copyright | lastupdated | keywords | subcollection | ||
---|---|---|---|---|---|
|
2023-08-09 |
kubernetes, oauth proxy, add-on |
containers |
{{site.data.keyword.attribute-definition-list}}
{: #alb-oauth-proxy-changelog}
View information for version updates to the ALB OAuth Proxy add-on. {: shortdesc}
- Patch updates: {{site.data.keyword.cloud_notm}} keeps all your add-on components up-to-date by automatically rolling out patch updates to the most recent version of the ALB OAuth Proxy that is offered by {{site.data.keyword.containerlong_notm}}.
- Minor version updates: To update your add-on components to the most recent minor version of the ALB OAuth Proxy that is offered by {{site.data.keyword.containerlong_notm}}, follow the steps in Updating managed add-ons.
{: #2_0_0}
{: #2_0_0_1715}
- Dependency updates.
{: #2.0.0_1669}
- Updates
go
version to 1.20.5. - Resolves CVE-2023-32731{: external}.
{: #2.0.0_1528}
- Adds support for the
cookie-refresh
configuration option foroauth2-proxy
. Using this feature might require additional configuration. For more information, see Adding App ID authentication to apps.
{: #2_0_0_1487}
- Updates
go
version to 1.20.1. - Resolves CVE-2022-41723{: external}.
{: #2_0_0_1469}
- Dependency updates.
- Base image changes.
{: #2_0_0_1420}
- Updates
go
version to 1.19.5. - Adds support for multi-Ingress configurations.
{: #2_0_0_1354}
- Updates
go
version to 1.19.4. - Resolves CVE-2022-41717{: external}.
{: #2_0_0_1315}
- Updates
oauth2-proxy
from version 7.3.0 to version 7.4.0. - Adds support for
cookie_csrf_expire
andcookie_csrf_per_request
configuration option foroauth2-proxy
.
{: #2_0_0_1297}
Resolves CVE-2022-32149{: external}.
{: #2_0_0_1265}
- Updates
oauth2-proxy
from version 7.2.0 to version 7.3.0. - Adds support for
oidc-extra-audience
configuration option foroauth2-proxy
. - Resolves CVE-2022-27664.
{: #2_0_0_1214}
Adds the whitelist-domains
configuration option to oauth2-proxy
.
{: #2_0_0_1187}
- CVE-2022-21698{: external}
- CVE-2022-27191{: external}
{: #2_0_0_1064}
- CVE-2022-28327{: external}
- CVE-2022-27536{: external}
{: #2_0_0_1023}
The add-on logic has changed. It does not add a configuration snippet annotation to the Ingress resources anymore. This change makes the add-on compatible with the default ALB configuration that disables the usage of snippet annotations.
Resolves CVE-2022-24921{: external}
{: #2_0_0_999}
- CVE-2022-23772{: external}
- CVE-2022-23773{: external}
- CVE-2022-23806{: external}
{: #2_0_0_981}
This version addresses an issue that causes periodic restarts for the managed OAuth2 Proxy deployments.
{: #2_0_0_923}
- CVE-2021-44716{: external}
- CVE-2021-44717{: external}
{: #2_0_0_755}
- CVE-2021-41771{: external}
- CVE-2021-41772{: external}
{: #2_0_0_704}
Version 2.0.0 of the add-on supports {{site.data.keyword.containerlong_notm}} clusters 1.19 and later. Version 1.0.0 of the add-on supports {{site.data.keyword.containerlong_notm}} clusters 1.21 and earlier. If you want to upgrade your {{site.data.keyword.containerlong_notm}} cluster to 1.22 or later, you must upgrade the add-on from 1.0.0 to 2.0.0 before the cluster upgrade.
{: #1_0_0-oauth}
As of 16 May 2022, version 1.0.0 of the add-on is no longer supported. {: important}
{: #1_0_0_1024}
Resolves CVE-2022-24921{: external}
{: #1_0_0_1001}
- CVE-2022-23772{: external}
- CVE-2022-23773{: external}
- CVE-2022-23806{: external}
{: #1_0_0_924}
- CVE-2021-44716{: external}
- CVE-2021-44717{: external}
{: #1_0_0_756}
- CVE-2021-41771{: external}
- CVE-2021-41772{: external}
{: #1_0_0_684}
- CVE-2021-36221{: external}
{: #1_0_0_638}
- CVE-2021-34558{: external}
- CVE-2021-21411{: external}
- CVE-2021-21291{: external}
{: #1_0_0_618}
- CVE-2021-31525{: external}
- CVE-2021-33194{: external}
{: #1_0_0_590}
- CVE-2021-3121{: external}
- CVE-2021-28851{: external}
- CVE-2021-28852{: external}
{: #1_0_0_574}
- CVE-2021-3114{: external}
- CVE-2021-3115{: external}