Released: Apr 30, 2025

v7.2.2 での更新項目

機能

• Hardened the security of the default configuration that controls the redaction in logs of parameters passed to the Pushed Authorization (PAR) and Authorize endpoint, ensuring that client secrets and client assertions are not logged by default.
  • In particular, the default value of AuthorizeRequestSensitiveValuesFilter and PushedAuthorizationSensitiveValuesFilter have been changed to both be ["client_secret", "client_assertion", "id_token_hint"].
  • PAR requests sometimes are handled by the same code path as authorize requests, so this makes both filters the same by default.
• The MtlsOptions.DomainName can now include a port number.