3.6.5

Dependency upgrades

• Bump org.sonatype.central:central-publishing-maven-plugin (#1867)
• Bump io.projectreactor:reactor-test from 3.7.9 to 3.7.11 (#1868)
• Remove version pinning for nimbus-jose-jwt
• Update jetty dependency to 12.0.27 (#1865)
• Bump reactor.version from 3.7.9 to 3.7.11 (#1849)
• Bump org.mockito:mockito-core from 5.19.0 to 5.20.0 (#1860)
• Bump log4j2.version from 2.25.1 to 2.25.2 (#1861)
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.11.3 to 3.12.0 (#1862)
• Bump org.assertj:assertj-core from 3.27.4 to 3.27.6 (#1864)
• Bump spring.boot.version from 3.5.5 to 3.5.6 (#1863)
• Bump org.apache.httpcomponents.client5:httpclient5 from 5.5 to 5.5.1 (#1859)
• Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.3 to 3.5.4 (#1852)
• Bump io.github.hakky54:logcaptor from 2.12.0 to 2.12.1 (#1853)
• Bump spring.core.version from 6.2.10 to 6.2.11 (#1850)
• Bump spring.security.version from 6.5.3 to 6.5.5 (#1855)
• Bump spring.security.oauth2.version from 6.5.3 to 6.5.5 (#1856)
• Bump com.github.spotbugs:spotbugs-annotations from 4.9.4 to 4.9.6 (#1857)
• Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.4.2 to 4.9.6.0 (#1858)

3.6.4

Dependency upgrades

• Override nimbus dependency (#1845)
• Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.4.1 to 4.9.4.2 (#1844)
• Bump io.projectreactor:reactor-test from 3.7.7 to 3.7.9 (#1843)
• Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.3.2 to 4.9.4.1 (#1842)
• Bump spring.boot.version from 3.5.4 to 3.5.5 (#1840)
• Bump spring.security.oauth2.version from 6.5.2 to 6.5.3 (#1839)
• Bump spring.security.version from 6.5.2 to 6.5.3 (#1837)
• Bump org.mockito:mockito-core from 5.18.0 to 5.19.0 (#1836)
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.11.2 to 3.11.3 (#1835)
• Bump spring.core.version from 6.2.9 to 6.2.10 (#1834)
• Bump reactor.version from 3.7.8 to 3.7.9 (#1832)

3.6.3

• Updated license informations in POM files back to original value

Dependency upgrades

• Bump com.github.spotbugs:spotbugs-annotations from 4.9.3 to 4.9.4
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4

3.6.2

• Improve logging before token key retrieval fallback
• remove repository config for old sonatype plugin
• added version references to POMs and other minor informations
• Update README.md for using correct path to SpringTokenClientConfigura…
• Maven central preparation

Dependency upgrades

• Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.3.1 to 4.9.3.2
• Bump io.github.hakky54:logcaptor from 2.11.0 to 2.12.0
• Bump org.eclipse.jetty.version from 12.0.22 to 12.0.24
• Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.7 to 3.2.8
• Bump log4j2.version from 2.25.0 to 2.25.1
• Bump commons-io:commons-io from 2.19.0 to 2.20.0
• Bump reactor.version from 3.7.7 to 3.7.8
• Bump spring.core.version from 6.2.8 to 6.2.9
• Bump spring.security.version from 6.5.1 to 6.5.2
• Bump spring.boot.version from 3.5.3 to 3.5.4
• Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.3.0 to 4.9.3.1
• Bump org.apache.maven.plugins:maven-pmd-plugin from 3.26.0 to 3.27.0
• Bump spring.security.version from 6.5.0 to 6.5.1
• Bump spring.boot.version from 3.5.0 to 3.5.3

3.6.1

• Fix spring retry configuration for token service
• added documentation of retry feature to README
• Improve error message when client certificate for proof token validation is missing

Dependency upgrades

• Bump org.eclipse.jetty.version from 12.0.21 to 12.0.22
• bump caffeine version to 3.2.0
• Bump org.mockito:mockito-core from 5.17.0 to 5.18.0
• Bump org.apache.httpcomponents.client5:httpclient5 from 5.4.4 to 5.5
• Bump com.sap.cloud.environment.servicebinding:java-bom
• Bump org.json:json from 20250107 to 20250517
• Bump commons-io:commons-io from 2.18.0 to 2.19.0
• Bump spring.core.version from 6.2.5 to 6.2.7
• Bump io.github.hakky54:logcaptor from 2.10.2 to 2.11.0
• Bump spring.security.version from 6.4.4 to 6.4.5
• Bump org.apache.httpcomponents.client5:httpclient5 from 5.4.3 to 5.4.4
• Bump spring.boot.version from 3.4.4 to 3.4.5
• Bump org.wiremock:wiremock-standalone from 3.12.1 to 3.13.0
• Bump org.eclipse.jetty.version from 12.0.19 to 12.0.21
• Bump io.projectreactor:reactor-test from 3.7.4 to 3.7.6
• Bump io.projectreactor:reactor-core from 3.7.4 to 3.7.6

3.6.0

• Retry support in JAVA Library
• Reuse Version update from dep to toml
• Auto-convert token claims to string
• Fix error logging during token key retrieval
• Fix null value (and key) support in configuration builder

Dependency upgrades

• Remove no longer needed dependency overrides
• Bump io.github.hakky54:logcaptor from 2.10.1 to 2.10.2
• Bump uk.org.webcompere:system-stubs-jupiter from 2.1.7 to 2.1.8
• Bump com.github.spotbugs:spotbugs-annotations from 4.9.2 to 4.9.3
• Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.2.0 to 4.9.3.0
• Bump org.eclipse.jetty.version from 12.0.17 to 12.0.18
• Bump org.apache.httpcomponents.client5:httpclient5 from 5.4.2 to 5.4.3
• Bump org.jacoco:jacoco-maven-plugin from 0.8.12 to 0.8.13
• Bump org.mockito:mockito-core from 5.16.0 to 5.17.0
• Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.2 to 3.5.3
• Bump spring.boot.version from 3.4.3 to 3.4.4
• Bump spring.core.version from 6.2.4 to 6.2.5
• Bump spring.security.version from 6.4.3 to 6.4.4

3.5.9

• [env] add domains to equals/hashcode of OAuth2ServiceConfigurationImpl

Dependency upgrades

• Bump org.wiremock:wiremock-standalone from 3.9.2 to 3.12.1
• Bump com.github.spotbugs:spotbugs-annotations from 4.9.0 to 4.9.2
• Bump org.mockito:mockito-core from 5.15.2 to 5.16.0
• Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.1.0 to 4.9.2.0
• Bump io.projectreactor:reactor-core from 3.7.3 to 3.7.4
• Bump io.projectreactor:reactor-test from 3.7.3 to 3.7.4
• Bump org.eclipse.jetty.version from 12.0.16 to 12.0.17
• Update spring dependencies:
  • spring boot to 3.4.3
  • spring core to 6.2.4
  • spring security to 6.4.3
• Bump com.github.spotbugs:spotbugs-annotations from 4.8.6 to 4.9.0
• Bump io.projectreactor:reactor-test from 3.7.2 to 3.7.3
• Bump com.github.spotbugs:spotbugs-maven-plugin from 4.8.6.6 to 4.9.1.0
• Bump io.projectreactor:reactor-core from 3.7.2 to 3.7.3
• Bump com.nimbusds:nimbus-jose-jwt from 10.0.1 to 10.0.2
• Bump slf4j.api.version from 2.0.16 to 2.0.17

3.5.8

3.5.8

• [spring-security] Fix error handling for reactive token validation

Dependency upgrades

• Downgrade org.wiremock:wiremock-standalone from 3.10.0 to 3.9.2
• Bump org.apache.httpcomponents.client5:httpclient5 from 5.4.1 to 5.4.2
• Bump io.projectreactor:reactor-test from 3.7.1 to 3.7.2
• Bump org.assertj:assertj-core from 3.27.2 to 3.27.3
• Bump spring.boot.version from 3.4.1 to 3.4.2
• Bump spring.core.version from 6.2.1 to 6.2.2
• Bump io.projectreactor:reactor-core from 3.7.1 to 3.7.2
• Bump org.mockito:mockito-core from 5.14.2 to 5.15.2

3.5.7

• [java-security] Fix parallel JWKS fetches

Dependency upgrades

• Bump org.wiremock:wiremock-standalone from 3.9.2 to 3.10.0
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.11.1 to 3.11.2
• Bump org.eclipse.jetty.version from 12.0.13 to 12.0.16
• Bump log4j2.version from 2.24.2 to 2.24.3
• Bump spring.security.version from 6.4.1 to 6.4.2
• Bump spring.boot.version from 3.4.0 to 3.4.1
• Bump ch.qos.logback:logback-core from 1.4.14 to 1.5.13 in /token-client
• Bump com.nimbusds:nimbus-jose-jwt from 9.47 to 10.0.1
• Bump org.assertj:assertj-core from 3.26.3 to 3.27.2
• Bump org.json:json from 20240303 to 20250107
• Bump io.github.hakky54:logcaptor from 2.9.3 to 2.10.1

3.5.6

• [java-security] Add support for Envoy XFCC header format

Dependency upgrades

• Bump spring.core.version from 6.2.0 to 6.2.1
• Bump io.projectreactor:reactor-core from 3.6.9 to 3.7.1
• Bump io.projectreactor:reactor-test from 3.7.0 to 3.7.1