1.0.3

pcf-sec-eng-bot released this 05 Jul 23:29

6e6edea

Notices

The TLS CA of UAA must be provided in the manifest at authentication.uaa.ca_certs prior to deployment

Bug fix

Offline JWT token validation now verifies the issuer in addition to the signature (related to CVE-2017-8034). This fix was added defensively, but this should not impact the current use-case due to lack of multiple identity zones in the BOSH UAA instance.

Changes from v1.0.2

Assets 3