Releases: jcmturner/gokrb5
Releases · jcmturner/gokrb5
Address vulnerabilities in dependencies
address vulnerabilities in dependencies:
New version to address minor issues
- Update dependency versions
- Return empty string rather than default realm if there is no configuration matching SPN domain to a realm
- deprecate use of io/ioutils package - this version required 1.16 as a minimum version of Go
- Consistent approach for sequence numbers with MIT implementation
- Other minor fixes - see commits for more details
Minor fixes and memory use improvement
- memory use improvements relating to Active Directory SID string marshaling
- fixed issue with principal name comparison causing validation failures when canonicalize configuration set to true
- SPNEGO client improvement to discard and close response body when unauthorized
- SPNEGO server fix for failure to parse SPNEGO tokens with request flags
Fix keytab and client network bugs
Marshal methods for KDC reply messages
Marshal methods added for
AS_REP
TGS_REP
KRBError
Minor simplification in client method for TCP communications
Create keytabs and minor fixes
- keytab: New ability to add entries to keytabs - gokrb5 can be used to create keytabs without needing ktuil
- spnego: handle explicit ports when deriving SPN
- Fixed some dropped errors
- Move integration test environment resource to their own git repo: https://github.com/jcmturner/gokrb5-test
- Update to use new Active Directory test environment
Client diagnostic
- Diagnostic() method on Client helps find configuration issues
Fix logging, session leak and AD example
This release fixes:
- Potential leak of the SPNEGO client session due to reuse of the same cookie jar
- Preserves the source line references in the logging of the client and SPNEGO service
- Fixes the AD example
Handle raw KRB5 tokens in the negotiation header
Some clients send a raw KRB5 token in the negotiation header rather than a full SPNEGO token. This release handles this situation.
Tidy dependencies
v8.0.1 Tidy dependencies