Releases: DuendeSoftware/IdentityServer
7.0.7
This is a patch release that allows the UserInteractionOptions.PromptValuesSupported
to be customized, in order to support custom prompt modes.
What's Changed
- Allow SupportedPromptModes customization by @josephdecock in #1582
Full Changelog: 7.0.6...7.0.7
7.0.6
This is a security hotfix that addresses CVE-2024-39694. See the security advisory for more details.
6.3.10
This is a security hotfix that addresses CVE-2024-39694. See the security advisory for more details.
6.2.5
This is a security hotfix that addresses CVE-2024-39694. See the security advisory for more details.
6.1.8
This is a security hotfix that addresses CVE-2024-39694. See the security advisory for more details.
6.0.5
This is a security hotfix that addresses CVE-2024-39694. See the security advisory for more details.
6.3.9
This is a patch release that updates our dependency on ASP.NET framework packages from version 6.0.0 (or 7.00) to version 6.0.26 (or 7.0.15). This updates our transitive dependency on the System.IdentityModel.Tokens.Jwt and Microsoft.IdentityModel.JsonWebTokens packages past versions that have a known Denial of Service vulnerability.
What's Changed
- Update dependencies for 6.3.x by @AndersAbel in #1559
- Update ASP.NET core dependencies by @josephdecock in #1570
Full Changelog: 6.3.8...6.3.9
7.0.5
This is a patch release that fixes bugs related to the prompt and max_age parameters and a null reference exception when the http context is not available during cleanup jobs. It also adds a warning log when we detect certain misconfigurations of the state data formatter cache.
What's Changed
- Fix null reference exception in event service when httpcontext missing by @josephdecock in #1556
- Update OTel dependencies for 7.0 by @AndersAbel in #1560
- This is an internal-only dependency used for testing and does not affect the dependencies in any released packages.
- Warn when non-distributed cache detected by @AndersAbel in #1550
- Prevent infinite loop when max_age=0 by @josephdecock in #1565
- PAR - support processed params in authorize endpoint by @josephdecock in #1566
Full Changelog: 7.0.4...7.0.5
7.0.4
This is a patch release that updates our dependency on ASP.NET framework packages from version 8.0.0 to version 8.0.3. This updates our transitive dependency on the System.IdentityModel.Tokens.Jwt and Microsoft.IdentityModel.JsonWebTokens packages past versions that have a known Denial of Service vulnerability.
What's Changed
- update dependencies to latest patches by @brockallen in #1538
Full Changelog: 7.0.3...7.0.4
7.0.3
This is a patch release that fixes a bug where CryptographicException
s would be thrown when hosting in IIS with the Load user profile
option disabled.
What's Changed
- Exception type is updated from .NET 7 and up by @AndersAbel in #1535
Full Changelog: 7.0.2...7.0.3