Skip to main content

release-notes-0-to-14

4.14.0 - May 12, 2023

Maven Central

Compatibility Notes

  • Compatibility with the SAP Security Library

    • The SAP Cloud SDK can now be used with the new major version 3.0.0 of the security library .
    • The minimum required version for the SAP Cloud SDK is now 2.13.9.
    • For WAR deployments using the SAP Java Buildpack, the minimum required buildpack version is now 1.69.0.
    • The related class CertificateBasedHttpClientFactory is no longer registered as an implementation of com.sap.cloud.security.client.HttpClientFactory.
    • Deprecate functionality related to validation of JWT tokens from incoming requests:
      • AuthTokenBuilder
      • ScpCfAuthTokenFacade(OAuth2TokenService, OAuth2ServiceConfiguration)
      • ScpCfAuthTokenFacade#tryGetXsuaaServiceToken
      • ScpCfAuthTokenFacade#getRefreshToken
      • ScpCfTenantFacade#tryGetXsuaaServiceTenant
      • CertificateBasedHttpClientFactory

  • We are planning to discontinue support of Business Logging APIs with SAP Cloud SDK v5 by end of the year. Therefore, we're announcing module deprecation in advance. The following modules and namespaces are deprecated while still being fully functional and considered supported in SAP Cloud SDK v4:

    • BTP Business Logging - All
    • BTP Business Logging OData: com.sap.cloud.sdk.services.scp.businesslogging.odata.*
    • BTP Business Logging REST: com.sap.cloud.sdk.services.scp.businesslogging.rest.*

    The code can now be generated instead by using the OData and OpenAPI generators with the EDMX and JSON specifications of the service.

New Functionality

  • OpenAPI generated objects can now read custom fields which are not part of the object's schema:
    • getCustomFieldNames()
    • getCustomField("nameOfField")

Improvements

Fixed Issues

  • Fix an issue in OData V4 where custom fields in complex properties were not serialised when updating with PATCH.

4.13.0 - April 28, 2023

Maven Central

Compatibility Notes

  • We are planning to discontinue support of RFC- and SOAP queries with SAP Cloud SDK v5 by end of the year. Therefore we're announcing module deprecation in advance. The following modules and namespaces are deprecated while still being fully functional and considered supported in SAP Cloud SDK v4:
    • RFC Queries: com.sap.cloud.sdk.s4hana.rfc.*
    • SOAP queries: com.sap.cloud.sdk.datamodel.soap.*
  • Deprecate the destination retrieval strategy CURRENT_TENANT_THEN_PROVIDER.
    • Please query subscriber and provider tenants individually instead using ONLY_SUBSCRIBER and ALWAYS_PROVIDER. This reduces hidden complexity and makes potential troubleshooting easier.

New Functionality

  • Improved lookups of destinations from the BTP Destination Service:
    • A new ScpCfDestinationTokenExchangeStrategy.FORWARD_USER_TOKEN has been introduced and made the default strategy.
    • It is functionally equivalent to the previous default ScpCfDestinationTokenExchangeStrategy.LOOKUP_THEN_EXCHANGE, but performs significantly better for destinations that require a user token.
    • Note: The new strategy is only enabled by default, if a user token exists in the current context and it's originating from the XSUAA identity service.
    • Additional warnings and exceptions now better prevent incorrect usages of the different strategies. See also the related compatibility notes.

Improvements

  • Added readable error messages in OpenAPI generator for files not found.
  • Dependency Updates:
    • SAP dependency updates:
    • Other dependency updates:
      • Minor version updates:
        • Update JSON from 20220924 to 20230227
        • Update Spring Framework (org.springframework:spring-framework-bom) from 5.3.26 to 5.3.27
        • Update Spring Security (org.springframework.security:spring-security-bom) from 5.8.2 to 5.8.3
        • Update Jackson (com.fasterxml.jackson.core:jackson-annotations, com.fasterxml.jackson.core:jackson-databind and com.fasterxml.jackson.core:jackson-core) from 2.14.2 to 2.15.0

4.12.0 - April 13, 2023

Maven Central

Improvements

  • Dependency Updates:
    • SAP dependency updates:
    • Other dependency updates:
      • Minor version updates:

Fixed Issues

  • Fix an issue where SAML based destinations would not work properly when change detection is enabled.

4.11.0 - March 31, 2023

Maven Central

Improvements

  • Dependency Updates:
    • SAP dependency updates:
    • Other dependency updates:
      • Minor version updates:
        • Update Spring Framework (org.springframework:spring-framework-bom) from 5.3.25 to 5.3.26
          • Update Spring Boot (org.springframework.boot:spring-boot) from 2.7.8 to 2.7.10
          • Update Spring Security (org.springframework.security:spring-security-bom) from 5.8.1 to 5.8.2

4.10.0 - March 21, 2023

Maven Central

New Functionality

Improvements

  • Dependency Updates:
    • Other dependency updates:

4.9.0 - March 14, 2023

Maven Central

New Functionality

  • Update of the OData VDM to the newest release 2022 FPS1 of SAP S/4HANA On-Premise. The SDK supports all OData services listed in the SAP Business Accelerator Hub for SAP S/4HANA On-Premise. This includes completely new services, new operations in previously existing services, and new entity types in the existing Maven artifacts:
    • s4hana-api-odata-v4-onpremise manages classes in package com.sap.cloud.sdk.s4hana.onpremise.datamodel.odatav4.services
      • Many new services
      • Removed services
        • FinanceCtrComplementaryTableDataMaintenanceService
        • RealEstateContractService
      • Renamed service
        • PreferredSupplierListService to PreferredSupplierListV2Service
    • s4hana-api-odata-onpremise manages classes in package com.sap.cloud.sdk.s4hana.onpremise.datamodel.odata.services
      • New service
        • ManageExcessRequirementService
  • SAP Cloud SDK can be used with JakartaEE (e.g. via Spring Boot 3). The necessary instructions can be found here.
    • New module servlet-jakarta is released for experimental usage.

Improvements

4.8.0 - February 23, 2023

Maven Central

New Functionality

  • FilterableBoolean has been extended to allow custom filter expressions. This is useful when filter fields need to be passed dynamically. Refer to the documentation for more information.

Improvements

  • Dependency Updates:
    • Other dependency updates:
      • Major version updates:
      • Minor version updates:
        • Update Auth0 JWT from 4.2.2 to 4.3.0
        • Update Lombok from 1.18.24 to 1.18.26

4.7.0 - February 08, 2023

Maven Central

Known Issues

  • Arquillian based unit tests that use TomEE (embedded) as container may not work anymore with the latest SJB update. If the runtime encounters missing method or class exceptions, then we recommend setting the following system property in the local arquillian.xml test resource file: 
    <property name="properties">openejb.cxf.jmx=false</property>

Compatibility Notes

  • Changing the configuration of ScpCfDestinationLoader.Cache after disabling it via disable() will now throw an exception.

New Functionality

  • The destination cache now offers a change detection mode. When accessing multiple destinations per tenant this mode can yield a significant performance increase. It is disabled by default but can be enabled via the new ScpCfDestinationLoader.Cache.enableChangeDetection(). Further configuration is possible via the available setters on ScpCfDestinationLoader.Cache. Refer to the dedicated documentation for more information.
  • The destination cache now also applies to ScpCfDestinationLoader.tryGetAllDestinations(). The same cache duration and expiration settings set on ScpCfDestinationLoader.Cache apply. However, the cache size is not limited.
  • Extended the ScpCfServiceDestinationLoader to now also allow for AuthenticationType.OAUTH2_USER_TOKEN_EXCHANGE. This enables accessing the service on behalf of a business user via user token exchange.

Improvements

  • Update the OData VDM to the newest release 2302 of SAP S/4HANA Cloud. This includes completely new services (available as usual in packages com.sap.cloud.sdk.s4hana.datamodel.odata.services and com.sap.cloud.sdk.s4hana.datamodel.odatav4.services), new operations in previously existing services, and new entity types. The SAP Cloud SDK supports all OData services listed in the SAP Business Accelerator Hub for SAP S/4HANA Cloud.
  • Dependency Updates:
    • SAP dependency updates:
    • Other dependency updates:
      • Minor version updates:
        • Update API Common (com.google.api:api-common) from 2.4.0 to 2.5.0
        • Update Spring Boot (org.springframework.boot:spring-boot) from 2.7.7 to 2.7.8
        • Update Jackson Date/Time (com.fasterxml.jackson.datatype:jackson-datatype-jsr310) from 2.14.1 to 2.14.2
        • Update Jackson Core (com.fasterxml.jackson.core:jackson-annotations, com.fasterxml.jackson.core:jackson-databind and com.fasterxml.jackson.core:jackson-core) from 2.14.1 to 2.14.2

4.6.0 - January 26, 2023

Maven Central

Improvements

  • Dependency Updates:

    • SAP dependency updates:
    • Other dependency updates:
      • Minor version updates:
        • Update Spring Boot (org.springframework.boot:spring-boot) from 2.7.6 to 2.7.7
        • Update Spring Framework (org.springframework:spring-framework-bom) from 5.3.24 to 5.3.25
        • Update Checker Equal (org.checkerframework:checker-equal) from 3.28.0 to 3.29.0
        • Update Annotations for Error Prone (com.google.errorprone:error_prone_annotations) from 2.16 to 2.18.0
        • Update Gson (com.google.code.gson:gson) from 2.10 to 2.10.1
        • Update Auth0 JWT (com.auth0:java-jwt) from 4.2.1 to 4.2.2

  • Improved destination caching in BTP CF by storing destinations for the entire tenant (i.e. all principals) just once if no user propagation is required. This affects following authentication types:

    • NoAuthentication
    • BasicAuthentication
    • ClientCertificateAuthentication
    • OAuth2ClientCredentials
    • OAuth2Password

    Applications that use such authentication types for their destinations primarily may greatly benefit from this change as destinations are far more likely to be served from the cache instead of being retrieved from the BTP Destination service.

    For improved performance, while using destinations that require user propagation, users may provide the EXCHANGE_ONLY token exchange option via the DestinationOptions parameter while retrieving the destination in BTP CF.

    DestinationOptions options =
        DestinationOptions
            .builder()
            .augmentBuilder(
                ScpCfDestinationOptionsAugmenter
                    .augmenter()
                    .tokenExchangeStrategy(ScpCfDestinationTokenExchangeStrategy.EXCHANGE_ONLY))
            .build();
    Try<Destination> destination = DestinationAccessor.getLoader().tryGetDestination("MyDestination", options);

Fixed Issues

  • Fix an issue when serializing EDM.DateTime objects in OData V2, which caused the resulting literal to contain 9 digits for the nanoseconds instead of 7.

4.5.0 - December 29, 2022

Maven Central

New Functionality

  • Update the OData VDM to the newest release 2208.3 of SAP S/4HANA Cloud. This includes completely new services (available as usual in packages com.sap.cloud.sdk.s4hana.datamodel.odata.services and com.sap.cloud.sdk.s4hana.datamodel.odatav4.services), new operations in previously existing services, and new entity types. The SAP Cloud SDK supports all OData services listed in the SAP Business Accelerator Hub for SAP S/4HANA Cloud.
    • Breaking changes in OData V4 are:
      • SAP__Messages removed from:
        • CADOCUMENTMANAGE_0001
        • API_JNTOPGAGRMT_0001
        • API_JOINTVENTURE_0001
      • Payment Data removed from CADOCUMENTMANAGE_0001
      • SupplierCostBreakdownIsEnabled and SuplrCostBreakdownIsRelevant from CE_SOURCINGPROJECT_0001

Improvements

4.4.0 - December 15, 2022

Maven Central

New Functionality

  • The destination loaders now allow for customizing the timeout that is applied to destination retrievals.
    • By default, a 6-second timeout is applied when retrieving a destination.
    • The timeout can be overridden by using the builder: 
      final Try<Destination> loadedDestination = ScpCfDestinationLoader.builder()
        .withTimeLimiterConfiguration(ResilienceConfiguration.TimeLimiterConfiguration.of(Duration.ofSeconds(10)))
        .build()
        .tryGetDestination(destinationName, destinationOptions);
    • Alternatively, the timeout behaviour can be disabled via: 
      final Try<Destination> loadedDestination = ScpCfDestinationLoader.builder()
        .withTimeLimiterConfiguration(ResilienceConfiguration.TimeLimiterConfiguration.disabled())
        .build()
        .tryGetDestination(destinationName, destinationOptions);

Improvements

  • Improvements to accessing destinations in a resilient manner:
    • The default timeout of 6 seconds for fetching one or all destinations using tryGetDestination(destinationName, options) or tryGetAllDestinations(options) or tryGetAllDestinations() is now applied individually for token retrieval and destination service calls.
    • The experimental method ScpCfDestinationLoader#tryGetDestination(String,String,String,ScpCfDestinationServiceResponseProvider) now also performs requests in a resilient manner with automatic timeout configured for 6 seconds.
    • The default timeout value can be overridden or disabled by constructing a ScpCfDestinationLoader with a custom time-limiter configuration. See the note on new functionality above.
  • Dependency Updates:
    • SAP dependency updates:
    • Other dependency updates:
      • Update HttpCore (org.apache.httpcomponents:httpcore) from 4.4.15 to 4.4.16
      • Update HttpClient (org.apache.httpcomponents:httpclient) from 4.5.13 to 4.5.14
      • Update Jackson (com.fasterxml.jackson.core:jackson-databind) from 2.14.0 to 2.14.1
      • Update Protobuf Java (com.google.protobuf:protobuf-java) from 3.21.9 to 3.21.10
      • Update Fabric SDK Java (org.hyperledger.fabric-sdk-java:fabric-sdk-java) from 2.2.18 to 2.2.19
      • Update Fabric Gateway Java (org.hyperledger.fabric:fabric-gateway-java) from 2.2.6 to 2.2.7
      • Update Spring Security (org.springframework.security:spring-security-bom) from 5.7.5 to 5.8.0

Fixed Issues

  • Fix an issue where properties of service bindings were lost while converting them into the Map<String, JsonArray> representation.

4.3.0 - December 1, 2022

Maven Central

New Functionality

  • Introduce new APIs to configure the destination cache in the ScpCfDestinationLoader.

    We strongly recommend using the following APIs before loading any destination, for example, during application startup only:

    • ScpCfDestinationLoader.Cache.setSizeLimit: Set the number of cache entries that will be cached.
    • ScpCfDestinationLoader.Cache.disableSizeLimit: Disable the cache size limit. The cache will store an infinite amount of entries - use with caution.
    • ScpCfDestinationLoader.Cache.setExpiration: Set the expiration duration and strategy for cache entries.
    • ScpCfDestinationLoader.Cache.disableExpiration: Disable the cache entry expiration. The cache will store entries until it is full, which will lead to the deletion of old entries. This might cause destinations to be cached forever - use with caution.
    • ScpCfDestinationLoader.Cache.disable: Disable the entire cache. All destination will always be retrieved from the Destination Service. This will result in performance degradations - use with caution.

  • Add a list of default destination property keys (in the DestinationProperty class), which allow convenient and type-safe access to specific values of DestinationProperties.

    Example:

Destination destination = DestinationAccessor.getDestination("my-destination");
AuthenticationType authType = destination.get(DestinationProperty.AUTH_TYPE)
        .orElse(() -> destination.get(DestinationProperty.AUTH_TYPE_FALLBACK))
        .getOrNull();

Improvements

Fixed Issues

  • Fix GSON deserialization issue during destination lookup for JRE16 and later.
  • Fix an issue in our resilience4j cache implementation, where a race condition might lead to multiple executions of the wrapped Callable.

4.2.0 - November 17, 2022

Maven Central

Improvements

  • The circuit breaker now always applies the failure rate threshold when the closed / half-open buffer is filled.
    • Previously, if a buffer size > 100 was configured, the circuit breaker would already apply the failure rate after 100 attempts.
    • Now, the circuit breaker will always apply the threshold after <buffer size> amount of attempts (default 10 in closed and 5 in half-open state)
  • Dependency Updates:
    • Minor version updates:
      • Update Gson (com.google.code.gson:gson) from 2.9.0 to 2.10.0
      • Update com.fasterxml.jackson from 2.13.4 to 2.14.0
      • Update com.auth0:java-jwt from 4.0.0 to 4.2.1
      • Update Spring (org.springframework:spring-framework-bom) from 5.3.22 to 5.3.23
      • Update Spring Boot (org.springframework.boot:spring-boot-starter-reactor-netty) from 2.7.3 to 2.7.5

Known Issues

  • When using JRE 16 or later, then GSON deserialization fails during destination lookup.

4.1.0 - November 03, 2022

Maven Central

New Functionality

Improvements

  • Dependency Updates:
    • SAP dependency updates:
    • Other dependency updates:
      • Minor version updates:
        • Update Checker Equal (org.checkerframework:checker-equal) from 3.25.0 to 3.26.0

Fixed Issues

  • Fix an issue when using the latest version of the SAP BTP Service Operator with default parameters in Kubernetes environments.

4.0.0 - October 12, 2022

Maven Central

Improvements

This is the first release of the SAP Cloud SDK version 4. As this is a new major version, this release contains a lot of (under the hood) improvements, refactoring, and other changes. Please refer to the Upgrade Guide for details instructions on how to upgrade your SAP Cloud SDK dependencies to our new major version and for a detailed list of changes.

Compatibility Notes

  • We are aware of the vulnerability CVE-2022-42003, which affects a version of jackson-databind that is shipped as part of the sdk-bom. After careful investigation we found that the described exploit does not affect the SAP Cloud SDK. Nevertheless, customers should be aware of this vulnerability and check their code.

    We will update the affected dependency as soon as a production ready fix is available.

Known Issues

  • We are aware of a version conflict of the com.sap.cloud.environment.servicebinding:* dependencies when the SAP Cloud SDK is used in combination with CAP (cds-integration-cloud-sdk). This conflict can be resolved by including following dependency in the <dependencyManagement> section of your project:

    <!-- Service Binding Library -->
    <dependency>
      <groupId>com.sap.cloud.environment.servicebinding</groupId>
      <artifactId>java-modules-bom</artifactId>
      <version>0.5.0</version>
      <type>pom</type>
      <scope>import</scope>
    </dependency>

Resulting pom.xml

<dependencyManagement>
    <dependencies>

        <!-- CDS SERVICES -->
        <dependency>
            <groupId>com.sap.cds</groupId>
            <artifactId>cds-services-bom</artifactId>
            <version>${cds.services.version}</version>
            <type>pom</type>
            <scope>import</scope>
        </dependency>

        <!-- Cloud SDK -->
        <dependency>
            <groupId>com.sap.cloud.sdk</groupId>
            <artifactId>sdk-modules-bom</artifactId>
            <version>4.0.0</version>
            <type>pom</type>
            <scope>import</scope>
        </dependency>

        <!-- Service Binding Library -->
        <dependency>
            <groupId>com.sap.cloud.environment.servicebinding</groupId>
            <artifactId>java-modules-bom</artifactId>
            <version>0.5.0</version>
            <type>pom</type>
            <scope>import</scope>
        </dependency>

    </dependencies>
</dependencyManagement>