github.com/cloudfoundry/uaa/compare/v76.16.0...v76.17.0

v76.16.0

11 months ago

Test ONLY

No need to consume it but created because of pipeline fixes

Full Changelog: https://github.com/cloudfoundry/uaa/compare/v76.15.0...v76.16.0

v76.15.0

1 year ago

What's Changed

Fixes

Fixes from version bump versions.bouncyCastleVersion from 1.73 to 1.75 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2374 and https://github.com/cloudfoundry/uaa/pull/2382
Fixes from version bump versions.springBootVersion from 2.7.12 to 2.7.13 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2383
Delete all user group members if user is deleted by @strehle in https://github.com/cloudfoundry/uaa/pull/2372

Features

Credential Rotation: Support json key set in tokenKey by @strehle in https://github.com/cloudfoundry/uaa/pull/2343

Dependency Bumps

build(deps): bump github.com/onsi/gomega from 1.27.7 to 1.27.8 in /k8s by @dependabot in https://github.com/cloudfoundry/uaa/pull/2350
build(deps): bump commons-io:commons-io from 2.12.0 to 2.13.0 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2352
build(deps): bump versions.guavaVersion from 32.0.0-jre to 32.0.1-jre by @dependabot in https://github.com/cloudfoundry/uaa/pull/2357
Upgrade Tomcat cargo version 9.0.76 by @strehle in https://github.com/cloudfoundry/uaa/pull/2361
build(deps): bump org.eclipse.jgit:org.eclipse.jgit from 6.5.0.202303070854-r to 6.6.0.202305301015-r by @dependabot in https://github.com/cloudfoundry/uaa/pull/2369
build(deps): bump versions.seleniumVersion from 4.9.1 to 4.10.0 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2351
build(deps): bump jasmine-core from 5.0.0 to 5.0.1 in /uaa by @dependabot in https://github.com/cloudfoundry/uaa/pull/2365
build(deps): bump k8s.io/client-go from 0.27.2 to 0.27.3 in /k8s by @dependabot in https://github.com/cloudfoundry/uaa/pull/2373
Bump jackson version 2.14.3 to 2.15.2 in https://github.com/cloudfoundry/uaa/pull/2377
build(deps): bump org.json:json from 20230227 to 20230618 by @dependabot in https://github.com/cloudfoundry/uaa/pull/2379

Misc

Dependency refactoring by @strehle in https://github.com/cloudfoundry/uaa/pull/2362
Remove deprecated code for performance logs by @strehle in https://github.com/cloudfoundry/uaa/pull/2363

Full Changelog: https://github.com/cloudfoundry/uaa/compare/v76.14.0...v76.15.0

v76.14.0

1 year ago

What's Changed

build(deps): bump versions.guavaVersion from 31.1-jre to 32.0.0-jre by @dependabot in https://github.com/cloudfoundry/uaa/pull/2345

Full Changelog: https://github.com/cloudfoundry/uaa/compare/v76.13.0...v76.14.0