Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
base: b4f2f298e18f
Choose a base ref
...
head repository: NixOS/nixpkgs
compare: 7d0b089bf37d
Choose a head ref
  • 2 commits
  • 1 file changed
  • 2 contributors

Commits on Apr 27, 2020

  1. oauth2_proxy: Backport security fix (CVE-2017-1000070) 

    Since 20.03 still uses old oauth2_proxy (3.2.0), which is not compatible
with the newest one (5.1.0), this change backports an important security
fix to 3.2.0:

oauth2-proxy/oauth2-proxy@a316f8a

The vulnerability is an open redirect, where a bad actor can redirect a
session to another domain using `/\` in redirect URIs.
    @knl
    knl committed Apr 27, 2020
    Copy the full SHA
    92ab877 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #86108 from knl/security-fix-oauth2_proxy

    @Mic92
    Mic92 committed Apr 27, 2020
    Copy the full SHA
    7d0b089 View commit details
    Browse the repository at this point in the history