Skip to content
Tools
/
oauth2-proxy
/
Releases
OA
Release history
oauth2-proxy releases
A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.
v7.15.2
Security relevant
·
1mo
Security fixes
CVE-2026-34986, CVE-2026-32281, CVE-2026-32289, CVE-2026-32288, CVE-2026-32280, CVE-2026-32282, CVE-2026-32283 GHSA-5hvv-m4w4-gf6v: Health check user-agent authentication bypass (Critical) GHSA-7x63-xv5r-3p2x: X-Forwarded-Uri header spoofing authentication bypass (Critical)
Notable features
New --trusted-proxy-ip flag for explicit trusted reverse proxy IP configuration
v7.15.1
Bug fix
·
2mo
Fixed bugs in Unix socket handling for IP resolution, improved session refresh token logging, and corrected backend logout response handling.
v7.15.0
Breaking risk
·
2mo
Breaking changes
CSRF cookie validation now uses CSRFExpire instead of Expire
Notable features
OIDC JWT signing algorithm configuration CSRF cookie SameSite option Config validation flag
v7.14.3
Security relevant
·
3mo
Notable features
Redis URL parameter configuration
v7.14.2
Bug fix
·
4mo
Reverted AuthOnly endpoint change that incorrectly returned 302 redirects, restoring 401 status when no session exists. Documentation improved for nginx auth_request configuration.
v7.14.1
Bug fix
·
4mo
Fixed AuthOnly endpoint to properly handle 302 redirects when skip-provider-button is enabled, and corrected static upstream validation defaults.
v7.14.0
Security relevant
·
4mo
Breaking changes
Alpha Config: header injection sources must be explicitly nested (claimSource/secretSource)
Security fixes
CVE-2025-61729 CVE-2025-61727 CVE-2025-47914
Notable features
Alpha Config now supports Server struct configuration via YAML
© 2026 releaseport. All rights reserved.
Feed
Tools
Feeds
Security
Brief
Search tools, categories, lists, and users
Use ↑↓ to navigate, Enter to open, Esc to close
No results for "
⌘K to open
↑↓ navigate
⏎ open
