libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Update release notes

Browse source
This commit is contained in:
stianst 2018-08-14 12:46:42 +02:00 committed by Stian Thorgersen
parent 2a6c449f3c
commit 2d1af15f8b
2 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
release_notes/topics.adoc
View file

@ -15,6 +15,8 @@ endif::[]
ifeval::[{project_product}==true]
== {project_name_full} CD3
include::topics/4_3_0_final.adoc[leveloffset=2]
include::topics/4_2_0_final.adoc[leveloffset=2]
include::topics/4_1_0_final.adoc[leveloffset=2]
endif::[]

13
release_notes/topics/4_3_0_final.adoc
View file

@ -44,3 +44,16 @@ app.get('/protected/resource', keycloak.enforcer('resource:view'), function (req
res.json({message: 'access granted'});
});
```
= Support hosted domain for Google logins
Login with Google now supports the `hd` parameter to restrict Google logins to a specific hosted domain at Google. When
this is specified in the identity provider any login from a different domain is rejected.
Thanks to https://github.com/brushmate[brushmate] for the contribution.
= Escape unsafe tags in HTML output
Most HTML output is already escaped for HTML tags, but there are some places where HTML tags are permitted.
These are only where admin access is needed to update the value. Even though it would require admin access to update such
fields we have added an extra layer of defence and are now escaping unsafe elements like `<script>`.