74.4.0

bosh.io releases

BREAKING CHANGES

Session configuration options have been simplified.

• The uaa.servlet.session-cookie configuration now only supports the max-age property.
• The following configurations are no longer available: secure, http-only, name, comment, path, and domain.

FEATURES

Session management has been migrated to Spring Session. As a result, please consider the following changes before upgrading to this version:

• The uaa.servlet.session-store configuration is used to determine the backend where sessions will be stored.
• Valid configuration options are: memory and database.
  • Default Configuration: The memory option uses an in memory map structure on a per UAA basis. This is suitable for a single UAA or multiple UAAs if a session affinity strategy is employed at the routing layer. Sessions are destroyed if the UAA goes down for any reason. This is the same behavior the UAA had before this release.
  • The database option uses the configured database as a session store. This will allow horizontal scaling by externalizing the session, but will increase the volume of database reads/writes. Sessions will be maintained in the event of UAA downtime.

DEPENDENCY UPDATES

Bump spring-framework-bom from 5.1.9.RELEASE to 5.2.0.RELEASE