Skip to content


You can find the source of this version on GitHub at cloudfoundry/uaa-release. It was created based on the commit 827e0ba7.

Release Notes

Updated to UAA Release 3.9.3


This release has a known issue that login.saml.serviceProviderKeyPassword need to be set to “” explicitly if the login.saml.serviceProviderKey is not passphrase protected. This will be addressed in the next release.

description: "Password to protect the service provider private key."

Please use this security release to patch the following CVEs

Other Security Updates

Restrict to TLS v1.2 with the following ciphers: - TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384


You can reference this release in your deployment manifest from the releases section:

- name: "uaa"
  version: "24"
  url: ""
  sha1: "d0feb5494153217f3d62b346f426ad2b2f43511a"

Or upload it to your director with the upload-release command:

bosh upload-release --sha1 d0feb5494153217f3d62b346f426ad2b2f43511a \