v2.15.0

The official docker release for this release can be pulled from

quay.io/dexidp/dex:v2.15.0

Notes:

• Minimum TLS version bumped to v1.2: if you are using Dex to serve on TLS directly, please make sure clients support TLS v1.2 before upgrading.

Features:

• Added Active Directory and Kubelogin integration sample (#1390, @okamototk)
• Added option to use GitHub login as id (#1396, @jtnord)

Bug fixes, misc changes:

• Dockerfile Go version bumped to v1.11.5 (#1389, @ericchiang)
• Minimum TLS version bumped to TLSv1.2 (#1392, @stevendanna)
• Added @JoelSpeed as maintainer (#1394, @srenatus)
• Added tests for LDAP filtering (#1249, @srenatus)
• Print Access token in example app (#1395, @hainesc)
• Add periodic storage health checking (#1397, @ericchiang)

v2.14.0

The official docker release for this release can be pulled from

quay.io/dexidp/dex:v2.14.0

Notes:

• Users of the Gitlab connector need to pay attention: The connector now uses a less powerful
  scope. This is a good enhancement in terms of securiting your bases, but it may need special care
  when upgrading!

Features:

• There's a brand new Keystone connector! (#1374, @knangia, @joannanosek, and @kbalka)
• Github connector now returns a full group list when no org is specified, and you have
  opted-in to that behaviour (#1340, #1349, @alexmt)
• Github connector allows for a 'both' option to use team name AND slug in TeamNameField (#1345, @vito)
• Gitlab connector no longer requires to API scope (#1351, @gypsydiver)
• Postgres storage backeng now works with UNIX sockets (#1346, #1352, @vito)
• Postgres storage backend now exposes some tunables (#1357, @sr)
• gRPC API: Add UpdateClient (#1275, @ccojocar)
• Make expiry of auth requests configurable (#1372, @mxey)
• LDAP connector - add emailSuffix config option (#1380, @dkess)

Bug fixes, misc changes:

• Render error message provided by connector if user authentication failed (#1339, @alexmt)
• Fix bogus conformance failure due to time zones (#1344, @vito)
• Improved LDAP errors from upgrading go-ldap (#1338, @sr)
• Removed incomplete, unmaintained storage adapters for CockroachDB and MySQL (#1343, @vito)
• Removed unused startup scripts, adapted docs (#1350, @sr)
• LDAP connector: Document that 'DN' must be in capitals (#1359, @OwenTuz)
• Kubernetes docs: clarify steps around use/creation of TLS assets (#1358, @OwenTuz)
• Bumped github.com/lib/pq (#1367, @vito)
• Migrate to go modules (#1365, #1369, @josdotso)
• Makefile: cleanups for newer versions of Go (#1368, @ericchiang)
• Dockerfile: update to Go 1.11.3 (#1373, @ericchiang)
• Replace "GET", "POST" to http.MethodGet and http.MethodPost (#1377, @hainesc)

v2.13.0

The official docker release for this release can be pulled from

quay.io/dexidp/dex:v2.13.0

Features:

• Update to Go 1.11 (#1325, @ericchiang)
• Mock connector support refresh tokens (#1245, scotthew1)
• Dex no longer attempts to create CRDs if they're already created (#1333, @SongGithub)
• Updates to Kubernetes storage and RBAC docs (#1334, @tmatias)

Bug fixes:

• Fix golint build issues (#1317, #1329, @ericchiang)
• Fix Bitbucket documentation (#1316, @edtan)

v2.12.0

The official docker release for this release is at

quay.io/dexidp/dex:v2.12.0

Features:

• New connector: Bitbucket Cloud (#1307, @edtan)
• Allow using the GitHub team slug instead of name (#1297, @tburko)
• Allow using a client TLS cert in the LDAP connector (#1278, @veily)

Bug fixes:

• Any non-cert (or accidentally invalid) data following a valid cert
  in the SAML connector configuration will now error out (#1305, @srenatus)

....and fixes to docs, as well as an upgrade of a dependency library
(go-jose v2.1.8, @fajran).

🎉 Thank you very much, all old and new contributors! 😉

v2.11.0

This is the first new release after moving dex from github.com/coreos to
github.com/dexidp. In the process, a new Quay repository was created, so
you can find the official docker image for this release at:

quay.io/dexidp/dex:v2.11.0

Note that every merge to master now results in a docker image built in
that repository, making it easier to consume recent code changes, and
allowing for a more automated release process.

Features:

• Updates go to 1.10.2 to support SHA-512 for ldaps (@kpschuck, #1233)
• Fix timeout bug for etcd3 client connect (byxorna, #1266)
• Fix default baseURL for GitLab connector (@AnianZ, #1279)
• Connectors/ldap: treat 'constraint violation' on bind as bad
  credentials (@srenatus, #1285)

...and many fixes to the documentation and examples. Thank you, everyone
involved in helping out here. 🎉👏

v2.10.0

The official docker image for this release is available at:

quay.io/coreos/dex:v2.10.0

Features:

• Licenses for all dependencies of Dex can be generated (@diegs , #1152)
• Prometheus metrics added (@brancz , #1155)
• New id_provider scope that adds the connector ID and user ID to the ID token claims (@vyshane , #1176)
• Improved documentation (@ericchiang , #1168, #1166, #1157)
• Improved SAML unit tests (@srenatus , #1198)

v2.9.0

The official docker image for this release is available at:

quay.io/coreos/dex:v2.9.0

Features:

• The dex docker image is now built with Go 1.9 (@ericchiang, #1119)
• The prompt for password based login options is now configurable (@srenatus, #1116)
• A "select another login option" button has been added to the login page (@srenatus, #1123)
• The proto API definitions now have a java package tag (@vyshane, #1136)
• An Azure AD connector has been added (@pborzenkov, #1131)

Bug fixes:

• Host dependencies from the protobuf build process have been removed (@ericchiang, #1140)
• Rendered error pages now return HTTP error codes (@kkohtaka, #1142)

v2.8.1

This is a patch release of v2.8.0 with some minor UX improvements cherry picked.

• Make username prompt configurable #1116
• Display a "go back" link when there are multiple connector #1123

v2.8.0

Features:

• ID tokens from cross-client requests now include the requesting client ID in the audience (#1088, @dpacierpnik)
• Authenticating proxy login strategy added (#1100, #1104, #1103, @stapelberg)
• LinkedIn login strategy added (#1101, @pborzenkov)
• Kubernetes storage tests are now run on PR (#1072, @ericchiang)
• etcd storage backend added (#1108, @dqminh)

Bug fixes:

• Kubernetes CRD storage HTTP client now has a default timeout (#1085, @rphillips)
• Fix regexp for GitLab HTTP header parsing (#1090, @lsjostro)
• Removed test that required internet access (#1109, @ericchiang)

Misc:

• Docker build now uses multi-stage builds (#1068, @furuholm)
• Kubernetes RBAC requirements for CRD storage (#1081, @lrolaz)
• Additional logs for Kubernetes CRD storage (#1086, @chancez)
• HTML ID attribute added to login page (#1097, @cpanato)
• Additional test for the LDAP connector (#1096, @ericchiang)

v2.7.1

This is a patch release of dex with the following changes since v2.6.1:

v2.7.0 contains an issue(#1070) with CRD support. Please refrain from using/upgrading to v2.7.0. Only upgrade to v2.7.1!

NOTE: This release makes use of Custom Resource Definitions (CRDs) instead of Third Party Resources (TPRs) for Kubernetes storage. Since Kubernetes has deprecated TPRs, Dex has now switched to CRDs by default. For existing deployments, this either requires a manual migration of the TPR data to CRDs or a config change to continue to use TRPs.

Features:

CRD Support (#1062)
Migrate TPR to CRD Documentation (#1067)
OIDC conformance test setup Docs (#1050)
Bug Fixes:

Error out if go files aren't correctly formatted (#1064)
Fix panic caused by deleting refresh token twice through api (#1056)
storage backend should not explicitly lower-case email ids (#1046)