Skip to content

#2218 Uninstall the IdentityServer4 packages and deactivate their functionality | IdentityServer Open Redirect vulnerability #2274

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 2, 2025
Merged

#2218 Uninstall the IdentityServer4 packages and deactivate their functionality | IdentityServer Open Redirect vulnerability #2274

merged 1 commit into from
Apr 2, 2025

Conversation

raman-m
Copy link
Member

@raman-m raman-m commented Mar 29, 2025
edited
Loading

Fixes #2218

Dependabot alerts

Proposed Changes

  • All IdentityServer4 packages have been removed
  • Related tests have been disabled using the Skip flag of the Fact attribute, and these tests need to be redeveloped
  • The "Ocelot.Administration" project has been moved to the new Ocelot.Administration.IdentityServer4 repository.
  • The "Ocelot.Samples.AdministrationApi" project was removed from Samples solution and now it will be a part of Ocelot.Administration.IdentityServer4 repository.

P.S.

Redeveloping the AuthenticationTests and AuthorizationTests (which were based on IdentityServer4 JWT tokens) requires significant effort. Therefore, this task will be skipped for now, as it would delay the release.

@raman-m raman-m self-assigned this Mar 29, 2025
@raman-m raman-m added bug Identified as a potential bug high High priority dependencies Pull requests that update a dependency file Core Ocelot Core related or system upgrade (not a public feature) NET9 .NET 9 release labels Mar 29, 2025
@raman-m raman-m added this to the .NET 9 milestone Mar 29, 2025
@raman-m raman-m changed the title #2218 Uninstall the IdentityServer4 packages and deactivate their functionality #2218 Uninstall the IdentityServer4 packages and deactivate their functionality | IdentityServer Open Redirect vulnerability Mar 29, 2025
@raman-m raman-m merged commit 09de4ce into develop Apr 2, 2025
1 check passed
@raman-m raman-m deleted the 2218-IdentityServer4 branch April 2, 2025 07:42
@raman-m raman-m mentioned this pull request Apr 2, 2025
Closed
3 tasks
@raman-m raman-m mentioned this pull request Apr 13, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RaynaldM RaynaldM Awaiting requested review from RaynaldM

@TomPallister TomPallister Awaiting requested review from TomPallister

@ggnaegi ggnaegi Awaiting requested review from ggnaegi

Assignees

@raman-m raman-m

Labels
bug Identified as a potential bug Core Ocelot Core related or system upgrade (not a public feature) dependencies Pull requests that update a dependency file high High priority NET9 .NET 9 release
Projects
None yet
Milestone
.NET 9
Development

Successfully merging this pull request may close these issues.

.NET 9: Vulnerabilities aka Dependabot
1 participant
@raman-m