public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update changelog ready for release v6.0.0

This commit is contained in:
Joel Speed 2020-06-27 12:05:26 +01:00
parent ee5662e0f5
commit 25154ede41
No known key found for this signature in database
GPG Key ID: 6E80578D6751DEFB
5 changed files with 27 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
CHANGELOG.md
View File

@ -4,6 +4,25 @@
## Important Notes
## Breaking Changes
## Changes since v6.0.0
# v6.0.0
## Release Highlights
- Migrated to an independent GitHub organisation
- Added local test environment examples using docker-compose and kind
- Error pages will now be rendered when upstream connections fail
- Non-Existent options in config files will now return errors on startup
- Sessions are now always encrypted, independent of configuration
## Important Notes
- (Security) Fix for [open redirect vulnerability](https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-5m6c-jp6f-2vcv).
- More invalid redirects that lead to open-redirects were reported
- An extensive test suite has been added to prevent future regressions
- [#453](https://github.com/oauth2-proxy/oauth2-proxy/pull/453) Responses to endpoints with a proxy prefix will now return headers for preventing browser caching.
## Breaking Changes
@ -60,6 +79,7 @@
## Changes since v5.1.1
- [GHSA-5m6c-jp6f-2vcv](https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-5m6c-jp6f-2vcv) New OpenRedirect cases have been found (@JoelSpeed)
- [#639](https://github.com/oauth2-proxy/oauth2-proxy/pull/639) Change how gitlab-group is parsed on options (@linuxgemini)
- [#615](https://github.com/oauth2-proxy/oauth2-proxy/pull/615) Kubernetes example based on Kind cluster and Nginx ingress (@EvgeniGordeev)
- [#596](https://github.com/oauth2-proxy/oauth2-proxy/pull/596) Validate Bearer IDTokens in headers with correct provider/extra JWT Verifier (@NickMeves)
@ -85,7 +105,7 @@
- [#537](https://github.com/oauth2-proxy/oauth2-proxy/pull/537) Drop Fallback to Email if User not set (@JoelSpeed)
- [#535](https://github.com/oauth2-proxy/oauth2-proxy/pull/535) Drop support for pre v3.1 cookies (@JoelSpeed)
- [#533](https://github.com/oauth2-proxy/oauth2-proxy/pull/487) Set up code coverage within Travis for Code Climate (@JoelSpeed)
- [#514](https://github.com/oauth2-proxy/oauth2-proxy/pull/514) Add basic string functions to templates
- [#514](https://github.com/oauth2-proxy/oauth2-proxy/pull/514) Add basic string functions to templates (@n-i-x)
- [#524](https://github.com/oauth2-proxy/oauth2-proxy/pull/524) Sign cookies with SHA256 (@NickMeves)
- [#515](https://github.com/oauth2-proxy/oauth2-proxy/pull/515) Drop configure script in favour of native Makefile env and checks (@JoelSpeed)
- [#519](https://github.com/oauth2-proxy/oauth2-proxy/pull/519) Support context in providers (@johejo)

6
README.md
View File

@ -23,7 +23,7 @@ Going forward, all images shall be available at `quay.io/oauth2-proxy/oauth2-pro
1. Choose how to deploy:
a. Download [Prebuilt Binary](https://github.com/oauth2-proxy/oauth2-proxy/releases) (current release is `v5.1.1`)
a. Download [Prebuilt Binary](https://github.com/oauth2-proxy/oauth2-proxy/releases) (current release is `v6.0.0`)
b. Build with `$ go get github.com/oauth2-proxy/oauth2-proxy` which will put the binary in `$GOROOT/bin`
@ -43,8 +43,8 @@ oauth2-proxy-x.y.z.linux-amd64: OK
## Security
If you are running a version older than v5.1.0 we **strongly recommend you please update** to a current version.
See [open redirect vulnverability](https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-j7px-6hwj-hpjg) for details.
If you are running a version older than v6.0.0 we **strongly recommend you please update** to a current version.
See [open redirect vulnverability](https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-5m6c-jp6f-2vcv) for details.
## Docs

2
contrib/local-environment/docker-compose-keycloak.yaml
View File

@ -15,7 +15,7 @@ services:
oauth2-proxy:
container_name: oauth2-proxy
image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1
image: quay.io/oauth2-proxy/oauth2-proxy:v6.0.0
command: --config /oauth2-proxy.cfg
hostname: oauth2-proxy
volumes:

2
contrib/local-environment/docker-compose.yaml
View File

@ -13,7 +13,7 @@ version: '3.0'
services:
oauth2-proxy:
container_name: oauth2-proxy
image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1
image: quay.io/oauth2-proxy/oauth2-proxy:v6.0.0
command: --config /oauth2-proxy.cfg
ports:
- 4180:4180/tcp

2
docs/1_installation.md
View File

@ -9,7 +9,7 @@ nav_order: 1
1. Choose how to deploy:
a. Download [Prebuilt Binary](https://github.com/oauth2-proxy/oauth2-proxy/releases) (current release is `v5.1.1`)
a. Download [Prebuilt Binary](https://github.com/oauth2-proxy/oauth2-proxy/releases) (current release is `v6.0.0`)
b. Build with `$ go get github.com/oauth2-proxy/oauth2-proxy` which will put the binary in `$GOROOT/bin`