Skip to content

Releases: SAP/cloud-security-services-integration-library

Version 2.11.5

07 Dec 11:26
@nenaraab nenaraab
2.11.5
6c4896e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 2.11.5
  • [token-client] hotfix for token cache miss issue

Dependency upgrades

  • org.json.version 20210307 --> 20211205
Assets 2
Loading

2.11.4

03 Dec 22:32
@liga-oz liga-oz
2.11.4
d25650f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
2.11.4

Dependency upgrades

  • spring.boot.version 2.6.0 --> 2.6.1
  • caffeine 2.9.2 --> 2.9.3
  • com.github.tomakehurst:wiremock-jre8-standalone 2.31.0 --> 2.32.0
Assets 2
Loading

Version 2.11.3

25 Nov 18:19
@liga-oz liga-oz
2.11.3
c6119e2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 2.11.3
  • [java-api]
    • SecurityContext has been extended to provide thread-wide X.509 certificate storage
  • [java-security]
    • Introduces X.509 certificate thumbprint validator JwtX5tValidator as described here
    • IasTokenAuthenticator and XsuaaTokenAuthenticator store the forwarded X.509 certificate for incoming requests in SecurityContext
    • XsuaaDefaultEndpoints provides a new constructor(url, certUrl) (issue 707)
  • [spring-xsuaa]
    • XsuaaServiceConfiguration interface default method getClientIdentity() needs to be overridden to be used
    • ❗ Incompatible change XsuaaCredentials getPrivateKey() setPrivateKey() has changed to getKey() setKey() to reflect the attribute name from configuration
  • [token-client] Adds X-CorrelationID header to outgoing requests. In case MDC provides "correlation_id" this one is taken (issue 691)

Dependency upgrades

  • io.projectreactor:reactor-test 3.4.11 --> 3.4.12
  • io.projectreactor:reactor-core 3.4.11 --> 3.4.12
  • dependency-check-maven-plugin 6.4.1 --> 6.5.0
  • org.springframework:spring.core.version 5.3.12 --> 5.3.13
  • org.springframework:spring.security.version 5.5.3 --> 5.6.0
  • org.springframework.boot:spring-boot 2.5.6 to 2.6.0
  • logcaptor 2.7.0 --> 2.7.2
Assets 2
Loading

Version 2.11.1

22 Oct 15:46
@nenaraab nenaraab
2.11.1
14b2c80
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 2.11.1
  • [java-security][spring-security] supports custom domains of identity service. If ias_iss is given and not empty, JwtIssuerValidator.java checks whether its a valid url and checks whether this matches one of the valid domains of the identity service. The check whether iss matches to any given domains is skipped in that case.
  • [spring-xsuaa] resolves regression in XsuaaServiceConfigurationDefault (fixes #695)

Dependency upgrades

  • io.projectreactor:reactor-test 3.4.10 --> 3.4.11
  • io.projectreactor:reactor-core 3.4.10 --> 3.4.11
  • org.springframework:spring.core.version 5.3.10 --> 5.3.12
  • org.springframework.boot:spring-boot 2.5.4 to 2.5.6
Assets 2
Loading

Version 2.11.0

15 Sep 09:23
@nenaraab nenaraab
2.11.0
c8f6aad
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 2.11.0

📣 Client Libraries support Kubernetes/Kyma environment

  • [env]
    • The extraction of OAuth2ServiceConfiguration for xsuaa oder ias identity provider is moved into com.sap.cloud.security:env client library. ❗ Make sure that you have com.sap.cloud.security:env in your dependency tree.
    • Extended with Kubernetes/Kyma environment support
  • [samples/java-security-usage] enabled for Kyma/Kubernetes environment
  • [samples/spring-security-basic-auth] enabled for Kyma/Kubernetes environment
  • [samples/spring-security-hybrid-usage] enabled for Kyma/Kubernetes environment
  • [spring-xsuaa] LocalAuthoritiesExtractor supports also appIds that contains pipe (|) characters #640.
  • [spring-security] XsuaaTokenAuthorizationConverter supports also appIds that contains pipe (|) characters #640.

Dependency upgrades

  • maven-javadoc-plugin 3.3.0 --> 3.3.1
  • maven-pmd-plugin 3.14.0 --> 3.15.0
  • dependency-check-maven 6.2.2 --> 6.3.1
  • com.github.tomakehurst:wiremock-jre8-standalone 2.30.1 --> 2.31.0
  • io.projectreactor:reactor-test 3.4.9 --> 3.4.10
  • io.projectreactor:reactor-core 3.4.9 --> 3.4.10
  • org.springframework:spring.core.version 5.3.9 --> 5.3.10
  • org.springframework.boot:spring-boot 2.5.3 to 2.5.4
  • org.mockito:mockito-core 3.11.2 --> 3.12.4
Assets 2
Loading

Version 2.10.5

18 Aug 16:02
@nenaraab nenaraab
2.10.5
397ea8c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 2.10.5
  • [token-client]
    • XsuaaTokenFlows constructor accepts com.sap.cloud.security.xsuaa.client.ClientCredentials as argument.

Dependency upgrades

  • org.springframework.security:spring-security-oauth2-jose 5.5.1 --> 5.5.2
  • org.springframework.security:spring-security-oauth2-resource-server 5.5.1 --> 5.5.2
  • org.springframework.security:spring-security-oauth2-jose 5.5.1 --> 5.5.2
  • org.springframework.security:spring-boot-starter-test 5.5.1 --> 5.5.2
Assets 2
Loading

Version 2.10.4

18 Aug 10:58
@nenaraab nenaraab
2.10.4
8c1dc64
Compare
Choose a tag to compare
Version 2.10.4
  • [java-security] Enrich JsonParsingException to detect wrong authorization headers earlier
  • [token-client]
    • ClientCredentials: solves incompatible change between 2.9.0 and 2.10.0
    • OAuth2TokenResponse.getTokenType() exposes token type as provided by token request
  • [spring-xsuaa]
    • XsuaaServiceConfigurationDefault.hasProperty("apiurl") returns true if VCAP_SERVICES-xsuaa-credentials contains attribute "apiurl"
      -XsuaaServiceConfigurationDefault.getProperty("apiurl") returns value from VCAP_SERVICES-xsuaa-credentials-apiurl or null, if attribute does not exist.
  • [spring-security]HybridJwtDecoder raises BadJwtException if token is invalid and can not be decoded

Dependency upgrades

  • wiremock 2.29.1 --> 2.30.1
  • io.projectreactor:reactor-core 3.4.8 --> 3.4.9
  • io.projectreactor:reactor-test 3.4.8 --> 3.4.9
Assets 2
Loading

Version 2.10.3

27 Jul 20:49
@nenaraab nenaraab
2.10.3
a81b9b8
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 2.10.3

2.10.3

Dependency upgrades

  • org.springframework.boot:spring-boot 2.5.0 --> 2.5.2
  • slf4j-api 1.7.30 --> 1.7.32
  • caffeine 2.8.8 --> 2.9.2
  • mockito 3.10.0 --> 3.11.2
  • assertj 3.19.0 --> 3.20.2
  • commons-io:commons-io 2.9.0 --> 2.11.0
  • io.projectreactor:reactor-test 3.4.5 -> 3.4.8
  • io.projectreactor:reactor-core 3.4.6 --> 3.4.8
  • com.github.tomakehurst:wiremock-jre8-standalone 2.27.2 --> 2.29.1
  • removes mockwebserver from parent
Assets 2
Loading

Version 2.10.2

09 Jul 17:09
@nenaraab nenaraab
2.10.2
7dd129f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 2.10.2
  • [spring-security] and starter are released with project version: 2.10.2.
    Green field projects should use spring-security one instead of spring-xsuaa.
  • [spring-xsuaa] TokenBrokerResolver supports X.509 authentication method.
  • [samples/spring-security-basic-auth] deprecates the xsuaa security descriptor with a client secret authentication, default now is X.509 based authentication.
  • [java-security-test] requires javax.servlet:javax.servlet-api dependency to be provided.
Assets 2
Loading

2.10.1 and 0.3.1 [BETA]

07 Jul 07:56
@nenaraab nenaraab
2.10.1
a679c01
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
2.10.1 and 0.3.1 [BETA]
  • [xsuaa-spring-boot-starter] [resourceserver-security-spring-boot-starter] dependency upgrades fixes CVE-2021-22119

Dependency upgrades

  • org.springframework.boot:spring-boot 2.5.0 --> 2.5.2
  • org.springframework:spring-core 5.3.7 --> 5.3.8
  • org.springframework.security:spring-security-oauth2-jose 5.5.0 --> 5.5.1
  • org.springframework.security:spring-security-oauth2-resource-server 5.5.0 --> 5.5.1
  • org.springframework.security:spring-security-oauth2-jose 5.5.0 --> 5.5.1
  • org.springframework.security:spring-boot-starter-test 5.5.0 --> 5.5.1
  • org.springframework.security.oauth:spring-security-oauth2 2.5.0.RELEASE --> 2.5.1.RELEASE
  • [samples] Upgraded approuter version to "^10.4.3"
Assets 2
Loading