77.28.0

What's Changed

Fixes

• fix regression from release before with passcode prompt for json responses by @strehle in #3323

Dependency Bumps

• build(deps): bump versions.jacksonVersion from 2.18.2 to 2.18.3 by @dependabot in #3320
• build(deps): bump rack from 2.2.11 to 2.2.12 in /uaa/slate by @dependabot in #3322

Full Changelog: v77.27.0...v77.28.0

77.27.0

What's Changed

Fixes

• Login Info Endpoint: optimize OAuth IdPs for JSON Response by @adrianhoelzl-sap in #3254
• Fix tail_uaa_log by @duanemay in #3294
• Fix cargo local with Tomcat 9.0.100 by @Kehrlann in #3313
• refactor: show client jwt configuration by @strehle in #3302

Misc

• Move login-ui.xml to java configuration by @Kehrlann in #3262
• Remove experimental status by @strehle in #3287
• Add jwt bearer to cf client by @strehle in #3307

Dependency Bumps

• build(deps): bump jasmine-core from 5.5.0 to 5.6.0 in /uaa by @dependabot in #3283
• build(deps): bump jasmine from 5.5.0 to 5.6.0 in /uaa by @dependabot in #3282
• build(deps): bump rack from 2.2.10 to 2.2.11 in /uaa/slate by @dependabot in #3291
• build(deps): bump k8s.io/client-go from 0.32.1 to 0.32.2 in /k8s by @dependabot in #3296
• build(deps): bump versions.tomcatCargoVersion from 9.0.98 to 9.0.100 by @dependabot in #3298
• build(deps): bump versions.braveVersion from 6.0.3 to 6.1.0 by @dependabot in #3299
• build(deps): bump nokogiri from 1.16.7 to 1.18.3 in /uaa/slate by @dependabot in #3304
• build(deps): bump versions.seleniumVersion from 4.28.1 to 4.29.0 by @dependabot in #3306
• build(deps): bump org.awaitility:awaitility from 4.2.2 to 4.3.0 by @dependabot in #3308
• Bump gradle to 8.13 by @duanemay in #3311
• build(deps): bump com.nimbusds:nimbus-jose-jwt from 10.0.1 to 10.0.2 by @dependabot in #3312
• build(deps): bump org.bouncycastle:bcpkix-fips from 2.0.7 to 2.1.9 by @dependabot in #3315
• Revert "build(deps): bump org.bouncycastle:bcpkix-fips from 2.0.7 to 2.1.9" by @strehle in #3318

Full Changelog: v77.26.0...v77.27.0

77.20.3

What's Changed

Downport Fixes

• Forbid client authentication with empty secret
• Add check for parsed accept header to not be blank
• fix: concurrent group membership race conditions

Dependency Bumps

• Bump gradle to 8.12.1
• deps: update dependency go to v1.23.5
• build(deps): bump k8s.io/client-go from 0.32.0 to 0.32.1 in /k8s
• build(deps): bump jasmine-core from 5.5.0 to 5.6.0 in /uaa
• build(deps): bump k8s.io/client-go from 0.32.1 to 0.32.2 in /k8s
• build(deps): bump versions.tomcatCargoVersion from 9.0.98 to 9.0.100
• build(deps): bump versions.braveVersion from 6.0.3 to 6.1.0
• build(deps): bump rack from 2.2.10 to 2.2.11 in /uaa/slate
• bump joda-time:joda-time from 2.13.0 to 2.13.1
• bump commons-codec:commons-codec from 1.17.2 to 1.18.0
• bump versions.seleniumVersion from 4.27.0 to 4.28.1

Full Changelog: v77.20.2...v77.20.3

77.26.0

What's Changed

Fixes

• Fix regression with OIDC discovery url but no tokenUrl by @strehle in #3280
• Fix ArrayIndexOutOfBoundsException in UaaRequestMatcher by @adrianhoelzl-sap in #3276
• Fix the client_auth_method check, do not allow client_credentials with empty secret by @strehle in #3243
• Fix concurrent group membership race conditions by @mikeroda in #3252
• Fix SAML error message, solve issue 3226 by @strehle in #3234
• Fix ITs by @strehle in #3248
• Fix yml filenames in testing doc by @duanemay in #3277
• Fix missing default-profile on CI oidc10 app by @Kehrlann in #3266

Misc

• Migrate DB configuration from XML to Java by @Kehrlann in #3240
• Refactor and extend timeout durations by @duanemay in #3263
• Cleanup from PR #3252 by @strehle in #3275
• Cargo: increase rate limitt for tests by @Kehrlann in #3278
• typo by @strehle in #3274
• Dockerize SimpleSAMLPhp for Local Integration Tests by @fhanik in #3272
• Remove retry for unit tests by @duanemay in #3244
• Deprecate default profile by @fhanik in #3253

Dependency Bumps

• build(deps): bump commons-codec:commons-codec from 1.17.2 to 1.18.0 by @dependabot in #3260
• build(deps): bump versions.seleniumVersion from 4.27.0 to 4.28.1 by @dependabot in #3256
• deps: update dependency go to v1.23.5 by @strehle in #3245
• build(deps): bump org.bouncycastle:bctls-fips from 2.0.19 to 2.1.20 by @dependabot in #3264
• build(deps): bump org.bouncycastle:bc-fips from 2.0.0 to 2.1.0 by @dependabot in #3259
• build(deps): bump org.bouncycastle:bcpkix-fips from 2.0.7 to 2.1.8 by @dependabot in #3258
• Revert BouncyCastle FIPS back to 2.0.0 by @strehle in #3267
• Bump gradle to 8.12.1 by @strehle in #3257
• build(deps): bump joda-time:joda-time from 2.13.0 to 2.13.1 by @dependabot in #3273

Full Changelog: v77.25.0...v77.26.0

77.25.0

What's Changed

Fixes

• Validate zone when an authentication exists in the session by @strehle in #3242

Feature

• JWT federated client authentication by @strehle in #3219

Misc

• Add a docker service using openldap/slapd by @fhanik in #3228
• Refactor test complexity by @strehle in #3241

Dependency Bumps

• build(deps): bump k8s.io/client-go from 0.32.0 to 0.32.1 in /k8s by @dependabot in #3237

Full Changelog: v77.24.0...v77.25.0

77.20.2

What's Changed

Fixes

• Validate zone when an authentication exists in the session by @duanemay in #3239

Dependency Bumps

• Bump Gradle to 8.12 by @duanemay
• build(deps): bump org.postgresql:postgresql from 42.7.4 to 42.7.5 by @dependabot

Full Changelog: v77.20.1...v77.20.2

77.24.0

What's Changed

Fixes

• Fix Metadata ID to conform to NCName by @duanemay in #3221
• Fix DB unit tests by @Kehrlann in #3186
• fix AuditCheckMockMvcTests with ldap profile by @Kehrlann in #3206
• Do not add whitespaces in XML signature of /saml/metadata by @strehle in #3222

Misc

• Add legacy SAML configuration for uaa-ci by @strehle in #3198
• tests: in-memory ldap server runs on a random port by @Kehrlann in #3202
• tests: enable parallel testing to speed up database-backed tests by @Kehrlann in #3203
• Add documentation on how to generate documentation on the local machine by @fhanik in #3205
• Move login-ui Service classes to Javaconfig by @Kehrlann in #3208
• Remove unused EncryptionService and EncryptionKeyService by @Kehrlann in #3207
• tests: address flakyness in ScimUserEndpointsAliasMockMvcTests by @Kehrlann in #3209
• Testing Updates by @duanemay in #3195

Dependency Bumps

• Bump golang.org/x/net to v0.33.0 by @strehle in #3204
• build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.47 to 9.48 by @dependabot in #3210
• build(deps): bump github.com/onsi/gomega from 1.36.1 to 1.36.2 in /k8s by @dependabot in #3211
• Bump Gradle to 8.12 by @duanemay in #3212
• build(deps): bump org.json:json from 20240303 to 20241224 by @dependabot in #3214
• build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.48 to 10.0.1 by @dependabot in #3217
• build(deps): bump commons-codec:commons-codec from 1.17.1 to 1.17.2 by @dependabot in #3224
• build(deps): bump org.json:json from 20241224 to 20250107 by @dependabot in #3225
• build(deps): bump org.postgresql:postgresql from 42.7.4 to 42.7.5 by @dependabot in #3231

Full Changelog: v77.23.0...v77.24.0

77.20.1

What's Changed

Fixes

• build(deps): bump versions.tomcatCargoVersion from 9.0.97 to 9.0.98

Dependency Bumps

tomcat to 9.0.98
guava to 33.4.0-jre
jackson to 2.18.2
awaitility to 4.2.2
apacheCommonsText to 1.13.0
commonsCodec to 1.17.2
eclipseJgit to 7.1.0.202411261347-r
nimbusJwt to 10.0.1
orgJson to 20250107
sonarqubePlugin to 6.0.1.5171

Full Changelog: v77.20.0...v77.20.1

77.23.0

What's Changed

Fixes

• build(deps): bump versions.tomcatCargoVersion from 9.0.97 to 9.0.98 by @dependabot in #3183
• workload identity by @strehle in #3197
• tests: fix missing BCFIPS provider in DefaultRelyingPartyRegistrationRepositoryTest by @Kehrlann in #3201

Misc

• Remove IdP classes by @strehle in #3181
• Code cleanup by @duanemay in #3174

Dependency Bumps

• build(deps): bump github.com/onsi/gomega from 1.36.0 to 1.36.1 in /k8s by @dependabot in #3185
• build(deps): bump k8s.io/client-go from 0.31.3 to 0.31.4 in /k8s by @dependabot in #3188
• build(deps): bump k8s.io/client-go from 0.31.4 to 0.32.0 in /k8s by @dependabot in #3192
• deps: remove code dependencies on hsqldb by @Kehrlann in #3194
• build(deps): bump org.apache.commons:commons-text from 1.12.0 to 1.13.0 by @dependabot in #3196
• build(deps): bump versions.guavaVersion from 33.3.1-jre to 33.4.0-jre by @dependabot in #3199

Full Changelog: v77.22.0...v77.23.0

77.22.0

What's Changed

Feature - major opensaml library upgrade

• build(deps): Replace SAML Library by @Tallicia in #2908

Fixes

• Fix new SAML. Re-establish SAML setup for legacy by @strehle in #3164
• fix velocity dependency by @strehle in #3169
• Fix flaky StaleUrlCacheTests by @duanemay in #3179
• Fix retrieval of login.saml.providers by @strehle in #3178
• Fix issue #3104 by @strehle in #3182

Misc

• Support SAML keypair without a passphrase by @strehle in #3172
• Add logs in case of SAML issues by @strehle in #3173
• Refactor password grant by @strehle in #3165

Dependency Bumps

• build(deps): bump versions.jacksonVersion from 2.18.1 to 2.18.2 by @dependabot in #3166
• build(deps): bump org.sonarsource.scanner.gradle:sonarqube-gradle-plugin from 6.0.0.5145 to 6.0.1.5171 by @dependabot in #3167
• build(deps): bump jasmine from 5.4.0 to 5.5.0 in /uaa by @dependabot in #3176
• build(deps): bump jasmine-core from 5.4.0 to 5.5.0 in /uaa by @dependabot in #3175
• build(deps): bump org.eclipse.jgit:org.eclipse.jgit from 7.0.0.202409031743-r to 7.1.0.202411261347-r by @dependabot in #3177

Deprecation information

The setup of UAA with YAML setting

login.serviceProviderKey
login.serviceProviderCertificate

was set to deprecation a while ago, but the support is still in there. Please prepare your UAA configuration to change either towards

login.saml.serviceProviderKey
login.saml.serviceProviderCertificate

or if you want support key-rotation with SAML make use of the map in

login.saml.keys

similar to JWT signing keys

Full Changelog: v77.20.0...v77.22.0