Releases: dexidp/dex
v2.9.0
The official docker image for this release is available at:
quay.io/coreos/dex:v2.9.0
Features:
- The dex docker image is now built with Go 1.9 (@ericchiang, #1119)
- The prompt for password based login options is now configurable (@srenatus, #1116)
- A "select another login option" button has been added to the login page (@srenatus, #1123)
- The proto API definitions now have a java package tag (@vyshane, #1136)
- An Azure AD connector has been added (@pborzenkov, #1131)
Bug fixes:
- Host dependencies from the protobuf build process have been removed (@ericchiang, #1140)
- Rendered error pages now return HTTP error codes (@kkohtaka, #1142)
v2.8.1
v2.8.0
Features:
- ID tokens from cross-client requests now include the requesting client ID in the audience (#1088, @dpacierpnik)
- Authenticating proxy login strategy added (#1100, #1104, #1103, @stapelberg)
- LinkedIn login strategy added (#1101, @pborzenkov)
- Kubernetes storage tests are now run on PR (#1072, @ericchiang)
- etcd storage backend added (#1108, @dqminh)
Bug fixes:
- Kubernetes CRD storage HTTP client now has a default timeout (#1085, @rphillips)
- Fix regexp for GitLab HTTP header parsing (#1090, @lsjostro)
- Removed test that required internet access (#1109, @ericchiang)
Misc:
v2.7.1
rithujohn191
rithu leena john
This is a patch release of dex with the following changes since v2.6.1:
v2.7.0 contains an issue(#1070) with CRD support. Please refrain from using/upgrading to v2.7.0. Only upgrade to v2.7.1!
NOTE: This release makes use of Custom Resource Definitions (CRDs) instead of Third Party Resources (TPRs) for Kubernetes storage. Since Kubernetes has deprecated TPRs, Dex has now switched to CRDs by default. For existing deployments, this either requires a manual migration of the TPR data to CRDs or a config change to continue to use TRPs.
Features:
CRD Support (#1062)
Migrate TPR to CRD Documentation (#1067)
OIDC conformance test setup Docs (#1050)
Bug Fixes:
Error out if go files aren't correctly formatted (#1064)
Fix panic caused by deleting refresh token twice through api (#1056)
storage backend should not explicitly lower-case email ids (#1046)
v2.7.0
rithujohn191
rithu leena john
Due to a bug in this release, we've removed the docker image from quay.io and recommend users upgrade directly to v2.7.1.
v2.6.1
This is a security release of dex that addresses flaws in API query parameters and groups scope handling logic in the GitHub connector.
Issue 1: Dex's GitHub API calls used a users' display name, instead of login name, and would fail.
Issue 2: Dex would not check whether a user was a member of groups in orgs/org if a client was not configured to communicate the groups scope to dex, regardless of whether orgs/org were populated in the clients' configuration file.
Users of the GitHub connector should update to this release immediately.
v2.6.0
This is a minor release of dex with the following changes since v2.5.0:
Features:
- Log high
bcryptcosts and password hash timeouts (#1016) - Filter by multiple GitHub organizations and teams, document caveats (#1013, #1019)
- Fetch GitHub private primary email addresses if no public email is available (#1018)
- LDAP and SAML query and configuration logging (#1021)
Bug Fixes:
- Fixed hosted domain support for Google OIDC (#1000)
v2.5.0
rithujohn191
rithu leena john
v2.4.1
rithujohn191
rithu leena john
This is a security release of dex that addresses a vulnerability in the LDAP connector.
Issue: Dex does not protect against LDAP servers that allow unauthenticated binds (usually disabled by default), which means a user can login to dex without a password via LDAP.
Users of the LDAP connector should update to this release immediately if their LDAP servers supports unauthenticated bind.
v2.4.0
rithujohn191
rithu leena john