release: / 37

Github source: 0c84a0e4 or master branch

Updated to UAA release 4.2.0 - Known issue fixed with Create Account flow in UAA UI causing infinite redirects. - Known issue fixed with /check_token failing on GET request.

This is a security release addressing the following issues - CVE-2017-4992: Privilege escalation with user invitations (high severity)

Upload this release version to the Director:

$ bosh upload release

Modify deployment manifest to use this release in addition to any other used releases:

- {name: uaa, version: "37"}

Finally add needed deployment jobs and specify values for required properties.

Optionally download sha1: 139bc119db540e5d881b43a7d5de10cff184f5f7 release tarball locally:

# ...or download it directly using curl
$ curl -L -J -O

# or with wget...
$ wget --content-disposition