2.9.6

What's Changed

• Refactor forwarding by @p53 in #431
• Fix body not sent upstream with opa authorization #432 by @p53 in #433
• Fix compression test by @p53 in #434
• Update build docu by @p53 in #436
• Fix build docu by @p53 in #437

Full Changelog: 2.9.5...2.9.6

2.9.6-rc2

Changelog

• e18f974 Fix build docu (#437)
• 03fea81 Fix compression test
• 37945d6 Update build docu (#436)

2.9.6-rc1

Changelog

• eee4ed6 Fix body not sent upstream with opa authorization #432 (#433)
• c3be865 Refactor forwarding (#431)

2.9.5

What's Changed

• Update codeql actions by @p53 in #410
• Build docker image in git workflows by @p53 in #414
• Change docker build by @p53 in #420
• Refactor login handler by @p53 in #422
• Refactor handlers by @p53 in #423
• Refactor login handler by @p53 in #424
• Update websocket test, add websocket auth test by @p53 in #425
• Refactor oauthcallback handlers by @p53 in #427
• Refactor handlers by @p53 in #428
• Update docs for 2.9.5 by @p53 in #429

Full Changelog: 2.9.4...2.9.5

2.9.5-rc8

What's Changed

• Refactor login handler by @p53 in #422
• Refactor handlers by @p53 in #423
• Refactor login handler by @p53 in #424
• Update websocket test, add websocket auth test by @p53 in #425
• Refactor oauthcallback handlers by @p53 in #427
• Refactor handlers by @p53 in #428

Full Changelog: 2.9.5-rc7...2.9.5-rc8

2.9.5-rc7

What's Changed

• Change docker build by @p53 in #420

Full Changelog: 2.9.5-rc6...2.9.5-rc7

2.9.4

What's Changed

• Update no-proxy traefik docu by @p53 in #404
• Update deps by @p53 in #405
• Refactor auth middleware by @p53 in #406
• Refactor authz middleware by @p53 in #407
• Update pkgs, go to 1.21 by @p53 in #408

Full Changelog: 2.9.3...2.9.4

2.9.4-rc2

What's Changed

• Update pkgs, go to 1.21 by @p53 in #408

Full Changelog: 2.9.4-rc1...2.9.4-rc2

2.9.4-rc1

What's Changed

• Update no-proxy traefik docu by @p53 in #404
• Update deps by @p53 in #405
• Refactor auth middleware by @p53 in #406
• Refactor authz middleware by @p53 in #407

Full Changelog: 2.9.3...2.9.4-rc1

2.9.3

SECURITY NOTICE:

As fork of louketo-proxy we inherited IMPERSONATION type security vulnerability. There are 2 levels of impact: 1. Unaffected 2. Affected (High Risk)

1. Unaffected - if you use one of these options, you are not susceptible to this attack:
   • --enable-encrypted-token=true
   • --store-url=<redis-url>
   • --enable-idp-session-check=true
2. High Risk - if you don't use one of above options

Quick migitation: Enable at least one of above mentioned options
Normal migitation: Upgrade to latest version >=2.9.3
Enhance security: additionally beside upgrade to >=2.9.3 enable one of mentioned options (encryption, store_url, enable-idp-session-check)

Short Description of vulnerability: existing user in your userbase might impersonate other user in your userbase
Detailed description will be provided in 1-2 months (from security reasons)

What's Changed

• Update HMAC description docu by @p53
• Refactor handlers by @p53, Pierre Bogossian [email protected], Nikifor Georgiev
• Generate UMA ticket when invalid UMA token but valid resource accessed by @p53
• Enable to use openid-provider-proxy settings in all requests to keycloak by @p53
• Update docu for 2.9.1 by @p53
• Turn off issuer, client id check for refresh token by @p53
• Turn off tok verif refresh by @p53
• Update docu for 2.9.2 by @p53
• Remove refresh token validation, add e2e tests by @p53
• Add tests for skipopenidtlsverify by @p53
• Fix resources-stringslice parsing after urfavecli to v2 upgrade by @p53
• Update docs 2.9.3 by @p53