Releases: micronaut-projects/micronaut-security
Releases · micronaut-projects/micronaut-security
Micronaut Security 2.3.3
fix: use a Memoized supplier for DefaultTokenClient (#631)
v2.3.3 (2021-04-22)
Fixed bugs:
- StackOverflowError When Eureka and OAuth2/OpenID Configured in Same App #623
* This Changelog was automatically generated by github_changelog_generator
Micronaut Security 2.4.1
- bump up Nimbus JOSE JWT from 9.8 to 9.8.1
- Refactor and improve documentation about SensitiveEndpointRule
v2.4.1 (2021-04-12)
Closed issues:
- Security endpoints sentitive by roles #606
Merged pull requests:
- Update actions/setup-java to v2 #622 (@micronaut-build)
- docs: improve documentation about SensitiveEndpointRule replacement #619 (@sdelamo)
- build: bump up Nimbus JOSE JWT from 9.8 to 9.8.1 #618 (@micronaut-build)
- ci: GitHub action files #615 (@micronaut-build)
* This Changelog was automatically generated by github_changelog_generator
- docs: improve documentation about SensitiveEndpointRule replacement (#619)
Micronaut Security 2.4.0
Micronaut Security 2.3.2
v2.3.2 (2021-03-29)
Fixed bugs:
Closed issues:
* This Changelog was automatically generated by github_changelog_generator
- feat: add unauthorized_scope_error and user_cancelled_authorize error codes (#611)
Micronaut Security 2.3.1
v2.3.1 (2021-03-12)
- GraalVM reflect-config.json for LDAP
- Refactor IDTokenClaimsValidator
- Docs and Javadoc improvements
- Bump up Gradle to 6.8.3
- Bumps nimbus-jose-jwt from 9.4.1 to 9.4.2. Changelog. Commits
Fixed bugs:
- GraalVM and Micronaut Security LDAP not working #591
Closed issues:
Merged pull requests:
- refactor: instantiate map only if log level debug #590 (@sdelamo)
- build: bump velocity-engine-core from 2.2 to 2.3 #588 (@dependabot[bot])
- ci: version to 2.4.0-SNAPSHOT #587 (@sdelamo)
- test: add spock IGlobalExtension #586 (@sdelamo)
- build: bump micronaut-gradle-plugins from 3.0.1 to 3.0.3 #584 (@dependabot[bot])
- build: bump nimbus-jose-jwt from 9.4.2 to 9.7 #583 (@dependabot[bot])
- build: bump org.jetbrains.kotlin.jvm from 1.4.30 to 1.4.31 #582 (@dependabot[bot])
- [security] Update common files for branch master #580 (@micronaut-build)
- [security] Update common files for branch master #578 (@micronaut-build)
- [security] Update common files for branch master #576 (@micronaut-build)
- Use new Gradle build plugins #575 (@ilopmar)
- [security] Update common files for branch master #573 (@micronaut-build)
- build: bump testcontainers from 1.15.1 to 1.15.2 #571 (@dependabot[bot])
- ci: updates actions & Gradle 6.8.2 #567 (@micronaut-build)
- build: bump kotlin-stdlib-jdk8 from 1.4.21-2 to 1.4.30 #566 (@dependabot[bot])
- build: bump org.jetbrains.kotlin.jvm from 1.4.21-2 to 1.4.30 #565 (@dependabot[bot])
- build: ump up kotlin-stdlib-jdk8 to 1.4.31 #560 (@micronaut-build)
- refactor: IdTokenClaimsValidator #557 (@sdelamo)
- javadoc: default scopes in configuration reference #556 (@sdelamo)
- build: create-pull-request v3.8.0 & gradle 6.8.1 #555 (@micronaut-build)
- build: bump nimbus-jose-jwt from 9.4.1 to 9.4.2 #554 (@dependabot[bot])
- build: bump peter-evans/create-pull-request from v3.6.0 to v3.8.0 #553 (@dependabot[bot])
- build: bump up nimbus jose to 9.4.2 #552 (@micronaut-build)
- docs: security->oauth2->client_cerdentials: fix typo in secret, optimize params #551 (@jaecktec)
* This Changelog was automatically generated by github_changelog_generator
Micronaut Security 2.3.0
- Upgrades Nimbus JOSE JWT dependency from 9.1.3 to 9.4.1
- Improvements to documentation of Client Credentials.
- build: bump nimbus-jose-jwt from 9.1.3 to 9.2 (#502)
Micronaut Security 2.2.2
Micronaut Security 2.2.1
📃 Docs
- Small documentation improvements, set maven group to
io.micronaut.securityin docs and javadoc changes.
👩🏻💻Refactors and Bugs 🐛
- Protect against NPE in AttributeConvertibleValues
- Small refactors no need to create a userdetails
- Fix ConcurrentModificationException Issue #500
⚙️Dependency Upgrades
Update nimbus from 9.1.2 to 9.1.3
Bumps nimbus-jose-jwt from 9.1.2 to 9.1.3.
Micronaut Security 2.2.0
💡Features and Improvements
- Support for Client credentials Grant.
- For users using
idtokenauthentication mode, we validate the following claims as described in the ID Token Validation documentation:
- The Issuer Identifier for the OpenID Provider (which is typically obtained during Discovery) MUST exactly match the value of the iss (issuer) Claim.
- The Client MUST validate that the aud (audience) Claim contains its client_id value registered at the Issuer identified by the iss (issuer) Claim as an audience. The aud (audience) Claim MAY contain an array with more than one element.
- If the ID Token contains multiple audiences, the Client SHOULD verify that an azp Claim is present.
- If an azp (authorized party) Claim is present, the Client SHOULD verify that its client_id is the Claim Value.
📑Documentation
- Clarify JWT Signature verification/generation
⚙️Dependency Upgrades
- Built with Micronaut 2.1.4
Bumps nimbus-jose-jwt from 9.0.1 to 9.1.2. Nimbus Changelog, Nimbus Commits
Micronaut Security 2.1.4
v2.1.4 (2020-11-12)
Fixed bugs:
- micronaut-bom 2.0.1 (in micronaut-security) requires a non-existent version of ktor-bom (1.3.2) #422
Merged pull requests:
- [security] Update common files for branch 2.1.x #449 (@micronaut-build)
- Fix checkstyle #447 (@ilopmar)
- [security] Update common files for branch 2.1.x #446 (@micronaut-build)
* This Changelog was automatically generated by github_changelog_generator