Skip to content


You can find the source of this version on GitHub at cloudfoundry/uaa-release. It was created based on the commit 0c84a0e4.

Release Notes

Updated to UAA release 4.2.0 - Known issue fixed with Create Account flow in UAA UI causing infinite redirects. - Known issue fixed with /check_token failing on GET request.

This is a security release addressing the following issues - CVE-2017-4992: Privilege escalation with user invitations (high severity)


You can reference this release in your deployment manifest from the releases section:

- name: "uaa"
  version: "37"
  url: ""
  sha1: "139bc119db540e5d881b43a7d5de10cff184f5f7"

Or upload it to your director with the upload-release command:

bosh upload-release --sha1 139bc119db540e5d881b43a7d5de10cff184f5f7 \