From c78bb979ec3018d28a033011dbd24b8ba12af7ed Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 9 Jan 2024 19:02:19 +0100 Subject: [PATCH] website: update changelog for 2023.10.6 and 2023.8.6 Signed-off-by: Jens Langhammer --- website/docs/releases/2023/v2023.10.md | 12 ++++++++++++ website/docs/releases/2023/v2023.8.md | 4 ++++ 2 files changed, 16 insertions(+) diff --git a/website/docs/releases/2023/v2023.10.md b/website/docs/releases/2023/v2023.10.md index 1034d0115..b5dc6ccb7 100644 --- a/website/docs/releases/2023/v2023.10.md +++ b/website/docs/releases/2023/v2023.10.md @@ -181,6 +181,18 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2023.10 - web/admin: always show oidc well-known URL fields when they're set (#7560) - web/user: fix search not updating app (cherry-pick #7825) (#7933) +## Fixed in 2023.10.6 + +- core: fix PropertyMapping context not being available in request context +- outposts: disable deployment and secret reconciler for embedded outpost in code instead of in config (cherry-pick #8021) (#8024) +- outposts: fix Outpost reconcile not re-assigning managed attribute (cherry-pick #8014) (#8020) +- providers/oauth2: fix [CVE-2024-21637](../../security/CVE-2024-21637.md), Reported by [@lauritzh](https://github.com/lauritzh) (#8104) +- providers/oauth2: remember session_id from initial token (cherry-pick #7976) (#7977) +- providers/proxy: use access token (cherry-pick #8022) (#8023) +- rbac: fix error when looking up permissions for now uninstalled apps (cherry-pick #8068) (#8070) +- sources/oauth: fix missing get_user_id for OIDC-like sources (Azure AD) (#7970) +- web/flows: fix device picker incorrect foreground color (cherry-pick #8067) (#8069) + ## API Changes #### What's New diff --git a/website/docs/releases/2023/v2023.8.md b/website/docs/releases/2023/v2023.8.md index 476a03caa..4a64d9c48 100644 --- a/website/docs/releases/2023/v2023.8.md +++ b/website/docs/releases/2023/v2023.8.md @@ -163,6 +163,10 @@ image: - security: fix [CVE-2023-48228](../../security/CVE-2023-48228.md), Reported by [@Sapd](https://github.com/Sapd) (#7666) +## Fixed in 2023.8.6 + +- providers/oauth2: fix [CVE-2024-21637](../../security/CVE-2024-21637.md), Reported by [@lauritzh](https://github.com/lauritzh) (#8104) + ## API Changes #### What's New