Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
bingo
Oauth2 Server
Commits
1480564d
Commit
1480564d
authored
2 years ago
by
Andrew Millington
Browse files
Options
Download
Email Patches
Plain Diff
Update changelog
parent
c9255bd5
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
4 additions
and
0 deletions
+4
-0
CHANGELOG.md
CHANGELOG.md
+4
-0
No files found.
CHANGELOG.md
View file @
1480564d
...
...
@@ -8,6 +8,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
### Added
-
You can now set a leeway for time drift between servers when validating a JWT (PR #1304)
### Security
-
Access token requests that contain a code_verifier but are not bound to a code_challenge will be rejected to prevent
a PKCE downgrade attack (PR #1326)
### [8.3.6] - released 2022-11-14
### Fixed
-
Use LooseValidAt instead of StrictValidAt so that users aren't forced to use claims such as NBF in their JWT tokens (PR #1312)
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
