Skip to content

Releases: dexidp/dex

v2.35.3

11 Oct 16:58
v2.35.3
54c9e82
Compare
Choose a tag to compare

The official container image for this release can be pulled from

ghcr.io/dexidp/dex:v2.35.3

What's Changed

Dependency Updates ⬆️

Full Changelog: v2.35.2...v2.35.3

v2.35.2

09 Oct 10:18
v2.35.2
9063c79
Compare
Choose a tag to compare

The official container image for this release can be pulled from

ghcr.io/dexidp/dex:v2.35.2

What's Changed

Bug Fixes 🐛

Dependency Updates ⬆️

Full Changelog: v2.35.1...v2.35.2

v2.35.1

04 Oct 10:33
v2.35.1
2027413
Compare
Choose a tag to compare

The official container image for this release can be pulled from

ghcr.io/dexidp/dex:v2.35.1

What's Changed

Bug Fixes 🐛

Full Changelog: v2.35.0...v2.35.1

v2.35.0

03 Oct 16:04
v2.35.0
e4bceef
Compare
Choose a tag to compare

⚠️ This release fixes a major vulnerability in Dex. We advise everyone to upgrade as soon as possible! ⚠️

If you use the Google connector, please upgrade to 2.35.1 instead.

The official container image for this release can be pulled from

ghcr.io/dexidp/dex:v2.35.0

What's Changed

Enhancements 🚀

Bug Fixes 🐛

Dependency Updates ⬆️

New Contributors

Full Changelog: v2.34.0...v2.35.0

v2.34.0

16 Sep 05:27
7b589ba
Compare
Choose a tag to compare

The official container image for this release can be pulled from

ghcr.io/dexidp/dex:v2.34.0

What's Changed

Exciting New Features 🎉

Enhancements 🚀

  • fix: Fallback when group claim is a string instead of an array of strings by @JoooostB in #2639
  • feat(connector/authproxy): support multiple groups by @mclavel in #2643
  • Implement Application Default Credentials for the google connector by @ichbinfrog in #2530
  • build: bump Go version to 1.19 in Nix by @sagikazarmark in #2648

Dependency Updates ⬆️

  • build(deps): bump alpine from 3.16.1 to 3.16.2 by @dependabot in #2624
  • build(deps): bump github.com/prometheus/client_golang from 1.12.2 to 1.13.0 by @dependabot in #2623
  • build(deps): bump aquasecurity/trivy-action from 0.6.1 to 0.7.0 by @dependabot in #2632
  • build(deps): bump github.com/mattn/go-sqlite3 from 1.14.11 to 1.14.15 by @dependabot in #2634
  • build(deps): bump aquasecurity/trivy-action from 0.7.0 to 0.7.1 by @dependabot in #2635
  • build(deps): bump google.golang.org/api from 0.89.0 to 0.93.0 by @dependabot in #2633
  • build(deps): bump google.golang.org/api from 0.93.0 to 0.94.0 by @dependabot in #2637
  • chore: Bump ent to 0.11.2 by @nabokihms in #2640
  • chore: Bump Go to 1.19 by @nabokihms in #2641
  • build(deps): bump github.com/coreos/go-oidc/v3 from 3.2.0 to 3.3.0 by @dependabot in #2646
  • build(deps): bump google.golang.org/grpc from 1.47.0 to 1.49.0 by @dependabot in #2636
  • build(deps): bump google.golang.org/protobuf from 1.28.0 to 1.28.1 in /api/v2 by @dependabot in #2611
  • build(deps): bump golang from 1.19.0-alpine3.15 to 1.19.1-alpine3.15 by @dependabot in #2650
  • chore: update alpine version in Go image by @sagikazarmark in #2656
  • build(deps): bump github.com/lib/pq from 1.10.5 to 1.10.7 by @dependabot in #2651
  • build(deps): bump google.golang.org/api from 0.94.0 to 0.95.0 by @dependabot in #2652
  • build(deps): bump google.golang.org/grpc from 1.47.0 to 1.49.0 in /api/v2 by @dependabot in #2638
  • build(deps): bump github.com/coreos/go-oidc/v3 from 3.3.0 to 3.4.0 by @dependabot in #2658

New Contributors

Full Changelog: v2.33.0...v2.34.0

v2.33.1

13 Sep 11:52
v2.33.1
8aab5bc
Compare
Choose a tag to compare

What's Changed

Enhancements 🚀

Full Changelog: v2.33.0...v2.33.1

v2.33.0

28 Jul 15:32
4bcdcf8
Compare
Choose a tag to compare

The official container image for this release can be pulled from

ghcr.io/dexidp/dex:v2.33.0

What's Changed

Exciting New Features 🎉

Enhancements 🚀

Bug Fixes 🐛

  • fix: prevent cross-site scripting for the device flow by @nabokihms in #2468
  • grpc-client: Do not crash on empty response by @bbusse in #2584

Dependency Updates ⬆️

  • build(deps): bump helm/kind-action from 1.2.0 to 1.3.0 by @dependabot in #2555
  • build(deps): bump aquasecurity/trivy-action from 0.3.0 to 0.4.0 by @dependabot in #2557
  • build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.8.0 by @dependabot in #2577
  • build(deps): bump aquasecurity/trivy-action from 0.4.0 to 0.5.1 by @dependabot in #2576
  • build(deps): bump mheap/github-action-required-labels from 1 to 2 by @dependabot in #2565
  • build(deps): bump google.golang.org/api from 0.82.0 to 0.86.0 by @dependabot in #2574
  • build(deps): bump github.com/spf13/cobra from 1.4.0 to 1.5.0 by @dependabot in #2560
  • build(deps): bump aquasecurity/trivy-action from 0.5.1 to 0.6.0 by @dependabot in #2602
  • build(deps): bump alpine from 3.16.0 to 3.16.1 by @dependabot in #2598
  • build(deps): bump golang from 1.18.3-alpine3.15 to 1.18.4-alpine3.15 by @dependabot in #2592
  • build(deps): bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0 by @dependabot in #2599
  • build(deps): bump github.com/go-ldap/ldap/v3 from 3.4.2 to 3.4.4 by @dependabot in #2606
  • build(deps): bump google.golang.org/api from 0.86.0 to 0.89.0 by @dependabot in #2605
  • build(deps): bump aquasecurity/trivy-action from 0.6.0 to 0.6.1 by @dependabot in #2604

New Contributors

Full Changelog: v2.32.0...v2.33.0

v2.32.0

07 Jun 15:29
v2.32.0
3836196
Compare
Choose a tag to compare

The official container image for this release can be pulled from

ghcr.io/dexidp/dex:v2.32.0

What's Changed

Exciting New Features 🎉

Enhancements 🚀

  • Add support for RefreshConnector for openshift connector. by @dhaus67 in #2342
  • Allow configuration of returned groups via authproxy connector by @seuf in #2371
  • Add acr_values support for OIDC by @dirien in #2418
  • fix: Implicit Grant discovery by @nabokihms in #2433
  • fix: log only errors on refreshing by @nabokihms in #2470
  • Create setting to allow to trust the system root CAs by @dhaus67 in #2430
  • Add numeric user ID support for oauth connector by @tsl0922 in #2483
  • Remove google specific hd / hosted domain claim config from oidc connector by @Blorpy in #2511
  • OIDC connector: Support cases where there is no id_token when using a refresh_token grant by @Blorpy in #2522
  • feat: add enhancement template by @nabokihms in #2486
  • Release note configuration by @sagikazarmark in #2463
  • fix: add notification about groups access to the Grant Access page by @nabokihms in #2533
  • feat: enable profiling endpoints by @nabokihms in #2482

Bug Fixes 🐛

Dependency Updates ⬆️

  • build(deps): bump golang from 1.17.6-alpine3.14 to 1.17.7-alpine3.14 by @dependabot in #2411
  • build(deps): bump google.golang.org/api from 0.68.0 to 0.69.0 by @dependabot in #2415
  • build(deps): bump github.com/go-ldap/ldap/v3 from 3.4.1 to 3.4.2 by @dependabot in #2416
  • build(deps): bump google.golang.org/api from 0.69.0 to 0.70.0 by @dependabot in #2419
  • build(deps): bump actions/checkout from 2 to 3 by @dependabot in #2422
  • build(deps): bump github.com/russellhaering/goxmldsig from 1.1.1 to 1.2.0 by @dependabot in #2424
  • build(deps): bump golang from 1.17.7-alpine3.14 to 1.17.8-alpine3.14 by @dependabot in #2426
  • build(deps): bump github.com/spf13/cobra from 1.3.0 to 1.4.0 by @dependabot in #2437
  • build(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 by @dependabot in #2440
  • build(deps): bump alpine from 3.15.0 to 3.15.1 by @dependabot in #2444
  • build(deps): bump alpine from 3.15.1 to 3.15.3 by @dependabot in #2456
  • build(deps): bump alpine from 3.15.3 to 3.15.4 by @dependabot in #2461
  • build(deps): bump google.golang.org/api from 0.70.0 to 0.74.0 by @dependabot in #2458
  • build(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0 by @dependabot in #2451
  • Update ent by @sagikazarmark in #2428
  • build(deps): bump aquasecurity/trivy-action from 0.2.2 to 0.2.3 by @dependabot in #2466
  • build(deps): bump actions/setup-go from 2 to 3 by @dependabot in #2467
  • Bump Alpine to latest version by @MattiasGees in #2471
  • build(deps): bump aquasecurity/trivy-action from 0.2.4 to 0.2.5 by @dependabot in #2481
  • build(deps): bump github/codeql-action from 1 to 2 by @dependabot in #2494
  • build(deps): bump docker/build-push-action from 2 to 3 by @dependabot in #2510
  • build(deps): bump docker/metadata-action from 3 to 4 by @dependabot in #2509
  • build(deps): bump docker/login-action from 1 to 2 by @dependabot in #2507
  • build(deps): bump docker/setup-qemu-action from 1 to 2 by @dependabot in #2508
  • build(deps): bump docker/setup-buildx-action from 1 to 2 by @dependabot in #2506
  • build(deps): bump aquasecurity/trivy-action from 0.2.5 to 0.3.0 by @dependabot in #2525
  • chore: Go mod update 1.17 by @nabokihms in #2532
  • build(deps): bump alpine from 3.15.4 to 3.16.0 by @dependabot in #2531
  • build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.2 to 3.5.4 by @dependabot in #2491
  • build(deps): bump github.com/coreos/go-oidc/v3 from 3.1.0 to 3.2.0 by @dependabot in #2528
  • build(deps): bump google.golang.org/grpc from 1.45.0 to 1.46.2 by @dependabot in #2526
  • build(deps): bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 by @dependabot in #2529
  • build(deps): bump github.com/felixge/httpsnoop from 1.0.2 to 1.0.3 by @dependabot in #2527
  • build(deps): bump google.golang.org/api from 0.74.0 to 0.81.0 by @dependabot in #2534
  • build(deps): bump google.golang.org/grpc from 1.44.0 to 1.46.2 in /api/v2 by @dependabot in #2517
  • build(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0 in /api/v2 by @dependabot in #2452
  • feat: upgrade Go to 1.18 by @sagikazarmark in #2441
  • build(deps): bump golang from 1.18.0-alpine3.15 to 1.18.2-alpine3.15 by @dependabot in #2535
  • build(deps): bump google.golang.org/api from 0.81.0 to 0.82.0 by @dependabot in #2549
  • build(deps): bump google.golang.org/grpc from 1.46.2 to 1.47.0 by @dependabot in #2543
  • build(deps): bump golang from 1.18.2-alpine3.15 to 1.18.3-alpine3.15 by @dependabot in #2548
  • build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2 by @dependabot in #2550
  • chore(deps): update grpc by @sagikazarmark in #2551

Other Changes

New Contributors

Full Changelog: v2.31.0...v2.32.0

v2.31.2

26 May 16:08
v2.31.2
447b688
Compare
Choose a tag to compare

This is a maintenance release upgrading Go to apply some security patches.

The official container image for this release can be pulled from

ghcr.io/dexidp/dex:v2.31.2

What's Changed

Full Changelog: v2.31.1...v2.31.2

v2.31.1

22 Mar 14:15
v2.31.1
83ca67f
Compare
Choose a tag to compare

This is a maintenance release upgrading Go to apply some security patches.

What's Changed

Full Changelog: v2.31.0...v2.31.1