oauth2-proxy/oauth2-proxy v7.1.0

V7.1.0

on GitHub

Release Highlights

• New improved design for sign in and error pages based on bulma framework
• Refactored templates loading
  • robots.txt, sign_in.html and error.html can now be provided individually in --custom-templates-dir
  • If any of the above are not provided, defaults are used
  • Defaults templates be found in pkg/app/pagewriter
• Introduction of basic prometheus metrics
• Introduction of Traefik based local testing/example environment
• Support for request IDs to allow request co-ordination of log lines

Important Notes

• GHSA-652x-m2gr-hppm GitLab group authorization stopped working in v7.0.0, the functionality has now been restored, please see the linked advisory for details
• #1103 Upstream request signatures via --signature-key is
  deprecated. Support will be removed completely in v8.0.0.
• 1087 The default logging templates have been updated to include {{.RequestID}}
• #1117 The --gcp-healthchecks option is now deprecated. It will be removed in a future release.
  • To migrate, you can change your application health checks for OAuth2 Proxy to point to
    the --ping-path value.
  • You can also migrate the user agent based health check using the --ping-user-agent option. Set it to GoogleHC/1.0 to allow health checks on the path / from the Google health checker.

Breaking Changes

N/A

Changes since v7.0.1

• GHSA-652x-m2gr-hppm --gitlab-group GitLab Group Authorization config flag stopped working in v7.0.0 (@NickMeves, @papey)
• #1113 Panic with GitLab project repository auth (@piersharding)
• #1116 Reinstate preferEmailToUser behaviour for basic auth sessions (@JoelSpeed)
• #1115 Fix upstream proxy appending ? to requests (@JoelSpeed)
• #1117 Deprecate GCP HealthCheck option (@JoelSpeed)
• #1104 Allow custom robots text pages (@JoelSpeed)
• #1045 Ensure redirect URI always has a scheme (@JoelSpeed)
• #1103 Deprecate upstream request signatures (@NickMeves)
• #1087 Support Request ID in logging (@NickMeves)
• #914 Extract email from id_token for azure provider when oidc is configured (@weinong)
• #1047 Refactor HTTP Server and add ServerGroup to handle graceful shutdown of multiple servers (@JoelSpeed)
• #1070 Refactor logging middleware to middleware package (@NickMeves)
• #1064 Add support for setting groups on session when using basic auth (@stefansedich)
• #1056 Add option for custom logos on the sign in page (@JoelSpeed)
• #1054 Update to Go 1.16 (@JoelSpeed)
• #1052 Update golangci-lint to latest version (v1.36.0) (@JoelSpeed)
• #1043 Refactor Sign In Page rendering and capture all page rendering code in pagewriter package (@JoelSpeed)
• #1029 Refactor error page rendering and allow debug messages on error (@JoelSpeed)
• #1028 Refactor templates, update theme and provide styled error pages (@JoelSpeed)
• #1039 Ensure errors in tests are logged to the GinkgoWriter (@JoelSpeed)
• #980 Add Prometheus metrics endpoint (@neuralsandwich)
• #1023 Update docs on Traefik ForwardAuth support without the use of Traefik 'errors' middleware (@pcneo83)
• #1091 Add an example with Traefik (configuration without Traefik 'errors' middleware) (@fcollonval)