oauth2_proxy/CHANGELOG.md

Vx.x.x (Pre-release)

Changes since v3.2.0

• #144 Use GO 1.12 for ARM builds (@kskewes)

• #142 ARM Docker USER fix (@kskewes)

• #52 Logging Improvements (@MisterWil)

  • Implement flags to configure file logging
    • -logging-filename Defines the filename to log to
    • -logging-max-size Defines the maximum
    • -logging-max-age Defines the maximum age of backups to retain
    • -logging-max-backups Defines the maximum number of rollover log files to retain
    • -logging-compress Defines if rollover log files should be compressed
    • -logging-local-time Defines if logging date and time should be local or UTC
  • Implement two new flags to enable or disable specific logging types
    • -standard-logging Enables or disables standard (not request or auth) logging
    • -auth-logging Enables or disables auth logging
  • Implement two new flags to customize the logging format
    • -standard-logging-format Sets the format for standard logging
    • -auth-logging-format Sets the format for auth logging

• #111 Add option for telling where to find a login.gov JWT key file (@timothy-spencer)

v3.2.0

Release highlights

• Internal restructure of session state storage to use JSON rather than proprietary scheme
• Added health check options for running on GCP behind a load balancer
• Improved support for protecting websockets
• Added provider for login.gov
• Allow manual configuration of OIDC providers

Important notes

• Dockerfile user is now non-root, this may break your existing deployment
• In the OIDC provider, when no email is returned, the ID Token subject will be used instead of returning an error
• GitHub user emails must now be primary and verified before authenticating

Changes since v3.1.0

• #96 Check if email is verified on GitHub (@caarlos0)
• #110 Added GCP healthcheck option (@timothy-spencer)
• #112 Improve websocket support (@gyson)
• #63 Use encoding/json for SessionState serialization (@yaegashi)
  • Use JSON to encode session state to be stored in browser cookies
  • Implement legacy decode function to support existing cookies generated by older versions
  • Add detailed table driven tests in session_state_test.go
• #120 Encrypting user/email from cookie (@costelmoraru)
• #55 Added login.gov provider (@timothy-spencer)
• #55 Added environment variables for all config options (@timothy-spencer)
• #70 Fix handling of splitted cookies (@einfachchr)
• #92 Merge websocket proxy feature from openshift/oauth-proxy (@butzist)
• #57 Fall back to using OIDC Subject instead of Email (@aigarius)
• #85 Use non-root user in docker images (@kskewes)
• #68 forward X-Auth-Access-Token header (@davidholsgrove)
• #41 Added option to manually specify OIDC endpoints instead of relying on discovery
• #83 Add id_token refresh to Google provider (@leki75)
• #10 fix redirect url param handling (@dt-rush)
• #122 Expose -cookie-path as configuration parameter (@costelmoraru)
• #124 Use Go 1.12 for testing and build environments (@syscll)

v3.1.0

Release highlights

• Introduction of ARM releases and and general improvements to Docker builds
• Improvements to OIDC provider allowing pass-through of ID Tokens
• Multiple redirect domains can now be whitelisted
• Streamed responses are now flushed periodically

Important notes

• If you have been using #bitly/621 and have cookies larger than the 4kb limit, the cookie splitting pattern has changed and now uses _ in place of - when indexing cookies. This will force users to reauthenticate the first time they use v3.1.0.
• Streamed responses will now be flushed every 1 second by default. Previously streamed responses were flushed only when the buffer was full. To retain the old behaviour set --flush-interval=0. See #23 for further details.

Changes since v3.0.0

• #14 OIDC ID Token, Authorization Headers, Refreshing and Verification (@joelspeed)
  • Implement pass-authorization-header and set-authorization-header flags
  • Implement token refreshing in OIDC provider
  • Split cookies larger than 4k limit into multiple cookies
  • Implement token validation in OIDC provider
• #15 WhitelistDomains (@joelspeed)
  • Add --whitelist-domain flag to allow redirection to approved domains after OAuth flow
• #21 Docker Improvement (@yaegashi)
  • Move Docker base image from debian to alpine
  • Install ca-certificates in docker image
• #23 Flushed streaming responses
  • Long-running upstream responses will get flushed every (1 second by default)
• #24 Redirect fix (@agentgonzo)
  • After a successful login, you will be redirected to your original URL rather than /
• #35 arm and arm64 binary releases (@kskewes)
  • Add armv6 and arm64 to Makefile release target
• #37 cross build arm and arm64 docker images (@kskewes)

v3.0.0

Adoption of OAuth2_Proxy by Pusher. Project was hard forked and tidied however no logical changes have occurred since v2.2 as released by Bitly.

Changes since v2.2:

• #7 Migration to Pusher (@joelspeed)
  • Move automated build to debian base image
  • Add Makefile
    • Update CI to run make test
    • Update Dockerfile to use make clean oauth2_proxy
    • Update VERSION parameter to be set by ldflags from Git Status
    • Remove lint and test scripts
  • Remove Go v1.8.x from Travis CI testing
  • Add CODEOWNERS file
  • Add CONTRIBUTING guide
  • Add Issue and Pull Request templates
  • Add Dockerfile
  • Fix fsnotify import
  • Update README to reflect new repository ownership
  • Update CI scripts to separate linting and testing
    • Now using gometalinter for linting
  • Move Go import path from github.com/bitly/oauth2_proxy to github.com/pusher/oauth2_proxy
  • Repository forked on 27/11/18
    • README updated to include note that this repository is forked
    • CHANGLOG created to track changes to repository from original fork