v2.35.2

The official container image for this release can be pulled from

ghcr.io/dexidp/dex:v2.35.2

What's Changed

Bug Fixes 🐛

• Backport #2700 to v2.35.x by @sagikazarmark in #2702

Dependency Updates ⬆️

• Backport Go update to v2.35.x by @sagikazarmark in #2698

Full Changelog: v2.35.1...v2.35.2

v2.35.1

The official container image for this release can be pulled from

ghcr.io/dexidp/dex:v2.35.1

What's Changed

Bug Fixes 🐛

• Backport #2694 to v2.35.x by @sagikazarmark in #2696

Full Changelog: v2.35.0...v2.35.1

v2.35.0

⚠️ This release fixes a major vulnerability in Dex. We advise everyone to upgrade as soon as possible! ⚠️

If you use the Google connector, please upgrade to 2.35.1 instead.

The official container image for this release can be pulled from

ghcr.io/dexidp/dex:v2.35.0

What's Changed

Enhancements 🚀

• Reduce HTTP client creations in the Keystone connector by @erwinvaneyk in #2659

Bug Fixes 🐛

• fix for issue 2670; check for no serviceAccountFilePath and no email by @bobcallaway in #2679
• supply HMACKey in test case by @bobcallaway in #2683
• fix: refresh token only once for all concurrent requests by @nabokihms in #2692

Dependency Updates ⬆️

• build(deps): bump google.golang.org/api from 0.95.0 to 0.97.0 by @dependabot in #2677
• build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.4 to 3.5.5 by @dependabot in #2666
• build(deps): bump google.golang.org/api from 0.97.0 to 0.98.0 by @dependabot in #2682
• build(deps): bump helm/kind-action from 1.3.0 to 1.4.0 by @dependabot in #2681
• build(deps): bump entgo.io/ent from 0.11.2 to 0.11.3 by @dependabot in #2684
• Update golang.org/x packages by @sagikazarmark in #2688

New Contributors

• @jannfis made their first contribution in #2691

Full Changelog: v2.34.0...v2.35.0

v2.34.0

The official container image for this release can be pulled from

ghcr.io/dexidp/dex:v2.34.0

What's Changed

Exciting New Features 🎉

• updated gomplate version and added ppc64le support by @mayurwaghmode in #2620

Enhancements 🚀

• fix: Fallback when group claim is a string instead of an array of strings by @JoooostB in #2639
• feat(connector/authproxy): support multiple groups by @mclavel in #2643
• Implement Application Default Credentials for the google connector by @ichbinfrog in #2530
• build: bump Go version to 1.19 in Nix by @sagikazarmark in #2648

Dependency Updates ⬆️

• build(deps): bump alpine from 3.16.1 to 3.16.2 by @dependabot in #2624
• build(deps): bump github.com/prometheus/client_golang from 1.12.2 to 1.13.0 by @dependabot in #2623
• build(deps): bump aquasecurity/trivy-action from 0.6.1 to 0.7.0 by @dependabot in #2632
• build(deps): bump github.com/mattn/go-sqlite3 from 1.14.11 to 1.14.15 by @dependabot in #2634
• build(deps): bump aquasecurity/trivy-action from 0.7.0 to 0.7.1 by @dependabot in #2635
• build(deps): bump google.golang.org/api from 0.89.0 to 0.93.0 by @dependabot in #2633
• build(deps): bump google.golang.org/api from 0.93.0 to 0.94.0 by @dependabot in #2637
• chore: Bump ent to 0.11.2 by @nabokihms in #2640
• chore: Bump Go to 1.19 by @nabokihms in #2641
• build(deps): bump github.com/coreos/go-oidc/v3 from 3.2.0 to 3.3.0 by @dependabot in #2646
• build(deps): bump google.golang.org/grpc from 1.47.0 to 1.49.0 by @dependabot in #2636
• build(deps): bump google.golang.org/protobuf from 1.28.0 to 1.28.1 in /api/v2 by @dependabot in #2611
• build(deps): bump golang from 1.19.0-alpine3.15 to 1.19.1-alpine3.15 by @dependabot in #2650
• chore: update alpine version in Go image by @sagikazarmark in #2656
• build(deps): bump github.com/lib/pq from 1.10.5 to 1.10.7 by @dependabot in #2651
• build(deps): bump google.golang.org/api from 0.94.0 to 0.95.0 by @dependabot in #2652
• build(deps): bump google.golang.org/grpc from 1.47.0 to 1.49.0 in /api/v2 by @dependabot in #2638
• build(deps): bump github.com/coreos/go-oidc/v3 from 3.3.0 to 3.4.0 by @dependabot in #2658

New Contributors

• @mayurwaghmode made their first contribution in #2620
• @JoooostB made their first contribution in #2639
• @mclavel made their first contribution in #2643
• @ichbinfrog made their first contribution in #2530

Full Changelog: v2.33.0...v2.34.0

v2.33.1

What's Changed

Enhancements 🚀

• chore: upgrade alpine to 3.16.2 by @sagikazarmark in #2655

Full Changelog: v2.33.0...v2.33.1

v2.33.0

The official container image for this release can be pulled from

ghcr.io/dexidp/dex:v2.33.0

What's Changed

Exciting New Features 🎉

• add PKCE support to device code flow by @bobcallaway in #2575

Enhancements 🚀

• Limit the amount of objects we attempt to GC on each cycle by @kellyma2 in #2524
• Use GitLab's refresh_token during Refresh. by @dhaus67 in #2352
• Add domainHint parameter to Microsoft Connector by @josephtknight in #2586
• add config to explicitly set scopes for microsoft connector by @bobcallaway in #2582

Bug Fixes 🐛

• fix: prevent cross-site scripting for the device flow by @nabokihms in #2468
• grpc-client: Do not crash on empty response by @bbusse in #2584

Dependency Updates ⬆️

• build(deps): bump helm/kind-action from 1.2.0 to 1.3.0 by @dependabot in #2555
• build(deps): bump aquasecurity/trivy-action from 0.3.0 to 0.4.0 by @dependabot in #2557
• build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.8.0 by @dependabot in #2577
• build(deps): bump aquasecurity/trivy-action from 0.4.0 to 0.5.1 by @dependabot in #2576
• build(deps): bump mheap/github-action-required-labels from 1 to 2 by @dependabot in #2565
• build(deps): bump google.golang.org/api from 0.82.0 to 0.86.0 by @dependabot in #2574
• build(deps): bump github.com/spf13/cobra from 1.4.0 to 1.5.0 by @dependabot in #2560
• build(deps): bump aquasecurity/trivy-action from 0.5.1 to 0.6.0 by @dependabot in #2602
• build(deps): bump alpine from 3.16.0 to 3.16.1 by @dependabot in #2598
• build(deps): bump golang from 1.18.3-alpine3.15 to 1.18.4-alpine3.15 by @dependabot in #2592
• build(deps): bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0 by @dependabot in #2599
• build(deps): bump github.com/go-ldap/ldap/v3 from 3.4.2 to 3.4.4 by @dependabot in #2606
• build(deps): bump google.golang.org/api from 0.86.0 to 0.89.0 by @dependabot in #2605
• build(deps): bump aquasecurity/trivy-action from 0.6.0 to 0.6.1 by @dependabot in #2604

New Contributors

• @kellyma2 made their first contribution in #2524
• @josephtknight made their first contribution in #2586
• @bbusse made their first contribution in #2584

Full Changelog: v2.32.0...v2.33.0

v2.32.0

The official container image for this release can be pulled from

ghcr.io/dexidp/dex:v2.32.0

What's Changed

Exciting New Features 🎉

• Publish official distroless images by @sagikazarmark in #2478
• Feature: groups in Gitea by @techknowlogick in #1789

Enhancements 🚀

• Add support for RefreshConnector for openshift connector. by @dhaus67 in #2342
• Allow configuration of returned groups via authproxy connector by @seuf in #2371
• Add acr_values support for OIDC by @dirien in #2418
• fix: Implicit Grant discovery by @nabokihms in #2433
• fix: log only errors on refreshing by @nabokihms in #2470
• Create setting to allow to trust the system root CAs by @dhaus67 in #2430
• Add numeric user ID support for oauth connector by @tsl0922 in #2483
• Remove google specific hd / hosted domain claim config from oidc connector by @Blorpy in #2511
• OIDC connector: Support cases where there is no id_token when using a refresh_token grant by @Blorpy in #2522
• feat: add enhancement template by @nabokihms in #2486
• Release note configuration by @sagikazarmark in #2463
• fix: add notification about groups access to the Grant Access page by @nabokihms in #2533
• feat: enable profiling endpoints by @nabokihms in #2482

Bug Fixes 🐛

• Build multi-platform images in a single build job by @sagikazarmark in #2487
• Fixes #2537 by @ShivanshVij in #2538
• correctly handle path escaping for connector IDs by @bobcallaway in #2290

Dependency Updates ⬆️

• build(deps): bump golang from 1.17.6-alpine3.14 to 1.17.7-alpine3.14 by @dependabot in #2411
• build(deps): bump google.golang.org/api from 0.68.0 to 0.69.0 by @dependabot in #2415
• build(deps): bump github.com/go-ldap/ldap/v3 from 3.4.1 to 3.4.2 by @dependabot in #2416
• build(deps): bump google.golang.org/api from 0.69.0 to 0.70.0 by @dependabot in #2419
• build(deps): bump actions/checkout from 2 to 3 by @dependabot in #2422
• build(deps): bump github.com/russellhaering/goxmldsig from 1.1.1 to 1.2.0 by @dependabot in #2424
• build(deps): bump golang from 1.17.7-alpine3.14 to 1.17.8-alpine3.14 by @dependabot in #2426
• build(deps): bump github.com/spf13/cobra from 1.3.0 to 1.4.0 by @dependabot in #2437
• build(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 by @dependabot in #2440
• build(deps): bump alpine from 3.15.0 to 3.15.1 by @dependabot in #2444
• build(deps): bump alpine from 3.15.1 to 3.15.3 by @dependabot in #2456
• build(deps): bump alpine from 3.15.3 to 3.15.4 by @dependabot in #2461
• build(deps): bump google.golang.org/api from 0.70.0 to 0.74.0 by @dependabot in #2458
• build(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0 by @dependabot in #2451
• Update ent by @sagikazarmark in #2428
• build(deps): bump aquasecurity/trivy-action from 0.2.2 to 0.2.3 by @dependabot in #2466
• build(deps): bump actions/setup-go from 2 to 3 by @dependabot in #2467
• Bump Alpine to latest version by @MattiasGees in #2471
• build(deps): bump aquasecurity/trivy-action from 0.2.4 to 0.2.5 by @dependabot in #2481
• build(deps): bump github/codeql-action from 1 to 2 by @dependabot in #2494
• build(deps): bump docker/build-push-action from 2 to 3 by @dependabot in #2510
• build(deps): bump docker/metadata-action from 3 to 4 by @dependabot in #2509
• build(deps): bump docker/login-action from 1 to 2 by @dependabot in #2507
• build(deps): bump docker/setup-qemu-action from 1 to 2 by @dependabot in #2508
• build(deps): bump docker/setup-buildx-action from 1 to 2 by @dependabot in #2506
• build(deps): bump aquasecurity/trivy-action from 0.2.5 to 0.3.0 by @dependabot in #2525
• chore: Go mod update 1.17 by @nabokihms in #2532
• build(deps): bump alpine from 3.15.4 to 3.16.0 by @dependabot in #2531
• build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.2 to 3.5.4 by @dependabot in #2491
• build(deps): bump github.com/coreos/go-oidc/v3 from 3.1.0 to 3.2.0 by @dependabot in #2528
• build(deps): bump google.golang.org/grpc from 1.45.0 to 1.46.2 by @dependabot in #2526
• build(deps): bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 by @dependabot in #2529
• build(deps): bump github.com/felixge/httpsnoop from 1.0.2 to 1.0.3 by @dependabot in #2527
• build(deps): bump google.golang.org/api from 0.74.0 to 0.81.0 by @dependabot in #2534
• build(deps): bump google.golang.org/grpc from 1.44.0 to 1.46.2 in /api/v2 by @dependabot in #2517
• build(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0 in /api/v2 by @dependabot in #2452
• feat: upgrade Go to 1.18 by @sagikazarmark in #2441
• build(deps): bump golang from 1.18.0-alpine3.15 to 1.18.2-alpine3.15 by @dependabot in #2535
• build(deps): bump google.golang.org/api from 0.81.0 to 0.82.0 by @dependabot in #2549
• build(deps): bump google.golang.org/grpc from 1.46.2 to 1.47.0 by @dependabot in #2543
• build(deps): bump golang from 1.18.2-alpine3.15 to 1.18.3-alpine3.15 by @dependabot in #2548
• build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2 by @dependabot in #2550
• chore(deps): update grpc by @sagikazarmark in #2551

Other Changes

• Update alpine version by @sagikazarmark in #2446
• New docker image build by @sagikazarmark in #2474
• Qemu tweaks by @sagikazarmark in #2480
• Add docker metadata action by @sagikazarmark in #2488
• ci: use docker metadata for build input by @sagikazarmark in #2489
• chore: do not use caching for docker build by @nabokihms in #2516
• Bump lint timeout to reduce the number of failed executions by @nabokihms in #2523

New Contributors

• @dhaus67 made their first contribution in #2342
• @dirien made their first contribution in #2418
• @MattiasGees made their first contribution in #2471
• @tsl0922 made their first contribution in #2483
• @Blorpy made their first contribution in #2511
• @ShivanshVij made their first contribution in #2538

Full Changelog: v2.31.0...v2.32.0

v2.31.2

This is a maintenance release upgrading Go to apply some security patches.

The official container image for this release can be pulled from

ghcr.io/dexidp/dex:v2.31.2

What's Changed

• Update go to 1.17.10 by @sagikazarmark in #2536

Full Changelog: v2.31.1...v2.31.2

v2.31.1

This is a maintenance release upgrading Go to apply some security patches.

What's Changed

• Update golang image by @sagikazarmark in #2447

Full Changelog: v2.31.0...v2.31.1

v2.31.0

The official docker release for this release can be pulled from

ghcr.io/dexidp/dex:v2.31.0

What's Changed

• Bump Dex image to v2.30.0 for Kubernetes deployment example by @rdimitrov in #2232
• Update Go to 1.17 by @sagikazarmark in #2247
• refactor: move from io/ioutil to io and os package by @Juneezee in #2278
• feat: Add MySQL ent-based storage driver by @nabokihms in #2272
• chore: fix ioutil lint error after merging MySQL ent storage by @nabokihms in #2282
• Add parametrization of grant type supported in discovery endpoint by @ariary in #2265
• Resolves #2111 Option to fetch transitive group membership by @snuggie12 in #2268
• Return valid JWT access token from password grant by @enj in #2234
• fix: do not update offlinesession lastUsed field if refresh token was not updated by @nabokihms in #2300
• fix web static file path slash error for win platform by @copperyp in #2305
• Update grpc by @sagikazarmark in #2321
• ci: fix container image permissions by @sagikazarmark in #2329
• feat: print dex version in the logs by @iam-veeramalla in #2337
• OAuth connector by @xtremerui in #1630
• fix: return invalid_grant error on claiming token of another client by @nabokihms in #2344
• chore: warning about deprecated LDAP groupSearch fields by @nabokihms in #2026
• Add Nix environment by @sagikazarmark in #2324
• Update dependencies in the examples package by @sagikazarmark in #2372
• add sigstore to ADOPTERS.md by @bobcallaway in #2374
• Add claimMapping enforcement by @Happy2C0de in #2233
• ci: run trivy scan on container image by @sagikazarmark in #2387
• chore: update gomplate by @sagikazarmark in #2388
• chore: update golangci-lint download script by @nabokihms in #2394
• [fix] Replace /teams API w/ /workspaces endpoints by @rahulchheda in #2390
• ci: add Docker cache to speed builds up by @sagikazarmark in #2400
• distroless: Dockerfile works with distroless base image by @ankeesler in #2378
• Update dependencies by @sagikazarmark in #2404
• Update API package by @sagikazarmark in #2405

Dependency updates

• build(deps): bump entgo.io/ent from 0.8.0 to 0.9.0 by @dependabot in #2226
• build(deps): bump golang from 1.16.6-alpine3.13 to 1.16.7-alpine3.13 by @dependabot in #2225
• build(deps): bump google.golang.org/grpc from 1.39.0 to 1.39.1 by @dependabot in #2227
• build(deps): bump google.golang.org/api from 0.52.0 to 0.53.0 by @dependabot in #2235
• build(deps): bump google.golang.org/grpc from 1.39.1 to 1.40.0 by @dependabot in #2236
• build(deps): bump alpine from 3.14.0 to 3.14.1 by @dependabot in #2229
• build(deps): bump github.com/go-ldap/ldap/v3 from 3.3.0 to 3.4.0 by @dependabot in #2239
• build(deps): bump google.golang.org/api from 0.53.0 to 0.54.0 by @dependabot in #2241
• build(deps): bump github.com/AppsFlyer/go-sundheit from 0.4.0 to 0.5.0 by @dependabot in #2240
• build(deps): bump google.golang.org/protobuf from 1.26.0 to 1.27.1 in /api/v2 by @dependabot in #2243
• build(deps): bump google.golang.org/grpc from 1.36.1 to 1.40.0 in /api/v2 by @dependabot in #2242
• build(deps): bump github.com/go-ldap/ldap/v3 from 3.4.0 to 3.4.1 by @dependabot in #2246
• build(deps): bump entgo.io/ent from 0.9.0 to 0.9.1 by @dependabot in #2249
• build(deps): bump alpine from 3.14.1 to 3.14.2 by @dependabot in #2258
• build(deps): bump google.golang.org/api from 0.54.0 to 0.55.0 by @dependabot in #2259
• build(deps): bump google.golang.org/api from 0.55.0 to 0.56.0 by @dependabot in #2262
• build(deps): bump github.com/lib/pq from 1.10.2 to 1.10.3 by @dependabot in #2263
• build(deps): bump github.com/russellhaering/goxmldsig from 1.1.0 to 1.1.1 by @dependabot in #2270
• build(deps): bump golang from 1.17.0-alpine3.14 to 1.17.1-alpine3.14 by @dependabot in #2269
• build(deps): bump google.golang.org/api from 0.56.0 to 0.57.0 by @dependabot in #2277
• build(deps): bump github.com/coreos/go-oidc/v3 from 3.0.0 to 3.1.0 by @dependabot in #2279
• build(deps): bump golang from 1.17.1-alpine3.14 to 1.17.2-alpine3.14 by @dependabot in #2292
• build(deps): bump go.etcd.io/etcd/client/pkg/v3 from 3.5.0 to 3.5.1 by @dependabot in #2298
• build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.0 to 3.5.1 by @dependabot in #2299
• build(deps): bump google.golang.org/grpc from 1.40.0 to 1.41.0 by @dependabot in #2285
• build(deps): bump github.com/mattn/go-sqlite3 from 1.14.8 to 1.14.9 by @dependabot in #2302
• build(deps): bump google.golang.org/grpc from 1.40.0 to 1.41.0 in /api/v2 by @dependabot in #2286
• build(deps): bump google.golang.org/api from 0.57.0 to 0.58.0 by @dependabot in #2287
• build(deps): bump google.golang.org/api from 0.58.0 to 0.59.0 by @dependabot in #2303
• build(deps): bump google.golang.org/api from 0.59.0 to 0.60.0 by @dependabot in #2308
• build(deps): bump golang from 1.17.2-alpine3.14 to 1.17.3-alpine3.14 by @dependabot in #2317
• build(deps): bump github.com/lib/pq from 1.10.3 to 1.10.4 by @dependabot in #2320
• build(deps): bump alpine from 3.14.2 to 3.14.3 by @dependabot in #2325
• build(deps): bump alpine from 3.14.3 to 3.15.0 by @dependabot in #2336
• build(deps): bump google.golang.org/api from 0.60.0 to 0.61.0 by @dependabot in #2341
• build(deps): bump golang from 1.17.3-alpine3.14 to 1.17.4-alpine3.14 by @dependabot in #2345
• build(deps): bump google.golang.org/api from 0.61.0 to 0.62.0 by @dependabot in #2348
• build(deps): bump golang from 1.17.4-alpine3.14 to 1.17.5-alpine3.14 by @dependabot in #2349
• build(deps): bump github.com/spf13/cobra from 1.2.1 to 1.3.0 by @dependabot in #2354
• build(deps): bump google.golang.org/api from 0.62.0 to 0.63.0 by @dependabot in #2353
• build(deps): bump google.golang.org/grpc from 1.42.0 to 1.43.0 by @dependabot in #2355
• build(deps): bump google.golang.org/grpc from 1.42.0 to 1.43.0 in /api/v2 by @dependabot in #2356
• build(deps): bump github.com/mattn/go-sqlite3 from 1.14.9 to 1.14.10 by @dependabot in #2362
• build(deps): bump golang from 1.17.5-alpine3.14 to 1.17.6-alpine3.14 by @dependabot in #2363
• build(deps): bump google.golang.org/api from 0.63.0 to 0.64.0 by @dependabot in #2364
• build(deps): bump google.golang.org/api from 0.64.0 to 0.65.0 by @dependabot in #2368
• build(deps): bump github.com/prometheus/client_golang from 1.11.0 to 1.12.0 by @dependabot in #2380
• build(deps): bump google.golang.org/grpc from 1.43.0 to 1.44.0 by @dependabot in #2384
• build(deps): bump google.golang.org/grpc from 1.43.0 to 1.44.0 in /api/v2 by @dependabot in #2385
• build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.1 to 3.5.2 by @dependabot in #2395
• build(deps): bump aquasecurity/trivy-action from 0.2.1 to 0.2.2 by @dependabot in #2398
• build(deps): bump google.golang.org/api from 0.65.0 to 0.67.0 by @dependabot in #2399
• build(deps): bump github.com/prometheus/client_golang from 1.12.0 to 1.12.1 by @dependabot in #2393

New Contributors

• @rdimitrov made their first contribution in #2232
• @Juneezee made their first contribution in #2278
• @ariary made their first contribution in #2265
• @snuggie12 made their first contrib...