authelia/authelia v4.39.20 on GitHub

Security Fixes

This release contains important security fixes. We encourage users to update as soon as practical.

The following advisories accompany this release:

authentication: incorrect bind mode (#12094) (dc1d1d6) by @james-d-elliott
authorization: case-insensitive domain matching [security] (#12169) (b6d1d60) by @james-d-elliott
authorization: oauth2 client credentials considered anonymous (#12141) (54de0c9) by @james-d-elliott
configuration: add default attributes to freeipa (#12155) (f8203be) by @kaysond
configuration: include specific warning about ports (#12145) (033533e) by @james-d-elliott
configuration: preserve dots in map key names during koanf remap (#11803) (211a4cd) by @nightah
expression: add missing extensions (#11226) (4c7ffd3) by @james-d-elliott
handlers: basic auth username canonicalization [security] (#12170) (b8985b5) by @james-d-elliott
handlers: hoist issuer checks (#12160) (ab5dca7) by @james-d-elliott
metrics: ensure unknown bans are measured (#11999) (3adae90), closes #11972 by @james-d-elliott
metrics: go collectors not registered (#11894) (9cd8812) by @james-d-elliott
middlewares: add rate limit exclusions (#12159) (17397cd) by @james-d-elliott
session: add startup check for backend connectivity (#12157) (8149b6f) by @nightah
storage: harden one-time code consumption (#12095) (9dc3eb6) by @james-d-elliott
storage: incorrect query used for auth code by req id (#12139) (dc6365d) by @james-d-elliott
web: quote peer dependency versions in pnpm-workspace (#12049) (1fb10aa), closes #12032 by @nightah