mirror/auth-portal
1
0
Fork 0
mirror of https://github.com/modom-ofn/auth-portal.git synced 2025-12-16 21:24:23 -06:00
Code Issues Packages Projects Releases Wiki Activity

chore: bump go to 1.25.5 for stdlib CVE

Browse Source 
chore: bump go to 1.25.5 for stdlib CVE
This commit is contained in:
Mike Odom
2025-12-02 18:36:21 -05:00
parent f53add53d6
commit eaf459938d
4 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@@ -26,10 +26,10 @@
- Added same-origin CSRF checks to sensitive POST routes and unified client IP detection for logging and security features.
- Implemented shared per-IP rate limiting middleware covering login, MFA, and logout endpoints.
- Updated UI assets and templates to expose MFA enrollment/challenge experiences in the portal.
- Upgraded build stack: Go 1.25.3 base image with patched OpenSSL 3.3.5 and BusyBox fixes.
- Upgraded build stack: Go 1.25.5 base image with patched OpenSSL 3.3.5 and BusyBox fixes.
### Upgrade Notes
- Rebuild images to pull `modomofn/auth-portal:v2.0.2` (Go 1.25.3 base with patched OpenSSL 3.3.5 and BusyBox).
- Rebuild images to pull `modomofn/auth-portal:v2.0.2` (Go 1.25.5 base with patched OpenSSL 3.3.5 and BusyBox).
- Database migrations run automatically at startup to create `user_mfa` and `user_mfa_recovery_codes` tables and related columns.
- Set `SESSION_COOKIE_DOMAIN` to the host scope you serve AuthPortal from so cookies survive redirects behind proxies.
- New environment toggles control MFA behaviour: `MFA_ENABLE`, `MFA_ENFORCE`, and `MFA_ISSUER` (defaults provided).

6
README.md
View File

@@ -2,7 +2,7 @@
[![Docker Pulls](https://img.shields.io/docker/pulls/modomofn/auth-portal.svg)](https://hub.docker.com/r/modomofn/auth-portal)
[![Docker Image Size](https://img.shields.io/docker/image-size/modomofn/auth-portal/latest)](https://hub.docker.com/r/modomofn/auth-portal)
[![Go Version](https://img.shields.io/badge/Go-1.25.3%2B-00ADD8?logo=go)](https://go.dev/)
[![Go Version](https://img.shields.io/badge/Go-1.25.5%2B-00ADD8?logo=go)](https://go.dev/)
[![License: GPL-3.0](https://img.shields.io/badge/License-GPL3.0-green.svg)](https://github.com/modom-ofn/auth-portal?tab=GPL-3.0-1-ov-file#readme)
[![Vibe Coded](https://img.shields.io/badge/Vibe_Coded-OpenAI_Codex-purple)](https://developers.openai.com/codex/windows)
@@ -542,7 +542,7 @@ CREATE TABLE IF NOT EXISTS pins (
## Build & Images
- Go: `1.25.3` on `alpine:3.21`.
- Go: `1.25.5` on `alpine:3.21`.
- Builder installs `git` + CA certs, runs `go mod download` then `go mod tidy -compat=1.25`, builds with:
- `-v -x` (verbose), `-buildvcs=false` (avoid VCS scans), `-trimpath`, `-ldflags "-s -w"`.
- Runtime: `alpine:3.21`, installs CA certs + tzdata, runs as non-root `uid 10001`.
@@ -695,7 +695,7 @@ GPL-3.0 https://opensource.org/license/lgpl-3-0
## Upgrade Guide (from < v2.0.2)
1) Rebuild or pull `modomofn/auth-portal:v2.0.3` so you pick up Go 1.25.3 plus the patched OpenSSL 3.3.5 / BusyBox layers.
1) Rebuild or pull `modomofn/auth-portal:v2.0.3` so you pick up Go 1.25.5 plus the patched OpenSSL 3.3.5 / BusyBox layers.
2) Set `SESSION_COOKIE_DOMAIN` to the host you serve AuthPortal from (e.g., `auth.example.com`) so session + pending-MFA cookies survive redirect flows.
3) Decide on MFA posture:
- Leave `MFA_ENABLE=1` to let users enroll.

2
auth-portal/Dockerfile
View File

@@ -1,5 +1,5 @@
# ---- builder ----
FROM golang:1.25.3-alpine3.21 AS build
FROM golang:1.25.5-alpine3.21 AS build
WORKDIR /src
# Tools needed for fetching modules over HTTPS

2
auth-portal/go.mod
View File

@@ -2,7 +2,7 @@ module auth-portal
go 1.25
toolchain go1.25.3
toolchain go1.25.5
require (
github.com/DATA-DOG/go-sqlmock v1.5.2