v1.10.2
This maintenance release resolves regressions introduced in Ory Hydra v1.10.1. A big change is that Ory Hydra now supports PATCH operations for OAuth2 Clients and is able to handle TLS for admin and public endpoints individually. The breaking changes included in this release address two bugs which are marked as a BREAKING CHANGE. We believe however that these changes do not affect running systems and given the major improvements introduced by the fixes, we decided to mark this as a patch release.
1.10.2 (2021-05-04)
Bug Fixes
-
CookieStore MaxAge value (#2485) (#2488) (aafc901):
CookieStore MaxAge is set to 86400 * 30 by default. This prevents secure cookies retrieval with expiration > 30 days. MaxAge: 0 disables MaxAge check by SecureCookie, thus allowing sessions lasting > 30 days.
-
Handled requests respond with 410 Gone and include redirect URL (#2473) (e3d9158), closes #1569
-
Login and consent redirect behavior change since 1.9.x (#2457) (2f3a1af), closes #2363:
Allow #fragment in configured url to keep backwards compatibility.
-
Make token user command work with public clients (#2479) (a033d6a)
-
Resolve clidoc issues (f6e5958)
-
Resolve specignore issues (1431167)
-
Valid JSON response for already handled requests (#2517) (ac61616), closes #2515
Code Refactoring
Documentation
-
Change forum to discussions readme (#2451) (aa2919d):
same as ory/kratos#1220
-
Fix uppercase id (8ac186c)
Features
-
Add the MaxTagValueLength config for jaeger of tracing (#2482) (03c96ee), closes #2447
-
Enable "nbf" (not before) claim to be optional for Access Token (#2437) (666cd25), closes #1542
-
Implement partial client updates (PATCH) with JSON Patch syntax (#2411) (540c89d):
Implements a new endpoint
PATCH /clients/{id}
which uses JSON Patch syntax to update an OAuth2 client partially. This removes the need to doPUT /clients/{id}
with the full OAuth2 Client in the payload. -
Split TLS config into admin and public interfaces (#2476) (60704d4), closes #1231 #1962:
Adds the possibility to specify TLS certificates for admin and public endpoints individually. Also improves compatibility for internal networks (e.g. Kubernetes) by removing the need for having TLS termination on admin endpoints. This can be enabled by setting
serve.admin.tls.enabled
to false.
BREAKING CHANGES
- This patch makes it so that already handled consent/login/logout requests respond with 410 Gone instead of 409 Conflict. Additionally, a URL is included that the user should be redirected to!
Co-authored-by: hackerman [email protected]
- This patch changes how issuer and public URLs are used. Please be aware that going forward, the public URL is used for redirects. Previously, the issuer URL was used. If no public URL is set, the issuer URL will be used as before.
Changelog
5c611f0 autogen(docs): generate and format documentation
09dc774 autogen(docs): generate and format documentation
4d58f1f autogen(docs): generate and format documentation
a02ffe9 autogen(docs): generate and format documentation
d8682a9 autogen(docs): generate and format documentation
24f91ab autogen(docs): generate and format documentation
2666562 autogen(docs): generate and format documentation
3151706 autogen(docs): generate and format documentation
1c0e811 autogen(docs): generate and format documentation
7ba4b47 autogen(docs): generate and format documentation
79f3b90 autogen(docs): generate and format documentation
0c7a2ad autogen(docs): generate and format documentation
af6beb8 autogen(docs): generate and format documentation
c9b99be autogen(docs): generate and format documentation
b6c34e0 autogen(docs): generate and format documentation
c1cc947 autogen(docs): generate and format documentation
e0ccaf3 autogen(docs): generate and format documentation
40b09cd autogen(docs): generate cli docs
bfa14a5 autogen(docs): regenerate and update changelog
3dbcf87 autogen(docs): update milestone document
db4eb72 autogen(docs): update milestone document
5d0d69e autogen(docs): update milestone document
598de15 autogen(docs): update milestone document
00a57bd autogen(docs): update milestone document
d33a490 autogen(openapi): Regenerate swagger spec and internal client
3e37546 autogen(openapi): Regenerate swagger spec and internal client
fcc0dd2 autogen(openapi): Regenerate swagger spec and internal client
17cfc78 autogen(openapi): Regenerate swagger spec and internal client
4e6aebe autogen: add v1.10.1 to version.schema.json
1da2f24 autogen: pin v1.10.2 release commit
e8c3a06 autogen: pin v1.10.2 release commit
3bb0bb9 chore: bump base alpine images (#2439)
b8bac7f chore: bump ory/x
638562c chore: bump ory/x and gogo/protobuf (#2434)
73c9931 chore: fix links (#2481)
bd90f3e chore: fix sdk links (#2433)
380fc94 chore: format and cleanup
ddb34c1 chore: update docusaurus template
d99f213 chore: update docusaurus template
6b01fa9 chore: update docusaurus template
cf2fe0c chore: update docusaurus template
eaa3f87 chore: update docusaurus template
c3d705d chore: update docusaurus template (#2493)
69a87a5 chore: update docusaurus template (#2494)
a76bf40 chore: update repository templates (#2443)
9a484fc chore: update vulnerable jwt-go
3d48259 ci: run conformity on PRs
014c773 docs: add dotnet sdk (#2431)
47cf3c7 docs: add php link sdk page & fix links (#2469)
aa2919d docs: change forum to discussions readme (#2451)
8ac186c docs: fix uppercase id
5466d4e docs: guide for merging system.secrets (#2448)
03c96ee feat: add the MaxTagValueLength config for jaeger of tracing (#2482)
666cd25 feat: enable "nbf" (not before) claim to be optional for Access Token (#2437)
7f7362b feat: global docs sidebar and added cloud pages (#2495)
540c89d feat: implement partial client updates (PATCH) with JSON Patch syntax (#2411)
60704d4 feat: split TLS config into admin and public interfaces (#2476)
aafc901 fix: CookieStore MaxAge value (#2485) (#2488)
ff90c47 fix: do not use error_hint anymore (#2450)
e3d9158 fix: handled requests respond with 410 Gone and include redirect URL (#2473)
5fdd913 fix: link in documentation (#2478)
2f3a1af fix: login and consent redirect behavior change since 1.9.x (#2457)
a033d6a fix: make token user command work with public clients (#2479)
f6e5958 fix: resolve clidoc issues
1431167 fix: resolve specignore issues
eefefd5 fix: use PublicURL where given (#2441)
ac61616 fix: valid JSON response for already handled requests (#2517)
7781215 fix: version schema (#2427)
44fd4e4 refactor: move unix socket support helpers into ory/x (#2486)
Docker images
docker pull oryd/hydra:v1-sqlite
docker pull oryd/hydra:v1.10-sqlite
docker pull oryd/hydra:v1.10.2-sqlite
docker pull oryd/hydra:v1.10.2-sqlite
docker pull oryd/hydra:latest-sqlite
docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.10
docker pull oryd/hydra:v1.10.2
docker pull oryd/hydra:v1.10.2
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.10-alpine
docker pull oryd/hydra:v1.10.2-alpine
docker pull oryd/hydra:v1.10.2-alpine
docker pull oryd/hydra:latest-alpine