Tags: Tinkoff/hydra
Tags
autogen: pin v1.9.0-alpha.3.pre.1 release commit
autogen: pin v1.9.0-alpha.3.pre.0 release commit
This release addresses an issue in the update routine of OAuth2 Clien… …ts (see [kratos#2148](ory#2148)) and adds an option which makes ORY Hydra compatible with MITREid.
This release focuses on a complete refactor of the internal database … …abstraction layer (DBAL). We have been using [gobuffalo/pop](https://github.com/gobuffalo/pop) successfully in [ORY Kratos](https://github.com/ory/kratos) and decided to move the ORY Hydra DBAL to [gobuffalo/pop](https://github.com/gobuffalo/pop) as well. As part of this refactoring, ORY Hydra now supports SQLite for both in-memory as well as on-disk databases, de-duplicating the codebase and allowing for quick and easy persistence in test environments. This is an alpha release as we want to gather feedback from the community regarding performance and other potential issues before tagging the v1.9.0 version branch as stable.
This is a security-focused release with fixes for [CVE-2020-15234](GH… …SA-grfp-q2mm-hfp6), [CVE-2020-15223](GHSA-7mqr-2v3q-v2wm), [CVE-2020-15233](GHSA-rfq3-w54c-f9q5). Additionally, several system dependencies (e.g. Golang) have been upgraded. A few things have changed as part of these patches: - OAuth 2.0 Redirection URL error parameters `error_hint`, `error_debug` have been deprecated and are now part of `error_description`. The parameters are still included for compatibility reasons but will be removed in a future release. - OAuth 2.0 Error `revocation_client_mismatch` was not standardized and has been removed. Instead, you will now receive `unauthorized_client` with a description explaining why the flow failed. Additionally, the TypeScript SDK generator has changed from OpenAPI's `typescript-node` to `typescript-axios` making the SDK compatible with both browser as well as node environments, which was not the case previously. Please be aware that some of the SDK's API signatures - especially responses - have changed and check your TypeScript output for instructions on upgrading. You may still use an older version of the SDK as none of ORY Hydra's HTTP APIs have changed. Due to several complex CI issues and regressions, build versions v1.8.0 - v1.8.4 failed. v1.8.5 the first and only stable release in the current 1.8.x branch. New features have been added and bugs have been closed. No migrations are required when applying this release. Please check the list below for an in-depth overview.
This is a security-focused release with fixes for [CVE-2020-15234](GH… …SA-grfp-q2mm-hfp6), [CVE-2020-15223](GHSA-7mqr-2v3q-v2wm), [CVE-2020-15233](GHSA-rfq3-w54c-f9q5). Upgrading is strongly advised! A few things have changed as part of these patches: - OAuth2 Redirection URL error parameters `error_hint`, `error_debug` have been deprecated and are now part of `error_description`. The parameters are still included for compatibility reasons but will be removed in a future release. - OAuth2 Error `revocation_client_mismatch` was not standardized and has been removed. Instead, you will now receive `unauthorized_client` with a description explaning why the flow failed. Additionally, the TypeScript SDK generator has changed from OpenAPI's `typescript-node` to `typescript-axios` making the SDK compatible with both browser as well as node environments, which was not the case previously. Please be aware that some of the SDK's API signatures - especially responses - have changed and check your TypeScript output for instructions on upgrading. You may still use an older version of the SDK as none of ORY Hydra's HTTP APIs have changed. New features have been added and bugs have been closed. No migrations are required when applying this release. Please check the list below for an in-depth overview.
PreviousNext