SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for dex-oidc-2.31.1-150400.32.2.x86_64.rpm :

* Thu Mar 24 2022 michaelAATTstroeder.com- Update to version 2.31.1:
* chore: update golang image
* Sat Mar 05 2022 michaelAATTstroeder.com- Update to version 2.31.0:
* Many dependency updates
* Bump Dex image to v2.30.0 for Kubernetes deployment example by AATTrdimitrov in #2232
* Update Go to 1.17 by AATTsagikazarmark in #2247
* refactor: move from io/ioutil to io and os package by AATTJuneezee in #2278
* feat: Add MySQL ent-based storage driver by AATTnabokihms in #2272
* chore: fix ioutil lint error after merging MySQL ent storage by AATTnabokihms in #2282
* Add parametrization of grant type supported in discovery endpoint by AATTariary in #2265
* Resolves #2111 Option to fetch transitive group membership by AATTsnuggie12 in #2268
* Return valid JWT access token from password grant by AATTenj in #2234
* fix: do not update offlinesession lastUsed field if refresh token was not updated by AATTnabokihms in #2300
* fix web static file path slash error for win platform by AATTcopperyp in #2305
* Update grpc by AATTsagikazarmark in #2321
* ci: fix container image permissions by AATTsagikazarmark in #2329
* feat: print dex version in the logs by AATTiam-veeramalla in #2337
* OAuth connector by AATTxtremerui in #1630
* fix: return invalid_grant error on claiming token of another client by AATTnabokihms in #2344
* chore: warning about deprecated LDAP groupSearch fields by AATTnabokihms in #2026
* Add Nix environment by AATTsagikazarmark in #2324
* Update dependencies in the examples package by AATTsagikazarmark in #2372
* add sigstore to ADOPTERS.md by AATTbobcallaway in #2374
* Add claimMapping enforcement by AATTHappy2C0de in #2233
* ci: run trivy scan on container image by AATTsagikazarmark in #2387
* chore: update gomplate by AATTsagikazarmark in #2388
* chore: update golangci-lint download script by AATTnabokihms in #2394
* [fix] Replace /teams API w/ /workspaces endpoints by AATTrahulchheda in #2390
* ci: add Docker cache to speed builds up by AATTsagikazarmark in #2400
* distroless: Dockerfile works with distroless base image by AATTankeesler in #2378
* Update dependencies by AATTsagikazarmark in #2404
* Update API package by AATTsagikazarmark in #2405
* Mon Jan 17 2022 michaelAATTstroeder.com- Use go 1.16 or newer
* Mon Dec 27 2021 michaelAATTstroeder.com- Update to version 2.30.2:
* ci: fix container image permissions
* chore: upgrade alpine
* Wed Oct 13 2021 michaelAATTstroeder.com- set go_version to 1.16 as required- Update to version 2.30.0:
* v2.30.0 - Features: + Improve auth flow error handling (#1862, AATTtkleczek) + Create CRDs as apiextensions.k8s.io/v1 (#2025, AATTnabokihms) + Read a namespace from the file for the Kubernetes storage client (#2092, AATTnabokihms) + Update token periodically if Dex is running in a Kubernetes cluster (#2112, AATTnabokihms) - Bugfixes: + Fix refreshing tokens that obtained with the password grant type (#2199, AATThensur) + Use only one sqlite3 connection to avoid the \"database is locked\" error (#2212, AATTsalmanisd) - Minor changes: + Add the ent-based postgres storage (#2121, AATTnabokihms) + Demonstrate use of the htpasswd for the bCrypt hashing in static passwords (#2218, AATTjglick) - Dependencies: + github.com/spf13/cobra 1.1.3 -> 1.2.1 + google.golang.org/grpc 1.38.0 -> 1.39.0 + google.golang.org/api 0.49.0 -> 0.52.0 + Build golang docker image 1.16.5-alpine3.13 -> 1.16.6-alpine3.13
* v2.29.0 - Features: + Add sprig v3 functions to web templates (#2152, AATTnabokihms) + Add ent-based sqlite3 storage (#1906, AATTnabokihms) + Support setting the prompt type for the Microsoft connector (#1912, AATTricky26) + Embed web assets (#2054, AATTsagikazarmark) - Bugfixes: + Defer creation of auth request (#1865, AATTal45tair) + Use /token endpoint to get tokens with device flow (#2010, AATTnabokihms) + Fix MySQL connection to use the provided port (#2100, AATTsagikazarmark) - Security: + Use constant time comparison for client secret verification (#1861, AATTxtremerui) - Minor changes: + Dependency upgrades + Tons of small fixes and changes
* Fri May 14 2021 rpmAATTfthiessen.de- Update to version 2.28.1:
* Features:
* Add c_hash to id_token, issued on /auth endpoint, when in hybrid flow
* Allow configuration of returned auth proxy header
* Allow to disable os.ExpandEnv for storage + connector configs by env variable DEX_EXPAND_ENV = false
* Added the possibility to activate lowercase for UPN-Strings
* Add \"Cache-control: no-store\" and \"Pragma: no-cache\" headers to token responses
* Graceful shutdown
* Allow public clients created with API to have no client_secret
* Bugfixes:
* Fix the etcd PKCE AuthCode deserialization
* Fix garbage collection logging of device codes and device request
* Discovery endpoint contains updated claims and auth methods
* Return invalid_grant error if auth code is invalid or expired
* Return an error to auth requests with the \"request\" parameter- Update to version 2.27.0:
* Security release, fixing: CVE-2020-26290
* connector/saml: Validate XML roundtrip data before processing request- Update to version 2.26.0:
* Require go 1.15
* Features:
* Add constructor for static key strategy
* Add team groups support to bitbucket connector
* Allow Authorization header when doing CORS
* Retry Kubernetes update requests
* PKCE support
* Allow public clients to have redirect URLs other than localhost
* Bugfixes:
* Abort connector login if connector was already set
* Replace deprecated teams endpoint in bitbucket connector
* Log errors from login during password grant
* Handle Kubernetes API conflicts properly for signing keys- Update to version 2.25.0:
* Features:
* Move the API package to a separate module
* OAuth2 Device Authorization Grant
* Support username, email and groups claim in OIDC connector
* Bugfixes:
* Add offline_access scope in microsoft connector, if required
* Allow the google connector to work without a service account- Update to version 2.24.0:
* Features:
* Keystone connector: Added Email to Identity
* Atlassian Crowd connector: allow preferred_username claim to be set
* Github connector: pass redirect_uri
* server: allow having no secret for static public clients
* SAML connector: add flag for filtering groups
* Bug fixes, misc changes:
* storage/kubernetes: wrap Kubernetes host address in square brackets for IPv6
* storage/kubernetes: remove shadowed ResourceVersion from connector
* server/handlers: do not fail login if refresh token gone
* server/handlers: automatic consistency fixing in case of missing refresh token in db
* OIDC connector: add Icon
* OpenShift connector: rootCA option
* Fri Apr 03 2020 fcastelliAATTsuse.com- Remove example programs from the final package. They are not needed and would make the dex container bigger.- Removed fix-default-web-path.patch: the patch already merged upstream- Removed fix-unmarshal-web-config.patch: the patch already merged upstream- Update to version 2.23.0:
* Features: - connector: Atlassian Crowd connector - connector/ldap: add multiple user to group mapping - Add support for password grant - Add ability to set ID and Secret from environment variables for static clients
* Bugfixes: - Provider icons use the connector name, not the ID - storage/mysql: increase auth_request.state length to 4096- Changes from version 2.22.0:
* Features: - google: Implement group whitelisting - Read static password hash from environment variable - OpenShift connector
* Bugfixes: - Provider icons use the connector name, not the ID- Changes from version 2.21.0:
* Features: - Implement refreshing with Google - Fetch groups in a Google Connector - Add option to enable groups for oidc connectors
* Bugfixes: - Fix spelling errors in docs - preferred_username claim added on refresh token- Changes from version 2.20.0:
* Features: - connector/saml: Adding group filtering - Run getUserInfo prior to claim enforcement - server: templates: use relative URLs to refer to assets - add preffered_username to idToken
* Bug fixes, misc changes: - gitlab: add groups scope by default when filtering is requested - Fix typo - Fix typo - storage/mysql: support pre-5.7.20 instances with tx_isolation only - Fix URLs in curl cmd as stated in the overview doc - Add note for redirect uri- Changes from version 2.19.0:
* Features: - connector/LDAP: display login error - HTTPS/gRPC: Use a more conservative set of CipherSuites
* Bug fixes, misc changes: - Update ADOPTERS.md - storage/kubernetes: Removing Kubernetes TPR support - Dockerfile: build with Golang 1.12.9 - Kubernetes docs: Clarify the origin of openid-ca - Code update: Replace x/net/context with stdlib context- Changes from version 2.18.0:
* Features: - Storage: New MySQL storage backend - gRPC: Add reflection to gRPC API - Add option to always display connector selection even if there\'s only one - Added \"connector_id\" to skip straight to a connector - Allow arbitrary data to be passed to templates - Gitlab: implement useLoginAsID as in GitHub connector - Microsoft: option for group UUIDs instead of name and group whitelist - gRPC: Add VerifyPassword to API
* Bug fixes, misc changes: - Update ADOPTERS.md - example-app: add connector_id - Docs: fix MySQL sample query - Code quality: fix some lint issues - gRPC: fix logging in VerifyPassword - Return config validation errors in one go - Update all deps - Return HTTP 400 for invalid state parameter - Adjusting Makefile so that golint will compile - Add tests for some callback handler error conditions - Add examples for recent additions to oauth2 configuration options - Bump deps for http2 issues - Connectors: refactor filter code into a helper package- Changes from version 2.17.0:
* Features: - Add UserInfo endpoint - Linkedin: Update to use v2 APIs - server: add metrics for CORS handlers - OIDC: Add option to hit the optional userinfo endpoint - OIDC: Make userID configurable - OIDC: Make userName configurable - GitLab: support for group whitelist
* Bug fixes, misc changes: - Print appropriate error when listing connectors fails - Bitbucket docs: update permission requirements - Round out logging interface with functions for all levels - Fix typo in SAMLConnector interface - travis: replace golang 1.10 and 1.11 with 1.12 - OIDC: truely ignore \"email_verified\" claim if configured that way- Changes from version 2.16.0:
* Features: - Add an option to the OpenID Connect connector to always set email_verified to true - Docker image no longer runs dex as root
* Bug fixes, misc changes: - Dex now logs client name instead of client_id - Fixes for Go 1.11.4 modules - Refactor logging to use an interface instead of logrus directly- Changes from version 2.15.0:
* Features: - Added Active Directory and Kubelogin integration sample - Added option to use GitHub login as id
* Bug fixes, misc changes: - Dockerfile Go version bumped to v1.11.5 - Minimum TLS version bumped to TLSv1.2 - Added AATTJoelSpeed as maintainer - Added tests for LDAP filtering - Print Access token in example app - Add periodic storage health checking- Changes from version 2.14.0:
* Features: - There\'s a brand new Keystone connector! - Github connector now returns a full group list when no org is specified, and you have - opted-in to that behaviour - Github connector allows for a \'both\' option to use team name AND slug in TeamNameField - Gitlab connector no longer requires to API scope - Postgres storage backeng now works with UNIX sockets - Postgres storage backend now exposes some tunables - gRPC API: Add UpdateClient - Make expiry of auth requests configurable - LDAP connector - add emailSuffix config option
* Bug fixes, misc changes: - Render error message provided by connector if user authentication failed - Fix bogus conformance failure due to time zones - Improved LDAP errors from upgrading go-ldap - Removed incomplete, unmaintained storage adapters for CockroachDB and MySQL - Removed unused startup scripts, adapted docs - LDAP connector: Document that \'DN\' must be in capitals - Kubernetes docs: clarify steps around use/creation of TLS assets - Bumped github.com/lib/pq - Migrate to go modules - Makefile: cleanups for newer versions of Go - Dockerfile: update to Go 1.11.3 - Replace \"GET\", \"POST\" to http.MethodGet and http.MethodPost
* Thu Nov 15 2018 pgeorgiadisAATTsuse.com- Fix boo#1116116 [dex Version: was not built properly]- Revert the binary name back to \'dex\'. Zypper conflict is expected to happen.- Add two binaries: example-app, grpc-client- Update to version 2.13.0
* Update to Go 1.11
* Mock connector support refresh tokens
* Dex no longer attempts to create CRDs if they\'re already created
* Updates to Kubernetes storage and RBAC docs
* Fix golint build issues
* Fix Bitbucket documentation
* Thu Feb 01 2018 jmassaguerplaAATTsuse.com- Fix the binary name so we don\'t conflict with the dex package which is something totally unrelated.
* Fri Dec 15 2017 opensuse-packagingAATTopensuse.org- Update to version 2.7.1:
* connector/github: only user users\' login name in API reqs
* connector/github: debug->info logging, more informative userInOrg msg
* When connecting to GitHub Enterprise, force email verified field to true
* connector/github: error if no groups scope without orgs
* Updated comment to include reference to GitHub Enterprise not supporting verified emails
* server: set sane bcrypt cost upper bound
* connector/github: abstract scope check and group getter
*
*: add standup script for LDAP
* storage/static.go: storage backend should not explicitly lower-case email ids.
* Documentation: OIDC conformance test setup
* Documentation: oidc conformance test case and issue tables
* server: fix panic caused by deleting refresh token twice through api
* [WIP]: add CRD support
* Updates coreos themes and icons for various providers
* Makefile: error out if go files aren\'t correctly formatted
* storage/kubernetes: add CRD support
* Documentation: add docs for TPR to CRD migration
* storage/kubernetes: Correct the OfflineSession object CRD definition
* Thu Oct 05 2017 mmeisterAATTsuse.com- Fix to actually apply the patch
* Thu Oct 05 2017 rfernandezlopezAATTsuse.com- Add a patch to unmarshal the frontend settings from the configuration file.
* Fri Sep 15 2017 kmacinnesAATTsuse.com- Add a patch to set the default web directory to match the location at which we install web content.
* Fri Sep 15 2017 kmacinnesAATTsuse.com- Include web content within the RPM (bsc#1058833)
* Mon Sep 11 2017 robert.rolandAATTsuse.com- Renaming to caasp-dex
* Mon Sep 11 2017 kmacinnesAATTsuse.com- Add missing copyright notice to spec file
* Thu Aug 31 2017 rrolandAATTsuse.com- Initial commit
  
ICM