Skip to content

Commit

Permalink
Release 6.0.5
Browse files Browse the repository at this point in the history
  • Loading branch information
pdo-axelor committed Oct 17, 2024
1 parent 4587141 commit 03aad63
Show file tree
Hide file tree
Showing 8 changed files with 33 additions and 35 deletions.
33 changes: 33 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,36 @@
## 6.0.5 (2024-10-17)

#### Fixed

* Fix dirty view when an editor contain a button
* Fix hidden panels/buttons in editor when the record changes
* Fix details from view attrs reset when reloading from grid/tab
* Fix onnew popup actions called with delay
* Fix tab refresh with HTML dashlet
* Fix auth provider settings `exclusive` and `absolute-url-required`

#### Security

* Always rely on codes when fetching user from profile

<details>

Any extends of `com.axelor.auth.pac4j.AuthPac4jUserService.getUser` should takes
care to rely on fetch users by code only (instead of fetching by code and email).

In case your application use SSO authentication, a carefully review is needed.
As we now rely on users codes to retrieve users, make sure the users codes match
the user profile username or email provided by the identity provider (we rely on
pac4j user profile mapping for this). For example, OpenID Connect providers commonly
use `preferred_username` claim as username,but for others such as Azure OpenID Connect
provider, it will use the `upn` claim as username. As fallback is will use the `email`
claim as email. In case of existing users codes not matching identity providers username
or email, it will not retrieve them and users will not be able to log in. Manually change
will be needed, by updating users codes with their email for example.

</details>


## 6.0.4 (2022-11-02)

#### Changes
Expand Down
3 changes: 0 additions & 3 deletions changelogs/unreleased/fix-auth-boolean-props.yml

This file was deleted.

3 changes: 0 additions & 3 deletions changelogs/unreleased/fix-btn-in-editor.yml

This file was deleted.

3 changes: 0 additions & 3 deletions changelogs/unreleased/fix-hidden-panel-in-editor.yml

This file was deleted.

3 changes: 0 additions & 3 deletions changelogs/unreleased/fix-onnew-popup.yml

This file was deleted.

3 changes: 0 additions & 3 deletions changelogs/unreleased/fix-refresh-details-view.yml

This file was deleted.

3 changes: 0 additions & 3 deletions changelogs/unreleased/fix-tab-refresh-html.yml

This file was deleted.

17 changes: 0 additions & 17 deletions changelogs/unreleased/fix-wrong-user.yml

This file was deleted.

0 comments on commit 03aad63

Please sign in to comment.