Releases: cloudfoundry/uaa-release
Releases · cloudfoundry/uaa-release
Updated to UAA 3.3.0.2 - Security Release (CVE-2016-4468)
This is a security release which addresses CVE-2016-4468 UAA SQL Injection
UAA 3.4.0 - Fix indentation for ldap.ssl.sslCertificate
UAA 3.3.0.1 - Fix indentation for ldap.ssl.sslCertificate
Updated to UAA 3.4.0
v12 Create final release
Updated to UAA 3.3.0.1
v11 Create final release
Release Notes for v10
Updated JDK blobs to openjdk-1.8.0_91-x86_64
Bug Fixes:
https://www.pivotaltracker.com/story/show/118029989
Release Notes for v9
This release includes UAA 3.3.0
The template files have been modified to use the p() and if_p() helper methods.
Properties added:
uaa.jwt.revocable
login.oauth.providers
uaa.jwt.policy.active_key_id
uaa.ssl.protocol_header
Properties updated:
support hash structure for uaa.scim.external_groups
Update to UAA 3.2.1
- This release updates the UAA version to 3.2.1
- There are no spec changes between v7 & v8
Update to UAA 3.2.0
This release updates the UAA version to 3.2.0
New Features
New spec properties:
uaa.servlet.session-cookie:
description: |
Optional configuration of the UAA session cookie.
Defaults are the following key value pairs:
secure: <(boolean)this value if set, otherwise require_https>
http-only: <(boolean) - default to true. set HttpOnly flag on cookie.
max-age: <(int) lifetime in seconds of cookie - default to 30 minutes)
name: <(String) name of cookie, default is JSESSIONID>
comment: <(String) optional comment in cookie>
path: <(String) path for cookie, default is />
domain: <(String) domain for cookie, default is incoming request
Bug Fixes
- Bosh Canary Deployment of UAA leads to 404 route not registered errors
- Add a script which the route registrar can run as part of its health check
- Ensure that UAA Tomcat/Java Process goes away during stop
- Add timeout to uaa-release health check
- User prompted for endpoint when UAA is being updated
- Graceful handling of startup error should be supported.
Update to UAA 3.1.0
This release updates the UAA version to 3.1.0
New spec properties:
#Branding/Customization
login.branding.company_name:
description: This name is used on the UAA Pages and in account management related communication in UAA
login.branding.product_logo:
description: This is a base64 encoded PNG image which will be used as the logo on all UAA pages like Login, Sign Up etc.
login.branding.square_logo:
description: This is a base64 encoded PNG image which will be used as the favicon for the UAA pages
login.branding.footer_legal_text:
description: This text appears on the footer of all UAA pages
login.branding.footer_links:
description: These links appear on the footer of all UAA pages. You may choose to add multiple urls for things like Support, Terms of Service etc.
example:
linkDisplayName: linkDisplayUrl
login.home_redirect:
description: URL for configuring a custom home page
login.prompt.username.text:
description: "The text used to prompt for a username during login"
default: Email
login.prompt.password.text:
description: "The text used to prompt for a password during login"
default: Password
# Clients
uaa.clients:
description: "List of OAuth2 clients that the UAA will be bootstrapped with"
example:
login:
id: login
name:
app-launch-url: http://myloginpage.com
show-on-homepage: true
app-icon: iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAAAD1BMVEWZttQvMDEoKisqKywAAAApvvoVAAAAGElEQVQYlWNgYUQBLAxMDCiAeXgLoHsfAD03AHOyfqy1AAAAAElFTkSuQmCC