2.9.0 (2026-04-16)
- add HEADER_MAPPING_BASE flag to control JWT claims source for HEADER_MAPPING (#144) (a43f4f4), closes #143
2.8.1 (2026-04-13)
- trim userinfo to mapped fields before storing in session cookie (#141) (683d79a)
- use /v2 module path (#139) (fb2d63e)
2.8.0 (2026-04-03)
2.7.0 (2026-04-03)
- prevent panic on SSE reverse proxy when backend closes connection (#128) (76d1ac5)
- set JWT audience claim to external URL for RFC 8707 compliance (#133) (351305a), closes #129
2.6.1 (2026-03-18)
2.6.0 (2026-03-16)
- Add OIDC Attribute-Based Authorization (#120) (51b6e85)
- support injecting cryptographic keys via env vars (#119) (ec9e857)
- fix prettier formatting in oauth-setup.md (#124) (ef5731d)
- normalize external URL with trailing slash per RFC 3986 (#125) (e377aa9)
2.5.4 (2026-03-03)
- follow backend 307/308 redirects in transparent proxy (#116) (4546f40)
- widen OAuth signature columns from VARCHAR(255) to VARCHAR(512) (#117) (68437b1), closes #111
2.5.3 (2026-01-03)
2.5.2 (2025-12-04)
- docker: update base image to golang:1.22-bookworm and switch to debian:bookworm-slim (#98) (dbeabda)
- upgrade dependencies (#100) (8c1c8fd)
- upgrade Go version to 1.25 in workflow files (#101) (3b869e9)
2.5.1 (2025-12-04)
2.5.0 (2025-10-22)
2.4.0 (2025-10-22)
2.3.0 (2025-08-28)
2.2.0 (2025-08-25)
2.1.0 (2025-08-24)
2.0.0 (2025-08-24)
- Authorization interface changed from separate GetUserID/Authorization calls to combined Authorization method
1.3.2 (2025-08-21)
1.3.1 (2025-08-21)
- release 1.3.1 (e5885f8)
1.3.0 (2025-08-20)
- add OIDC provider support (#40) (f8edabe)
- improve error handling with custom error template (#47) (2ff3804)
- improve session security with HttpOnly and MaxAge options (#46) (9038812)
- improve authentication flow and session handling (#45) (cd28916)
- remove oauth2.AccessTypeOffline from AuthCodeURL calls (#41) (a2d0d88)
1.2.3 (2025-08-19)
- improve KVS repository error handling (#36) (126ff82)
- improve KVS update method error handling (#37) (92eb5d4)
1.2.2 (2025-08-18)
1.2.1 (2025-08-18)
1.2.0 (2025-08-18)
- add automatic TLS host detection and improve server lifecycle management (#21) (dc3c058)
- add support for stdio MCP servers (#19) (b159d26)
- handle stderr properly in stdio MCP server execution (#23) (f972958)
- improve backend lifecycle management and error handling (#24) (4b5e828)
1.1.1 (2025-08-17)
1.1.0 (2025-08-17)
1.0.0 (2025-08-17)
- GLOBAL_SECRET environment variable and --global-secret flag are no longer supported. Secrets are now automatically generated and persisted.