Version 2.15.0
🔥 Hot fix for the CVE-2023-5072
- [java-security]
- add x-azp header to IAS JWKS fetching and adjust JWKS cache key
OAuth2TokenKeyService
andOAuth2TokenKeyServiceWithCache
- Refactor API to use generic Map instead of explicit IAS-specific parameters
Dependency upgrades
- Bump org.json.version from 20230618 to 20231013
- Bump spring.security.version from 5.8.6 to 5.8.7
- Bump spring.boot.version from 2.7.15 to 2.7.16
- Bump spring.core.version from 5.3.29 to 5.3.30
- Bump reactor-core from 3.4.32 to 3.4.33
- Bump com.sap.cloud.environment.servicebinding 0.9.0 to 0.10.0
- Bump commons-io from 2.13.0 to 2.14.0