public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update changelog for 5.1.1 release (#525)

This commit is contained in:
Joel Speed 2020-05-06 12:55:31 +01:00 committed by GitHub
parent f5f1348176
commit d49556d966
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 25 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
CHANGELOG.md
View File

@ -6,8 +6,27 @@
## Breaking Changes
## Changes since v5.1.1
# v5.1.1
## Release Highlights
N/A
## Important Notes
- (Security) Fix for [open redirect vulnerability](https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-j7px-6hwj-hpjg).
- A bad actor using encoded whitespace in redirect URIs can redirect a session to another domain
## Breaking Changes
N/A
## Changes since v5.1.0
- [GHSA-j7px-6hwj-hpjg](https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-j7px-6hwj-hpjg) Fix Open Redirect Vulnerability with encoded Whitespace characters (@JoelSpeed)
# v5.1.0
## Release Hightlights

7
README.md
View File

@ -18,7 +18,7 @@ A list of changes can be seen in the [CHANGELOG](CHANGELOG.md).
1. Choose how to deploy:
a. Download [Prebuilt Binary](https://github.com/pusher/oauth2_proxy/releases) (current release is `v5.0.0`)
a. Download [Prebuilt Binary](https://github.com/pusher/oauth2_proxy/releases) (current release is `v5.1.1`)
b. Build with `$ go get github.com/pusher/oauth2_proxy` which will put the binary in `$GOROOT/bin`
@ -28,7 +28,7 @@ Prebuilt binaries can be validated by extracting the file and verifying it again
```
sha256sum -c sha256sum.txt 2>&1 | grep OK
oauth2_proxy-4.0.0.linux-amd64: OK
oauth2_proxy-5.1.1.linux-amd64: OK
```
2. [Select a Provider and Register an OAuth Application with a Provider](https://pusher.github.io/oauth2_proxy/auth-configuration)
@ -38,7 +38,8 @@ oauth2_proxy-4.0.0.linux-amd64: OK
## Security
If you are running a version older than v5.0.0 we **strongly recommend you please update** to a current version. RE: [open redirect vulnverability](https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv)
If you are running a version older than v5.1.0 we **strongly recommend you please update** to a current version.
See [open redirect vulnverability](https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-j7px-6hwj-hpjg) for details.
## Docs

4
docs/1_installation.md
View File

@ -9,7 +9,7 @@ nav_order: 1
1. Choose how to deploy:
a. Download [Prebuilt Binary](https://github.com/pusher/oauth2_proxy/releases) (current release is `v4.0.0`)
a. Download [Prebuilt Binary](https://github.com/pusher/oauth2_proxy/releases) (current release is `v5.1.1`)
b. Build with `$ go get github.com/pusher/oauth2_proxy` which will put the binary in `$GOROOT/bin`
@ -19,7 +19,7 @@ Prebuilt binaries can be validated by extracting the file and verifying it again
```
$ sha256sum -c sha256sum.txt 2>&1 | grep OK
oauth2_proxy-4.0.0.linux-amd64: OK
oauth2_proxy-5.1.1.linux-amd64: OK
```
2. [Select a Provider and Register an OAuth Application with a Provider](auth-configuration)