Skip to content

Version 2.15.0
Compare
Choose a tag to compare
@liga-oz liga-oz released this 24 Oct 07:10
· 49 commits to main-2.x since this release
2.15.0
12cc7ea
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

🔥 Hot fix for the CVE-2023-5072

  • [java-security]
    • add x-azp header to IAS JWKS fetching and adjust JWKS cache key
    • OAuth2TokenKeyService and OAuth2TokenKeyServiceWithCache
      • Refactor API to use generic Map instead of explicit IAS-specific parameters

Dependency upgrades

  • Bump org.json.version from 20230618 to 20231013
  • Bump spring.security.version from 5.8.6 to 5.8.7
  • Bump spring.boot.version from 2.7.15 to 2.7.16
  • Bump spring.core.version from 5.3.29 to 5.3.30
  • Bump reactor-core from 3.4.32 to 3.4.33
  • Bump com.sap.cloud.environment.servicebinding 0.9.0 to 0.10.0
  • Bump commons-io from 2.13.0 to 2.14.0
Assets 2
Loading