Bohrasd

**Name of the Vulnerable Software and Affected Versions** OAuth2-Proxy versions 7.0.0 through 7.0.x **Description** The `--gitlab-group` flag for group-based authorization in the GitLab provider stopped working, allowing any authenticated users to access applications regardless of `--gitlab-group` membership restrictions. This issue impacts GitLab Provider users who rely on group membership for authorization restrictions. The problem arose from a bug introduced while adding GitLab project-based authorization support, where the user session's groups field was populated with the `--gitlab-group` config entries instead of the individual user's group membership from the GitLab Userinfo endpoint. **Recommendations** For OAuth2-Proxy versions 7.0.0 through 7.0.x, update to version 7.1.0 to resolve the issue. As a temporary workaround, consider setting `--gitlab-project` to use Project membership as the authorization checks instead of groups, as this feature is not affected by the bug.