artifacthub helm/oauth2-proxy/oauth2-proxy 7.14.1
v7.14.1
on Artifact Hub

latest releases: 10.1.4, 10.1.3, 10.1.2...
7 months ago

Release Highlights

  • 🔵 Go1.25.6 and upgrade of dependencies to latest versions
  • 🐛 Bug fixes
    • AuthOnly now starts the auth flow and send status code 302 if no session exists and skip-provider-button is true
    • Fixed static upstream validation issue due to incorrect defaults

Important Notes

Excerpt from v7.14.0 release letter.

https://github.com/oauth2-proxy/oauth2-proxy/releases/v7.14.0

This release introduces a breaking change for Alpha Config users and moves us significantly
closer to removing legacy configuration parameters, making the codebase of OAuth2 Proxy more
future proof and extensible.

From v7.14.0 onward, header injection sources must be explicitly nested. If you
previously relied on squashed fields, update to the new structure before upgrading: 

# before v7.14.0
injectRequestHeaders:
- name: X-Forwarded-User
  values:
  - claim: user
- name: X-Custom-Secret-header
  values:
  - value: my-super-secret

# v7.14.0 and later
injectRequestHeaders:
- name: X-Forwarded-User
  values:
  - claimSource:
      claim: user
- name: X-Custom-Secret-header
  values:
  - secretSource:
      value: my-super-secret

Furthermore, Alpha Config now fully supports configuring the Server struct using YAML. 

// Server represents the configuration for the Proxy HTTP(S) configuration.
type Server struct {
    // BindAddress is the address on which to serve traffic.
    BindAddress string `yaml:"bindAddress,omitempty"`

    // SecureBindAddress is the address on which to serve secure traffic.
    SecureBindAddress string `yaml:"secureBindAddress,omitempty"`

    // TLS contains the information for loading the certificate and key for the
    // secure traffic and further configuration for the TLS server.
    TLS *TLS `yaml:"tls,omitempty"`
}

// TLS contains the information for loading a TLS certificate and key
// as well as an optional minimal TLS version that is acceptable.
type TLS struct {
    // Key is the TLS key data to use.
    Key *SecretSource `yaml:"key,omitempty"`
    // Cert is the TLS certificate data to use.
    Cert *SecretSource `yaml:"cert,omitempty"`
    // MinVersion is the minimal TLS version that is acceptable.
    MinVersion string `yaml:"minVersion,omitempty"`
    // CipherSuites is a list of TLS cipher suites that are allowed.
    CipherSuites []string `yaml:"cipherSuites,omitempty"`
}

More about how to use Alpha Config can be found in the documentation.

Example Alpha configuration: https://github.com/oauth2-proxy/oauth2-proxy/blob/955ab6b/contrib/local-environment/oauth2-proxy-alpha-config.yaml

We are committed to Semantic Versioning and usually avoid breaking changes without a major version release.
Advancing Alpha Config toward its Beta stage required this exception, and even for the Alpha Config we try
to keep breaking changes in v7 to a minium. Thank you for understanding the need for this step to prepare
the project for future maintainability and future improvements like structured logging.

Breaking Changes

Changes since v7.14.0

  • #3309 fix: Return 302 redirect from AuthOnly endpoint when skip-provider-button is true (@StefanMarkmann)
  • #3302 fix: static upstreams failing validation due to passHostHeader and proxyWebSockets defaults being set incorrectly (@sourava01 / @tuunit)
  • #3312 chore(deps): upgrade to go1.25.6 and latest dependencies (@tuunit)
Check out latest releases or
releases around helm/oauth2-proxy/oauth2-proxy 7.14.1

Don't miss a new oauth2-proxy release

NewReleases is sending notifications on new releases.

Get notifications