Comments (13)
There are no outstanding issues for security here. We are just using this issue to track the fact that we haven't documented how to report security issues.
Please use the latest releases to ensure you have up to date security patches
from oauth2-proxy.
This needs fixing and I am currently trying to work out how I want to handle this, I need to speak to our internal support team who currently handle most security issues for Pusher owned projects.
For now, could you please email me directly joel[at]pusher.com and I will look into the issue you have found.
from oauth2-proxy.
email sent :)
from oauth2-proxy.
This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.
from oauth2-proxy.
We still need to work out how security reports should be handled. As a note, if anyone finds this, please do not email my pusher address, I no longer work for Pusher and I will not receive it
from oauth2-proxy.
This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.
from oauth2-proxy.
This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.
from oauth2-proxy.
This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.
from oauth2-proxy.
@JoelSpeed @jtnord The security issue discussed here is not very clear. Is this still relevant? If yes, can you share more details for the same.
from oauth2-proxy.
this is still valid. there are no details on how to report security issues for this repo.
from oauth2-proxy.
Agreed. I or one of the other maintainers needs to find some time to create a SECURITY.md
doc that explains what users should do if they do find any vulnerabilities and what our responsibilities are in these cases
from oauth2-proxy.
@jtnord @JoelSpeed Can you share how severe is the issue ? and What is the plan to fix this or Is there a patched version available ?
from oauth2-proxy.
This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.
from oauth2-proxy.
Related Issues (20)
- [Bug]: Azure provider: problem with ProfileURL/ userInfoURL (duplicate of closed issue #2162 )
- [Support]: <Keycloak-OIDC failed> HOT 1
- [Bug]: GitHub private repo check throwing 500 instead of 403 when user does not have access
- [Bug]: Keycloak OIDC Provider Multiple Calls to Fetch Keys to Verify JWT in Auth Header
- [Support]: Add scope field inside bearer token
- [Support]: How to configure oauth2 with kubernetes HOT 1
- Trying to implement simple Oauth2-proxy/nginx configuration HOT 3
- [Bug]: wait-for-redis fails to detect redis with default image HOT 3
- [Support]: Connection refused to Keycloak instance running in the separate container
- [Bug]: Alpha-configuration environment variables are not being replaced HOT 1
- [Bug]: local-environment example for keycloak does not run HOT 1
- [--cookie-secret-file option]: new option to ease cookie-secret rotation HOT 1
- [Bug]: CVE-2024-24786 google.golang.org/protobuf HOT 1
- [Bug]: CVE-2023-45288 golang.org/x/net HOT 3
- [Bug]: CVE-2023-45288 github.com/go-jose/go-jose/v3 HOT 2
- [upstream with basic auth]: upstream may require basic auth
- [Feature]: Include sequence diagram in the documentation
- [Feature]: Don't require email for OIDC
- [Support]: unable to verify bearer token, failed to verify token: oidc: id token issued by a different provider HOT 1
- [Feature]: User.Read scope required for Azure Provider?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oauth2-proxy.