Skip to content

Releases: SAP/cloud-security-services-integration-library

Version 2.17.0

24 Nov 16:07
@liga-oz liga-oz
2.17.0
ea528d2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 2.17.0

⚠️ when using java-security-test module you might need to adjust the uaadomain in the service configuration with a port where the wiremock token key server is running on. e.g. it should be changed from localhost --> http://localhost:XXXX (you can access wiremock token key server address using testRule.getWiremockServer().baseUrl())

  • [java-security]
    • [XSUAA/IAS] Adapt optimized server API
  • [spring-xsuaa]
    • Adapt optimized server API
Assets 2
Loading

Version 2.16.0

09 Nov 12:02
@finkmanAtSap finkmanAtSap
2.16.0
34fceeb
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 2.16.0
  • [env]
    • add Environment#getServiceConfigurationsAsList to retrieve all service configurations as lists mapped by service (XSUAA/IAS)
  • [spring-security]
    • IdentityServicesPropertySourceFactory now populates Spring properties with ALL Xsuaa configurations found in the environment instead of only one (arbitrary) configuration of service plan 'application' and one (optional, arbitrary) additional one of service plan 'broker'.
    • XsuaaServiceConfigurations#getConfigurations now contains ALL Xsuaa configurations found as a result of the previous change
    • HybridIdentityServicesAutoConfiguration was adjusted for backward compatibility to still create a JwtDecoder that uses the same XSUAA configurations as before for token validation (one of plan 'application' and an optional one of plan 'broker')

Dependency upgrades

  • Bump spring.security.version from 5.8.7 to 5.8.8
  • Bump spring.boot.version from 2.7.16 to 2.7.17
  • Bump log4j2 from 2.20.0 to 2.21.1
  • Bump com.sap.cloud.environment.servicebinding from 0.10.0 to 0.10.1
  • Bump commons-io from 2.14.0 to 2.15.0
Assets 2
Loading

Version 2.15.0

24 Oct 07:10
@liga-oz liga-oz
2.15.0
12cc7ea
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 2.15.0

🔥 Hot fix for the CVE-2023-5072

  • [java-security]
    • add x-azp header to IAS JWKS fetching and adjust JWKS cache key
    • OAuth2TokenKeyService and OAuth2TokenKeyServiceWithCache
      • Refactor API to use generic Map instead of explicit IAS-specific parameters

Dependency upgrades

  • Bump org.json.version from 20230618 to 20231013
  • Bump spring.security.version from 5.8.6 to 5.8.7
  • Bump spring.boot.version from 2.7.15 to 2.7.16
  • Bump spring.core.version from 5.3.29 to 5.3.30
  • Bump reactor-core from 3.4.32 to 3.4.33
  • Bump com.sap.cloud.environment.servicebinding 0.9.0 to 0.10.0
  • Bump commons-io from 2.13.0 to 2.14.0
Assets 2
Loading

Version 3.2.1

23 Oct 08:47
@liga-oz liga-oz
3.2.1
55fccf8
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 3.2.1

🔥 Hot fix for the CVE-2023-5072

Dependency upgrades

  • Bump spring.boot.version from 3.1.4 to 3.1.5
  • Bump log4j2.version from 2.20.0 to 2.21.0
  • Bump spring.security.version from 6.1.4 to 6.1.5
  • Bump org.json:json from 20230618 to 20231013
Assets 2
Loading

Version 3.2.0

16 Oct 16:19
@liga-oz liga-oz
3.2.0
58c2219
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 3.2.0
  • [java-security]
    • add x-azp header to IAS JWKS fetching
    • adjust JWKS cache key for OAuth2TokenKeyService and OAuth2TokenKeyServiceWithCache
    • Refactor API to use generic Map instead of explicit IAS-specific parameters

Dependency upgrades

  • Bump io.projectreactor:reactor-core from 3.5.9 to 3.5.11
  • Bump spring.core.version from 6.0.11 to 6.0.13
  • Bump spring.security.version from 6.1.3 to 6.1.4
  • Bump commons-io:commons-io from 2.13.0 to 2.14.0
  • Bump com.sap.cloud.environment.servicebinding from 0.9.0 to 0.10.0
  • Bump spring.boot.version from 3.1.3 to 3.1.4
  • Bump slf4j.api.version from 2.0.7 to 2.0.9
Assets 2
Loading

Version 3.1.3

28 Aug 06:52
@liga-oz liga-oz
3.1.3
591cb3e
Compare
Choose a tag to compare
Version 3.1.3
  • [java-security]
    • Fixes NPE when accessing XsuaaToken.getPrincipal() and grantType is null (#1261)
  • [token-client]
    • fixes JWKs fetch from identity service issue when app_tid is not present in the token - the X-app_tid and X-client_id headers are only added when both values are available.
    • DefaultOAuth2TokenService
      • fixes issue when in case of unsuccessful token fetch OAuth2ServiceException.withHeaders() headers field were filled with only one entry containing all headers as a string
    • DefaultOAuth2TokenKeyService and SpringOAuth2TokenKeyService
      • improved error handling
        • OAuth2ServiceException that's thrown status code != 200 case doesn't get swallowed
        • fixes OAuth2ServiceException.withHeaders() semantically incorrect behavior when headers were filled with request headers instead of response headers
        • OAuth2ServiceException generated by unsuccessful JWKs fetch contains request headers as well
    • OAuth2ServiceException updated header message - contains now Response Headers instead of Headers

Dependency upgrades

  • Bump spring.security.version from 6.1.2 to 6.1.3
  • Bump spring.boot.version from 3.1.2 to 3.1.3
Assets 2
Loading

Version 2.14.2

28 Aug 06:48
@liga-oz liga-oz
2.14.2
6487392
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 2.14.2
  • [java-security]
    • Fixes NPE when accessing XsuaaToken.getPrincipal() and grantType is null (#1261)
  • [token-client]
    • fixes JWKs fetch from identity service issue when app_tid is not present in the token - the X-app_tid and X-client_id headers are only added when both values are available.
    • DefaultOAuth2TokenService
      • fixes issue when in case of unsuccessful token fetch OAuth2ServiceException.withHeaders() headers field were filled with only one entry containing all headers as a string
    • DefaultOAuth2TokenKeyService and SpringOAuth2TokenKeyService
      • improved error handling
        • OAuth2ServiceException that's thrown status code != 200 case doesn't get swallowed
        • fixes OAuth2ServiceException.withHeaders() semantically incorrect behavior when headers were filled with request headers instead of response headers
        • OAuth2ServiceException generated by unsuccessful JWKs fetch contains request headers as well
    • OAuth2ServiceException updated header message - contains now Response Headers instead of Headers

Dependency upgrades

  • Bump spring.security.version from 5.8.5 to 5.8.6
  • Bump spring.boot.version from 2.7.14 to 2.7.15
  • Bump reactor-core from 3.4.31 to 3.4.32
Assets 2
Loading

Version 3.1.2

11 Aug 18:25
@liga-oz liga-oz
3.1.2
976c4d0
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 3.1.2
  • [token-client]
    • OAuth2ServiceException has been extended with getter method getHeaders() that gives the access to failed request's response headers
    • XsuaaOAuth2TokenService and DefaultOAuth2TokenService add the response headers and status code to the thrown OAuth2ServiceException
Assets 2
Loading

Version 3.1.1

11 Aug 14:26
@liga-oz liga-oz
3.1.1
003db33
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 3.1.1
  • [env]
    • ServiceBindingEnvironment has been extended with a method getServiceConfigurationsAsList() that returns a list of all available service configurations parsed from environment
    • in case of multiple service configurations of the same service plans ServiceBindingEnvironment.getXsuaaConfiguration() and ServiceBindingEnvironment.getServiceConfigurations() will return the first one from the list.
      This adjustment ensures that the logic is in line with the 2.x major version.
  • [token-client] reverted removal of OAuth2ServiceException.getHttpStatusCode()

Dependency upgrades

Assets 2
Loading

Version 2.14.1

11 Aug 18:25
@liga-oz liga-oz
2.14.1
2ceaf87
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 2.14.1
  • [token-client]
    • OAuth2ServiceException has been extended with getter method getHeaders() that gives the access to failed request's response headers
    • XsuaaOAuth2TokenService and DefaultOAuth2TokenService add the response headers and status code to the thrown OAuth2ServiceException

Dependency upgrades

  • Bump btp-environment-variable-access from 0.8.0 to 0.9.0
Assets 2
Loading