Release Highlights
- New improved design for sign in and error pages based on bulma framework
- Refactored templates loading
robots.txt
,sign_in.html
anderror.html
can now be provided individually in--custom-templates-dir
- If any of the above are not provided, defaults are used
- Defaults templates be found in pkg/app/pagewriter
- Introduction of basic prometheus metrics
- Introduction of Traefik based local testing/example environment
- Support for request IDs to allow request co-ordination of log lines
Important Notes
- GHSA-652x-m2gr-hppm GitLab group authorization stopped working in v7.0.0, the functionality has now been restored, please see the linked advisory for details
- #1103 Upstream request signatures via
--signature-key
is
deprecated. Support will be removed completely in v8.0.0. - 1087 The default logging templates have been updated to include {{.RequestID}}
- #1117 The
--gcp-healthchecks
option is now deprecated. It will be removed in a future release.- To migrate, you can change your application health checks for OAuth2 Proxy to point to
the--ping-path
value. - You can also migrate the user agent based health check using the
--ping-user-agent
option. Set it toGoogleHC/1.0
to allow health checks on the path/
from the Google health checker.
- To migrate, you can change your application health checks for OAuth2 Proxy to point to
Breaking Changes
N/A
Changes since v7.0.1
- GHSA-652x-m2gr-hppm
--gitlab-group
GitLab Group Authorization config flag stopped working in v7.0.0 (@NickMeves, @papey) - #1113 Panic with GitLab project repository auth (@piersharding)
- #1116 Reinstate preferEmailToUser behaviour for basic auth sessions (@JoelSpeed)
- #1115 Fix upstream proxy appending ? to requests (@JoelSpeed)
- #1117 Deprecate GCP HealthCheck option (@JoelSpeed)
- #1104 Allow custom robots text pages (@JoelSpeed)
- #1045 Ensure redirect URI always has a scheme (@JoelSpeed)
- #1103 Deprecate upstream request signatures (@NickMeves)
- #1087 Support Request ID in logging (@NickMeves)
- #914 Extract email from id_token for azure provider when oidc is configured (@weinong)
- #1047 Refactor HTTP Server and add ServerGroup to handle graceful shutdown of multiple servers (@JoelSpeed)
- #1070 Refactor logging middleware to middleware package (@NickMeves)
- #1064 Add support for setting groups on session when using basic auth (@stefansedich)
- #1056 Add option for custom logos on the sign in page (@JoelSpeed)
- #1054 Update to Go 1.16 (@JoelSpeed)
- #1052 Update golangci-lint to latest version (v1.36.0) (@JoelSpeed)
- #1043 Refactor Sign In Page rendering and capture all page rendering code in pagewriter package (@JoelSpeed)
- #1029 Refactor error page rendering and allow debug messages on error (@JoelSpeed)
- #1028 Refactor templates, update theme and provide styled error pages (@JoelSpeed)
- #1039 Ensure errors in tests are logged to the GinkgoWriter (@JoelSpeed)
- #980 Add Prometheus metrics endpoint (@neuralsandwich)
- #1023 Update docs on Traefik ForwardAuth support without the use of Traefik 'errors' middleware (@pcneo83)
- #1091 Add an example with Traefik (configuration without Traefik 'errors' middleware) (@fcollonval)