Releases: m-barthelemy/vpn-webauth
Releases · m-barthelemy/vpn-webauth
Fix addDevice
This releases fixes the Add Device template that was previously returning a server error.
CVE-2020-26160
- Address CVE-2020-26160
- Upgrade to Go 1.16
0.8.7-pre
Merge pull request #13 from m-barthelemy/fix/ci Update CI stuff
OTP fixes
- Fix OTP validation
- Restrict requests methods: all requests sending data are now POST only; with existing Samesite Cookie policy, this further improves security by preventing potential cross site requests forgery.
- Make request body size limit global
Log requests from unknown VPN identities
0.8.4 Clearly log VPN check requests from unknown identities
OTP Registration fixes
Ensure OTP secret is valid before validation registration
Fix HTML bug preventing OTP form submission
Improve UX on new device when no MFA method is available except OTC from already registered device.
Add automated release builds
Ship precompiled binaries with every release.
Fix OTC formatting
• Ensure OTC to add new device is always six digits by adding leading zeroes if necessary.
• Fix issue with automated redirects when the user wants to add a new device using OTC
Azure OAuth2 and Logout
- Support for Azure OAuth2. Some environment variables starting with
GOOGLEhave been renamed toOAUTH2in order to make them generic. - The UI will always redirect to the start page (“”Login with …) if the user has no session
- The UI will always redirect to the “Success” page if the user has a valid session. This is to improve the user experience.
- Added Logout button deleting both the web session token and the VPN session.
SSE Notifications Fallback
When a browser doesn't support Web Push notifications (Safari...), fallback to SSE stream and notify user that they need to keep the page open.