Skip to content

4.12.1

Choose a tag to compare

@gladjohn gladjohn released this 03 Jul 13:46
5c00e04

Bug fixes

  • Preserve ManagedIdentity when converting AcquireTokenOptions to TokenAcquisitionOptions in TokenAcquirer. Previously the ITokenAcquirer.GetTokenForAppAsync / GetTokenForUserAsync paths silently dropped ManagedIdentity and fell back to the confidential-client path, breaking managed-identity mTLS PoP (e.g. MISE Native). See #3914.

Behavior changes

  • Sidecar: outbound HTTP redirects suppressed by default. The sidecar no longer follows outbound HTTP redirects; a new opt-in Sidecar:AllowOutboundRedirects flag (default false) restores the previous behavior. See #3906.
  • Sidecar: per-request isolation of downstream API options. Downstream API options resolved from the singleton IOptionsMonitor are now cloned per request (including fresh ExtraParameters / ExtraHeaderParameters / ExtraQueryParameters dictionaries), preventing request-scoped values from leaking across requests or racing under concurrency. See #3919.

Fundamentals

  • Build the solution in the PR pipeline before running tests. See #3911.
  • Restore OWIN 5.7.1 packages from the internal IDDP feed in the PR pipeline. See #3912.
  • Run the PR pipeline on the Wilson pool so integration/E2E tests can access the lab KeyVault. See #3913.