Update changelog for 5.1.1 release (oauth2-proxy#525)

vrindanayak · May 6, 2020 · d49556d · d49556d
1 parent f5f1348
commit d49556d
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,8 +6,27 @@
 
 ## Breaking Changes
 
+## Changes since v5.1.1
+
+# v5.1.1
+
+## Release Highlights
+
+N/A
+
+## Important Notes
+
+- (Security) Fix for [open redirect vulnerability](https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-j7px-6hwj-hpjg).
+  - A bad actor using encoded whitespace in redirect URIs can redirect a session to another domain
+
+## Breaking Changes
+
+N/A
+
 ## Changes since v5.1.0
 
+- [GHSA-j7px-6hwj-hpjg](https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-j7px-6hwj-hpjg) Fix Open Redirect Vulnerability with encoded Whitespace characters (@JoelSpeed)
+
 # v5.1.0
 
 ## Release Hightlights

diff --git a/README.md b/README.md
@@ -18,7 +18,7 @@ A list of changes can be seen in the [CHANGELOG](CHANGELOG.md).
 
 1.  Choose how to deploy:
 
-    a. Download [Prebuilt Binary](https://github.com/pusher/oauth2_proxy/releases) (current release is `v5.0.0`)
+    a. Download [Prebuilt Binary](https://github.com/pusher/oauth2_proxy/releases) (current release is `v5.1.1`)
 
     b. Build with `$ go get github.com/pusher/oauth2_proxy` which will put the binary in `$GOROOT/bin`
 
@@ -28,7 +28,7 @@ Prebuilt binaries can be validated by extracting the file and verifying it again
 
 ```
 sha256sum -c sha256sum.txt 2>&1 | grep OK
-oauth2_proxy-4.0.0.linux-amd64: OK
+oauth2_proxy-5.1.1.linux-amd64: OK
 ```
 
 2.  [Select a Provider and Register an OAuth Application with a Provider](https://pusher.github.io/oauth2_proxy/auth-configuration)
@@ -38,7 +38,8 @@ oauth2_proxy-4.0.0.linux-amd64: OK
 
 ## Security
 
-If you are running a version older than v5.0.0 we **strongly recommend you please update** to a current version. RE: [open redirect vulnverability](https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv)
+If you are running a version older than v5.1.0 we **strongly recommend you please update** to a current version.
+See [open redirect vulnverability](https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-j7px-6hwj-hpjg) for details.
 
 ## Docs
 

diff --git a/docs/1_installation.md b/docs/1_installation.md
@@ -9,7 +9,7 @@ nav_order: 1
 
 1.  Choose how to deploy:
 
-    a. Download [Prebuilt Binary](https://github.com/pusher/oauth2_proxy/releases) (current release is `v4.0.0`)
+    a. Download [Prebuilt Binary](https://github.com/pusher/oauth2_proxy/releases) (current release is `v5.1.1`)
 
     b. Build with `$ go get github.com/pusher/oauth2_proxy` which will put the binary in `$GOROOT/bin`
 
@@ -19,7 +19,7 @@ Prebuilt binaries can be validated by extracting the file and verifying it again
 
 ```
 $ sha256sum -c sha256sum.txt 2>&1 | grep OK
-oauth2_proxy-4.0.0.linux-amd64: OK
+oauth2_proxy-5.1.1.linux-amd64: OK
 ```
 
 2.  [Select a Provider and Register an OAuth Application with a Provider](auth-configuration)