Skip to content

4.0.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 19 May 06:40
· 19 commits to refs/heads/master since this release
4.0.0
30afaa6
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's Changed

🚀 Features

  • feat: publish major and minor Docker image tags on release (#941) @ybelMekk

⚠️ Breaking Changes

  • fix: reject unknown and revoked refresh tokens with invalid_grant (#936) @ybelMekk

Previously any arbitrary string was accepted as a refresh_token.
Tests relying on this behavior will now receive 400 invalid_grant.
See the migration guide for details.

Affected test patterns:

❌ Passing a hardcoded or arbitrary string as refresh_token
❌ Expecting refresh to succeed after revocation
❌ Presenting a refresh token issued by issuer A to issuer B

🐛 Bug Fixes

  • fix: reject unknown and revoked refresh tokens with invalid_grant (#936) @ybelMekk
  • fix: match requestMappings when client_id is provided via HTTP Basic auth (#935) @ybelMekk
  • fix: harden authorization code single-use and PKCE verification (#934) @ybelMekk

🧰 Maintenance

⬆️ Dependency upgrades

  • chore(deps): bump release-drafter/release-drafter from 7.2.1 to 7.3.0 in the github-actions group (#939) @dependabot[bot]

Contributors

jksolbakken and ybelMekk
Assets 3
Loading