New
v7.13.0
Release Highlights
- 🕵️♀️ Vulnerabilities have been addressd
Unclaimed project
Are you a maintainer of oauth2-proxy? Claim this project to take control of your public changelog and roadmap.
Changelog
A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.
Last updated 3 days ago
By default all specified headers will now be normalized, meaning that both capitalization and the use of underscores (_) versus dashes (-) will be ignored when matching headers to be stripped. For example, both X-Forwarded-For and X_Forwarded-for will now be treated as equivalent and stripped away.
Please read our security advisory for CVE-2025-64484: GHSA-vjrc-mh2v-45x6
Furthermore, we now use the access_token for validating refreshed sessions in OIDC providers instead of the id_token. This is to align with the OIDC specification which states that id_tokens are not guaranteed to be issued when using refresh tokens. In future releases we might remove the id_token validation for sessions completely.
N/A
Get up and running with Kimi-K2.5, GLM-4.7, DeepSeek, gpt-oss, Qwen, Gemma and other models.
Production-Grade Container Scheduling and Management
A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
Gin is a high-performance HTTP web framework written in Go. It provides a Martini-like API but with significantly better performance—up to 40 times faster—thanks to httprouter. Gin is designed for building REST APIs, web applications, and microservices.