Changelog
This page is generated during the GitLab Pages deployment from GitLab Releases and repository commits.
Upcoming changes
Changes since v0.2.1.
New features
- 1830af38 — Implement changelog generation and update documentation references
- 454264c1 — Add sitemap configuration for documentation site
Bug fixes
- 75771853 — Change deploy-pages stage from deploy to publish
- e4361d57 — Refine authorization header removal to only delete Basic auth headers while allowing Bearer tokens
Documentation updates
- 87a5cf67 — Add comprehensive documentation for application integrations, reverse proxies, backup and restore procedures, certificate rotation, logging, and troubleshooting
v0.2.1 — 2026-07-13
New Features
- 923cd748 — Limit SAML metadata response size to 10MB to prevent excessive memory usage
- 3b84bcae — Remove Authorization header from requests unless explicitly allowed in configuration
Bug fixes
- 3c0ee176 — Adjust service security settings by removing redundant directives and adding protections for clock, kernel modules, and logs
- b60d0ae2 — Update gomodguard to gomodguard_v2 and remove deprecated gocritic checks
- d7b68437 — Validate passthrough paths to prevent accidental passthrough of root or empty paths
v0.2 — 2026-07-11
New Features
- 3f392444 — Enhance SAML subject extraction and validation, add tests for subject retrieval
- 15e594f6 — Implement client IP extraction with trusted proxy support and update configuration for trusted proxies
- df9665fc — Implement initial SAML metadata loading and refresh logic with error handling; add unit tests for metadata functions
- de102181 — Implement logging sanitization to prevent log injection vulnerabilities
- 03a2ce15 — Implement session cookie expiration on SAML logout; add tests for session cookie handling
- 84f62740 — Refactor redirect source handling to improve validation and add unit tests
- fea0ee6a — Remove client provided headers which could conflict with PassBeyond provided headers
Bug fixes
- fd1be57b — Simplify claims time handling in session validation and token parsing
- 0329f5c0 — Update file opening method in SaveToFile to use OpenFile for better control over file permissions
- 57ba1947 — Update handler functions to ignore unused request parameters
Other work
- 221ec389 — chosr: Upgrade golangci-lint to new configuration format
v0.1.1 — 2025-11-30
Bug fixes
- 172f90e2 — Correct condition check for instance configuration file detection
v0.1 — 2025-11-30
New Features
- faff3b91 — Enhance dark mode support with improved styles and transitions
- 4eda3e3b — Load IdP metadata from file if configured
Bug fixes
- 439a8dc9 — Adjust cookie expiration to be slightly longer than session timeout
Other work
- f7597cc4 — other: Reorder docker dependencies alphabetically
v0.0.2 — 2025-11-28
New Features
- 19efc372 — Add a hidden control hatch page for PassBeyond service
- e52bb09f — Add configurable session timeout for SAML sessions
- e2af1d59 — Add passthrough tokens support for authentication bypass · Issue: #2
- de1d94a9 — Document passthroughTokens option for authentication bypass in README and config example
Other work
- 3ef2e885 — Implement custom SAML error handler and update error page to display version information
- 48d963af — Refactor session management to use a configurable session cookie name
v0.0.1 — 2025-11-27
Dependency updates
- 8ebcd237 — Add go test and golangci-lint as dependency for sonarqube
Other work
- dde4f0d0 — Abort if parsing internal IP fails
- 0cbf7488 — Adapt changed configuration file name
- e64c6437 — Adapt to changed service name
- b81bd03b — Add Gorilla Mux for auth server
- c3fdd69c — Add README and add some error checks
- 412cea5e — Add SAML claim fallbacks
- eaad64e3 — Add SAML request signing configuration option allow signing by configuration
- 025534e4 — Add SAML request signing configuration options to YAML and README
- fa8e52f4 — Add SRV record lookup support for LDAP
- f1e31f63 — Add Sonarqube analysis Add LDAP connection functionality Add seperation of session and user data (WIP)
- fec55a1e — Add UPN and SAMAccountName
- 9594ab84 — Add comments for config options
- b8e9942f — Add config check and session GC
- c246f28d — Add costom footer to error pages
- 9a973739 — Add database schema with automatic creation
- a611bee7 — Add group membership mapping
- ab1c4b66 — Add instance ID check to prevent request loops in globalHandler
- 20010573 — Add sAMAccountName support
- 62c6327b — Add sAMAccountName to proxy header
- 511bf3d1 — Add secret detection
- 101e097c — Add tests for cert creation
- b9efffd3 — Add tests for samlLoadKeyPair
- 67cd3385 — Add unit and coverage reports
- ad811b55 — Add user passbeyond on deb install
- bf6f76f7 — Add utils test
- 6b47c852 — Add version information to error page and implement buildinfo package
- b197a490 — Allow ACME challenge to pass trough
- ce5b8f1b — Change analysis branch to master
- 657c96e9 — Check if ldapConnection is not nil
- 5cf50f09 — Complete reprogramming of PassBeyond
- a59cf54b — Configure Secret Detection in
.gitlab-ci.yml, creating this file if it does not already exist - e012ae5a — Create .deb package after build
- d5f47055 — Dependency update
- fb22ec88 — Dependency update
- 267d137f — Dependency update Vulnerability due to Signature bypass via multiple Assertion elements https://github.com/crewjam/saml/security/advisories/GHSA-j2jp-wvqg-wc2g
- dca2a69c — Disable CGO for runs
- ac221471 — Downgrade Go version to support goreleaser version
- 4f055fc4 — Dynamically reload applications Support systemd reload Add additional HTTP error dialogs Pass real IP to backend service Support Basic auth as auth information provider
- f29547c7 — Execute go get to request vendor files
- cbe575a7 — Force IsCA to false
- 01067b7c — Handle LDAP connection loss
- 980120af — Ignore hint of theme-color
- 3b61c9e8 — Include tests and skip vendor
- aa23ee9b — Initial commit
- 4ae7aa66 — Initial development commit of v2
- 9698c353 — Log error details with request ID in buildProxyURL function
- a8933dff — Made LDAP an requirement Ajax backend support providing basic info + image Reduced SAML data to a minimum Add description for start page
- 568afbb6 — Manipulate metadata to add NameID
- 28b6d685 — Only deploy amd64 binary to repository
- bcd97a93 — Periodically check if LDAP is still connected
- 424d283c — Read internal networks from config
- 5b46fc5b — Refactor CI/CD pipeline and add Docker support for PassBeyond application
- 138c4261 — Refactor session validation to handle different context types in passbeyondHandler
- 39b276f6 — Refactor systemd service management in postinst, postrm, and prerm scripts for improved instance handling
- 815beb5a — Remove empty attributes from the attributes map in MapAttributes function
- 7ee078cd — Remove gorilla mux as it isn't maintained anymore
- 3985d986 — Rename pack-focal to pack-ubuntu and update dependencies in .gitlab-ci.yml
- d86185a1 — Save certificates in base64 encoding
- 0b3ae619 — Set logging more verbose
- a412c0e1 — Swap arguments to match go recommendations
- cd1363f5 — Test expired certificate
- 56e0e32f — Track session usage and add session expiration
- 7e928e2b — Update .gitignore to include additional build and report files
- c179192d — Update JWT claims handling to include Not Before (nbf) time for improved token validation, short backdating validity against race condition
- 8251ba36 — Update cookie handling in passbeyondHandler to allow cross-site redirects and set domain
- 00bbe175 — Update dependencies and add build to repo
- 41cf99c1 — Update publish script to reference 'build' directory instead of 'dist'
- 5c252671 — Use correct conffile in deb config
- 682b58bb — Use long paths to run go programs