v77.23.0 - UAA Release v77.23.0

What's Changed

New UAA

• Bump to UAA v77.23.0
• Upgrade Tomcat to version 9.0.98
  fixes CVEs

Dependency Bumps

• Bump github.com/cloudfoundry/bosh-utils from 0.0.510 to 0.0.511 in /src/acceptance_tests by @dependabot in #997
• Bump nokogiri from 1.16.8 to 1.17.0 by @dependabot in #996
• Bump github.com/onsi/gomega from 1.36.0 to 1.36.1 in /src/acceptance_tests by @dependabot in #998
• Bump nokogiri from 1.17.0 to 1.17.1 by @dependabot in #999
• Bump activesupport from 8.0.0 to 8.0.0.1 by @dependabot in #1000
• Bump github.com/cloudfoundry/bosh-utils from 0.0.511 to 0.0.513 in /src/acceptance_tests by @dependabot in #1003
• Bump nokogiri from 1.17.1 to 1.17.2 by @dependabot in #1002
• Bump logger from 1.6.2 to 1.6.3 by @dependabot in #1001
• Bump github.com/cloudfoundry/bosh-utils from 0.0.513 to 0.0.514 in /src/acceptance_tests by @dependabot in #1004
• Bump securerandom from 0.4.0 to 0.4.1 by @dependabot in #1005
• Bump activesupport from 8.0.0.1 to 8.0.1 by @dependabot in #1006
• Bump github.com/cloudfoundry/bosh-utils from 0.0.514 to 0.0.515 in /src/acceptance_tests by @dependabot in #1007

Full Changelog: v77.22.0...v77.23.0

v77.22.0 - UAA Release v77.22.0

What's Changed

New UAA

• Bump to UAA v77.22.0

Dependency Bumps

• Bump logger from 1.6.1 to 1.6.2 by @dependabot in #987
• Bump securerandom from 0.3.2 to 0.4.0 by @dependabot in #988
• Bump github.com/cloudfoundry/bosh-utils from 0.0.504 to 0.0.505 in /src/acceptance_tests by @dependabot in #989
• Bump nokogiri from 1.16.7 to 1.16.8 by @dependabot in #990
• Bump rspec-support from 3.13.1 to 3.13.2 by @dependabot in #991
• Bump github.com/cloudfoundry/bosh-utils from 0.0.505 to 0.0.508 in /src/acceptance_tests by @dependabot in #992
• Bump minitest from 5.25.2 to 5.25.4 by @dependabot in #993
• Bump github.com/cloudfoundry/bosh-utils from 0.0.508 to 0.0.509 in /src/acceptance_tests by @dependabot in #994
• Bump github.com/cloudfoundry/bosh-utils from 0.0.509 to 0.0.510 in /src/acceptance_tests by @dependabot in #995

Deprecation information

The setup of UAA with YAML setting

login.serviceProviderKey
login.serviceProviderCertificate

was set to deprecation a while ago, but the support is still in there. Please prepare your UAA configuration to change either towards

login.saml.serviceProviderKey
login.saml.serviceProviderCertificate

or if you want support key-rotation with SAML make use of the map in

login.saml.keys

similar to JWT signing keys

Full Changelog: v77.20.0...v77.22.0

v77.21.0 - UAA Release v77.21.0

New UAA

• Bump to UAA v77.21.0

Full Changelog: v77.20.0...v77.21.0

v77.20.0 - UAA Release v77.20.0

What's Changed

New UAA

• Bump to UAA v77.20.0

Dependency Bumps

• Bump github.com/cloudfoundry/bosh-utils from 0.0.502 to 0.0.503 in /src/acceptance_tests by @dependabot in #982
• Bump minitest from 5.25.1 to 5.25.2 by @dependabot in #983
• Bump github.com/cloudfoundry/bosh-utils from 0.0.503 to 0.0.504 in /src/acceptance_tests by @dependabot in #985
• Bump github.com/onsi/gomega from 1.35.1 to 1.36.0 in /src/acceptance_tests by @dependabot in #986

Full Changelog: v77.19.0...v77.20.0

v77.19.0 - UAA Release v77.19.0

What's Changed

New UAA

• Bump to UAA v77.19.0

Fixes

• CVE-2024-52318 Upgrade Tomcat to version 9.0.97
• CVE-2024-38827 in Spring Security

Dependency Bumps

• Bump activesupport from 7.2.1.1 to 7.2.1.2 by @dependabot in #972
• Bump github.com/onsi/gomega from 1.34.2 to 1.35.0 in /src/acceptance_tests by @dependabot in #973
• Bump github.com/onsi/gomega from 1.35.0 to 1.35.1 in /src/acceptance_tests by @dependabot in #975
• Bump activesupport from 7.2.1.2 to 7.2.2 by @dependabot in #974
• Bump benchmark from 0.3.0 to 0.4.0 by @dependabot in #976
• Bump securerandom from 0.3.1 to 0.3.2 by @dependabot in #978
• Bump activesupport from 7.2.2 to 8.0.0 by @dependabot in #977
• Bump uri from 1.0.1 to 1.0.2 by @dependabot in #979
• Bump mini_portile2 from 2.8.7 to 2.8.8 by @dependabot in #980
• Bump github.com/cloudfoundry/bosh-utils from 0.0.500 to 0.0.502 in /src/acceptance_tests by @dependabot in #981

Full Changelog: v77.18.0...v77.19.0

v77.18.0 - UAA Release v77.18.0

What's Changed

New UAA

• Bump to UAA v77.18.0

Fixes

• CVE-2024-38821
• CVE-2024-21235

Dependency Bumps

• Upgrade Bellsoft JDK to version 17.0.13+12 -> CVE-2024-21235
• Upgrade Tomcat to version 9.0.96
• Bump github.com/cloudfoundry/bosh-utils from 0.0.499 to 0.0.500 in /src/acceptance_tests by @dependabot in #969
• Bump activesupport from 7.2.1 to 7.2.1.1 by @dependabot in #970
• Bump rspec-core from 3.13.1 to 3.13.2 by @dependabot in #971

Full Changelog: v77.17.0...v77.18.0

v77.17.0 - UAA Release v77.17.0

What's Changed

New UAA

• Bump to UAA v77.17.0

Feature

• add configuration option with default value for keepalive timeout to server.xml by @tack-sap in #964

Dependency Bumps

• dependabot: no longer operates on 74.5.x branch by @peterhaochen47 in #963
• Bump github.com/cloudfoundry/bosh-utils from 0.0.496 to 0.0.498 in /src/acceptance_tests by @dependabot in #966
• Bump rspec-mocks from 3.13.1 to 3.13.2 by @dependabot in #967
• Bump github.com/cloudfoundry/bosh-utils from 0.0.498 to 0.0.499 in /src/acceptance_tests by @dependabot in #968

Full Changelog: v77.16.0...v77.17.0

74.5.129

What's Changed

• Various dependency bumps

Full Changelog: v74.5.128...v74.5.129

v77.16.0 - UAA Release v77.16.0

What's Changed

New UAA

• Bump to UAA v77.16.0

Dependency Bumps

• Upgrade Tomcat to version 9.0.94
• Upgrade Tomcat to version 9.0.95
• Bump github.com/cloudfoundry/bosh-utils from 0.0.483 to 0.0.484 in /src/acceptance_tests by @dependabot in #941
• Bump minitest from 5.25.0 to 5.25.1 by @dependabot in #942
• Bump rspec-expectations from 3.13.1 to 3.13.2 by @dependabot in #944
• Bump activesupport from 7.2.0 to 7.2.1 by @dependabot in #945
• Bump github.com/cloudfoundry/bosh-utils from 0.0.484 to 0.0.485 in /src/acceptance_tests by @dependabot in #947
• Bump github.com/onsi/gomega from 1.34.1 to 1.34.2 in /src/acceptance_tests by @dependabot in #948
• Bump rspec-core from 3.13.0 to 3.13.1 by @dependabot in #952
• Bump logger from 1.6.0 to 1.6.1 by @dependabot in #951
• Bump github.com/cloudfoundry/bosh-utils from 0.0.485 to 0.0.486 in /src/acceptance_tests by @dependabot in #950
• Bump github.com/cloudfoundry/bosh-utils from 0.0.486 to 0.0.494 in /src/acceptance_tests by @dependabot in #955
• Bump github.com/cloudfoundry/bosh-utils from 0.0.494 to 0.0.495 in /src/acceptance_tests by @dependabot in #957
• Bump rspec-expectations from 3.13.2 to 3.13.3 by @dependabot in #956
• Bump github.com/cloudfoundry/bosh-utils from 0.0.495 to 0.0.496 in /src/acceptance_tests by @dependabot in #961
• Bump i18n from 1.14.5 to 1.14.6 by @dependabot in #962

Full Changelog: v77.15.0...v77.16.0

74.5.128

What's Changed

• Various dependency bumps

Full Changelog: v74.5.127...v74.5.128