Skip to content

Version 2.14.2
Compare
Choose a tag to compare
@liga-oz liga-oz released this 28 Aug 06:48
· 58 commits to main-2.x since this release
2.14.2
6487392
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
  • [java-security]
    • Fixes NPE when accessing XsuaaToken.getPrincipal() and grantType is null (#1261)
  • [token-client]
    • fixes JWKs fetch from identity service issue when app_tid is not present in the token - the X-app_tid and X-client_id headers are only added when both values are available.
    • DefaultOAuth2TokenService
      • fixes issue when in case of unsuccessful token fetch OAuth2ServiceException.withHeaders() headers field were filled with only one entry containing all headers as a string
    • DefaultOAuth2TokenKeyService and SpringOAuth2TokenKeyService
      • improved error handling
        • OAuth2ServiceException that's thrown status code != 200 case doesn't get swallowed
        • fixes OAuth2ServiceException.withHeaders() semantically incorrect behavior when headers were filled with request headers instead of response headers
        • OAuth2ServiceException generated by unsuccessful JWKs fetch contains request headers as well
    • OAuth2ServiceException updated header message - contains now Response Headers instead of Headers

Dependency upgrades

  • Bump spring.security.version from 5.8.5 to 5.8.6
  • Bump spring.boot.version from 2.7.14 to 2.7.15
  • Bump reactor-core from 3.4.31 to 3.4.32
Assets 2
Loading