Skip to content

Comments

#2218 Uninstall the IdentityServer4 packages and deactivate their functionality | IdentityServer Open Redirect vulnerability#2274

Merged
raman-m merged 1 commit intodevelopfrom
2218-IdentityServer4
Apr 2, 2025
Merged

#2218 Uninstall the IdentityServer4 packages and deactivate their functionality | IdentityServer Open Redirect vulnerability#2274
raman-m merged 1 commit intodevelopfrom
2218-IdentityServer4

Conversation

@raman-m
Copy link
Member

@raman-m raman-m commented Mar 29, 2025
edited
Loading

Fixes #2218

Dependabot alerts

Proposed Changes

  • All IdentityServer4 packages have been removed
  • Related tests have been disabled using the Skip flag of the Fact attribute, and these tests need to be redeveloped
  • The "Ocelot.Administration" project has been moved to the new Ocelot.Administration.IdentityServer4 repository.
  • The "Ocelot.Samples.AdministrationApi" project was removed from Samples solution and now it will be a part of Ocelot.Administration.IdentityServer4 repository.

P.S.

Redeveloping the AuthenticationTests and AuthorizationTests (which were based on IdentityServer4 JWT tokens) requires significant effort. Therefore, this task will be skipped for now, as it would delay the release.

@raman-m raman-m self-assigned this Mar 29, 2025
@raman-m raman-m added bug Identified as a potential bug high High priority dependencies Pull requests that update a dependency file Core Ocelot Core related or system upgrade (not a public feature) NET9 .NET 9 release labels Mar 29, 2025
@raman-m raman-m added this to the .NET 9 milestone Mar 29, 2025
@raman-m raman-m changed the title #2218 Uninstall the IdentityServer4 packages and deactivate their functionality #2218 Uninstall the IdentityServer4 packages and deactivate their functionality | IdentityServer Open Redirect vulnerability Mar 29, 2025
@raman-m raman-m merged commit 09de4ce into develop Apr 2, 2025
1 check passed
@raman-m raman-m deleted the 2218-IdentityServer4 branch April 2, 2025 07:42
@raman-m raman-m mentioned this pull request Apr 2, 2025
Closed
3 tasks
@raman-m raman-m mentioned this pull request Apr 13, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@RaynaldM RaynaldM Awaiting requested review from RaynaldM

@TomPallister TomPallister Awaiting requested review from TomPallister

@ggnaegi ggnaegi Awaiting requested review from ggnaegi

Assignees

@raman-m raman-m

Labels

bug Identified as a potential bug Core Ocelot Core related or system upgrade (not a public feature) dependencies Pull requests that update a dependency file high High priority NET9 .NET 9 release

Projects

None yet

Milestone

.NET 9

Development

Successfully merging this pull request may close these issues.

.NET 9: Vulnerabilities aka Dependabot

1 participant

@raman-m