This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.

Jens L b0fbd576fc security: cure53 fix (#6039) ... * ATH-01-001: resolve path and check start before loading blueprints This is even less of an issue since 411ef239f6, since with that commit we only allow files that the listing returns Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-010: fix missing user filter for webauthn device This prevents an attack that is only possible when an attacker can intercept HTTP traffic and in the case of HTTPS decrypt it. * ATH-01-008: fix web forms not submitting correctly when pressing enter When submitting some forms with the Enter key instead of clicking "Confirm"/etc, the form would not get submitted correctly This would in the worst case is when setting a user's password, where the new password can end up in the URL, but the password was not actually saved to the user. * ATH-01-004: remove env from admin system endpoint this endpoint already required admin access, but for debugging the env variables are used very little Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-003 / ATH-01-012: disable htmlLabels in mermaid Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-005: use hmac.compare_digest for secret_key authentication Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-009: migrate impersonation to use API Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-010: rework Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-014: save authenticator validation state in flow context Signed-off-by: Jens Langhammer <jens@goauthentik.io> bugfixes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-012: escape quotation marks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add website Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update release ntoes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update with all notes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix format Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>		2023-06-22 22:25:04 +02:00
..
core	core: applications backchannel provider (#5449)	2023-05-08 15:29:12 +02:00
events	events: include event user in webhook notification (#5524)	2023-05-08 15:34:21 +02:00
expressions	policies: provider raw result for better policy reusability (#5189)	2023-04-06 09:42:29 +02:00
flow	stages/identification: auto-redirect to source when no user fields are selected (#5583)	2023-05-11 16:52:30 +02:00
installation	website/docs: capitalize Beta and link to Rel Notes (#5753)	2023-05-25 11:18:27 -05:00
interfaces	core: applications backchannel provider (#5449)	2023-05-08 15:29:12 +02:00
outposts	website/docs: minor outpost adaptions (#5308)	2023-04-19 12:29:27 +02:00
policies	policies: provider raw result for better policy reusability (#5189)	2023-04-06 09:42:29 +02:00
property-mappings	website/docs: add mention of custom JWT Claims (#3495)	2022-08-29 13:11:18 +02:00
providers	providers/ldap: improve password totp detection (#6006)	2023-06-20 12:09:13 +02:00
releases	security: cure53 fix (#6039)	2023-06-22 22:25:04 +02:00
security	security: cure53 fix (#6039)	2023-06-22 22:25:04 +02:00
troubleshooting	website/docs: Update troubleshooting login.md (#5814)	2023-06-05 11:16:53 +02:00
user-group	website/docs: add better explanation for goauthentik.io/user/token-ex… (#4755)	2023-02-22 13:24:04 +01:00
index.mdx	website/docs: improve docs for configuring event retention (#5002)	2023-03-19 18:56:03 +01:00