Skip to content

Releases: istio-ecosystem/authservice

v1.0.3

10 Oct 15:17
v1.0.3
adea4ec
Compare
Choose a tag to compare

Authservice 1.0.3 adds support for PKCE in the Authorization Code Grant Flow. Thanks @gdasson for your contribution! More details about PKCE can be found here:

https://oauth.net/2/pkce/
https://blog.postman.com/what-is-pkce/

It also comes with a change to not allow Client IDs to have the : character, as it breaks client authentication when calling the token endpoint. This is now properly validated and the configuration is rejected.

Detailed Changelog

  • Validate that clientId does not contain ':' by @nacx in #266
  • chore: use a better maintained and more flexible license checker tool by @nacx in #267
  • Add support for PKCE by @gdasson in #265

New Contributors

Full Changelog: v1.0.2...v1.0.3

v1.0.2

09 Sep 23:24
v1.0.2
e99c3eb
Compare
Choose a tag to compare

This is a small bugfix release that includes fixes for several CVEs.

What's Changed

Full Changelog: v1.0.1...v1.0.2

v1.0.1

14 May 15:55
v1.0.1
fd52e3c
Compare
Choose a tag to compare

This is a bugfix release that includes fixes for several CVEs as well as fixes for small regressions introduced in v1.0.0.

In addition to the bug fixes, it also comes with the following added features:

  • Reduces the number of requests to the OIDC well-known endpoint.
  • Added support for retrieving the end-session endpoint from the OIDC Discovery endpoint.
  • Enhanced identity Provider logging. Starting on v1.0.1 you can enable the idp logger at debug level to show all the requests and responses exchanged with the identity Provider in the authservice logs. Use with caution and only for debugging purposes, as these logs may contain sensitive information.
  • Added examples to help getting started with authservice and Istio.
  • Configured a nightly vulnerability scan job to report new vulnerabilities to the GitHub Code Scanning page.

Detailed changelog

  • Allow customizing the Istio version to use in the e2e tests by @nacx in #243
  • Upgrade Go to 1.22.2 to get rid of CVE-2023-45288 by @nacx in #244
  • Configure nightly vulnerability scans and report upload by @nacx in #245
  • Infer the JWS signing algorithm name by looking at the provided key by @erik-h in #247
  • Use the OIDC Discovery end session endpoint if present by @nacx in #249
  • Add a logger to log the calls to the Identity Provider by @nacx in #250
  • Cache well-known responses to avoid making too much calls to the IdP by @nacx in #251
  • Add minimal examples to make it easier to get started by @nacx in #252
  • Bump golang.org/x/net from 0.22.0 to 0.23.0 by @dependabot in #253
  • Fix scan job configuration by @nacx in #254
  • Update code owners by @nacx in #248
  • Update protoc-gen-go comment to fix make check by @sergicastro in #257
  • Validate token_type case-insensitively by @jojonium in #256
  • Fix flaky file watcher test by @sergicastro in #258

New Contributors

We want to thank our new contributors for taking the time to report issues, implement, and contribute the fixes. Thank you! 🙇‍♂️

Full Changelog: v1.0.0...v1.0.1

v1.0.0

26 Mar 22:45
c1c9567
Compare
Choose a tag to compare

authservice 1.0.0

This is the first release of the Go rewrite of the authservice! 🚀

This is a full rewrite of the project in pure Go, to improve code readability, testability, quality, and the overall maintainability of the project. It provides feature parity with the original project, and the Docker images that are published on the project's GitHub Docker registry can be used as a drop-in replacement for the old authservice ones.

This project adds extensive code coverage, several end-to-end test suites that verify the correct behavior of the supported OIDC flows, as well as a compatibility suite that runs with both images, the Go-based authservice and the old C++ authservice to make sure backward-compatibility is not broken.

In addition to the extensive tests and feature parity, this first release of the Go authservice fixes the following issues:

Check it out!

Initial contributors

The first release of the Go rewrite of theauthservice has been crafted with a lot of dedication and work from @zhaohuabing, @sergicastro, and @nacx, and thoroughly tested by @sbko Thank you all for your contributions!

Full release changelog: https://github.com/istio-ecosystem/authservice/commits/v1.0.0

0.5.3-rc1

14 Nov 13:38
@dio dio
e36b900
Compare
Choose a tag to compare

What's Changed

  • Move the VERSION env to GITHUB_ENV. by @incfly in #221
  • Fix the unmatched request handling by set the grpc status in payload. by @incfly in #223
  • clean the commented out code. by @incfly in #224
  • Use @envoy//bazel:boringssl by @dio in #228
  • http: Ignore X509_R_CERT_ALREADY_IN_HASH_TABLE by @dio in #230 #220
  • Enable FIPS for Linux only by @dio in #231

Full Changelog: 0.5.1...0.5.3-rc1

0.5.3

16 Nov 15:14
@dio dio
e36b900
Compare
Choose a tag to compare

What's Changed

  • Move the VERSION env to GITHUB_ENV. by @incfly in #221
  • Fix the unmatched request handling by set the grpc status in payload. by @incfly in #223
  • clean the commented out code. by @incfly in #224
  • Use @envoy//bazel:boringssl by @dio in #228
  • http: Ignore X509_R_CERT_ALREADY_IN_HASH_TABLE by @dio in #230 #220
  • Enable FIPS for Linux only by @dio in #231

Full Changelog: 0.5.1...0.5.3

0.5.2

04 Aug 21:38
Compare
Choose a tag to compare
Merge github.com:istio-ecosystem/authservice into release-0.5

0.5.2-rc1

28 Jul 22:34
Compare
Choose a tag to compare
Fix the unmatched request handling by set the grpc status in payload.…

0.5.1

08 Apr 17:53
Compare
Choose a tag to compare

Compared with 0.5.0, this releases

  • Fixed the timeout issue we see when integrating with ADFS, #211 by closing the connection explicitly.
  • Ensure using libc++ for bazel build in the final release image, libc++, libgcc, libstdc++ if are used, they are all static linked. #215
  • Use Ubuntu 18.04 (previous 20.04) as build environment. #219
  • Added standalone binary into the release artifcats.

v0.5.0

02 Dec 06:51
60dadd6
Compare
Choose a tag to compare

New Features

  • JWKs fetcher for token validation.
  • healthcheck endpoint for active JWKs existence.
  • BoringSSL-FIPS build.

Bugs Fixed

  • #167 Fix out of memory problem during service running.
  • reject requests by default if they are not matched any filter chain.
  • Remove the authentication based on "Authorization: ".

Docker containers