v5.0.0

starkers released this 29 Jan 12:59

· 1372 commits to master since this release

c49d362

Release Hightlights

Disabled CGO (binaries will work regardless og glibc/musl)
Allow whitelisted redirect ports
Nextcloud provider support added
DigitalOcean provider support added

Important Notes

(Security) Fix for open redirect vulnerability.. a bad actor using /\ in redirect URIs can redirect a session to another domain

Breaking Changes

#321 Add reverse proxy boolean flag to control whether headers like X-Real-Ip are accepted.
This defaults to false. Usage behind a reverse proxy will require this flag to be set to avoid logging the reverse proxy IP address.

Changes since v4.1.0

#331 Add reverse proxy setting (@martin-css)
#365 Build with CGO=0 (@tomelliff)
#339 Add configuration for cookie 'SameSite' value. (@pgroudas)
#347 Update keycloak provider configuration documentation. (@sushiMix)
#325 dist.sh: use sha256sum (@syscll)
#179 Add Nextcloud provider (@Ramblurr)
#280 whitelisted redirect domains: add support for whitelisting specific ports or allowing wildcard ports (@kamaln7)
#351 Add DigitalOcean Auth provider (@kamaln7)

Assets 14