diff --git a/CHANGELOG.md b/CHANGELOG.md
index 839e3609a0..82dd88a02a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,18 @@
# Change Log
All notable changes to this project will be documented in this file.
+## 2.13.5
+- [spring-xsuaa] improved logging for JwtAudienceValidator
+- [java-security] enables token validation without zones
+
+#### Dependency upgrades
+* Bump httpclient from 4.5.13 to 4.5.14
+* Bump btp-environment-variable-access java-bom from 0.5.1 to 0.5.2
+* Bump spring.boot.version from 2.7.5 to 2.7.8
+* Bump spring.core.version from 5.3.23 to 5.3.25
+* Bump spring.security.version from 5.7.5 to 5.8.1
+* Bump slf4j.api.version from 2.0.3 to 2.0.6
+
## 2.13.4
- [spring-xsuaa][spring-security]
- Patches [CVE-2022-31692](https://nvd.nist.gov/vuln/detail/CVE-2022-31692) vulnerability in spring security dependency.
diff --git a/api/README.md b/api/README.md
index 26e8f1f231..308529de39 100644
--- a/api/README.md
+++ b/api/README.md
@@ -5,6 +5,6 @@
com.sap.cloud.security.xsuaa
api
- 2.13.4
+ 2.13.5
```
diff --git a/api/pom.xml b/api/pom.xml
index 7f915f856a..b7f298090f 100644
--- a/api/pom.xml
+++ b/api/pom.xml
@@ -11,7 +11,7 @@
com.sap.cloud.security.xsuaa
parent
- 2.13.4
+ 2.13.5
jar
diff --git a/bom/pom.xml b/bom/pom.xml
index 135b70aa23..6afa32f2aa 100644
--- a/bom/pom.xml
+++ b/bom/pom.xml
@@ -8,7 +8,7 @@
com.sap.cloud.security
java-bom
- 2.13.4
+ 2.13.5
pom
java-bom
diff --git a/env/pom.xml b/env/pom.xml
index 09dddb0667..a326d325d7 100644
--- a/env/pom.xml
+++ b/env/pom.xml
@@ -9,7 +9,7 @@
com.sap.cloud.security.xsuaa
parent
- 2.13.4
+ 2.13.5
com.sap.cloud.security
diff --git a/java-api/README.md b/java-api/README.md
index 6dcb1c49d0..3f3b63415c 100644
--- a/java-api/README.md
+++ b/java-api/README.md
@@ -5,6 +5,6 @@
com.sap.cloud.security
java-api
- 2.13.4
+ 2.13.5
```
diff --git a/java-api/pom.xml b/java-api/pom.xml
index b80aaf6b5b..381223628b 100644
--- a/java-api/pom.xml
+++ b/java-api/pom.xml
@@ -9,7 +9,7 @@
com.sap.cloud.security.xsuaa
parent
- 2.13.4
+ 2.13.5
com.sap.cloud.security
diff --git a/java-security-it/pom.xml b/java-security-it/pom.xml
index e6247ae151..d5b8f52cc1 100644
--- a/java-security-it/pom.xml
+++ b/java-security-it/pom.xml
@@ -9,7 +9,7 @@
parent
com.sap.cloud.security.xsuaa
- 2.13.4
+ 2.13.5
java-security-it
diff --git a/java-security-test/README.md b/java-security-test/README.md
index bbfe975606..fc8308de0f 100644
--- a/java-security-test/README.md
+++ b/java-security-test/README.md
@@ -22,7 +22,7 @@ It includes for example a `JwtGenerator` that generates JSON Web Tokens (JWT) th
com.sap.cloud.security
java-security-test
- 2.13.4
+ 2.13.5
test
```
diff --git a/java-security-test/pom.xml b/java-security-test/pom.xml
index c6446a654d..e94c6df18c 100644
--- a/java-security-test/pom.xml
+++ b/java-security-test/pom.xml
@@ -9,7 +9,7 @@
com.sap.cloud.security.xsuaa
parent
- 2.13.4
+ 2.13.5
com.sap.cloud.security
diff --git a/java-security-test/src/test/java/com/sap/cloud/security/test/JwtGeneratorTest.java b/java-security-test/src/test/java/com/sap/cloud/security/test/JwtGeneratorTest.java
index 99a7db2d01..d6d9c62961 100644
--- a/java-security-test/src/test/java/com/sap/cloud/security/test/JwtGeneratorTest.java
+++ b/java-security-test/src/test/java/com/sap/cloud/security/test/JwtGeneratorTest.java
@@ -82,12 +82,11 @@ public void createToken_setsDefaultsForTesting() {
@Test
public void createIasToken_isNotNull() {
cut = JwtGenerator.getInstance(IAS, "T000310")
- .withClaimValue("sub", "P176945")
- .withClaimValue("scope", "john.doe")
- .withClaimValue("iss", "https://application.myauth.com")
- .withClaimValue("first_name", "john")
- .withClaimValue("last_name", "doe")
- .withClaimValue("email", "john.doe@email.org")
+ .withClaimValue(SUBJECT, "P176945")
+ .withClaimValue(ISSUER, "https://application.myauth.com")
+ .withClaimValue(GIVEN_NAME, "john")
+ .withClaimValue(FAMILY_NAME, "doe")
+ .withClaimValue(EMAIL, "john.doe@email.org")
.withClaimValue(SAP_GLOBAL_USER_ID, "1234567890")
.withClaimValue(SAP_GLOBAL_SCIM_ID, "scim-1234567890")
.withPrivateKey(keys.getPrivate());
diff --git a/java-security/Migration_SpringSecurityProjects.md b/java-security/Migration_SpringSecurityProjects.md
index 214cf8b0a4..0d26748afb 100644
--- a/java-security/Migration_SpringSecurityProjects.md
+++ b/java-security/Migration_SpringSecurityProjects.md
@@ -37,19 +37,19 @@ First make sure you have the following dependencies defined in your pom.xml:
com.sap.cloud.security.xsuaa
api
- 2.13.4
+ 2.13.5
com.sap.cloud.security
java-security
- 2.13.4
+ 2.13.5
com.sap.cloud.security
java-security-test
- 2.13.4
+ 2.13.5
test
```
diff --git a/java-security/README.md b/java-security/README.md
index b41b448255..ac4a7e1528 100644
--- a/java-security/README.md
+++ b/java-security/README.md
@@ -47,7 +47,7 @@ In case of XSUAA does the JWT provide a valid `jku` token header parameter that
com.sap.cloud.security
java-security
- 2.13.4
+ 2.13.5
org.apache.httpcomponents
diff --git a/java-security/pom.xml b/java-security/pom.xml
index fd6a2f23c2..1e61083c08 100644
--- a/java-security/pom.xml
+++ b/java-security/pom.xml
@@ -9,7 +9,7 @@
com.sap.cloud.security.xsuaa
parent
- 2.13.4
+ 2.13.5
com.sap.cloud.security
diff --git a/pom.xml b/pom.xml
index fb9cebff46..9a3b891ca9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -7,7 +7,7 @@
com.sap.cloud.security.xsuaa
parent
- 2.13.4
+ 2.13.5
pom
parent
@@ -57,9 +57,9 @@
1.8
3.2.1
- 2.7.6
- 5.3.24
- 5.7.5
+ 2.7.8
+ 5.3.25
+ 5.8.1
2.5.2.RELEASE
1.1.1.RELEASE
3.4.24
@@ -396,6 +396,7 @@
true
7
${project.basedir}/../etc/suppression.xml
+ 24
diff --git a/samples/java-security-usage-ias/pom.xml b/samples/java-security-usage-ias/pom.xml
index 367e679874..5166235a4f 100755
--- a/samples/java-security-usage-ias/pom.xml
+++ b/samples/java-security-usage-ias/pom.xml
@@ -6,7 +6,7 @@
4.0.0
com.sap.cloud.security.xssec.samples
java-security-usage-ias
- 2.13.4
+ 2.13.5
war
org.springframework.boot
diff --git a/spring-xsuaa-mock/pom.xml b/spring-xsuaa-mock/pom.xml
index 61da75de48..d59da78c2e 100644
--- a/spring-xsuaa-mock/pom.xml
+++ b/spring-xsuaa-mock/pom.xml
@@ -9,7 +9,7 @@
com.sap.cloud.security.xsuaa
parent
- 2.13.4
+ 2.13.5
spring-xsuaa-mock
diff --git a/spring-xsuaa-starter/pom.xml b/spring-xsuaa-starter/pom.xml
index cd8e11d073..e7844462bc 100644
--- a/spring-xsuaa-starter/pom.xml
+++ b/spring-xsuaa-starter/pom.xml
@@ -16,7 +16,7 @@
com.sap.cloud.security.xsuaa
parent
- 2.13.4
+ 2.13.5
xsuaa-spring-boot-starter
diff --git a/spring-xsuaa-test/README.md b/spring-xsuaa-test/README.md
index b5a3d3aa9c..179141c964 100644
--- a/spring-xsuaa-test/README.md
+++ b/spring-xsuaa-test/README.md
@@ -31,7 +31,7 @@ This includes for example a `JwtGenerator` that generates JSON Web Tokens (JWT)
com.sap.cloud.security.xsuaa
spring-xsuaa-test
- 2.13.4
+ 2.13.5
test
diff --git a/spring-xsuaa-test/pom.xml b/spring-xsuaa-test/pom.xml
index cf63fa9023..8e5dd121b9 100644
--- a/spring-xsuaa-test/pom.xml
+++ b/spring-xsuaa-test/pom.xml
@@ -9,7 +9,7 @@
com.sap.cloud.security.xsuaa
parent
- 2.13.4
+ 2.13.5
spring-xsuaa-test
diff --git a/spring-xsuaa/README.md b/spring-xsuaa/README.md
index 9b78854e15..2164bac912 100644
--- a/spring-xsuaa/README.md
+++ b/spring-xsuaa/README.md
@@ -36,7 +36,7 @@ These (spring) dependencies needs to be provided:
com.sap.cloud.security.xsuaa
spring-xsuaa
- 2.13.4
+ 2.13.5
org.apache.logging.log4j
@@ -50,7 +50,7 @@ These (spring) dependencies needs to be provided:
com.sap.cloud.security.xsuaa
xsuaa-spring-boot-starter
- 2.13.4
+ 2.13.5
```
diff --git a/spring-xsuaa/pom.xml b/spring-xsuaa/pom.xml
index 3b71483c2b..1b2de242f5 100644
--- a/spring-xsuaa/pom.xml
+++ b/spring-xsuaa/pom.xml
@@ -9,7 +9,7 @@
com.sap.cloud.security.xsuaa
parent
- 2.13.4
+ 2.13.5
spring-xsuaa
diff --git a/token-client/README.md b/token-client/README.md
index bbf5e415c3..8b4f19cafc 100644
--- a/token-client/README.md
+++ b/token-client/README.md
@@ -23,7 +23,7 @@ The Resource owner password credentials (i.e., username and password) can be use
com.sap.cloud.security.xsuaa
token-client
- 2.13.4
+ 2.13.5
org.apache.httpcomponents
@@ -81,7 +81,7 @@ tokenService.clearCache();
com.sap.cloud.security.xsuaa
token-client
- 2.13.4
+ 2.13.5
org.springframework
@@ -130,7 +130,7 @@ In context of a Spring Boot application you may like to leverage auto-configurat
com.sap.cloud.security.xsuaa
xsuaa-spring-boot-starter
- 2.13.4
+ 2.13.5
org.apache.httpcomponents
diff --git a/token-client/pom.xml b/token-client/pom.xml
index cd9187dd63..c7bbe0e76e 100644
--- a/token-client/pom.xml
+++ b/token-client/pom.xml
@@ -9,7 +9,7 @@
com.sap.cloud.security.xsuaa
parent
- 2.13.4
+ 2.13.5
token-client