Open redirect (security vulnerability) notes
This commit is contained in:
David Stark
parent
a316f8a06f
commit
3b0e8c3cb3
|
|
@ -17,7 +17,7 @@
|
||||||
- DigitalOcean provider support added
|
- DigitalOcean provider support added
|
||||||
|
|
||||||
## Important Notes
|
## Important Notes
|
||||||
- (Security) Fix for open redirect vulnerability.. a bad actor using `/\` in redirect URIs can redirect a session to another domain
|
- (Security) Fix for [open redirect vulnerability](https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv).. a bad actor using `/\` in redirect URIs can redirect a session to another domain
|
||||||
|
|
||||||
## Breaking Changes
|
## Breaking Changes
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -35,6 +35,11 @@ oauth2_proxy-4.0.0.linux-amd64: OK
|
||||||
3. [Configure OAuth2 Proxy using config file, command line options, or environment variables](https://pusher.github.io/oauth2_proxy/configuration)
|
3. [Configure OAuth2 Proxy using config file, command line options, or environment variables](https://pusher.github.io/oauth2_proxy/configuration)
|
||||||
4. [Configure SSL or Deploy behind a SSL endpoint](https://pusher.github.io/oauth2_proxy/tls-configuration) (example provided for Nginx)
|
4. [Configure SSL or Deploy behind a SSL endpoint](https://pusher.github.io/oauth2_proxy/tls-configuration) (example provided for Nginx)
|
||||||
|
|
||||||
|
|
||||||
|
## Security
|
||||||
|
|
||||||
|
If you are running a version older than v5.0.0 we **strongly recommend you please update** to a current version. RE: [open redirect vulnverability](https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv)
|
||||||
|
|
||||||
## Docs
|
## Docs
|
||||||
|
|
||||||
Read the docs on our [Docs site](https://pusher.github.io/oauth2_proxy).
|
Read the docs on our [Docs site](https://pusher.github.io/oauth2_proxy).
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue