Releases: whawty/nginx-sso
Releases · whawty/nginx-sso
Release 0.3.6
Changes since Release 0.3.5
- update dependencies
- rebuilt with Go 1.23.5
- CI: add golint for all pull requests.
Release 0.3.5
Changes since Release 0.3.4
- Bump golang.org/x/crypto from 0.24.0 to 0.31.0
Release 0.3.4
Changes since Release 0.3.3
- update dependencies
- rebuilt with Go 1.22.5
Release 0.3.3
Changes since Release 0.3.2
- update dependencies
- rebuilt with Go 1.22.2
Release 0.3.2
Changes since Release 0.3.1
- switch to use go embed
- add Docker image
Release 0.3.1
Changes since Release 0.3
- fix nil-pointer dereference when loading ca-certificates
Release 0.3
Changes since Release 0.2
- add support for Prometheus Metrics
Release 0.2
Changes since Release 0.1.1
Breaking
- The signed part of session cookies now contain an ID field. Because of this, cookies generated by previous versions will no longer be accepted. This means after upgrading to this version every pre-existing session is logged-out and users will need to re-login.
- All
tls
configuration sections now support the same options. For the LDAP auth backend this means that thestart-tls
option has been moved out of thetls
section - The cookie signing key options in the configuration have been renamed to harmonize the naming convention with the
tls
sections. This means thatprivate-key
andpublic-key
now expect a file name to load the keys from. To configure keys inline use the new optionsprivate-key-data
andpublic-key-data
. - The exact changes for the config file format can bee seen here
Improvements
- Revoke-able Sessions
- Every new session is now stored in a local database either in-memory (volatile) or inside Bolt (non-volatile).
- Clicking the logout button at the built-in web UI now marks the session as revoked and then instructs the browser to delete the session cookie.
- The logged-in template of the built-in web UI also shows other active sessions by the same user as well as logout buttons for those sessions.
- Verify-only instances can sync revocations using HTTPs requests secured with Bearer tokens. The transferred revocation lists are singed.
Release 0.2 Release Candidate 2
Changes since Release 0.2 Release Candidate 1
- allow for situations where HTTP client requests (revocation sync and whawty remote upgrades) can use a HTTP Host Header that differs from the host name in the url to connect to.
Release 0.2 Release Candidate 1
Changes since Release 0.1.1
Breaking
- The signed part of session cookies now contain an ID field. Because of this, cookies generated by previous versions will no longer be accepted. This means after upgrading to this version every pre-existing session is logged-out and users will need to re-login.
- All
tls
configuration sections now support the same options. For the LDAP auth backend this means that thestart-tls
option has been moved out of thetls
section - The cookie signing key options in the configuration have been renamed to harmonize the naming convention with the
tls
sections. This means thatprivate-key
andpublic-key
now expect a file name to load the keys from. To configure keys inline use the new optionsprivate-key-data
andpublic-key-data
. - The exact changes for the config file format can bee seen here
Improvements
- Revoke-able Sessions
- Every new session is now stored in a local database either in-memory (volatile) or inside Bolt (non-volatile).
- Clicking the logout button at the built-in web UI now marks the session as revoked and then instructs the browser to delete the session cookie.
- The logged-in template of the built-in web UI also shows other active sessions by the same user as well as logout buttons for those sessions.
- Verify-only instances can sync revocations using HTTPs requests secured with Bearer tokens. The transferred revocation lists are singed.