Skip to content

v2.27.0
Compare
Choose a tag to compare
@justaugustus justaugustus released this 14 Dec 08:58
· 1766 commits to master since this release
v2.27.0
This tag was signed with the committer’s verified signature. The key has expired.
justaugustus Stephen Augustus
GPG key ID: 8006EEE82E82A6A6
Expired
Verified
Learn about vigilant mode.
0f9e288
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Action Required

This security release addresses the following advisory: GHSA-m9hp-7r99-94h5

Dex users should immediately update to v2.27.0.

Assets

The official container images for this release can be pulled from:

  • dexidp/dex:v2.27.0
  • ghcr.io/dexidp/dex:v2.27.0

Make sure to always use an image with a version tag.

Changelog since v2.26.0

  • connector/saml: Validate XML roundtrip data before processing request

  • Build the sqlite storage backend via build tag so Dex can compile when cgo is disabled

  • Update image versions

    • golang:1.15.6-alpine3.12
    • postgres:10.15
    • gcr.io/etcd-development/etcd:v3.4.9

  • Copy module dependencies to Docker image for CVE scanning / dependency analysis

Maintenance

  • MAINTAINERS: @srenatus is now Emeritus

  • README.md: Use maintainers list for reporting security issues

  • .github: Add release notes block to pull request template

  • Fully automate dev setup with Gitpod

    Implements a fully-automated development setup using Gitpod.io, an
    online IDE for GitHub and GitLab that enables Dev-Environments-As-Code.
    This makes it easy for anyone to get a ready-to-code workspace for any branch,
    issue or pull request almost instantly with a single click.

  • Enable CodeQL for the Dex repository

  • docs: Fixup broken links

Dependencies

Added

  • github.com/mattermost/xml-roundtrip-validator: 1a8688a
  • gopkg.in/yaml.v3: 9f266ea

Changed

Removed

Nothing has changed.

Assets 2
Loading