v74.14.0 - UAA Release v74.14.0

cf-identity released this 13 Feb 23:47

· 2736 commits to develop since this release

d896a13

bosh.io releases

SECURITY

Switched from /dev/random to /dev/urandom as a source of cryptographic randomness

General improvements to UAA to better conform to OAuth recommendations regarding state parameter management, including:

UAA now uses a more secure random number generator for state parameters.
UAA now persists the state parameter and validates its value throughout the request.

DEPENDENCY UPDATES

Bump spring-framework-bom from 5.2.2.RELEASE to 5.2.3.RELEASE.
Bump spring-boot from 2.2.2.RELEASE to 2.2.4.RELEASE
Bump UAA's OpenJDK to 11.0.6

Assets 2