This repository was archived by the owner on Oct 20, 2024. It is now read-only.
Releases: babelouest/glewlwyd
Releases · babelouest/glewlwyd
Release 2.5.4
36efbfd
This commit was signed with the committer’s verified signature.
babelouest
Nicolas Mora
- Security: Fix possible buffer overflow in webauthn registration (CVE-2021-40818)
- Update dependencies versions
Release 2.5.3
be4cfc7
This commit was signed with the committer’s verified signature.
babelouest
Nicolas Mora
- Fix UI bugs
- UI: Improve session expiration error
- Update SQLite3 password management by increasing PBKDF2 iterations and allowing to set iterations value
- IO: Add German translation, thanks to Andy2903
- OIDC: Support more signature and encryption algorithms
- Fix CORS bug
- Implement OAuth 2.0 JWT Secured Authorization Request (JAR) Draft 32
- Allow default properties on client registration
- Allow access tokens use in clent registration to be used only once
- Improve client and client grant management in the profile page
Release 2.5.2
6ded975
This commit was signed with the committer’s verified signature.
babelouest
Nicolas Mora
- Fix annoying bug in scheme validation during login
- Fix scheme verification bug
- Fix docker image builder
Release 2.5.1
f70a133
This commit was signed with the committer’s verified signature.
babelouest
Nicolas Mora
- Add
identifyaction to authenticate via schemes oauth2 or certificate without giving the username - Fix change password issue in the admin interface
- Add oidc config
restrict-scope-client-propertyto restrict a client to certain scopes if needed - Allow to reconnect on session closed
Release 2.5.0
0087fe8
This commit was signed with the committer’s verified signature.
babelouest
Nicolas Mora
The "Recontainment Release"
- Fix
audproperty to fit JWT access token spec - Add support for OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP) Draft 01
- Allow multiple passwords for users
- Implement Resource Indicators for OAuth 2.0 for OIDC plugin
- Implement Content-Encoding to compress response bodies using
gzipordeflatewhen relevant - Implement OAuth 2.0 Rich Authorization Requests Draft 03
- Implement OAuth 2.0 Pushed Authorization Requests Draft 05
Release 2.4.0
67355d6
This commit was signed with the committer’s verified signature.
babelouest
Nicolas Mora
The "Second Wave Release"
- Allow user to update its e-mail
- Allow user to reset its credentials
- Handle callback url for registration and reset credentials
- Update certificate scheme management: remove online certiticate generation and add certificate validation via DN
- Implement revoke tokens on code replay for oauth2 and oidc plugins
- Show
client_idandredirect_urion grant scope - Remove
parametersobject on*_load()functions result - Scheme WebAuthn: disable fmt
noneby default - Allow to add granted scope list in
id_tokenand/userinfo - Fix last login refresh without authentication bug
- Add endpoint
/mod/reload/to reload modules lists - Add Event log messages
- Add parameter Scheme Required to a scope scheme group
- Add API key to use administration APIs via scripts without a cookie session
Release 2.3.3
675f5e4
This commit was signed with the committer’s verified signature.
babelouest
Nicolas Mora
- Limit scheme available output
This is a security release, please upgrade your Glewlwyd version.
To mitigate server configuration leaks, I recommend the following actions:- If you use the TLS Certificate Scheme with Allow to emit PKCS#12 certificates for the clients enabled, please revoke the issuer certificate and use new ones
- If you use the Webauthn Scheme, it's reommended to regenerate the Random seed used to mitigate intrusion
- If you use the Oauth2 Scheme, please change the clients secrets
- If yout use the Email code scheme and use a SMTP password, please to change this password
Release 2.3.2
6a2c4b2
This commit was signed with the committer’s verified signature.
babelouest
Nicolas Mora
- Allow to specify a public JWKS for OIDC plugin
- Fix official docker image builder
- Fix load module files on filesystems that don't fully support
readdir(), closes #150 - Fix Small UI bugs
- Add manpage
- Add documentation on reverse proxy with examples for Apache and Nginx
Release 2.3.1
ed121c3
This commit was signed with the committer’s verified signature.
babelouest
Nicolas Mora
- Upgrade Bootstrap to 4.5
- Replace Font-Awesome 5 with Fork-Awesome
- Fix Mock scheme in profile page
Release 2.3.0
e5188b3
This commit was signed with the committer’s verified signature.
babelouest
Nicolas Mora
The "Saint-Jean-Baptiste Release"
- Replace libjwt with Rhonabwy
- Allow messages encryption (incoming and outcoming)
- Allow OIDC plugin to use multiple signing or encryption keys via a JWKS
- Add support for CRYPT hash in ldap modules, closes #114
- Add Session Management for OIDC plugin
- Update access token claims to fit JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens - draft 05
- Add JWT Response for OAuth Token Introspection
- Adapt client registration
redirect_uricheck to make Glewlwyd OIDC plugin conform to OAuth 2.0 for Native Apps specification - Add OAuth 2.0 Device Grant
- Add
id_tokenin response typepasswordwhen the scopeopenidis added - Disable response type
passwordby default for OIDC plugin config - Scope
openidis assumed to be always granted to clients for OIDC plugin - Add
one-time-userefresh token option - Add OAuth 2.0 Dynamic Client Registration Management Protocol for OIDC plugin
- Breaking change since 2.2: Client Registration input parameters are now conform to OAuth 2.0 Dynamic Client Registration Protocol
- Add OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens
- Allow multi-languages e-mails in e-mail scheme and registration plugin
- Multiple bugfixes in UI and API