v1.5.1

Fixes

• Fixed a panic that happens when performing an SSO flow using SocialProvider in Dashboard v5.3

V1.5.0

• Transitioned the default MongoDB driver from mgo to mongo-go-driver to leverage the latest features and improvements.
• Deprecated direct Redis usage in favor of the more flexible Temporal Storage Interface, enhancing adaptability and performance.
• Upgraded to Golang 1.21, ensuring compatibility with the latest language enhancements and security patches.
• Updated golang.org/x/net to v0.17.0, addressing CVE-2023-39325 and reinforcing security measures against potential vulnerabilities.
• Resolved an issue in TIB that led to superfluous TYK_IB_SESSION_SECRET warnings on initialization for embedded instances. Thotic storage now requires explicit initialization by the host application, streamlining the startup process and reducing unnecessary logging.

V1.4.2

• Fixed SSO Integration: Resolved issues affecting SAML and Azure-based Single Sign-On authentication.

v1.4.1

Highlights

In this release, we have fixed a bug where mTLS request with an expired certificate allowed the request to be proxied upstream in static mTLS and dynamic mTLS. We have also fixed 2 CVE issues, updated to go v1.19, and storage library to v1.0.5.

Change Log

Updated

• Update TIB to Go 1.19

• Update storage lib to v1.0.5

Fixed

• Fixed a bug where an mTLS request with an expired certificate allowed the request to be proxied upstream in static mTLS and dynamic mTLS

• NVD - CVE-2021-3538 - go.uuid

• NVD - CVE-2021-4238 - goutils

v1.4.0

In this release, we are using a new Tyk storage library to connect to Mongo DB. This would allow us to switch to use the official Mongo Driver very easily in the future.

What's changed?

• Use latest Tyk storage library to connect to Mongo so customers are allowed to use the lastest mongo versions (#244)

v1.3.2

What's changed?

• Fixed CVE-2021-3538 in which the library that generated uuid's are predictable.
• Fixed CVE-2022-41912 in which the crewjam/saml go library is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements.

v1.3.1

• Added an option that allows the user to set the appropriate character (e.g. comma) used to separate a list of values returned by the IDP in the user-groups claim; the default remains blank-space (TT-4685)
• Added an option for Identity Broker to ignore the values in the config file and load its configuration only from environment variables and default values (TT-3705)
• Fixed a bug where TIB would panic if the name and surname claims were not received in SAML (TT-2977)

v1.2.4

• Make TIB compatible with dashboard versions that doesn't support SQL and embed this application.
• Update the dev-portal object so when it calls the update method the information is not lost (#195 )

v1.2.3

• Make release available in package cloud #191

tyk-identity-broker-v1.2.2

• Added dynamic group maping for AD Povider (#146)
• Improved the debug logs for SAML (#184)
• The SAML’s EntityID now can be any string and not only the IDP’s metadata Url (#180)
• Fixed Expected Enveloped and C14N transforms issue (#182)