go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-08-06 22:42:56 +02:00
Code Issues Releases Activity

add changelog entry for v7.11.0

Browse Source 
Signed-off-by: Jan Larwig <jan@larwig.com>
This commit is contained in:
Jan Larwig
2025-07-30 19:58:49 +02:00
parent 7ec03e3528
commit 0d517482dd
1 changed files with 23 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
CHANGELOG.md
View File

@ -12,9 +12,31 @@
## Release Highlights
- 🏢 Support for SourceHut (sr.ht) provider
- 🔍️ Support for more fine-grained control over the google admin-sdk scopes and optional google groups
- 🐛 Squashed some bugs
## Important Notes
Fixed critical vulnerability where `skip_auth_routes` regex patterns matched against the full request URI (path + query parameters) instead of just the path, allowing authentication bypass attacks.
Firstly, fixed critical vulnerability where `skip_auth_routes` regex patterns matched against the full request URI (path + query parameters) instead of just the path, allowing authentication bypass attacks.
Secondly, fixed double-escaping of `$` in regexes for Alpha Config upstreams path and rewriteTargets:
```yaml
# Before
upstreams:
- id: web
path: ^/(.*)$$
rewriteTarget: /$$1
# After
upstreams:
- id: web
path: ^/(.*)$
rewriteTarget: /$1
```
## Breaking Changes