Skip to content

v2.6.1
Compare
Choose a tag to compare
@estroz estroz released this 21 Aug 23:32
· 2301 commits to master since this release
v2.6.1
400e328

This is a security release of dex that addresses flaws in API query parameters and groups scope handling logic in the GitHub connector.

Issue 1: Dex's GitHub API calls used a users' display name, instead of login name, and would fail.
Issue 2: Dex would not check whether a user was a member of groups in orgs/org if a client was not configured to communicate the groups scope to dex, regardless of whether orgs/org were populated in the clients' configuration file.

Users of the GitHub connector should update to this release immediately.

Assets 2