v2.21.0

The official docker release for this release can be pulled from

quay.io/dexidp/dex:v2.21.0

Notes:

The "only" main feature of this release is around OIDC and Google groups which were pretty long-awaited. 🎉

Features:

• Implement refreshing with Google (#1180, @JoelSpeed)
• Fetch groups in a Google Connector (#1185, @JoelSpeed)
• Add option to enable groups for oidc connectors (#1434, @jacksontj)

Bugfixes:

• Fix spelling errors in docs (#1569, @bhageena)
• preferred_username claim added on refresh token (#1586, @serhiimakogon)

v2.20.0

The official docker release for this release can be pulled from

quay.io/dexidp/dex:v2.20.0

Notes:

The preferred_username OIDC claim was added to the ID Token in case of GitLab, GitHub, LDAP. This claim could be extended to other providers as well later on.

Features:

• connector/saml: Adding group filtering (#1544, @kenperkins)
• Run getUserInfo prior to claim enforcement (#1545, @jacksontj)
• server: templates: use relative URLs to refer to assets (#1554, @yanniszark)
• add preffered_username to idToken (#1566, @bonifaido )

Bug fixes, misc changes:

• gitlab: add groups scope by default when filtering is requested (#1520, @bonifaido)
• Fix typo (#1543, @wassan128)
• Fix typo (#1551, @gosharplite)
• storage/mysql: support pre-5.7.20 instances with tx_isolation only (#1550, @bonifaido)
• Fix URLs in curl cmd as stated in the overview doc (#1558, @aijingyc)
• Add note for redirect uri (#1568, @life1347)

v2.19.0

The official docker release for this release can be pulled from

quay.io/dexidp/dex:v2.19.0

Notes:

• Following Mozilla's recommendations for secure TLS settings in the
  "Intermediate" compatibility mode, some insecure cipher suitess have been
  removed, overriding Golang's standard set of ciphers. In the unlikely event
  that this makes one of your clients NOT work with Dex anymore (and there's
  a decent reason for not being able to update that client), please file an
  issue. See #1540 for details.
• As mentioned in documentation, Kubernetes TPR suppport is removed in this
  release.

Features:

• connector/LDAP: display login error (#1530, @bonifaido)
• HTTPS/gRPC: Use a more conservative set of CipherSuites (#1540, @stevendanna)

Bug fixes, misc changes:

• Update ADOPTERS.md (#1534, @jthabet)
• storage/kubernetes: Removing Kubernetes TPR support (#1517, @venezia)
• Dockerfile: build with Golang 1.12.9 (#1529, @dkuerner)
• Kubernetes docs: Clarify the origin of openid-ca (#1521, @erwinvaneyk)
• Code update: Replace x/net/context with stdlib context (#, @erwinvaneyk)

v2.18.0

The official docker release for this release can be pulled from

quay.io/dexidp/dex:v2.18.0

Features:

• Storage: New MySQL storage backend (#1485, @bonifaido)
• gRPC: Add reflection to gRPC API (#1512, @venezia)
• Add option to always display connector selection even if there's only one (#1505, @MarcDufresne)
• Added "connector_id" to skip straight to a connector (#1481, @LanceH)
• Allow arbitrary data to be passed to templates (#1504, @MarcDufresne)
• Gitlab: implement useLoginAsID as in GitHub connector (#1497, @bonifaido)
• Microsoft: option for group UUIDs instead of name and group whitelist (#1446, @maksd)
• gRPC: Add VerifyPassword to API (#1486, @AlbanSeurat)

Bug fixes, misc changes:

• MAINTAINERS: add @bonifaido (#1492, @srenatus)
• Update ADOPTERS.md (#1495, @pbochynski; #1494, @tanmaykm; #1493, @srenatus)
• example-app: add connector_id (#1496, @srenatus)
• Docs: fix MySQL sample query (#1498, @mkontani)
• Code quality: fix some lint issues (#1500, @srenatus)
• gRPC: fix logging in VerifyPassword (#1502, @srenatus)
• Return config validation errors in one go (#1439, @sks)
• Update all deps (#1501, @srenatus)
• Return HTTP 400 for invalid state parameter (#1490, @momokatte)
• Adjusting Makefile so that golint will compile (#1509, @venezia)
• Add tests for some callback handler error conditions (#1510, @momokatte)
• Add examples for recent additions to oauth2 configuration options (#1516, @tpdownes)
• Bump deps for http2 issues (#1519, @srenatus)
• Connectors: refactor filter code into a helper package (#1480, @srenatus)

v2.17.0

The official docker release for this release can be pulled from

quay.io/dexidp/dex:v2.17.0

Notes:

• Dex finally offers a user info endpoint. While this doesn't expose any
  more information than is included in the ID tokens, it allows for using
  Dex in integrations that demand such an endpoint.
• With this release, the Linkedin connector is usable again!

Features:

• Add UserInfo endpoint (#1473, @alindeman, @jackielii, and @fjbsantiago)
• Linkedin: Update to use v2 APIs (#1460, @tanmaykm)
• server: add metrics for CORS handlers (#1429, @tsuna)
• OIDC: Add option to hit the optional userinfo endpoint (#1433, @jacksontj)
• OIDC: Make userID configurable (#1448, @cappyzawa)
• OIDC: Make userName configurable (#1459, @flarno11)
• GitLab: support for group whitelist (#1436, @bonifaido)

Bug fixes, misc changes:

• Print appropriate error when listing connectors fails (#1443, @deric)
• Bitbucket docs: update permission requirements (#1435, @bonifaido)
• Round out logging interface with functions for all levels (#1432, @alindeman)
• Fix typo in SAMLConnector interface (#1430, @mkontani)
• travis: replace golang 1.10 and 1.11 with 1.12 (#1457, @srenatus)
• OIDC: truely ignore "email_verified" claim if configured that way (#1456, @srenatus)
• MAINTAINERS: remove ericchiang@ (#1478, @ericchiang)

v2.16.0

The official docker release for this release can be pulled from

quay.io/dexidp/dex:v2.16.0

Features:

• Add an option to the OpenID Connect connector to always set email_verified to true (#1417, @gezb)
• Docker image no longer runs dex as root (#1426, @justaugustus)

Bug fixes, misc changes:

• Dex now logs client name instead of client_id (#1427, @yann-soubeyrand)
• Fixes for Go 1.11.4 modules (#1402, @lstoll)
• Refactor logging to use an interface instead of logrus directly (#1408, @sagikazarmark)

v2.15.0

The official docker release for this release can be pulled from

quay.io/dexidp/dex:v2.15.0

Notes:

• Minimum TLS version bumped to v1.2: if you are using Dex to serve on TLS directly, please make sure clients support TLS v1.2 before upgrading.

Features:

• Added Active Directory and Kubelogin integration sample (#1390, @okamototk)
• Added option to use GitHub login as id (#1396, @jtnord)

Bug fixes, misc changes:

• Dockerfile Go version bumped to v1.11.5 (#1389, @ericchiang)
• Minimum TLS version bumped to TLSv1.2 (#1392, @stevendanna)
• Added @JoelSpeed as maintainer (#1394, @srenatus)
• Added tests for LDAP filtering (#1249, @srenatus)
• Print Access token in example app (#1395, @hainesc)
• Add periodic storage health checking (#1397, @ericchiang)

v2.14.0

The official docker release for this release can be pulled from

quay.io/dexidp/dex:v2.14.0

Notes:

• Users of the Gitlab connector need to pay attention: The connector now uses a less powerful
  scope. This is a good enhancement in terms of securiting your bases, but it may need special care
  when upgrading!

Features:

• There's a brand new Keystone connector! (#1374, @knangia, @joannanosek, and @kbalka)
• Github connector now returns a full group list when no org is specified, and you have
  opted-in to that behaviour (#1340, #1349, @alexmt)
• Github connector allows for a 'both' option to use team name AND slug in TeamNameField (#1345, @vito)
• Gitlab connector no longer requires to API scope (#1351, @gypsydiver)
• Postgres storage backeng now works with UNIX sockets (#1346, #1352, @vito)
• Postgres storage backend now exposes some tunables (#1357, @sr)
• gRPC API: Add UpdateClient (#1275, @ccojocar)
• Make expiry of auth requests configurable (#1372, @mxey)
• LDAP connector - add emailSuffix config option (#1380, @dkess)

Bug fixes, misc changes:

• Render error message provided by connector if user authentication failed (#1339, @alexmt)
• Fix bogus conformance failure due to time zones (#1344, @vito)
• Improved LDAP errors from upgrading go-ldap (#1338, @sr)
• Removed incomplete, unmaintained storage adapters for CockroachDB and MySQL (#1343, @vito)
• Removed unused startup scripts, adapted docs (#1350, @sr)
• LDAP connector: Document that 'DN' must be in capitals (#1359, @OwenTuz)
• Kubernetes docs: clarify steps around use/creation of TLS assets (#1358, @OwenTuz)
• Bumped github.com/lib/pq (#1367, @vito)
• Migrate to go modules (#1365, #1369, @josdotso)
• Makefile: cleanups for newer versions of Go (#1368, @ericchiang)
• Dockerfile: update to Go 1.11.3 (#1373, @ericchiang)
• Replace "GET", "POST" to http.MethodGet and http.MethodPost (#1377, @hainesc)

v2.13.0

The official docker release for this release can be pulled from

quay.io/dexidp/dex:v2.13.0

Features:

• Update to Go 1.11 (#1325, @ericchiang)
• Mock connector support refresh tokens (#1245, scotthew1)
• Dex no longer attempts to create CRDs if they're already created (#1333, @SongGithub)
• Updates to Kubernetes storage and RBAC docs (#1334, @tmatias)

Bug fixes:

• Fix golint build issues (#1317, #1329, @ericchiang)
• Fix Bitbucket documentation (#1316, @edtan)

v2.12.0

The official docker release for this release is at

quay.io/dexidp/dex:v2.12.0

Features:

• New connector: Bitbucket Cloud (#1307, @edtan)
• Allow using the GitHub team slug instead of name (#1297, @tburko)
• Allow using a client TLS cert in the LDAP connector (#1278, @veily)

Bug fixes:

• Any non-cert (or accidentally invalid) data following a valid cert
  in the SAML connector configuration will now error out (#1305, @srenatus)

....and fixes to docs, as well as an upgrade of a dependency library
(go-jose v2.1.8, @fajran).

🎉 Thank you very much, all old and new contributors! 😉