Skip to content

Version 2.17.2

Choose a tag to compare

View all tags
@liga-oz liga-oz released this 05 Dec 12:25
· 23 commits to main-2.x since this release
2.17.2
2231b76
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

✅ Resolves a Breaking Change introduced in version 2.17.0. Consumers should be able to update to 2.17.2 from a version <= 2.16.0 without having to adjust test credentials used in their unit tests when using java-security-test or spring-xsuaa-mock.

In version 2.17.2, when java-security-test or spring-xsuaa-mock are loaded (which should only occur during testing), credentials with localhost as the uaadomain (XSUAA) or trusted domains (IAS) can be used to validate tokens that include a port for localhost in their jku (XSUAA) or issuer (IAS). It's important to note that token validation is less strict in this case and may accept certain edge cases of malicious tokens that would not be accepted in a production environment.

Dependency upgrades

  • Bump logback-core, logback-classic from 1.2.12 to 1.2.13
Assets 2
Loading