v2.39.0
The official container image for this release can be pulled from
ghcr.io/dexidp/dex:v2.39.0
Know before update
Warning
The validation of username and password in the LDAP connector is much more strict now.
As of today, Dex uses the EscapeFilter
function to check for special characters in credentials and prevent injections by denying such requests.
the special characters in the set
()*\
and those out of the range 0 < c < 0x80, as defined in RFC4515
What's Changed
Enhancements 🚀
- Also set the username in authproxy connector by @ppacher in #3307
- Log failed login attempt by @i-amelia in #2454
- Update ent by @sagikazarmark in #3379
- Add sanitizer to LDAP account and password by @hsinhoyeh in #3372
- Add headers control to Dex web server by @nabokihms in #3339
- OIDC connector: Allow specifying empty prompt type by @nabokihms in #3373
- Set read-only permissions to the check job by @nabokihms in #3415
Bug Fixes 🐛
- Use the correct token type for userInfo requests while Token Exchange by @MrDeerly in #3336
- Do not evaluate skipApproval on the approval page by @MM53 in #3086
Dependency Updates ⬆️
- build(deps): bump anchore/sbom-action from 0.15.5 to 0.15.6 by @dependabot in #3314
- build(deps): bump github.com/mattn/go-sqlite3 from 1.14.19 to 1.14.22 by @dependabot in #3328
- build(deps): bump github/codeql-action from 3.23.1 to 3.24.0 by @dependabot in #3327
- build(deps): bump anchore/sbom-action from 0.15.6 to 0.15.8 by @dependabot in #3325
- build(deps): bump go.etcd.io/etcd/client/pkg/v3 from 3.5.11 to 3.5.12 by @dependabot in #3323
- build(deps): bump google.golang.org/api from 0.157.0 to 0.161.0 by @dependabot in #3317
- build(deps): bump alpine from 3.19.0 to 3.19.1 by @dependabot in #3311
- build(deps): bump golang from
3bd4475
to3354c3a
by @dependabot in #3310 - build(deps): bump mheap/github-action-required-labels from 5.1.0 to 5.2.0 by @dependabot in #3308
- build(deps): bump sigstore/cosign-installer from 3.2.0 to 3.4.0 by @dependabot in #3324
- build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.11 to 3.5.12 by @dependabot in #3321
- build(deps): bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 in /examples by @dependabot in #3340
- build(deps): bump tonistiigi/xx from 1.3.0 to 1.4.0 by @dependabot in #3333
- build(deps): bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 by @dependabot in #3341
- build(deps): bump google.golang.org/grpc from 1.61.0 to 1.61.1 in /examples by @dependabot in #3352
- build(deps): bump distroless/static from
9be3fcc
toa43abc8
by @dependabot in #3350 - build(deps): bump aquasecurity/trivy-action from 0.16.1 to 0.17.0 by @dependabot in #3332
- build(deps): bump docker/metadata-action from 5.5.0 to 5.5.1 by @dependabot in #3330
- build(deps): bump mheap/github-action-required-labels from 5.2.0 to 5.3.0 by @dependabot in #3347
- build(deps): bump helm/kind-action from 1.8.0 to 1.9.0 by @dependabot in #3345
- build(deps): bump github/codeql-action from 3.24.0 to 3.24.3 by @dependabot in #3360
- build(deps): bump google.golang.org/api from 0.161.0 to 0.165.0 by @dependabot in #3355
- build(deps): bump actions/dependency-review-action from 4.0.0 to 4.1.0 by @dependabot in #3359
- build(deps): bump golang.org/x/crypto from 0.19.0 to 0.20.0 by @dependabot in #3377
- build(deps): bump google.golang.org/api from 0.165.0 to 0.167.0 by @dependabot in #3376
- build(deps): bump github/codeql-action from 3.24.3 to 3.24.5 by @dependabot in #3375
- build(deps): bump distroless/static from
a43abc8
to072d78b
by @dependabot in #3374 - build(deps): bump google.golang.org/grpc from 1.61.1 to 1.62.0 in /examples by @dependabot in #3368
- build(deps): bump actions/dependency-review-action from 4.1.0 to 4.1.3 by @dependabot in #3363
- build(deps): bump haya14busa/action-cond from 1.1.1 to 1.2.1 by @dependabot in #3346
- build(deps): bump golang from 1.21.6-alpine3.18 to 1.22.0-alpine3.18 by @dependabot in #3334
- build(deps): bump google.golang.org/grpc from 1.61.0 to 1.62.0 by @dependabot in #3367
- build(deps): bump google.golang.org/grpc from 1.61.0 to 1.62.0 in /api/v2 by @dependabot in #3365
- build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 by @dependabot in #3405
- build(deps): bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0 by @dependabot in #3380
- build(deps): bump golang from 1.22.0-alpine3.18 to 1.22.1-alpine3.18 by @dependabot in #3398
- build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 in /examples by @dependabot in #3406
- build(deps): bump google.golang.org/api from 0.167.0 to 0.169.0 by @dependabot in #3407
- Update jose by @nabokihms in #3409
- build(deps): bump distroless/static from
072d78b
to9235ad9
by @dependabot in #3381 - build(deps): bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by @dependabot in #3382
- build(deps): bump aquasecurity/trivy-action from 0.17.0 to 0.18.0 by @dependabot in #3384
- build(deps): bump github/codeql-action from 3.24.5 to 3.24.6 by @dependabot in #3386
- build(deps): bump anchore/sbom-action from 0.15.8 to 0.15.9 by @dependabot in #3397
- build(deps): bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 by @dependabot in #3393
- build(deps): bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 in /examples by @dependabot in #3394
- build(deps): bump google.golang.org/grpc from 1.62.0 to 1.62.1 in /examples by @dependabot in #3401
- build(deps): bump github.com/go-sql-driver/mysql from 1.7.1 to 1.8.0 by @dependabot in #3414
- build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 by @dependabot in #3413
- build(deps): bump distroless/static from
9235ad9
to7e5c6a2
by @dependabot in #3410 - build(deps): bump docker/build-push-action from 5.1.0 to 5.2.0 by @dependabot in #3411
- build(deps): bump google.golang.org/grpc from 1.62.0 to 1.62.1 by @dependabot in #3412
- build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 by @dependabot in #3389
- build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in #3417
- build(deps): bump github/codeql-action from 3.24.6 to 3.24.8 by @dependabot in #3422
- build(deps): bump google.golang.org/api from 0.169.0 to 0.171.0 by @dependabot in #3426
- build(deps): bump docker/login-action from 3.0.0 to 3.1.0 by @dependabot in #3418
- build(deps): bump github.com/coreos/go-oidc/v3 from 3.9.0 to 3.10.0 in /examples by @dependabot in #3424
- build(deps): bump github.com/coreos/go-oidc/v3 from 3.9.0 to 3.10.0 by @dependabot in #3425
- build(deps): bump docker/build-push-action from 5.2.0 to 5.3.0 by @dependabot in #3420
- build(deps): bump golang from
010f3b3
toede158f
by @dependabot in #3421 - build(deps): bump google.golang.org/grpc from 1.62.0 to 1.62.1 in /api/v2 by @dependabot in #3399
- build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /api/v2 by @dependabot in #3400
New Contributors
- @ppacher made their first contribution in #3307
- @MrDeerly made their first contribution in #3336
- @i-amelia made their first contribution in #2454
- @hsinhoyeh made their first contribution in #3372
Full Changelog: v2.38.0...v2.39.0