Skip to content

v23.13-beta
Compare
Choose a tag to compare
@byewokko byewokko released this 27 Mar 10:28
v23.13-beta
9e450a0

Compatibility

Major breaking changes

  • This version introduces the validation of Redirect URI parameter in the OAuth authorize request. Invalid Redirect URI will cause a warning in the application log. See #157 for details and how to fix it.

Changelog

Breaking changes

  • Renamed the Code Challenge Method client feature (#168, PLUM Sprint 230224)
  • Code Challenge Method is now enforced if set (#168, PLUM Sprint 230224)
  • Invalid OAuth redirect URIs raise a warning (#157, PLUM Sprint 230310)

Fix

  • Removed required fields from client update (#144, PLUM Sprint 230113)
  • Store client cookie domain (#147, PLUM Sprint 230113)
  • Efficient count in MongoDB credential provider (#150, PLUM Sprint 230127)
  • Fix sync method in Batman module (3c68cb8, PLUM Sprint 230210)
  • Fix cookie client session flow (#155, PLUM Sprint 230210)
  • Renaming resources without description (#158, PLUM Sprint 230210)
  • Batman does not add nonexistent roles to Kibana users (#159, PLUM Sprint 230210)
  • Fixed empty string check in client registration (#168, PLUM Sprint 230224)

Features

  • Allow unsetting some client features (#148, PLUM Sprint 230113)
  • OAuth 2.0 PKCE challenge (RFC7636) (#152, PLUM Sprint 230127)
  • Session tracking ID introduced (#135, PLUM Sprint 230210)
  • Clients can register a custom login_uri and login_key (#151, PLUM Sprint 230210)
  • Authorize request adds client_id to login URL query (#151, PLUM Sprint 230210)
  • Upgrade Docker image OS to Alpine 3.17 (#166, PLUM Sprint 230224)
  • Assign roles and tenants to multiple credentials at once (#146, PLUM Sprint 230113)
  • Allow OAuth authorize requests with anonymous sessions (#165, PLUM Sprint 230224)
  • Allow extra login parameters to be supplied in login prologue body (#169, PLUM Sprint 230310)
  • Assign roles and tenants to multiple credentials at once (#167, PLUM Sprint 230310)
  • Introduce event type descriptors (#172, PLUM Sprint 230310)
  • OAuth redirect URI validation options (#157, #175, PLUM Sprint 230310)
  • TOTP secrets moved to dedicated collection (#176, PLUM Sprint 230310)

Refactoring

  • Regex validation of cookie_domain client attribute (#144, PLUM Sprint 230113)
  • Swagger doc page uses the same auth rules as ASAB API (#164, PLUM Sprint 230224)
  • Renamed the Code Challenge Method client feature (#168, PLUM Sprint 230224)
  • Code Challenge Method is now enforced if set (#168, PLUM Sprint 230224)
Assets 2
Loading