Releases: cloudfoundry/uaa-release
Updated to UAA Release 3.9.9
This release updates to UAA release 3.9.9
Updated to UAA Release 3.6.7
This release updates to UAA release 3.6.7
Updated to UAA Release 3.12.0 - Security Release (CVE-2017-4960)
This release updates to UAA release 3.12.0
This is a security release which addresses CVE-2017-4960: UAA OAuth DOS via lockout feature
This release re-introduces the JWT based Refresh Tokens. Refresh tokens are no longer opaque and revocable by default. This has been done to take care of the revocable_tokens table filling up with large deployments of UAA.
The format of the refresh token can now be set at an Identity Zone level via the API and can be boot strapped from the spec file for the default zone.
uaa.jwt.refresh.unique:
description: "If true, uaa will only issue one refresh token per client_id/user_id combination"
default: false
uaa.jwt.refresh.format:
description: "The format for the refresh token. Allowed values are `jwt`, `opaque`"
default: jwt
Updated to UAA Release 3.9.8 - Security Release (CVE-2017-4960)
This release updates to UAA release 3.9.8
This is a security release which addresses CVE-2017-4960: UAA OAuth DOS via lockout feature
Updated to UAA Release 3.11.0
Do-Not-Use
Updated to UAA Release 3.9.7
Do-Not-Use
Updated to UAA Release 3.9.6
Do-Not-Use
Updated to UAA release 3.9.5
This release updates to UAA release 3.9.5
Updated to UAA release 3.9.4
This release updates to UAA release 3.9.4
Updated to UAA release 3.6.6
This release updates to UAA release 3.6.6