release: v7.9.0 (#3047)

* add new docs version 7.9.x

* update to release version v7.9.0

* doc: add changelog summary

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Jan Larwig <jan@larwig.com>

docs/versioned_docs/version-7.9.x/community/contribution.md

@@ -0,0 +1,89 @@
+---
+id: contribution
+title: Contribution Guide
+---
+
+We track bugs and issues using Github.
+
+If you find a bug, please open an Issue. When opening an Issue or Pull Request please follow the preconfigured template and take special note of the checkboxes.
+
+If you want to fix a bug, add a new feature or extend existing functionality, please create a fork, create a feature branch and open a PR back to this repo.
+Please mention open bug issue number(s) within your PR if applicable.
+
+We suggest using [Visual Studio Code](https://code.visualstudio.com/docs/languages/go) with the official [Go for Visual Studio Code](https://marketplace.visualstudio.com/items?itemName=golang.go) extension.
+
+
+# Go version
+
+This project is currently still using go 1.22. You can follow the installation guide for go [here.](https://go.dev/doc/install) And you can find go version 1.22 in the archived section [here.](https://go.dev/dl/)
+
+# Preparing your fork
+Clone your fork, create a feature branch and update the depedencies to get started.
+```bash
+git clone git@github.com:<YOUR_FORK>/oauth2-proxy
+cd oauth2-proxy
+git branch feature/<BRANCH_NAME>
+git push --set-upstream origin feature/<BRANCH_NAME>
+go mod download
+```
+
+
+# Testing / Debugging
+For starting oauth2-proxy locally open the debugging tab and create the `launch.json` and select `Go: Launch Package`.
+
+![Debugging Tab](/img/debug-tab.png)
+```json
+{
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "Launch OAuth2-Proxy with Dex",
+            "type": "go",
+            "request": "launch",
+            "mode": "auto",
+            "program": "${workspaceFolder}",
+            "args": [
+                "--config",
+                // The following configuration contains settings for a locally deployed
+                // upstream and dex as an idetity provider
+                "contrib/local-environment/oauth2-proxy.cfg"
+            ]
+        },
+        {
+            "name": "Launch OAuth2-Proxy with Keycloak",
+            "type": "go",
+            "request": "launch",
+            "mode": "auto",
+            "program": "${workspaceFolder}",
+            "args": [
+                "--config",
+                // The following configuration contains settings for a locally deployed
+                // upstream and keycloak as an idetity provider
+                "contrib/local-environment/oauth2-proxy-keycloak.cfg"
+            ]
+        }
+    ]
+}
+```
+
+Before you can start your local version of oauth2-proxy, you will have to use the provided docker compose files to start a local upstream service and identity provider. We suggest using [httpbin](https://hub.docker.com/r/kennethreitz/httpbin) as your upstream for testing as it allows for request and response introspection of all things HTTP.
+
+Inside the `contrib/local-environment` directory you can use the `Makefile` for
+starting different example setups:
+
+- Dex as your IdP: `make up` or `make down`
+- Dex as your IdP using the alpha-config: `make alpha-config-up`
+- Keycloak as your IdP: `make keycloak-up`
+- Dex as your IdP & nginx reverse proxy: `make nginx-up`
+- and many more...
+
+Check out the `Makefile` to see what is available.
+
+The username and password for all setups is usually `admin@example.com` and `password`.
+
+The docker compose setups expose the services with a dynamic reverse DNS resolver: localtest.me
+
+- OAuth2-Proxy: http://oauth2-proxy.localtest.me:4180
+- Upstream: http://httpbin.localtest.me:8080
+- Dex: http://dex.localtest.me:4190
+

docs/versioned_docs/version-7.9.x/community/security.md

@@ -0,0 +1,49 @@
+---
+id: security
+title: Security
+---
+
+:::note
+OAuth2 Proxy is a community project.
+Maintainers do not work on this project full time, and as such,
+while we endeavour to respond to disclosures as quickly as possible,
+this may take longer than in projects with corporate sponsorship.
+:::
+
+## Security Disclosures
+
+:::important
+If you believe you have found a vulnerability within OAuth2 Proxy or any of its
+dependencies, please do NOT open an issue or PR on GitHub, please do NOT post
+any details publicly.
+:::
+
+Security disclosures MUST be done in private.
+If you have found an issue that you would like to bring to the attention of the
+maintenance team for OAuth2 Proxy, please compose an email and send it to the
+list of maintainers in our [MAINTAINERS](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/MAINTAINERS) file.
+
+Please include as much detail as possible.
+Ideally, your disclosure should include:
+- A reproducible case that can be used to demonstrate the exploit
+- How you discovered this vulnerability
+- A potential fix for the issue (if you have thought of one)
+- Versions affected (if not present in master)
+- Your GitHub ID
+
+### How will we respond to disclosures?
+
+We use [GitHub Security Advisories](https://docs.github.com/en/github/managing-security-vulnerabilities/about-github-security-advisories)
+to privately discuss fixes for disclosed vulnerabilities.
+If you include a GitHub ID with your disclosure we will add you as a collaborator
+for the advisory so that you can join the discussion and validate any fixes
+we may propose.
+
+For minor issues and previously disclosed vulnerabilities (typically for
+dependencies), we may use regular PRs for fixes and forego the security advisory.
+
+Once a fix has been agreed upon, we will merge the fix and create a new release.
+If we have multiple security issues in flight simultaneously, we may delay
+merging fixes until all patches are ready.
+We may also backport the fix to previous releases,
+but this will be at the discretion of the maintainers.