From 25154ede41dbac4f93aa8c7705c19a3ba67d6bdc Mon Sep 17 00:00:00 2001
From: Joel Speed <joel.speed@hotmail.co.uk>
Date: Sat, 27 Jun 2020 12:05:26 +0100
Subject: [PATCH] Update changelog ready for release v6.0.0

---
 CHANGELOG.md                                  | 22 ++++++++++++++++++-
 README.md                                     |  6 ++---
 .../docker-compose-keycloak.yaml              |  2 +-
 contrib/local-environment/docker-compose.yaml |  2 +-
 docs/1_installation.md                        |  2 +-
 5 files changed, 27 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b6f2d1ea12..507a577af6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,25 @@
 
 ## Important Notes
 
+## Breaking Changes
+
+## Changes since v6.0.0
+
+# v6.0.0
+
+## Release Highlights
+
+- Migrated to an independent GitHub organisation
+- Added local test environment examples using docker-compose and kind
+- Error pages will now be rendered when upstream connections fail
+- Non-Existent options in config files will now return errors on startup
+- Sessions are now always encrypted, independent of configuration
+
+## Important Notes
+
+- (Security) Fix for [open redirect vulnerability](https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-5m6c-jp6f-2vcv).
+  - More invalid redirects that lead to open-redirects were reported
+  - An extensive test suite has been added to prevent future regressions
 - [#453](https://github.com/oauth2-proxy/oauth2-proxy/pull/453) Responses to endpoints with a proxy prefix will now return headers for preventing browser caching.
 
 ## Breaking Changes
@@ -60,6 +79,7 @@
 
 ## Changes since v5.1.1
 
+- [GHSA-5m6c-jp6f-2vcv](https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-5m6c-jp6f-2vcv) New OpenRedirect cases have been found (@JoelSpeed)
 - [#639](https://github.com/oauth2-proxy/oauth2-proxy/pull/639) Change how gitlab-group is parsed on options (@linuxgemini)
 - [#615](https://github.com/oauth2-proxy/oauth2-proxy/pull/615) Kubernetes example based on Kind cluster and Nginx ingress (@EvgeniGordeev)
 - [#596](https://github.com/oauth2-proxy/oauth2-proxy/pull/596) Validate Bearer IDTokens in headers with correct provider/extra JWT Verifier (@NickMeves)
@@ -85,7 +105,7 @@
 - [#537](https://github.com/oauth2-proxy/oauth2-proxy/pull/537) Drop Fallback to Email if User not set (@JoelSpeed)
 - [#535](https://github.com/oauth2-proxy/oauth2-proxy/pull/535) Drop support for pre v3.1 cookies (@JoelSpeed)
 - [#533](https://github.com/oauth2-proxy/oauth2-proxy/pull/487) Set up code coverage within Travis for Code Climate (@JoelSpeed)
-- [#514](https://github.com/oauth2-proxy/oauth2-proxy/pull/514) Add basic string functions to templates
+- [#514](https://github.com/oauth2-proxy/oauth2-proxy/pull/514) Add basic string functions to templates (@n-i-x)
 - [#524](https://github.com/oauth2-proxy/oauth2-proxy/pull/524) Sign cookies with SHA256 (@NickMeves)
 - [#515](https://github.com/oauth2-proxy/oauth2-proxy/pull/515) Drop configure script in favour of native Makefile env and checks (@JoelSpeed)
 - [#519](https://github.com/oauth2-proxy/oauth2-proxy/pull/519) Support context in providers (@johejo)
diff --git a/README.md b/README.md
index d912fa7e65..93018e7a69 100644
--- a/README.md
+++ b/README.md
@@ -23,7 +23,7 @@ Going forward, all images shall be available at `quay.io/oauth2-proxy/oauth2-pro
 
 1.  Choose how to deploy:
 
-    a. Download [Prebuilt Binary](https://github.com/oauth2-proxy/oauth2-proxy/releases) (current release is `v5.1.1`)
+    a. Download [Prebuilt Binary](https://github.com/oauth2-proxy/oauth2-proxy/releases) (current release is `v6.0.0`)
 
     b. Build with `$ go get github.com/oauth2-proxy/oauth2-proxy` which will put the binary in `$GOROOT/bin`
 
@@ -43,8 +43,8 @@ oauth2-proxy-x.y.z.linux-amd64: OK
 
 ## Security
 
-If you are running a version older than v5.1.0 we **strongly recommend you please update** to a current version.
-See [open redirect vulnverability](https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-j7px-6hwj-hpjg) for details.
+If you are running a version older than v6.0.0 we **strongly recommend you please update** to a current version.
+See [open redirect vulnverability](https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-5m6c-jp6f-2vcv) for details.
 
 ## Docs
 
diff --git a/contrib/local-environment/docker-compose-keycloak.yaml b/contrib/local-environment/docker-compose-keycloak.yaml
index f78ce0fa5e..cf9558dfe8 100644
--- a/contrib/local-environment/docker-compose-keycloak.yaml
+++ b/contrib/local-environment/docker-compose-keycloak.yaml
@@ -15,7 +15,7 @@ services:
 
   oauth2-proxy:
     container_name: oauth2-proxy
-    image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1
+    image: quay.io/oauth2-proxy/oauth2-proxy:v6.0.0
     command: --config /oauth2-proxy.cfg
     hostname: oauth2-proxy
     volumes:
diff --git a/contrib/local-environment/docker-compose.yaml b/contrib/local-environment/docker-compose.yaml
index 6f57720a2c..d87037cdb8 100644
--- a/contrib/local-environment/docker-compose.yaml
+++ b/contrib/local-environment/docker-compose.yaml
@@ -13,7 +13,7 @@ version: '3.0'
 services:
   oauth2-proxy:
     container_name: oauth2-proxy
-    image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1
+    image: quay.io/oauth2-proxy/oauth2-proxy:v6.0.0
     command: --config /oauth2-proxy.cfg
     ports:
       - 4180:4180/tcp
diff --git a/docs/1_installation.md b/docs/1_installation.md
index fdb206aa6a..a82a3c4617 100644
--- a/docs/1_installation.md
+++ b/docs/1_installation.md
@@ -9,7 +9,7 @@ nav_order: 1
 
 1.  Choose how to deploy:
 
-    a. Download [Prebuilt Binary](https://github.com/oauth2-proxy/oauth2-proxy/releases) (current release is `v5.1.1`)
+    a. Download [Prebuilt Binary](https://github.com/oauth2-proxy/oauth2-proxy/releases) (current release is `v6.0.0`)
 
     b. Build with `$ go get github.com/oauth2-proxy/oauth2-proxy` which will put the binary in `$GOROOT/bin`