release-notes-15-to-29
5.28.0 - April 14, 2026
🔧 Compatibility Notes
- [OpenAPI Apache Generator] Remove no args constructor in generated API clients.
✨ New Functionality
- Added support for SAP Cloud Identity Services (SCI)
sap_id_typeandsubclaims in OIDC principal extraction. Whensap_id_type=user, thesubclaim is now used as the Subject Name Identifier (User ID, Email, or Custom Attribute as configured in SCI).
📈 Improvements
- Improved the support for the credential type
X509_ATTESTED.HttpDestinationobjects created viaServiceBindingDestinationLoaderno longer need to be re-created for the rotation of certificates to take effect.
🐛 Fixed Issues
- Fixed stateful OData request path construction caused by shared
ODataResourcePathinstances being mutated when building count, read-by-key, and function requests. ODataRequestRead,ODataRequestCount,ODataRequesReadByKey,ODataRequestFunctionandServiceWithNavigableEntitiesImplnow create a defensive copy of theODataResourcePathto prevent unintended side effects from shared mutable state.
5.27.0 - March 13, 2026
🔧 Compatibility Notes
- [Connectivity Destination Service] Migrated to Apache Httpclient 5.
- The replacement for
HttpClientAccessorisApacheHttpClient5Accessor
- The replacement for
- New minimum version required for
com.sap.cloud.security:3.6.0
✨ New Functionality
- [OpenAPI] SAP Cloud SDK OpenAPI Generator now supports
apache-httpclientlibrary besides Spring RestTemplate through the newly introduced moduleopenapi-core-apache. - [IAS] Add
IasOptions.withTokenFormat()to allow specifying token format
🐛 Fixed Issues
- [OData v4] Binary deserialization can now handle both
Base64URLandBase64.
5.26.0 - January 23, 2026
🔧 Compatibility Notes
- We noticed an implicit behavior change for updated Apache HttpClient from
5.5.1to5.6. TLS/SSL connections are now checked for hostname verification on behalf of the provided server certificate. Even with enabled trust-all-certificates flag, connections to servers with mismatching hostnames will be rejected.
✨ New Functionality
DestinationService.tryGetDestinationnow checks if the given destination exists before trying to call it directly. This behaviour is enabled by default and can be disabled viaDestinationService.Cache.disablePreLookupCheck.- Temporary: Use
emailas fallback principal id whenuser_uuidis missing. Will switch to usingsubonce IAS exposesidtype(tracked in SCICAI-1323).
🐛 Fixed Issues
- Fixed IAS OAuth2 token requests to use correct
refresh_expiry=0parameter instead ofrefresh_token=0to disable refresh token issuance in certain cases.
5.25.0 - December 22, 2025
🚧 Known Issues
🔧 Compatibility Notes
✨ New Functionality
- Added native DestinationLoader implementation through the
TransparentProxyclass. This enables seamless destination retrieval viatryGetDestinationand provides full SAP Cloud SDK integration for applications running in Kubernetes environments where Transparent Proxy is available.
📈 Improvements
🐛 Fixed Issues
- Fix unintended modification of
serviceNameMappings.propertiesduring OData service regeneration altering stored mappings. Additionally, service name cleanup is now case-insensitive for consistency. Please make sure, aserviceNameMappings.propertiesfile is present to avoid breaking changes to your generated code.
5.24.0 - October 30, 2025
✨ New Functionality
- Add support for using the Zero Trust Identity Service (ZTIS) on Kyma by detecting the well-known environment variable
SPIFFE_ENDPOINT_SOCKET. - Add support for explicitly passing the
clientidof the target system when using the IAS App2App authentication flow. Use the new methodswithProviderClient(clientid)andwithProviderClient(clientid, apptid)underBtpServiceOptions.IasOptions.
📈 Improvements
- When the circuit breaker opens, the resulting
ResilienceRuntimeExceptionwill have the originalCallNotPermittedExceptionfrom the circuit breaker stored as a suppressed exception.
5.23.0 - October 08, 2025
🔧 Compatibility Notes
- The builder methods for
TransparentProxyDestinationhave been renamed:staticDestination()todestination()dynamicDestination()togateway()
📈 Improvements
- Circuit breaker exceptions
CallNotPermittedExceptionhave been replaced in favor of the previously thrown exception to provide more context on the failure.
5.22.0 - August 29, 2025
✨ New Functionality
- Add built-in support for the Transparent Proxy via a new
TransparentProxyDestination. For more information, refer to the documentation. - Add experimental support for cross-level destination consumption via a new
CrossLevelScopesetting underDestinationServiceOptionsAugmenter. - Add experimental support for setting custom headers in requests to the destination service via the new
DestinationServiceOptionsAugmenter#customHeaders.
🐛 Fixed Issues
- [OpenAPI] Fix code generator for transitive dependency version inconsistencies for Jackson.
- [ODatav4] Fix incorrect HTTP header name when sending entity version identifier in bound-action requests.
- [ODatav4] Fix an issue when generating clients.
- Property names:
value,itemandpropertiesare now allowed.
- Property names:
5.21.0 - August 01, 2025
✨ New Functionality
- Add
TokenCacheParameterstoOAuth2Optionsto configurate token cache duration, expiration delta and cache size.
📈 Improvements
- Relax OAuth2 token cache duration to 1hr to avoid unnecessary token refreshes.
- Disable refresh tokens when obtaining user tokens from IAS. This acts as a workaround for a limitation of IAS, where obtaining a refresh token invalidates the original token.
🐛 Fixed Issues
- OData v2 and OData v4: Fix eager HTTP response evaluation for Create, Update, and Delete request builders in convenience APIs.
Previous change of
5.20.0may have resulted in the HTTP connection being left open after the request was executed. - Generic OData Client: Revert behavior change introduced in
5.20.0that let to HTTP responses not being consumed by default. If you want to usedisableBufferingHttpResponse()onODataRequestReadorODataRequestReadByKeyplease switch towithoutResponseBuffering()instead.
🐛 Known Issues
- Using the
openapi-generator-pluginin combination with a Swagger v2 specification file will likely lead to dependency convergence issue. If you have aMethodNotFoundExceptionplease use5.20.0or5.22.0(or later).
5.20.0 - June 20, 2025
🐛 Fixed Issues
- Fix
CVE-2025-48734by transitive dependency update inconnectivity-ztis. - For OData Generic Client: Fix
disableBufferingHttpResponse()inODataRequestResultGeneric.
🐛 Known Issues
-
For OData clients: This release changed the default HTTP response lifecycle for OData request-execution results.
Until
5.19.0the underlying OData Generic Client was "eagerly" consuming the HTTP response. With5.20.0it changed to "lazily" consuming the HTTP response while buffering the content. While this is considered a fix and acceptable change for the expert OData Generic Client, we unintentionally changed the behavior in the convenience classes for OData v2 and OData v4 as well. This behavior change in convenience API will be reverted with next5.21.0.Affected users may observe the following exception message due to HTTP responses not being consumed and HTTP connections not being closed automatically:
ConnectionPoolTimeoutException: Timeout waiting for connection from poolPlease use
5.19.0until this is fixed in5.21.0.
5.19.0 - May 26, 2025
📈 Improvements
- Improve the detection and masking of secrets when logging data to debug.
🐛 Fixed Issues
- Fix OData v2 error: Disable Validation in the absence of DOCTYPE
- Fix OData v2/v4 error: Navigating
nextLinkin paginated result-set no longer results in duplicate query parameters.
5.18.0 - April 16, 2025
🔧 Compatibility Notes
- Changed a behavior details when obtaining tokens from IAS with the default strategy
CURRENT_TENANT. In case the current tenant is the provider tenant, andTenantAccessor.getCurrentTenant()is returning aTenantobject, this object is now required to have a subdomain != null.
🐛 Fixed Issues
- OpenAPI: When
apiMaturityis set tobeta, generated enums will now be@Betaannotated.
5.17.0 - February 20, 2025
🔧 Compatibility Notes
- Changes regarding the TLS
Upgradeheader thanks to Apache httpclient5 5.4.2TlsUpgrade.DISABLEDno changesTlsUpgrade.ENABLEDwill not send theUpgradeheader for non-proxy connections anymoreTlsUpgrade.AUTOMATICDefault behaviour will not send theUpgradeheader anymore- Except for
proxyType(ProxyType.INTERNET)
- Except for
✨ New Functionality
- OpenAPI: Add
toMap()and deprecategetCustomField(String)on generated model classes.
5.16.0 - January 29, 2025
✨ New Functionality
- Add experimental support for updating nested fields in OData v2 complex types via PATCH requests
- Use optional argument
FluentHelperUpdate#modifyingEntity( ModifyPatchStrategy )to control updates with delta or full complex property payloads.
- Use optional argument
📈 Improvements
- Improve the OData v4 class
BatchRequestBuilderto now also implement theModificationRequestBuilderinterface.
🐛 Fixed Issues
- Fix non-compilable code using OpenAPI generator with schema definitions having
additionalProperties: true. Previously they would result in model classes extendingHashMap, which disabled proper deserialization and serialization.
5.15.0 - December 19, 2024
✨ New Functionality
- Add support for
TypeDefinitionentries in OData V4 EDMX files. - Add
generateApisandgenerateModelsoptions to theopenapi-generator-maven-pluginto disable the generation of APIs and models respectively.
📈 Improvements
- Stabilize most of the remaining experimental APIs without changes, e.g.
- RequestHeaderAccessor
- ServiceBindingDestinationLoader
- OData v2 and v4 generators now use
LinkedHashMapfor the properties of the generated classes to maintain the order of the properties.
🐛 Fixed Issues
- Fix ApacheHttpClient5Wrapper to propagate the configuration to Spring RestTemplate.
- Fix OData v2 and v4 generators to work when property name is
valueorvaluesand is of collection type.- The internal variable is now respectively
cloudSdkValueorcloudSdkValuesto avoid conflicts with thevalueorvaluesproperty.
- The internal variable is now respectively