Skip to content

v0.11.114

Choose a tag to compare

View all tags
@zalando-robot zalando-robot released this 25 Jun 14:29
v0.11.114
5d2b001
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Changes

OIDC headers immutable (#1455)
This is a security issue mitigation, where a potential attack would be that a person is sending manipulated header that are parsed for authentication.
Currently the OIDC header are .Add that is an append operation, which keeps the user generated values as precedence.
This PR solves the issue by changing the header output to a .Set operation which replaces potential existing headers accordingly.

Docker image

Docker image is available in Zalando's Open Source registry:

docker run -it registry.opensource.zalan.do/pathfinder/skipper:v0.11.114 skipper --help
# arm64
docker run -it registry.opensource.zalan.do/pathfinder/skipper-arm64:v0.11.114 skipper --help
# arm v7 32bit
docker run -it registry.opensource.zalan.do/pathfinder/skipper-armv7:v0.11.114 skipper --help
Assets 8
Loading