Skip to content

Releases: SAP/cloud-security-services-integration-library

3.6.0

09 Apr 12:17
@NiklasHerrmann21 NiklasHerrmann21
3.6.0
3eb34f1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
3.6.0 Latest
Latest
  • Retry support in JAVA Library
  • Reuse Version update from dep to toml
  • Auto-convert token claims to string
  • Fix error logging during token key retrieval
  • Fix null value (and key) support in configuration builder

Dependency upgrades

  • Remove no longer needed dependency overrides
  • Bump io.github.hakky54:logcaptor from 2.10.1 to 2.10.2
  • Bump uk.org.webcompere:system-stubs-jupiter from 2.1.7 to 2.1.8
  • Bump com.github.spotbugs:spotbugs-annotations from 4.9.2 to 4.9.3
  • Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.2.0 to 4.9.3.0
  • Bump org.eclipse.jetty.version from 12.0.17 to 12.0.18
  • Bump org.apache.httpcomponents.client5:httpclient5 from 5.4.2 to 5.4.3
  • Bump org.jacoco:jacoco-maven-plugin from 0.8.12 to 0.8.13
  • Bump org.mockito:mockito-core from 5.16.0 to 5.17.0
  • Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.2 to 3.5.3
  • Bump spring.boot.version from 3.4.3 to 3.4.4
  • Bump spring.core.version from 6.2.4 to 6.2.5
  • Bump spring.security.version from 6.4.3 to 6.4.4
Assets 2
Loading

3.5.9

17 Mar 10:41
@kuntzed kuntzed
3.5.9
787a461
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
3.5.9
  • [env] add domains to equals/hashcode of OAuth2ServiceConfigurationImpl

Dependency upgrades

  • Bump org.wiremock:wiremock-standalone from 3.9.2 to 3.12.1
  • Bump com.github.spotbugs:spotbugs-annotations from 4.9.0 to 4.9.2
  • Bump org.mockito:mockito-core from 5.15.2 to 5.16.0
  • Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.1.0 to 4.9.2.0
  • Bump io.projectreactor:reactor-core from 3.7.3 to 3.7.4
  • Bump io.projectreactor:reactor-test from 3.7.3 to 3.7.4
  • Bump org.eclipse.jetty.version from 12.0.16 to 12.0.17
  • Update spring dependencies:
    • spring boot to 3.4.3
    • spring core to 6.2.4
    • spring security to 6.4.3
  • Bump com.github.spotbugs:spotbugs-annotations from 4.8.6 to 4.9.0
  • Bump io.projectreactor:reactor-test from 3.7.2 to 3.7.3
  • Bump com.github.spotbugs:spotbugs-maven-plugin from 4.8.6.6 to 4.9.1.0
  • Bump io.projectreactor:reactor-core from 3.7.2 to 3.7.3
  • Bump com.nimbusds:nimbus-jose-jwt from 10.0.1 to 10.0.2
  • Bump slf4j.api.version from 2.0.16 to 2.0.17
Loading

3.5.8

03 Feb 15:22
@kuntzed kuntzed
3.5.8
31569aa
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
3.5.8

3.5.8

  • [spring-security] Fix error handling for reactive token validation

Dependency upgrades

  • Downgrade org.wiremock:wiremock-standalone from 3.10.0 to 3.9.2
  • Bump org.apache.httpcomponents.client5:httpclient5 from 5.4.1 to 5.4.2
  • Bump io.projectreactor:reactor-test from 3.7.1 to 3.7.2
  • Bump org.assertj:assertj-core from 3.27.2 to 3.27.3
  • Bump spring.boot.version from 3.4.1 to 3.4.2
  • Bump spring.core.version from 6.2.1 to 6.2.2
  • Bump io.projectreactor:reactor-core from 3.7.1 to 3.7.2
  • Bump org.mockito:mockito-core from 5.14.2 to 5.15.2
Loading

3.5.7

14 Jan 12:36
@kuntzed kuntzed
3.5.7
deeb786
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
3.5.7
  • [java-security] Fix parallel JWKS fetches

Dependency upgrades

  • Bump org.wiremock:wiremock-standalone from 3.9.2 to 3.10.0
  • Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.11.1 to 3.11.2
  • Bump org.eclipse.jetty.version from 12.0.13 to 12.0.16
  • Bump log4j2.version from 2.24.2 to 2.24.3
  • Bump spring.security.version from 6.4.1 to 6.4.2
  • Bump spring.boot.version from 3.4.0 to 3.4.1
  • Bump ch.qos.logback:logback-core from 1.4.14 to 1.5.13 in /token-client
  • Bump com.nimbusds:nimbus-jose-jwt from 9.47 to 10.0.1
  • Bump org.assertj:assertj-core from 3.26.3 to 3.27.2
  • Bump org.json:json from 20240303 to 20250107
  • Bump io.github.hakky54:logcaptor from 2.9.3 to 2.10.1
Loading

3.5.6

13 Dec 10:29
@kuntzed kuntzed
3.5.6
e3ad38a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
3.5.6
  • [java-security] Add support for Envoy XFCC header format

Dependency upgrades

  • Bump spring.core.version from 6.2.0 to 6.2.1
  • Bump io.projectreactor:reactor-core from 3.6.9 to 3.7.1
  • Bump io.projectreactor:reactor-test from 3.7.0 to 3.7.1
Loading

3.5.5

13 Dec 10:29
@kuntzed kuntzed
3.5.5
e3ad38a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
3.5.5
  • [token-client] Support CRLF line-endings in PEM formatted service keys

Dependency upgrades

  • Bump org.apache.httpcomponents.client5:httpclient5 from 5.3.1 to 5.4.1
  • Bump io.projectreactor:reactor-test from 3.6.9 to 3.7.0
  • Update spring versions
    • core to 6.2.0
    • boot to 3.4.0
    • security to 6.4.1
  • Bump org.wiremock:wiremock-standalone from 3.9.1 to 3.9.2
  • Bump uk.org.webcompere:system-stubs-jupiter from 2.1.6 to 2.1.7
  • Bump com.nimbusds:nimbus-jose-jwt from 9.40 to 9.47
  • Bump com.sap.cloud.environment.servicebinding:java-bom from 0.10.5 to 0.20.0
  • Bump log4j2.version from 2.24.1 to 2.24.2
  • Bump org.apache.maven.plugins:maven-pmd-plugin from 3.24.0 to 3.26.0
  • Bump org.apache.maven.plugins:maven-source-plugin from 3.2.1 to 3.3.1
  • Bump net.revelc.code:impsort-maven-plugin from 1.11.0 to 1.12.0
  • Bump org.owasp:dependency-check-maven from 10.0.3 to 11.1.0
  • Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.5 to 3.2.7
  • Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.8.0 to 3.11.1
  • Bump org.apache.maven.plugins:maven-surefire-plugin from 3.4.0 to 3.5.2
  • Bump com.github.spotbugs:spotbugs-maven-plugin from 4.8.6.2 to 4.8.6.6
  • Bump commons-io:commons-io from 2.16.1 to 2.18.0
Loading

3.5.4

06 Nov 09:30
@finkmanAtSap finkmanAtSap
3.5.4
16020e1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
3.5.4
  • [java-security] Reduce log level to debug for errors during certificate parsing
  • [samples] Cleanup and rework most sample applications

Dependency upgrades

  • Bump org.mockito:mockito-core from 5.12.0 to 5.14.2
  • Bump org.eclipse.jetty.version from 12.0.12 to 12.0.13
  • Bump log4j2.version from 2.23.1 to 2.24.1
  • Bump spring.security.version from 6.3.3 to 6.3.4
  • Bump spring.core.version from 6.1.12 to 6.1.14
  • Bump spring.boot.version from 3.3.2 to 3.3.3
Loading

Version 3.5.3

22 Aug 14:51
@finkmanAtSap finkmanAtSap
3.5.3
d14800c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 3.5.3
  • [java-security] Reenable sap-java-buildpack-api-usage sample using Tomcat 10

Dependency upgrades

  • Bump spring.security.version from 6.3.1 to 6.3.3
  • Bump io.projectreactor:reactor-core from 3.6.7 to 3.6.9
  • Bump slf4j.api.version from 2.0.13 to 2.0.16
  • Bump org.eclipse.jetty.version from 12.0.7 to 12.0.12
  • Bump spring.core.version from 6.1.10 to 6.1.12
  • Bump spring.boot.version from 3.3.1 to 3.3.2
  • Bump org.wiremock:wiremock-standalone from 3.7.0 to 3.9.1
Loading

Version 3.5.2

28 Jun 15:09
@liga-oz liga-oz
3.5.2
2902893
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 3.5.2
  • [spring-xsuaa] Remove new X5tCertificateThumbprintValidator from spring-xsuaa validators

Dependency upgrades

  • Bump spring.boot.version from 3.3.0 to 3.3.1
Loading

Version 3.5.1

20 Jun 13:14
@liga-oz liga-oz
3.5.1
629aef6
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 3.5.1
  • [java-security]
    • Improved JWK fetch error handling
  • [spring-security]
    • extended autoconfiguration for proof token check for all JwtDecoders
    • Improved JWK fetch error handling/logging. In case of unsuccessful response from JWK server the error will be mapped
      to 5XX status code

Dependency upgrades

  • Bump spring.core.version from 6.1.7 to 6.1.10
  • Bump spring.boot.version from 3.2.5 to 3.3.0
  • Bump spring.security.version from 6.3.0 to 6.3.1
  • bump caffeine version to 3.1.8
  • Bump jakarta.servlet:jakarta.servlet-api from 6.0.0 to 6.1.0
  • Bump io.projectreactor:reactor-core from 3.6.6 to 3.6.7
  • Bump com.nimbusds:nimbus-jose-jwt from 9.39.1 to 9.40
Loading