Skip to content


You can find the source of this version on GitHub at cloudfoundry/uaa-release. It was created based on the commit 5d5ec013.

Release Notes

This release updates to UAA release 3.9.8

This is a security release which addresses CVE-2017-4960: UAA OAuth DOS via lockout feature


You can reference this release in your deployment manifest from the releases section:

- name: "uaa"
  version: "24.5"
  url: ""
  sha1: "eda4c040c2271ac78262eb8677aa684206deeec5"

Or upload it to your director with the upload-release command:

bosh upload-release --sha1 eda4c040c2271ac78262eb8677aa684206deeec5 \