Skip to main content

Release Notes

maven central

Should I update?

We highly recommend regularly updating to the latest SAP Cloud SDK version. It will help you:

  • Ensure access to the latest SAP Cloud SDK features
  • Keep up with the latest changes in SAP Cloud Platform
  • Update client libraries giving access to latest SAP services on SAP Cloud Platform and SAP S/4HANA
  • Protect yourself from bugs and breaking changes in the future

The SAP Cloud SDK v3 for Java is Deprecated

Update to the SAP Cloud SDK v4

Version 3.x of the SAP Cloud SDK for Java has reached its end of life. As a consequence, there won't be any updates to the SAP Cloud SDK version 3 - not even security fixes. To continue using the latest features outlined in the release notes below, please update to the SAP Cloud SDK v4.

4.31.0 - April 23, 2024

Improvements

  • Dependency Updates:
    • SAP dependency updates:
    • Other dependency updates:
      • Minor version updates:
        • Update Spring Framework (org.springframework:spring-framework-bom) from 5.3.32 to 5.3.34

4.30.0 - February 29, 2024

Improvements

4.29.0 - January 22nd, 2024

Improvements

4.28.0 - December 5th, 2023

Compatibility Notes

  • AuditLogFacade implementation ScpCfAuditLogFacade will no longer throw an exception of legacy type DependencyNotFoundException but of type IllegalStateException, in case classes are missing at runtime. The exception message details remain untouched.

New Functionality

  • The Auditlog convenience API is now compatible for both JavaEE and JakartaEE. AccessRequester can now be used like the following:


    // for jakarta (new API)
    AccessRequester.ofJakarta(...);

    // for javax (existing API)
    AccessRequester.of(...);

    // for both (existing API)
    AccessRequester.ofCurrentRequest();

    Note: The SAP Java Buildpack may not provide a JakartaEE compatible implementation yet.

Improvements

  • Dependency Updates:
    • SAP dependency updates:
    • Other dependency updates:
      • Minor version updates:
        • Update Jackson (com.fasterxml.jackson.core:jackson-databind) from 2.15.3 to 2.16.0
        • Update org.apache.httpcomponents.client5 from 5.2.1 to 5.2.2
        • Update org.apache.httpcomponents.core5 from 5.2.1 to 5.2.2
        • Update org.apache.commons:commons-lang3 from 3.13.0 to 3.14.0

4.27.0 - November 13, 2023

Compatibility Notes

  • Following classes have been deprecated and will be removed from the next major version (V5) of the SAP Cloud SDK:

    • com.sap.cloud.sdk.cloudplatform.CloudPlatform
    • com.sap.cloud.sdk.cloudplatform.CloudPlatformFacade
    • com.sap.cloud.sdk.cloudplatform.CloudPlatformAccessor
    • com.sap.cloud.sdk.cloudplatform.ScpCfCloudPlatform
    • com.sap.cloud.sdk.cloudplatform.ScpCfCloudPlatformFacade
    • com.sap.cloud.sdk.cloudplatform.connectivity.AccessToken
    • com.sap.cloud.sdk.cloudplatform.connectivity.ScpCfDestinationServiceResponseProvider
    • com.sap.cloud.sdk.cloudplatform.WithRuntimeDependencies
    • com.sap.cloud.sdk.cloudplatform.exception.ConstraintViolationException
    • com.sap.cloud.sdk.cloudplatform.exception.DependencyNotFoundException
    • com.sap.cloud.sdk.cloudplatform.exception.EntityAlreadyExistsException
    • com.sap.cloud.sdk.cloudplatform.exception.EntityNotFoundException
    • com.sap.cloud.sdk.cloudplatform.exception.StringParsingException
    • com.sap.cloud.sdk.cloudplatform.exception.UnsupportedCloudFeatureException
    • com.sap.cloud.sdk.cloudplatform.security.principal.exception.PrincipalAttributeException
    • com.sap.cloud.sdk.cloudplatform.security.secret.SecretStore
    • com.sap.cloud.sdk.cloudplatform.security.secret.ScpCfSecretStore
    • com.sap.cloud.sdk.cloudplatform.security.secret.SecretStoreFacade
    • com.sap.cloud.sdk.cloudplatform.security.secret.ScpCfSecretStoreFacade
    • com.sap.cloud.sdk.cloudplatform.security.secret.SecretStoreAccessor
    • com.sap.cloud.sdk.cloudplatform.security.secret.exception.KeyStoreAccessException
    • com.sap.cloud.sdk.cloudplatform.security.secret.exception.SecretStoreAccessException
    • com.sap.cloud.sdk.testutil.ThreadContextInvocationInterceptor
    • com.sap.cloud.sdk.testutil.ThrowableAssertionUtil

    Most of the contained functionality has already been migrated to other places. Accessing service bindings, for example, can now be done in a uniform and standardized way using the Service Binding Library.

Improvements

Fixed Issues

  • Fix an issue where silently no resilience would be applied if more than one ResiliencecDecorationStrategy implementation is on the classpath. Such a scenario will now produce a log message on WARN level. In addition to the log message, using any resilience pattern will lead to an ResilienceRuntimeException being thrown. The exception can be avoided by explicitly setting the correct ResilienceDecorationStrategy via the ResilienceDecorator.setDecorationStrategy(ResilienceDecorationStrategy) method (for example, at application start up).
  • Fix an issue with OData clients (Generic OData Client, OData v2 FluentHelpers, OData v4 RequestBuilders) repeatedly attaching duplicate Accept headers for every paginated request.
  • ODataRequestResultMultipartGeneric.getResult() now throws ODataResponseException instead of IndexOutOfBoundsException when a different number of batch request items are returned by the OData server than what was executed. This may occur, depending on OData server configurations, when a read operation fails and subsequent request items are no longer executed as a result.

4.26.0 - October 27, 2023

Improvements

4.25.0 - October 13, 2023

Improvements

4.24.0 - September 28, 2023

Compatibility Notes

  • The following classes have been deprecated:
    • In module security (package com.sap.cloud.sdk.cloudplatform.security)
      • No plans for removal due to compatibility reasons. It is, however, still recommended to move away from their use:
        • Audience
        • Authorization
        • Role
        • RolesAllowed
        • Scope
        • TenantSpecificAuthorization
        • UserSpecificAuthorization
    • In module security (package com.sap.cloud.sdk.cloudplatform.security.principal)
      • No plans for removal due to compatibility reasons. It is, however, still recommended to move away from their use:
        • PrincipalAttribute
        • CollectionPrincipalAttribute
        • SimplePrincipalAttribute
        • StringCollectionPrincipalAttribute
        • StringPrincipalAttribute
      • Will be removed without replacement
        • AudienceAuthorizationUtil
    • In module security-scp-cf (package com.sap.cloud.sdk.cloudplatform.security.principal)
      • Will be removed without replacement:
        • LocalScopePrefixProvider
        • DefaultLocalScopePrefixProvider
        • LocalScopePrefixExtractor
      • Please use related Default classes:
        • DefaultPrincipal
        • DefaultPrincipalFacade

Improvements

  • Dependency Updates:
    • SAP dependency updates:
    • Other dependency updates:
      • Minor version updates:
        • Update Annotations for Error Prone (com.google.errorprone:error_prone_annotations) from 2.21.1 to 2.22.0
        • Update Lombok (org.projectlombok:lombok) from 1.18.28 to 1.18.30
        • Update httpcore5 (org.apache.httpcomponents.core5:httpcore5) from 5.2.2 to 5.2.3
        • Update API Common (com.google.api:api-common) used in the blockchain-client-fabric module from 2.16.0 to 2.17.0

Fixed Issues

  • Fix an issue with nested any/all query filter expressions in the Generic OData client. For the OData v4 client the issue is already resolved since 4.22.0.

4.23.0 - September 15, 2023

Compatibility

  • Deprecate following legacy classes that are related to parsing the VCAP_SERVICES environment variable:

    • In module cloudplatform-connectivity-scp-cf (package com.sap.cloud.sdk.cloudplatform.connectivity)
      • ScpCfService
      • ScpCfServiceAuthorizationFailedException
      • ScpCfServiceCreationFailedException
      • ScpCfServiceDestinationLoader
      • ScpVcapDestinationLoader
      • ScpVcapDestinationOptionAugmenter
      • ScpVcapLoaderUtils
      • ScpXfDestinationData
      • ScpXfDestinationLoader
    • In module cloudplatform-core-scp-cf (package com.sap.cloud.sdk.cloudplatform)
      • ScpCfServiceDesignator
      • ScpCfServiceInfo
      • ServiceBindingDataException

    As a replacement, please refer to the experimental ServiceBindingDestinationLoader API (module cloudplatform-connectivity, package com.sap.cloud.sdk.cloudplatform.connectivity) and the ServiceBinding API.

Improvements

  • Dependency Updates:
    • SAP dependency updates:
    • Other dependency updates:
      • Minor version updates:
        • Update org.checkerframework:checker-qual declared for dependency convergence from 3.37.0 to 3.38.0
        • Update com.google.api:api-common used in the blockchain-client-fabric module from 2.15.0 to 2.16.0
        • Update org.apache.commons:commons-compress used in the blockchain-client-fabric module from 1.23.0 to 1.24.0

4.22.0 - September 1, 2022

Compatibility Notes

  • Internally deprecate automatic validation during AuthToken decoding. For proper user token validation, please use the SAP XSUAA Security Library instead.
  • Deprecate OAuth2ServiceProvider convenience API. Please directly use the Token Client library instead.

Fixed Issues

  • Fix an issue where nested any/all filter expressions in OData queries would have the same prefix.

4.21.0 - August 18, 2023

Compatibility Notes

  • The module security-servlet and all contained servlet filters have been deprecated without replacement. This should not impact most applications, as they were rather specific and can be replaced with standard security tooling such as the SAP BTP Security Libraries. Still, in case you are using any of the filters you will see a warning message during application startup containing further details.
  • Support for JNDI will be discontinued with SAP Cloud SDK v5 by the end of the year. Please migrate to the Cloud Foundry environment. It is better suited for apps and SAP S/4HANA extension development. The methods from the following classes are deprecated while still being fully functional and considered supported in SAP Cloud SDK v4:
    • JndiLookupAccessor
    • JndiLookupFacade
    • DefaultJndiLookupFacade
  • StringConverter and StringValidator have been deprecated without replacement. Java Standard Library can be used as a replacemet for StringConverter and Apache Commons Codec can be used as a replacement for StringValidator. Refer here for more details.

New Functionality

  • While using destinations of authentication type SAMLAssertion to execute requests, the x-sap-security-session header is now always sent with every request to the destination.

Improvements

  • Dependency Updates:
    • SAP dependency updates:
      • Update Neo Java Web Api (com.sap.cloud:neo-java-web-api) from 4.58.1 to 4.59.2
    • Other dependency updates:
      • Minor version updates:

Fixed Issues

  • Fix an issue in OData v2 serialization, where an Edm.Binary entity field is represented with a null-value byte[] array.

4.20.0 - August 7, 2023

Compatibility Notes

  • The BindableService abstraction has been removed from the SAP Cloud SDK. As a replacement, the ServiceIdentifier (originating from the Service Binding Library) class is now used.

  • The builder method ServiceBindingDestinationOptions.Builder#using(ServiceBinding) has been removed. Use ServiceBindingDestinationOptions#forService(ServiceBinding) instead.

  • Re-establish default behavior for destination retrieval from BTP Destination Service with destinations requiring a principal context - but without one attached.

    With 4.13.0 we introduced default retrieval strategy ScpCfDestinationTokenExchangeStrategy.FORWARD_USER_TOKEN which would no longer throw an exception for missing (but required) principal context, i.e. when a user token could not be resolved from current thread context. With this release, we are reverting this behavior back to the original setting.

    If you want to retrieve a destination without any principal context, please use destination retrieval options explicitly with ScpCfDestinationTokenExchangeStrategy.LOOKUP_ONLY.

  • We are planning to discontinue support of pregenerated OpenAPI clients with SAP Cloud SDK v5 by end of the year.

    Therefore we're announcing module deprecation in advance. The following modules and namespaces are deprecated while still being fully functional and considered supported in SAP Cloud SDK v4:

    • Services - BTP Cloud Foundry Workflow API: com.sap.cloud.sdk.services.scp.workflow.cf.*
    • Services - SAP Business Rules (Beta): com.sap.cloud.sdk.services.btp.businessrules.cf.ruleauthoring.* The code can now be generated instead by using the OpenAPI generator with the YAML specification of the service.

  • Following APIs have been changed in a breaking manner to enable support for Spring 6 in the OpenApi related features of the Cloud SDK:

    • com.sap.cloud.sdk.services.openapi.apiclient.ApiClient#getStatusCode(): No longer returns an instance of HttpStatus, but a primitive int instead.
    • com.sap.cloud.sdk.services.openapi.core.OpenApiResponse#getStatusCode(): No longer returns an instance of HttpStatus, but a primitive int instead.

  • com.sap.cloud.sdk.datamodel.openapi.generator.model.LogLevel enum has been removed in relation to the OpenAPI OData Generator logLevel property change.

New Functionality

  • Add a new module (com.sap.cloud.sdk.frameworks:apache-httpclient5) with APIs for retrieving an Apache version 5 HttpClient based on a given destination. These APIs consist of the following classes:

    • ApacheHttpClient5Factory - A factory interface for creating HttpClient instances from HttpDestinationProperties.
    • ApacheHttpClient5FactoryBuilder - A builder class for instantiating a default implementation of the ApacheHttpClient5Factory interface that allows for some customization.
    • ApacheHttpClient5Cache - A cache interface for caching HttpClient instances.
    • ApacheHttpClient5CacheBuilder - A builder class for instantiating a default implementation of the ApacheHttpClient5Cache interface that allows for some customization.
    • ApacheHttpClient5Accessor - A class with static methods for retrieving an HttpClient based on a given destination, which uses the aforementioned factory and cache interfaces.
    HttpDestination destination = DestinationAccessor.getDestination("my-destination").asHttp();
    HttpClient client = ApacheHttpClient5Accessor.getHttpClient(destination);

  • Add support for Spring 6 projects within the OpenApi related functionality of the Cloud SDK. This is working right out-of-the-box, without the need to re-generate any existing OpenApi clients.

    This feature required a breaking API change, which shouldn't affect most users. Please refer to the Compatibility Notes (above) for more details.

Improvements

  • Dependency Updates:

    • SAP dependency updates:
    • Other dependency updates:
      • Minor version updates:
        • Update Guava from 32.1.1-jre to 32.1.2-jre
        • Update org.apache.commons:commons-lang3 from 3.12 to 3.13.0

  • Property tags have been added to the OData (v2, v4) and and OpenApi generator Maven plugins. They can now be run project-less from the command line, using -D parameter flags, e.g.:

    mvn com.sap.cloud.sdk.datamodel:openapi-generator-maven-plugin:4.XX.X:generate -Dopenapi.generate.inputSpec=/foo/bar

Fixed Issues

  • The OpenAPI Generator property logLevel (default value: INFO) has been corrected to boolean flag verbose (default value: false). Any previous value other than DEBUG would correspond to verbose=false (default) now (for both the Maven plugin and CLI generators).

4.19.0 - July 28, 2023

Improvements

  • Dependency Updates:
    • SAP Dependency Updates:
    • Other dependency updates:
      • Minor version updates:
        • Update Cf Tomee7 Bom (com.sap.cloud.sjb.cf:cf-tomee7-bom) from 1.73.1 to 1.74.0
        • Update Spring Framework (org.springframework:spring-framework-bom) from 5.3.28 to 5.3.29
        • Update Spring Boot (org.springframework.boot:spring-boot-dependencies and org.springframework.boot:spring-boot-maven-plugin) from 2.7.13 to 2.7.14
        • Update Protobuf Java (com.google.protobuf:protobuf-java) from 3.23.3 to 3.23.4
        • Update Kotlin Stdlib (org.jetbrains.kotlin:kotlin-stdlib) from 1.8.22 to 1.9.0
        • Update Kotlin Stdlib Common (org.jetbrains.kotlin:kotlin-stdlib-common) from 1.8.22 to 1.9.0
        • Update Kotlin Stdlib Jdk8 (org.jetbrains.kotlin:kotlin-stdlib-jdk8) from 1.8.22 to 1.9.0
        • Update Checker Qual (org.checkerframework:checker-qual) from 3.35.0 to 3.36.0
        • Update JSON from 20230227 to 20230618

Fixed Issues

  • Fix an issue where, while using the default token exchange strategy FORWARD_USER_TOKEN, the destination caching did not isolate the entries based on available user details.

4.18.0 - July 11, 2023

Compatibility Notes

  • Change internal dependency declaration of com.google.code.findbugs:jsr305 to optional. It should no longer come up as (unnecessary) transitive dependency for users of SAP Cloud SDK. If you are using code generators from SAP Cloud SDK, this dependency may still be necessary at compile time as explicit dependency. In that case please follow Maven best practices and update your pom.xml file accordingly by adding the dependency as explicit direct dependency.
  • Deprecate blockchain-client-multichain, blockchain-client-fabric, blockchain-business-services-visibility and btp-shared-ledger-client
    • Services - Blockchain Business Services Visibility: com.sap.cloud.sdk.services.blockchainbusinessservices.blockchainvisibility.*
    • Services - SAP Blockchain - Fabric: com.sap.cloud.sdk.services.blockchain.fabric.*
    • Services - SAP Blockchain - Multichain: com.sap.cloud.sdk.services.blockchain.multichain.*
    • Services - Shared Ledger Client: com.sap.cloud.sdk.services.sharedledger.client.*

Improvements

  • Dependency Updates:
    • Other dependency updates:

Fixed Issues

  • For HTTP destinations with the authentication type SAMLAssertion the destination key store is no longer used for the TLS handshake.

4.17.0 - June 30, 2023

Compatibility Notes

  • Deprecate the pregenerated classes for SAP S/4HANA On-Premise and Cloud Edition OData services. With the next major release we will discontinue the following Maven modules:

    While these dependencies may still receive updates, it's no longer recommended to use them. Instead, we suggest to generate your own OData classes using our OData generator. This approach saves many megabytes of unused dependencies in your application, while offering a useful set of customization options.

  • Deprecate the sdk-sjb-bom Please use the cf-tomee7-bom followed by the sdk-bom

  • We are planning to discontinue support of NEO with SAP Cloud SDK v5 by end of the year. Therefore, we're announcing module deprecation in advance. Please migrate to the Cloud Foundry environment. It is better suited for apps and SAP S/4HANA extension development. The following modules are deprecated while still being fully functional and considered supported in SAP Cloud SDK v4:

    • scp-neo
      • auditlog-scp-neo
      • cloudplatform-connectivity-scp-neo
      • cloudplatform-core-scp-neo
      • concurrency-scp-neo
      • security-scp-neo
      • tenant-scp-neo
    • plugins-parent
      • scp-neo-maven-plugin
    • scp-neo-javaee7

  • The "change detection" caching strategy for destinations is now more resilient. Previously, a misconfigured destination could lead to degraded application performance.

  • Deprecate s4hana-connectivity and s4hana-core

    • SAP S/4HANA - Connectivity: com.sap.cloud.sdk.s4hana.connectivity.*
    • SAP S/4HANA - Core: com.sap.cloud.sdk.s4hana.serialization.* and com.sap.cloud.sdk.s4hana.types.*

Improvements

4.16.0 - June 14, 2023

Compatibility Notes

  • Deprecate ErpHttpDestination and all related classes. The functionality is now integrated and handled automatically by HttpDestinations. For most projects this means simply removing any occurrence of decorate(DefaultErpHttpDestination::new). In case you are using ErpHttpDestination to automatically add the sap-language based on the current system locale, please configure a property cloudsdk.dynamicSapLanguage with value true on the destination.

Improvements

  • Improved the handling of sap-client and sap-language to be fully automated. Projects can safely remove any invocations of decorate(DefaultErpHttpDestination::new). Please also see the related compatibility note above.
  • Dependency Updates:
    • SAP Dependency Updates:
      • Minor Dependency Updates:
        • Update Cf Tomee7 Bom (com.sap.cloud.sjb.cf:cf-tomee7-bom) from 1.70.0 to 1.71.0
        • Update Neo Java Web Api (com.sap.cloud:neo-java-web-api) from 4.53.3 to 4.54.3
    • Other Dependency Updates:
      • Minor Dependency Updates:
        • Update Jackson Annotations (com.fasterxml.jackson.core:jackson-annotations) from 2.15.1 to 2.15.2
        • Update Jackson Core (com.fasterxml.jackson.core:jackson-core) from 2.15.1 to 2.15.2
        • Update Jackson Databind (com.fasterxml.jackson.core:jackson-databind) from 2.15.1 to 2.15.2
        • Update Jackson Datatype Jsr310 (com.fasterxml.jackson.datatype:jackson-datatype-jsr310) from 2.15.1 to 2.15.2
        • Update Jackson Dataformat Xml (com.fasterxml.jackson.dataformat:jackson-dataformat-xml) from 2.15.1 to 2.15.2
        • Update Jackson Dataformat Yaml (com.fasterxml.jackson.dataformat:jackson-dataformat-yaml) from 2.15.1 to 2.15.2
        • Update Netty Codec Http (io.netty:netty-codec-http) from 4.1.92.Final to 4.1.93.Final
        • Update Protobuf Java (com.google.protobuf:protobuf-java) from 3.23.1 to 3.23.2
        • Update Checker Qual (org.checkerframework:checker-qual) from 3.34.0 to 3.35.0
        • Update Lombok (org.projectlombok:lombok) from 1.18.26 to 1.18.28
        • Update Kotlin Stdlib (org.jetbrains.kotlin:kotlin-stdlib) from 1.8.21 to 1.8.22
        • Update Kotlin Stdlib Common (org.jetbrains.kotlin:kotlin-stdlib-common) from 1.8.21 to 1.8.22
        • Update Kotlin Stdlib Jdk8 (org.jetbrains.kotlin:kotlin-stdlib-jdk8) from 1.8.21 to 1.8.22

4.15.0 - May 26, 2023

Maven Central

Compatibility Notes

  • The behaviour of DestinationAccessor.getDestination(...) has been changed to throw:
    • DestinationNotFoundException instead of DestinationAccessException with cause DestinationNotFoundException when a destination is not found
    • DestinationAccessException instead of DestinationNotFoundException when no adapters are declared
  • We are planning to discontinue support of Business Logging APIs with SAP Cloud SDK v5 by end of the year. Therefore, we're announcing module deprecation in advance. The following modules and namespaces are deprecated while still being fully functional and considered supported in SAP Cloud SDK v4:
    • BTP Business Logging Core: com.sap.cloud.sdk.services.scp.businesslogging.core.*
      • tryGetDestination("destinationName", CLIENT_CREDENTIALS) is replaced by ScpCfServiceDestinationLoader.getDestinationForService(BUSINESS_LOGGING, "destinationName")
      • tryGetDestination("destinationName", USER_TOKEN) is replaced by ScpCfServiceDestinationLoader.getDestinationForService(BUSINESS_LOGGING, "destinationName", OnBehalfOf.NAMED_USER_CURRENT_TENANT)
  • Rename references from SAP API Business Hub to SAP Business Accelerator Hub in JavaDoc.

New Functionality

  • OpenAPI generated objects can now read custom fields which are not part of the object's schema:
    • getCustomFieldNames()
    • getCustomField("nameOfField")
  • The BTP CloudFoundry specific platform modules now support mTLS for communication with destinations having their securityConfigurationStrategy set to FROM_PLATFORM.

Improvements

  • Dependency Updates:
    • Minor version updates:
      • Update commons-io:commons-io from 2.11.0 to 2.12.0
      • Update Jackson related dependencies from 2.15.0 to 2.15.1
      • Update org.checkerframework:checker-qual declared for dependency convergence from 3.33.0 to 3.34.0
      • Update com.google.errorprone:error_prone_annotations declared for dependency convergence from 2.18.0 to 2.19.1
      • Update com.google.api:api-common used in the blockchain-client-fabric module from 2.9.0 to 2.10.0
  • To avoid running into connection leaks while re-using the same HttpClient to execute multiple OData batch requests, running batch requests with try-with-resources construct is now possible for both OData v2 and v4 clients.
  //Suggestive example for OData v2
  try(
      BatchResponse result = service.batch().addReadOperations(readOperation).executeRequest(dest)
   ) {
      return result.get(0);
  }

Fixed Issues

  • Fix an issue where batch requests would leave open connections even after a BatchResponse was fully consumed.

4.14.0 - May 12, 2023

Maven Central

Compatibility Notes

  • Compatibility with the SAP Security Library

    • The SAP Cloud SDK can now be used with the new major version 3.0.0 of the security library .
    • The minimum required version for the SAP Cloud SDK is now 2.13.9.
    • For WAR deployments using the SAP Java Buildpack, the minimum required buildpack version is now 1.69.0.
    • The related class CertificateBasedHttpClientFactory is no longer registered as an implementation of com.sap.cloud.security.client.HttpClientFactory.
    • Deprecate functionality related to validation of JWT tokens from incoming requests:
      • AuthTokenBuilder
      • ScpCfAuthTokenFacade(OAuth2TokenService, OAuth2ServiceConfiguration)
      • ScpCfAuthTokenFacade#tryGetXsuaaServiceToken
      • ScpCfAuthTokenFacade#getRefreshToken
      • ScpCfTenantFacade#tryGetXsuaaServiceTenant
      • CertificateBasedHttpClientFactory

  • We are planning to discontinue support of Business Logging APIs with SAP Cloud SDK v5 by end of the year. Therefore, we're announcing module deprecation in advance. The following modules and namespaces are deprecated while still being fully functional and considered supported in SAP Cloud SDK v4:

    • BTP Business Logging - All
    • BTP Business Logging OData: com.sap.cloud.sdk.services.scp.businesslogging.odata.*
    • BTP Business Logging REST: com.sap.cloud.sdk.services.scp.businesslogging.rest.*

    The code can now be generated instead by using the OData and OpenAPI generators with the EDMX and JSON specifications of the service.

New Functionality

  • OpenAPI generated objects can now read custom fields which are not part of the object's schema:
    • getCustomFieldNames()
    • getCustomField("nameOfField")

Improvements

Fixed Issues

  • Fix an issue in OData V4 where custom fields in complex properties were not serialised when updating with PATCH.

4.13.0 - April 28, 2023

Maven Central

Compatibility Notes

  • We are planning to discontinue support of RFC- and SOAP queries with SAP Cloud SDK v5 by end of the year. Therefore we're announcing module deprecation in advance. The following modules and namespaces are deprecated while still being fully functional and considered supported in SAP Cloud SDK v4:
    • RFC Queries: com.sap.cloud.sdk.s4hana.rfc.*
    • SOAP queries: com.sap.cloud.sdk.datamodel.soap.*
  • Deprecate the destination retrieval strategy CURRENT_TENANT_THEN_PROVIDER.
    • Please query subscriber and provider tenants individually instead using ONLY_SUBSCRIBER and ALWAYS_PROVIDER. This reduces hidden complexity and makes potential troubleshooting easier.

New Functionality

  • Improved lookups of destinations from the BTP Destination Service:
    • A new ScpCfDestinationTokenExchangeStrategy.FORWARD_USER_TOKEN has been introduced and made the default strategy.
    • It is functionally equivalent to the previous default ScpCfDestinationTokenExchangeStrategy.LOOKUP_THEN_EXCHANGE, but performs significantly better for destinations that require a user token.
    • Note: The new strategy is only enabled by default, if a user token exists in the current context and it's originating from the XSUAA identity service.
    • Additional warnings and exceptions now better prevent incorrect usages of the different strategies. See also the related compatibility notes.

Improvements

  • Added readable error messages in OpenAPI generator for files not found.
  • Dependency Updates:
    • SAP dependency updates:
    • Other dependency updates:
      • Minor version updates:
        • Update JSON from 20220924 to 20230227
        • Update Spring Framework (org.springframework:spring-framework-bom) from 5.3.26 to 5.3.27
        • Update Spring Security (org.springframework.security:spring-security-bom) from 5.8.2 to 5.8.3
        • Update Jackson (com.fasterxml.jackson.core:jackson-annotations, com.fasterxml.jackson.core:jackson-databind and com.fasterxml.jackson.core:jackson-core) from 2.14.2 to 2.15.0

4.12.0 - April 13, 2023

Maven Central

Improvements

  • Dependency Updates:
    • SAP dependency updates:
    • Other dependency updates:
      • Minor version updates:

Fixed Issues

  • Fix an issue where SAML based destinations would not work properly when change detection is enabled.

4.11.0 - March 31, 2023

Maven Central

Improvements

  • Dependency Updates:
    • SAP dependency updates:
    • Other dependency updates:
      • Minor version updates:
        • Update Spring Framework (org.springframework:spring-framework-bom) from 5.3.25 to 5.3.26
          • Update Spring Boot (org.springframework.boot:spring-boot) from 2.7.8 to 2.7.10
          • Update Spring Security (org.springframework.security:spring-security-bom) from 5.8.1 to 5.8.2

4.10.0 - March 21, 2023

Maven Central

New Functionality

Improvements

  • Dependency Updates:
    • Other dependency updates:

4.9.0 - March 14, 2023

Maven Central

New Functionality

  • Update of the OData VDM to the newest release 2022 FPS1 of SAP S/4HANA On-Premise. The SDK supports all OData services listed in the SAP Business Accelerator Hub for SAP S/4HANA On-Premise. This includes completely new services, new operations in previously existing services, and new entity types in the existing Maven artifacts:
    • s4hana-api-odata-v4-onpremise manages classes in package com.sap.cloud.sdk.s4hana.onpremise.datamodel.odatav4.services
      • Many new services
      • Removed services
        • FinanceCtrComplementaryTableDataMaintenanceService
        • RealEstateContractService
      • Renamed service
        • PreferredSupplierListService to PreferredSupplierListV2Service
    • s4hana-api-odata-onpremise manages classes in package com.sap.cloud.sdk.s4hana.onpremise.datamodel.odata.services
      • New service
        • ManageExcessRequirementService
  • SAP Cloud SDK can be used with JakartaEE (e.g. via Spring Boot 3). The necessary instructions can be found here.
    • New module servlet-jakarta is released for experimental usage.

Improvements

4.8.0 - February 23, 2023

Maven Central

New Functionality

  • FilterableBoolean has been extended to allow custom filter expressions. This is useful when filter fields need to be passed dynamically. Refer to the documentation for more information.

Improvements

  • Dependency Updates:
    • Other dependency updates:
      • Major version updates:
      • Minor version updates:
        • Update Auth0 JWT from 4.2.2 to 4.3.0
        • Update Lombok from 1.18.24 to 1.18.26

4.7.0 - February 08, 2023

Maven Central

Known Issues

  • Arquillian based unit tests that use TomEE (embedded) as container may not work anymore with the latest SJB update. If the runtime encounters missing method or class exceptions, then we recommend setting the following system property in the local arquillian.xml test resource file: 
    <property name="properties">openejb.cxf.jmx=false</property>

Compatibility Notes

  • Changing the configuration of ScpCfDestinationLoader.Cache after disabling it via disable() will now throw an exception.

New Functionality

  • The destination cache now offers a change detection mode. When accessing multiple destinations per tenant this mode can yield a significant performance increase. It is disabled by default but can be enabled via the new ScpCfDestinationLoader.Cache.enableChangeDetection(). Further configuration is possible via the available setters on ScpCfDestinationLoader.Cache. Refer to the dedicated documentation for more information.
  • The destination cache now also applies to ScpCfDestinationLoader.tryGetAllDestinations(). The same cache duration and expiration settings set on ScpCfDestinationLoader.Cache apply. However, the cache size is not limited.
  • Extended the ScpCfServiceDestinationLoader to now also allow for AuthenticationType.OAUTH2_USER_TOKEN_EXCHANGE. This enables accessing the service on behalf of a business user via user token exchange.

Improvements

  • Update the OData VDM to the newest release 2302 of SAP S/4HANA Cloud. This includes completely new services (available as usual in packages com.sap.cloud.sdk.s4hana.datamodel.odata.services and com.sap.cloud.sdk.s4hana.datamodel.odatav4.services), new operations in previously existing services, and new entity types. The SAP Cloud SDK supports all OData services listed in the SAP Business Accelerator Hub for SAP S/4HANA Cloud.
  • Dependency Updates:
    • SAP dependency updates:
    • Other dependency updates:
      • Minor version updates:
        • Update API Common (com.google.api:api-common) from 2.4.0 to 2.5.0
        • Update Spring Boot (org.springframework.boot:spring-boot) from 2.7.7 to 2.7.8
        • Update Jackson Date/Time (com.fasterxml.jackson.datatype:jackson-datatype-jsr310) from 2.14.1 to 2.14.2
        • Update Jackson Core (com.fasterxml.jackson.core:jackson-annotations, com.fasterxml.jackson.core:jackson-databind and com.fasterxml.jackson.core:jackson-core) from 2.14.1 to 2.14.2

4.6.0 - January 26, 2023

Maven Central

Improvements

  • Dependency Updates:

    • SAP dependency updates:
    • Other dependency updates:
      • Minor version updates:
        • Update Spring Boot (org.springframework.boot:spring-boot) from 2.7.6 to 2.7.7
        • Update Spring Framework (org.springframework:spring-framework-bom) from 5.3.24 to 5.3.25
        • Update Checker Equal (org.checkerframework:checker-equal) from 3.28.0 to 3.29.0
        • Update Annotations for Error Prone (com.google.errorprone:error_prone_annotations) from 2.16 to 2.18.0
        • Update Gson (com.google.code.gson:gson) from 2.10 to 2.10.1
        • Update Auth0 JWT (com.auth0:java-jwt) from 4.2.1 to 4.2.2

  • Improved destination caching in BTP CF by storing destinations for the entire tenant (i.e. all principals) just once if no user propagation is required. This affects following authentication types:

    • NoAuthentication
    • BasicAuthentication
    • ClientCertificateAuthentication
    • OAuth2ClientCredentials
    • OAuth2Password

    Applications that use such authentication types for their destinations primarily may greatly benefit from this change as destinations are far more likely to be served from the cache instead of being retrieved from the BTP Destination service.

    For improved performance, while using destinations that require user propagation, users may provide the EXCHANGE_ONLY token exchange option via the DestinationOptions parameter while retrieving the destination in BTP CF.

    DestinationOptions options =
        DestinationOptions
            .builder()
            .augmentBuilder(
                ScpCfDestinationOptionsAugmenter
                    .augmenter()
                    .tokenExchangeStrategy(ScpCfDestinationTokenExchangeStrategy.EXCHANGE_ONLY))
            .build();
    Try<Destination> destination = DestinationAccessor.getLoader().tryGetDestination("MyDestination", options);

Fixed Issues

  • Fix an issue when serializing EDM.DateTime objects in OData V2, which caused the resulting literal to contain 9 digits for the nanoseconds instead of 7.

4.5.0 - December 29, 2022

Maven Central

New Functionality

  • Update the OData VDM to the newest release 2208.3 of SAP S/4HANA Cloud. This includes completely new services (available as usual in packages com.sap.cloud.sdk.s4hana.datamodel.odata.services and com.sap.cloud.sdk.s4hana.datamodel.odatav4.services), new operations in previously existing services, and new entity types. The SAP Cloud SDK supports all OData services listed in the SAP Business Accelerator Hub for SAP S/4HANA Cloud.
    • Breaking changes in OData V4 are:
      • SAP__Messages removed from:
        • CADOCUMENTMANAGE_0001
        • API_JNTOPGAGRMT_0001
        • API_JOINTVENTURE_0001
      • Payment Data removed from CADOCUMENTMANAGE_0001
      • SupplierCostBreakdownIsEnabled and SuplrCostBreakdownIsRelevant from CE_SOURCINGPROJECT_0001

Improvements

4.4.0 - December 15, 2022

Maven Central

New Functionality

  • The destination loaders now allow for customizing the timeout that is applied to destination retrievals.
    • By default, a 6-second timeout is applied when retrieving a destination.
    • The timeout can be overridden by using the builder: 
      final Try<Destination> loadedDestination = ScpCfDestinationLoader.builder()
        .withTimeLimiterConfiguration(ResilienceConfiguration.TimeLimiterConfiguration.of(Duration.ofSeconds(10)))
        .build()
        .tryGetDestination(destinationName, destinationOptions);
    • Alternatively, the timeout behaviour can be disabled via: 
      final Try<Destination> loadedDestination = ScpCfDestinationLoader.builder()
        .withTimeLimiterConfiguration(ResilienceConfiguration.TimeLimiterConfiguration.disabled())
        .build()
        .tryGetDestination(destinationName, destinationOptions);

Improvements

  • Improvements to accessing destinations in a resilient manner:
    • The default timeout of 6 seconds for fetching one or all destinations using tryGetDestination(destinationName, options) or tryGetAllDestinations(options) or tryGetAllDestinations() is now applied individually for token retrieval and destination service calls.
    • The experimental method ScpCfDestinationLoader#tryGetDestination(String,String,String,ScpCfDestinationServiceResponseProvider) now also performs requests in a resilient manner with automatic timeout configured for 6 seconds.
    • The default timeout value can be overridden or disabled by constructing a ScpCfDestinationLoader with a custom time-limiter configuration. See the note on new functionality above.
  • Dependency Updates:
    • SAP dependency updates:
    • Other dependency updates:
      • Update HttpCore (org.apache.httpcomponents:httpcore) from 4.4.15 to 4.4.16
      • Update HttpClient (org.apache.httpcomponents:httpclient) from 4.5.13 to 4.5.14
      • Update Jackson (com.fasterxml.jackson.core:jackson-databind) from 2.14.0 to 2.14.1
      • Update Protobuf Java (com.google.protobuf:protobuf-java) from 3.21.9 to 3.21.10
      • Update Fabric SDK Java (org.hyperledger.fabric-sdk-java:fabric-sdk-java) from 2.2.18 to 2.2.19
      • Update Fabric Gateway Java (org.hyperledger.fabric:fabric-gateway-java) from 2.2.6 to 2.2.7
      • Update Spring Security (org.springframework.security:spring-security-bom) from 5.7.5 to 5.8.0

Fixed Issues

  • Fix an issue where properties of service bindings were lost while converting them into the Map<String, JsonArray> representation.

4.3.0 - December 1, 2022

Maven Central

New Functionality

  • Introduce new APIs to configure the destination cache in the ScpCfDestinationLoader.

    We strongly recommend using the following APIs before loading any destination, for example, during application startup only:

    • ScpCfDestinationLoader.Cache.setSizeLimit: Set the number of cache entries that will be cached.
    • ScpCfDestinationLoader.Cache.disableSizeLimit: Disable the cache size limit. The cache will store an infinite amount of entries - use with caution.
    • ScpCfDestinationLoader.Cache.setExpiration: Set the expiration duration and strategy for cache entries.
    • ScpCfDestinationLoader.Cache.disableExpiration: Disable the cache entry expiration. The cache will store entries until it is full, which will lead to the deletion of old entries. This might cause destinations to be cached forever - use with caution.
    • ScpCfDestinationLoader.Cache.disable: Disable the entire cache. All destination will always be retrieved from the Destination Service. This will result in performance degradations - use with caution.

  • Add a list of default destination property keys (in the DestinationProperty class), which allow convenient and type-safe access to specific values of DestinationProperties.

    Example:

Destination destination = DestinationAccessor.getDestination("my-destination");
AuthenticationType authType = destination.get(DestinationProperty.AUTH_TYPE)
        .orElse(() -> destination.get(DestinationProperty.AUTH_TYPE_FALLBACK))
        .getOrNull();

Improvements

Fixed Issues

  • Fix GSON deserialization issue during destination lookup for JRE16 and later.
  • Fix an issue in our resilience4j cache implementation, where a race condition might lead to multiple executions of the wrapped Callable.

4.2.0 - November 17, 2022

Maven Central

Improvements

  • The circuit breaker now always applies the failure rate threshold when the closed / half-open buffer is filled.
    • Previously, if a buffer size > 100 was configured, the circuit breaker would already apply the failure rate after 100 attempts.
    • Now, the circuit breaker will always apply the threshold after <buffer size> amount of attempts (default 10 in closed and 5 in half-open state)
  • Dependency Updates:
    • Minor version updates:
      • Update Gson (com.google.code.gson:gson) from 2.9.0 to 2.10.0
      • Update com.fasterxml.jackson from 2.13.4 to 2.14.0
      • Update com.auth0:java-jwt from 4.0.0 to 4.2.1
      • Update Spring (org.springframework:spring-framework-bom) from 5.3.22 to 5.3.23
      • Update Spring Boot (org.springframework.boot:spring-boot-starter-reactor-netty) from 2.7.3 to 2.7.5

Known Issues

  • When using JRE 16 or later, then GSON deserialization fails during destination lookup.

4.1.0 - November 03, 2022

Maven Central

New Functionality

Improvements

  • Dependency Updates:
    • SAP dependency updates:
    • Other dependency updates:
      • Minor version updates:
        • Update Checker Equal (org.checkerframework:checker-equal) from 3.25.0 to 3.26.0

Fixed Issues

  • Fix an issue when using the latest version of the SAP BTP Service Operator with default parameters in Kubernetes environments.

4.0.0 - October 12, 2022

Maven Central

Improvements

This is the first release of the SAP Cloud SDK version 4. As this is a new major version, this release contains a lot of (under the hood) improvements, refactoring, and other changes. Please refer to the Upgrade Guide for details instructions on how to upgrade your SAP Cloud SDK dependencies to our new major version and for a detailed list of changes.

Compatibility Notes

  • We are aware of the vulnerability CVE-2022-42003, which affects a version of jackson-databind that is shipped as part of the sdk-bom. After careful investigation we found that the described exploit does not affect the SAP Cloud SDK. Nevertheless, customers should be aware of this vulnerability and check their code.

    We will update the affected dependency as soon as a production ready fix is available.

Known Issues

  • We are aware of a version conflict of the com.sap.cloud.environment.servicebinding:* dependencies when the SAP Cloud SDK is used in combination with CAP (cds-integration-cloud-sdk). This conflict can be resolved by including following dependency in the <dependencyManagement> section of your project:

    <!-- Service Binding Library -->
    <dependency>
      <groupId>com.sap.cloud.environment.servicebinding</groupId>
      <artifactId>java-modules-bom</artifactId>
      <version>0.5.0</version>
      <type>pom</type>
      <scope>import</scope>
    </dependency>

Resulting pom.xml

<dependencyManagement>
    <dependencies>

        <!-- CDS SERVICES -->
        <dependency>
            <groupId>com.sap.cds</groupId>
            <artifactId>cds-services-bom</artifactId>
            <version>${cds.services.version}</version>
            <type>pom</type>
            <scope>import</scope>
        </dependency>

        <!-- Cloud SDK -->
        <dependency>
            <groupId>com.sap.cloud.sdk</groupId>
            <artifactId>sdk-modules-bom</artifactId>
            <version>4.0.0</version>
            <type>pom</type>
            <scope>import</scope>
        </dependency>

        <!-- Service Binding Library -->
        <dependency>
            <groupId>com.sap.cloud.environment.servicebinding</groupId>
            <artifactId>java-modules-bom</artifactId>
            <version>0.5.0</version>
            <type>pom</type>
            <scope>import</scope>
        </dependency>

    </dependencies>
</dependencyManagement>