Releases: SAP/cloud-security-services-integration-library
Releases · SAP/cloud-security-services-integration-library
Version 2.8.12
2.8.12 and 0.1.5 [BETA]
- The following dependencies were updated:
- spring.security.version 5.4.5 --> 5.4.6
- spring.core.version 5.3.5 --> 5.3.6
- spring.boot.version 2.4.4 --> 2.4.5
- org.json.version 20201115 --> 20210307
- junit.version 4.13.1 --> 4.13.2
- junit-jupiter.version 5.7.0 --> 5.7.1
- reactor.version 3.4.2 --> 3.4.5
- reactor.test.version 3.4.2 --> 3.4.5
- [token-client]
OAuth2ServiceExceptionprovidesgetHttpStatusCode(). This allows applications to retry e.g. in case of429- when the request was rate limited.
Version 2.8.11
./.
error during release
Version 2.8.10
- [spring-xsuaa] introduced spring properties for IAS -> Xsuaa token exchange activation, as described here
- [java-security-test] uses jetty BoM to fix CVE-2021-28164 and CVE-2021-28165.
- jetty 9.4.38.v20210224 --> 9.4.39.v20210325
Version 2.8.9
- [spring-xsuaa]
- exclude transient dependency to net.minidev:json-smart to resolve CVE-2021-27568
- [xsuaa-spring-boot-starter] [resourceserver-security-spring-boot-starter]
- spring-boot-starter 2.4.3 --> 2.4.4
- spring-boot-starter-security 2.4.3 --> 2.4.4
- net.minidev:json-smart 2.3 --> 2.4.2 to resolve CVE-2021-27568
Version 2.8.8
2.8.8
- [java-security-test] and java samples
- jetty 9.4.36.v20210114 --> 9.4.38.v20210224 (
⚠️ seems to be incompatible with javax.servlet-api 3.1.0) - javax.servlet:javax.servlet-api 3.1.0 --> 4.0.1 (recommended version)
- jetty 9.4.36.v20210114 --> 9.4.38.v20210224 (
- [java-security] supports with
SpringSecurityContexta way to read tokens from Spring'sSecurityContextHolder, in case a token was set by the application using one of these client-libraries:org.springframework.security.oauth:spring-security-oauth2com.sap.cloud.security.xsuaa:spring-xsuaacom.sap.cloud.security:spring-security
Version 2.8.7
2.8.7 and 0.1.1 [BETA]
- [xsuaa-spring-boot-starter] and [resourceserver-security-spring-boot-starter (BETA)]
- spring.core.version 5.3.3 --> 5.3.4
- spring.boot.version 2.4.2 --> 2.4.3
- spring.security.version 5.4.2 --> 5.4.5
- [samples] uses
spring-boot-starter-parentversion2.4.3in spring samples. - [spring-xsuaa] fixes incompatibility issue: replaces Spring's
InvalidBearerTokenExceptionbyInvalidTokenException - [general] fixes Workflow action
Version 2.8.6
- [token-client]
- Next to subdomain
XsuaaTokenFlows.clientCredentialsTokenFlow()supports Zone ID setter OAuth2TokenService.retrieveAccessTokenViaClientCredentialsGrant()was enhanced to set zoneId as a header when present.OAuth2TokenService.retrieveAccessTokenViaClientCredentialsGrant(URI, ClientCredentials, String, Map, boolean)was deprecated in favor ofOAuth2TokenService.retrieveAccessTokenViaClientCredentialsGrant(URI, ClientCredentials, String, String, Map, boolean)
- Next to subdomain
BETA Version 0.1.0
Version 2.8.5
2.8.5
- [java-security] load environment from
VCAP_SERVICESformatted json file (#471) - [java-security] performance: make sure ServiceLoader loads services only once (#467)
- [java-api] move
getAttributeFromClaimAsStringandgetAttributeFromClaimAsStringListmethods fromAccessTokento itsTokenparent interface.
Version 2.8.4
- [java-security] Make HybridTokenFactory more failure tolerant
- [spring-xsuaa-test] Prefills "ext_atr" "enhancer" with XSUAA
Update Versions
- [all]
- commons-io 2.6 --> 2.8.0
- org.apache.httpcomponents » httpclient 4.5.9 --> 4.5.13
- spring.core.version 5.3.2 --> 5.3.3
- spring.boot.version 2.4.1 --> 2.4.2
- [java-security-test]
- org.eclipse.jetty 9.4.35.v20201120 --> 9.4.36.v20210114
- [token-client]
- caffeine 2.8.6 --> 2.8.8
- org.json 20200518 --> 20201115
- [spring-xsuaa]
- caffeine 2.8.6 --> 2.8.8
- reactor-core 3.3.7.RELEASE --> 3.4.2
- log4j-to-slf4j 2.13.3 --> 2.14.0