github dexidp/dex v2.6.1

latest releases: v2.39.0, v2.38.0, v2.37.0...
6 years ago

This is a security release of dex that addresses flaws in API query parameters and groups scope handling logic in the GitHub connector.

Issue 1: Dex's GitHub API calls used a users' display name, instead of login name, and would fail.
Issue 2: Dex would not check whether a user was a member of groups in orgs/org if a client was not configured to communicate the groups scope to dex, regardless of whether orgs/org were populated in the clients' configuration file.

Users of the GitHub connector should update to this release immediately.

Don't miss a new dex release

NewReleases is sending notifications on new releases.