Skip to content

v0.17.5

Choose a tag to compare

View all tags
@zalando-robot zalando-robot released this 14 Aug 10:58
v0.17.5
0ee30aa
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Changes

🚑️ OIDC: use Azure-AD unique identifier (#2510)
We are facing a security vulnerability by the use of DisplayName as the unique identifier in Azure-AD.
Since this field can be duplicated it can be exploited to gain privileges.
https://morgansimonsen.com/2016/06/28/azure-ad-allows-duplicate-group-names/
Switching to the guaranteed unique identifier onPremisesSamAccountName available in the Microsoft Graph API
Co-authored-by: slang slang@bethel.jw.org

Docker image

Docker image is available in Zalando's Open Source registry:

docker run -it registry.opensource.zalan.do/teapot/skipper:v0.17.5 skipper --help
# arm64
docker run -it registry.opensource.zalan.do/teapot/skipper-arm64:v0.17.5 skipper --help
# arm v7 32bit
docker run -it registry.opensource.zalan.do/teapot/skipper-armv7:v0.17.5 skipper --help
Assets 4
Loading