rp-adapter: update hydra #336

llorllale · 2020-10-03T13:42:03Z

We are using a really old version of Hydra (1.3.2) and the latest was just released today (1.8.5).

Several security vulnerabilities have been addressed since 1.3.2:

1.4.0: potential replay of private_key_jwt JWTs when performing client authorization (BREAKING CHANGE: This patch requires a new SQL Table which needs to be created using hydra migrate sql. No other breaking changes have been introduced by this patch.)
1.8.5: CVE-2020-15234, CVE-2020-15223, CVE-2020-15233

Other changes of note:

1.5.0-beta1: introduces a breaking change that requires running hydra migrate sql before applying this release.
1.5.1: does not contain breaking changes but please run hydra migrate sql once you have backed up the database
1.7.0: not relevant for us: breaking change affecting user consent revocation flow
1.7.4: requires SQL migrations

The text was updated successfully, but these errors were encountered:

llorllale added the chore label Oct 3, 2020

llorllale added this to the 0.1.5 milestone Oct 3, 2020

llorllale self-assigned this Oct 3, 2020

llorllale added priority and removed priority labels Oct 3, 2020

rolsonquadras unassigned llorllale Sep 17, 2021

Provide feedback