Skip to content

v1.8.5

Compare
Choose a tag to compare
@aeneasr aeneasr released this 03 Oct 13:20
· 1767 commits to master since this release
951870e

This is a security-focused release with fixes for CVE-2020-15234, CVE-2020-15223, CVE-2020-15233. Additionally, several system dependencies (e.g. Golang) have been upgraded.

A few things have changed as part of these patches:

  • OAuth 2.0 Redirection URL error parameters error_hinterror_debug have been deprecated and are now part of error_description. The parameters are still included for compatibility reasons but will be removed in a future release.
  • OAuth 2.0 Error revocation_client_mismatch was not standardized and has been removed. Instead, you will now receive unauthorized_client with a description explaining why the flow failed.

Additionally, the TypeScript SDK generator has changed from OpenAPI's typescript-node to typescript-axios making the SDK compatible with both browser as well as node environments, which was not the case previously. Please be aware that some of the SDK's API signatures - especially responses - have changed and check your TypeScript output for instructions on upgrading. You may still use an older version of the SDK as none of ORY Hydra's HTTP APIs have changed.

Due to several complex CI issues and regressions, build versions v1.8.0 - v1.8.4 failed. v1.8.5 the first and only stable release in the current 1.8.x branch.

Docker images

  • docker pull oryd/hydra:v1
  • docker pull oryd/hydra:v1.8
  • docker pull oryd/hydra:v1.8.5
  • docker pull oryd/hydra:v1.8.5
  • docker pull oryd/hydra:latest
  • docker pull oryd/hydra:v1-alpine
  • docker pull oryd/hydra:v1.8-alpine
  • docker pull oryd/hydra:v1.8.5-alpine
  • docker pull oryd/hydra:v1.8.5-alpine
  • docker pull oryd/hydra:latest-alpine