SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for dex-oidc-2.35.3-1.8.x86_64.rpm :

* Fri Oct 14 2022 michaelAATTstroeder.com- Update to version 2.35.3:
* Security fixes - Update gomplate version to 3.11.3 fix CVE-2022-27665 - security fix for GHSA-vh7g-p26c-j2cw: Backchannel attack allows an attacker to fetch an ID token through an intercepted authorization code
* 2.35.0: + Enhancements - Reduce HTTP client creations in the Keystone connector by AATTerwinvaneyk in #2659 + Bug Fixes - fix for issue 2670; check for no serviceAccountFilePath and no email by AATTbobcallaway in #2679 - supply HMACKey in test case by AATTbobcallaway in #2683 - fix: refresh token only once for all concurrent requests by AATTnabokihms in #2692 + Dependency Updates - build(deps): bump google.golang.org/api from 0.95.0 to 0.97.0 by AATTdependabot in #2677 - build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.4 to 3.5.5 by AATTdependabot in #2666 - build(deps): bump google.golang.org/api from 0.97.0 to 0.98.0 by AATTdependabot in #2682 - build(deps): bump helm/kind-action from 1.3.0 to 1.4.0 by AATTdependabot in #2681 - build(deps): bump entgo.io/ent from 0.11.2 to 0.11.3 by AATTdependabot in #2684 - Update golang.org/x packages by AATTsagikazarmark in #2688
* 2.34.0: + Exciting New Features - updated gomplate version and added ppc64le support by AATTmayurwaghmode in #2620 + Enhancements - fix: Fallback when group claim is a string instead of an array of strings by AATTJoooostB in #2639 - feat(connector/authproxy): support multiple groups by AATTmclavel in #2643 - Implement Application Default Credentials for the google connector by AATTichbinfrog in #2530 - build: bump Go version to 1.19 in Nix by AATTsagikazarmark in #2648 + Dependency Updates - build(deps): bump alpine from 3.16.1 to 3.16.2 by AATTdependabot in #2624 - build(deps): bump github.com/prometheus/client_golang from 1.12.2 to 1.13.0 by AATTdependabot in #2623 - build(deps): bump aquasecurity/trivy-action from 0.6.1 to 0.7.0 by AATTdependabot in #2632 - build(deps): bump github.com/mattn/go-sqlite3 from 1.14.11 to 1.14.15 by AATTdependabot in #2634 - build(deps): bump aquasecurity/trivy-action from 0.7.0 to 0.7.1 by AATTdependabot in #2635 - build(deps): bump google.golang.org/api from 0.89.0 to 0.93.0 by AATTdependabot in #2633 - build(deps): bump google.golang.org/api from 0.93.0 to 0.94.0 by AATTdependabot in #2637 - chore: Bump ent to 0.11.2 by AATTnabokihms in #2640 - chore: Bump Go to 1.19 by AATTnabokihms in #2641 - build(deps): bump github.com/coreos/go-oidc/v3 from 3.2.0 to 3.3.0 by AATTdependabot in #2646 - build(deps): bump google.golang.org/grpc from 1.47.0 to 1.49.0 by AATTdependabot in #2636 - build(deps): bump google.golang.org/protobuf from 1.28.0 to 1.28.1 in /api/v2 by AATTdependabot in #2611 - build(deps): bump golang from 1.19.0-alpine3.15 to 1.19.1-alpine3.15 by AATTdependabot in #2650 - chore: update alpine version in Go image by AATTsagikazarmark in #2656 - build(deps): bump github.com/lib/pq from 1.10.5 to 1.10.7 by AATTdependabot in #2651 - build(deps): bump google.golang.org/api from 0.94.0 to 0.95.0 by AATTdependabot in #2652 - build(deps): bump google.golang.org/grpc from 1.47.0 to 1.49.0 in /api/v2 by AATTdependabot in #2638 - build(deps): bump github.com/coreos/go-oidc/v3 from 3.3.0 to 3.4.0 by AATTdependabot in #2658
* Wed Aug 24 2022 michaelAATTstroeder.com- Update to version 2.33.0:
* New Features - add PKCE support to device code flow by AATTbobcallaway in #2575
* Enhancements - Limit the amount of objects we attempt to GC on each cycle by AATTkellyma2 in #2524 - Use GitLab\'s refresh_token during Refresh. by AATTdhaus67 in #2352 - Add domainHint parameter to Microsoft Connector by AATTjosephtknight in #2586 - add config to explicitly set scopes for microsoft connector by AATTbobcallaway in #2582
* Bug Fixes - fix: prevent cross-site scripting for the device flow by AATTnabokihms in #2468 - grpc-client: Do not crash on empty response by AATTbbusse in #2584
* Various dependency updates
* Mon Jul 11 2022 michaelAATTstroeder.com- Update to version 2.32.0:
* Enhancements - Add support for RefreshConnector for openshift connector. by AATTdhaus67 in #2342 - Allow configuration of returned groups via authproxy connector by AATTseuf in #2371 - Add acr_values support for OIDC by AATTdirien in #2418 - fix: Implicit Grant discovery by AATTnabokihms in #2433 - fix: log only errors on refreshing by AATTnabokihms in #2470 - Create setting to allow to trust the system root CAs by AATTdhaus67 in #2430 - Add numeric user ID support for oauth connector by AATTtsl0922 in #2483 - Remove google specific hd / hosted domain claim config from oidc connector by AATTBlorpy in #2511 - OIDC connector: Support cases where there is no id_token when using a refresh_token grant by AATTBlorpy in #2522 - feat: add enhancement template by AATTnabokihms in #2486 - Release note configuration by AATTsagikazarmark in #2463 - fix: add notification about groups access to the Grant Access page by AATTnabokihms in #2533 - feat: enable profiling endpoints by AATTnabokihms in #2482
* Bug Fixes - Build multi-platform images in a single build job by AATTsagikazarmark in #2487 - Fixes #2537 by AATTShivanshVij in #2538 - correctly handle path escaping for connector IDs by AATTbobcallaway in #2290
* Dependency Updates - build(deps): bump golang from 1.17.6-alpine3.14 to 1.17.7-alpine3.14 by AATTdependabot in #2411 - build(deps): bump google.golang.org/api from 0.68.0 to 0.69.0 by AATTdependabot in #2415 - build(deps): bump github.com/go-ldap/ldap/v3 from 3.4.1 to 3.4.2 by AATTdependabot in #2416 - build(deps): bump google.golang.org/api from 0.69.0 to 0.70.0 by AATTdependabot in #2419 - build(deps): bump actions/checkout from 2 to 3 by AATTdependabot in #2422 - build(deps): bump github.com/russellhaering/goxmldsig from 1.1.1 to 1.2.0 by AATTdependabot in #2424 - build(deps): bump golang from 1.17.7-alpine3.14 to 1.17.8-alpine3.14 by AATTdependabot in #2426 - build(deps): bump github.com/spf13/cobra from 1.3.0 to 1.4.0 by AATTdependabot in #2437 - build(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 by AATTdependabot in #2440 - build(deps): bump alpine from 3.15.0 to 3.15.1 by AATTdependabot in #2444 - build(deps): bump alpine from 3.15.1 to 3.15.3 by AATTdependabot in #2456 - build(deps): bump alpine from 3.15.3 to 3.15.4 by AATTdependabot in #2461 - build(deps): bump google.golang.org/api from 0.70.0 to 0.74.0 by AATTdependabot in #2458 - build(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0 by AATTdependabot in #2451 - Update ent by AATTsagikazarmark in #2428 - build(deps): bump aquasecurity/trivy-action from 0.2.2 to 0.2.3 by AATTdependabot in #2466 - build(deps): bump actions/setup-go from 2 to 3 by AATTdependabot in #2467 - Bump Alpine to latest version by AATTMattiasGees in #2471 - build(deps): bump aquasecurity/trivy-action from 0.2.4 to 0.2.5 by AATTdependabot in #2481 - build(deps): bump github/codeql-action from 1 to 2 by AATTdependabot in #2494 - build(deps): bump docker/build-push-action from 2 to 3 by AATTdependabot in #2510 - build(deps): bump docker/metadata-action from 3 to 4 by AATTdependabot in #2509 - build(deps): bump docker/login-action from 1 to 2 by AATTdependabot in #2507 - build(deps): bump docker/setup-qemu-action from 1 to 2 by AATTdependabot in #2508 - build(deps): bump docker/setup-buildx-action from 1 to 2 by AATTdependabot in #2506 - build(deps): bump aquasecurity/trivy-action from 0.2.5 to 0.3.0 by AATTdependabot in #2525 - chore: Go mod update 1.17 by AATTnabokihms in #2532 - build(deps): bump alpine from 3.15.4 to 3.16.0 by AATTdependabot in #2531 - build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.2 to 3.5.4 by AATTdependabot in #2491 - build(deps): bump github.com/coreos/go-oidc/v3 from 3.1.0 to 3.2.0 by AATTdependabot in #2528 - build(deps): bump google.golang.org/grpc from 1.45.0 to 1.46.2 by AATTdependabot in #2526 - build(deps): bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 by AATTdependabot in #2529 - build(deps): bump github.com/felixge/httpsnoop from 1.0.2 to 1.0.3 by AATTdependabot in #2527 - build(deps): bump google.golang.org/api from 0.74.0 to 0.81.0 by AATTdependabot in #2534 - build(deps): bump google.golang.org/grpc from 1.44.0 to 1.46.2 in /api/v2 by AATTdependabot in #2517 - build(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0 in /api/v2 by AATTdependabot in #2452 - feat: upgrade Go to 1.18 by AATTsagikazarmark in #2441 - build(deps): bump golang from 1.18.0-alpine3.15 to 1.18.2-alpine3.15 by AATTdependabot in #2535 - build(deps): bump google.golang.org/api from 0.81.0 to 0.82.0 by AATTdependabot in #2549 - build(deps): bump google.golang.org/grpc from 1.46.2 to 1.47.0 by AATTdependabot in #2543 - build(deps): bump golang from 1.18.2-alpine3.15 to 1.18.3-alpine3.15 by AATTdependabot in #2548 - build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2 by AATTdependabot in #2550 - chore(deps): update grpc by AATTsagikazarmark in #2551
* Other Changes - Update alpine version by AATTsagikazarmark in #2446 - New docker image build by AATTsagikazarmark in #2474 - Qemu tweaks by AATTsagikazarmark in #2480 - Add docker metadata action by AATTsagikazarmark in #2488 - ci: use docker metadata for build input by AATTsagikazarmark in #2489 - chore: do not use caching for docker build by AATTnabokihms in #2516 - Bump lint timeout to reduce the number of failed executions by AATTnabokihms in #2523
* Thu Mar 24 2022 michaelAATTstroeder.com- Update to version 2.31.1:
* chore: update golang image
* Sat Mar 05 2022 michaelAATTstroeder.com- Update to version 2.31.0:
* Many dependency updates
* Bump Dex image to v2.30.0 for Kubernetes deployment example by AATTrdimitrov in #2232
* Update Go to 1.17 by AATTsagikazarmark in #2247
* refactor: move from io/ioutil to io and os package by AATTJuneezee in #2278
* feat: Add MySQL ent-based storage driver by AATTnabokihms in #2272
* chore: fix ioutil lint error after merging MySQL ent storage by AATTnabokihms in #2282
* Add parametrization of grant type supported in discovery endpoint by AATTariary in #2265
* Resolves #2111 Option to fetch transitive group membership by AATTsnuggie12 in #2268
* Return valid JWT access token from password grant by AATTenj in #2234
* fix: do not update offlinesession lastUsed field if refresh token was not updated by AATTnabokihms in #2300
* fix web static file path slash error for win platform by AATTcopperyp in #2305
* Update grpc by AATTsagikazarmark in #2321
* ci: fix container image permissions by AATTsagikazarmark in #2329
* feat: print dex version in the logs by AATTiam-veeramalla in #2337
* OAuth connector by AATTxtremerui in #1630
* fix: return invalid_grant error on claiming token of another client by AATTnabokihms in #2344
* chore: warning about deprecated LDAP groupSearch fields by AATTnabokihms in #2026
* Add Nix environment by AATTsagikazarmark in #2324
* Update dependencies in the examples package by AATTsagikazarmark in #2372
* add sigstore to ADOPTERS.md by AATTbobcallaway in #2374
* Add claimMapping enforcement by AATTHappy2C0de in #2233
* ci: run trivy scan on container image by AATTsagikazarmark in #2387
* chore: update gomplate by AATTsagikazarmark in #2388
* chore: update golangci-lint download script by AATTnabokihms in #2394
* [fix] Replace /teams API w/ /workspaces endpoints by AATTrahulchheda in #2390
* ci: add Docker cache to speed builds up by AATTsagikazarmark in #2400
* distroless: Dockerfile works with distroless base image by AATTankeesler in #2378
* Update dependencies by AATTsagikazarmark in #2404
* Update API package by AATTsagikazarmark in #2405
* Mon Jan 17 2022 Michael Ströder - Use go 1.16 or newer
* Mon Dec 27 2021 michaelAATTstroeder.com- Update to version 2.30.2:
* ci: fix container image permissions
* chore: upgrade alpine
* Wed Oct 13 2021 michaelAATTstroeder.com- set go_version to 1.16 as required- Update to version 2.30.0:
* v2.30.0 - Features: + Improve auth flow error handling (#1862, AATTtkleczek) + Create CRDs as apiextensions.k8s.io/v1 (#2025, AATTnabokihms) + Read a namespace from the file for the Kubernetes storage client (#2092, AATTnabokihms) + Update token periodically if Dex is running in a Kubernetes cluster (#2112, AATTnabokihms) - Bugfixes: + Fix refreshing tokens that obtained with the password grant type (#2199, AATThensur) + Use only one sqlite3 connection to avoid the \"database is locked\" error (#2212, AATTsalmanisd) - Minor changes: + Add the ent-based postgres storage (#2121, AATTnabokihms) + Demonstrate use of the htpasswd for the bCrypt hashing in static passwords (#2218, AATTjglick) - Dependencies: + github.com/spf13/cobra 1.1.3 -> 1.2.1 + google.golang.org/grpc 1.38.0 -> 1.39.0 + google.golang.org/api 0.49.0 -> 0.52.0 + Build golang docker image 1.16.5-alpine3.13 -> 1.16.6-alpine3.13
* v2.29.0 - Features: + Add sprig v3 functions to web templates (#2152, AATTnabokihms) + Add ent-based sqlite3 storage (#1906, AATTnabokihms) + Support setting the prompt type for the Microsoft connector (#1912, AATTricky26) + Embed web assets (#2054, AATTsagikazarmark) - Bugfixes: + Defer creation of auth request (#1865, AATTal45tair) + Use /token endpoint to get tokens with device flow (#2010, AATTnabokihms) + Fix MySQL connection to use the provided port (#2100, AATTsagikazarmark) - Security: + Use constant time comparison for client secret verification (#1861, AATTxtremerui) - Minor changes: + Dependency upgrades + Tons of small fixes and changes
* Fri May 14 2021 rpmAATTfthiessen.de- Update to version 2.28.1:
* Features:
* Add c_hash to id_token, issued on /auth endpoint, when in hybrid flow
* Allow configuration of returned auth proxy header
* Allow to disable os.ExpandEnv for storage + connector configs by env variable DEX_EXPAND_ENV = false
* Added the possibility to activate lowercase for UPN-Strings
* Add \"Cache-control: no-store\" and \"Pragma: no-cache\" headers to token responses
* Graceful shutdown
* Allow public clients created with API to have no client_secret
* Bugfixes:
* Fix the etcd PKCE AuthCode deserialization
* Fix garbage collection logging of device codes and device request
* Discovery endpoint contains updated claims and auth methods
* Return invalid_grant error if auth code is invalid or expired
* Return an error to auth requests with the \"request\" parameter- Update to version 2.27.0:
* Security release, fixing: CVE-2020-26290
* connector/saml: Validate XML roundtrip data before processing request- Update to version 2.26.0:
* Require go 1.15
* Features:
* Add constructor for static key strategy
* Add team groups support to bitbucket connector
* Allow Authorization header when doing CORS
* Retry Kubernetes update requests
* PKCE support
* Allow public clients to have redirect URLs other than localhost
* Bugfixes:
* Abort connector login if connector was already set
* Replace deprecated teams endpoint in bitbucket connector
* Log errors from login during password grant
* Handle Kubernetes API conflicts properly for signing keys- Update to version 2.25.0:
* Features:
* Move the API package to a separate module
* OAuth2 Device Authorization Grant
* Support username, email and groups claim in OIDC connector
* Bugfixes:
* Add offline_access scope in microsoft connector, if required
* Allow the google connector to work without a service account- Update to version 2.24.0:
* Features:
* Keystone connector: Added Email to Identity
* Atlassian Crowd connector: allow preferred_username claim to be set
* Github connector: pass redirect_uri
* server: allow having no secret for static public clients
* SAML connector: add flag for filtering groups
* Bug fixes, misc changes:
* storage/kubernetes: wrap Kubernetes host address in square brackets for IPv6
* storage/kubernetes: remove shadowed ResourceVersion from connector
* server/handlers: do not fail login if refresh token gone
* server/handlers: automatic consistency fixing in case of missing refresh token in db
* OIDC connector: add Icon
* OpenShift connector: rootCA option
* Fri Apr 03 2020 fcastelliAATTsuse.com- Remove example programs from the final package. They are not needed and would make the dex container bigger.- Removed fix-default-web-path.patch: the patch already merged upstream- Removed fix-unmarshal-web-config.patch: the patch already merged upstream- Update to version 2.23.0:
* Features: - connector: Atlassian Crowd connector - connector/ldap: add multiple user to group mapping - Add support for password grant - Add ability to set ID and Secret from environment variables for static clients
* Bugfixes: - Provider icons use the connector name, not the ID - storage/mysql: increase auth_request.state length to 4096- Changes from version 2.22.0:
* Features: - google: Implement group whitelisting - Read static password hash from environment variable - OpenShift connector
* Bugfixes: - Provider icons use the connector name, not the ID- Changes from version 2.21.0:
* Features: - Implement refreshing with Google - Fetch groups in a Google Connector - Add option to enable groups for oidc connectors
* Bugfixes: - Fix spelling errors in docs - preferred_username claim added on refresh token- Changes from version 2.20.0:
* Features: - connector/saml: Adding group filtering - Run getUserInfo prior to claim enforcement - server: templates: use relative URLs to refer to assets - add preffered_username to idToken
* Bug fixes, misc changes: - gitlab: add groups scope by default when filtering is requested - Fix typo - Fix typo - storage/mysql: support pre-5.7.20 instances with tx_isolation only - Fix URLs in curl cmd as stated in the overview doc - Add note for redirect uri- Changes from version 2.19.0:
* Features: - connector/LDAP: display login error - HTTPS/gRPC: Use a more conservative set of CipherSuites
* Bug fixes, misc changes: - Update ADOPTERS.md - storage/kubernetes: Removing Kubernetes TPR support - Dockerfile: build with Golang 1.12.9 - Kubernetes docs: Clarify the origin of openid-ca - Code update: Replace x/net/context with stdlib context- Changes from version 2.18.0:
* Features: - Storage: New MySQL storage backend - gRPC: Add reflection to gRPC API - Add option to always display connector selection even if there\'s only one - Added \"connector_id\" to skip straight to a connector - Allow arbitrary data to be passed to templates - Gitlab: implement useLoginAsID as in GitHub connector - Microsoft: option for group UUIDs instead of name and group whitelist - gRPC: Add VerifyPassword to API
* Bug fixes, misc changes: - Update ADOPTERS.md - example-app: add connector_id - Docs: fix MySQL sample query - Code quality: fix some lint issues - gRPC: fix logging in VerifyPassword - Return config validation errors in one go - Update all deps - Return HTTP 400 for invalid state parameter - Adjusting Makefile so that golint will compile - Add tests for some callback handler error conditions - Add examples for recent additions to oauth2 configuration options - Bump deps for http2 issues - Connectors: refactor filter code into a helper package- Changes from version 2.17.0:
* Features: - Add UserInfo endpoint - Linkedin: Update to use v2 APIs - server: add metrics for CORS handlers - OIDC: Add option to hit the optional userinfo endpoint - OIDC: Make userID configurable - OIDC: Make userName configurable - GitLab: support for group whitelist
* Bug fixes, misc changes: - Print appropriate error when listing connectors fails - Bitbucket docs: update permission requirements - Round out logging interface with functions for all levels - Fix typo in SAMLConnector interface - travis: replace golang 1.10 and 1.11 with 1.12 - OIDC: truely ignore \"email_verified\" claim if configured that way- Changes from version 2.16.0:
* Features: - Add an option to the OpenID Connect connector to always set email_verified to true - Docker image no longer runs dex as root
* Bug fixes, misc changes: - Dex now logs client name instead of client_id - Fixes for Go 1.11.4 modules - Refactor logging to use an interface instead of logrus directly- Changes from version 2.15.0:
* Features: - Added Active Directory and Kubelogin integration sample - Added option to use GitHub login as id
* Bug fixes, misc changes: - Dockerfile Go version bumped to v1.11.5 - Minimum TLS version bumped to TLSv1.2 - Added AATTJoelSpeed as maintainer - Added tests for LDAP filtering - Print Access token in example app - Add periodic storage health checking- Changes from version 2.14.0:
* Features: - There\'s a brand new Keystone connector! - Github connector now returns a full group list when no org is specified, and you have - opted-in to that behaviour - Github connector allows for a \'both\' option to use team name AND slug in TeamNameField - Gitlab connector no longer requires to API scope - Postgres storage backeng now works with UNIX sockets - Postgres storage backend now exposes some tunables - gRPC API: Add UpdateClient - Make expiry of auth requests configurable - LDAP connector - add emailSuffix config option
* Bug fixes, misc changes: - Render error message provided by connector if user authentication failed - Fix bogus conformance failure due to time zones - Improved LDAP errors from upgrading go-ldap - Removed incomplete, unmaintained storage adapters for CockroachDB and MySQL - Removed unused startup scripts, adapted docs - LDAP connector: Document that \'DN\' must be in capitals - Kubernetes docs: clarify steps around use/creation of TLS assets - Bumped github.com/lib/pq - Migrate to go modules - Makefile: cleanups for newer versions of Go - Dockerfile: update to Go 1.11.3 - Replace \"GET\", \"POST\" to http.MethodGet and http.MethodPost
  
ICM