Merge branch 'v1.11' into issue_3400

daprdocs/content/en/concepts/security-concept.md

@@ -211,6 +211,21 @@ The Dapr threat model is below.
 
 ## Security audit
 
+### June 2023
+
+In June 2023, Dapr completed a fuzzing audit done by Ada Logics.
+
+The audit achieved the following:
+
+- OSS-Fuzz integration
+- 39 new fuzzers for Dapr
+- Fuzz test coverage for Dapr Runtime, Kit and Components-contrib
+- All fuzzers running continuously after the audit has completed
+
+You can find the full report [here](/docs/Dapr-june-2023-fuzzing-audit-report.pdf).
+
+3 issues were found during the audit.
+
 ### February 2021
 
 In February 2021, Dapr went through a 2nd security audit targeting its 1.0 release by Cure53.
@@ -255,4 +270,4 @@ Visit [this page]({{< ref support-security-issues.md >}}) to report a security i
 
 ## Related links
 
-[Operational Security]({{< ref "security.md" >}})
+[Operational Security]({{< ref "security.md" >}})

daprdocs/content/en/developing-applications/integrations/gRPC-integration.md

@@ -132,7 +132,7 @@ The following steps will show how to create an app that exposes a server for wit
     	"github.com/golang/protobuf/ptypes/empty"
     
     	commonv1pb "github.com/dapr/dapr/pkg/proto/common/v1"
-    	pb "github.com/dapr/go-sdk/dapr/proto/runtime/v1"
+    	pb "github.com/dapr/dapr/pkg/proto/runtime/v1"
     	"google.golang.org/grpc"
     )
     ```

daprdocs/content/en/reference/api/bindings_api.md

@@ -37,6 +37,45 @@ If running on kubernetes apply the component to your cluster.
 
 > **Note:** In production never place passwords or secrets within Dapr component files. For information on securely storing and retrieving secrets using secret stores refer to [Setup Secret Store]({{< ref setup-secret-store >}})
 
+### Binding direction (optional)
+
+In some scenarios, it would be useful to provide additional information to Dapr to indicate the direction supported by the binding component. 
+Providing the supported binding direction helps the Dapr sidecar avoid the `"wait for the app to become ready"` state, where it waits indefinitely for the application to become available.
+
+You can specify the `direction` field as part of the component's metadata. The valid values for this field are: 
+- `"input"`
+- `"output"`
+- `"input, output"`
+
+Here a few scenarios when the `"direction"` metadata field could help:
+
+- When an application (detached from the sidecar) runs as a serverless workload and is scaled to zero, the `"wait for the app to become ready"` check done by the Dapr sidecar becomes pointless.
+
+- If the detached Dapr sidecar is scaled to zero and the application reaches the sidecar (before even starting an HTTP server), the `"wait for the app to become ready"` deadlocks the app and the sidecar into waiting for each other.
+
+### Example
+
+```yaml
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: kafkaevent
+spec:
+  type: bindings.kafka
+  version: v1
+  metadata:
+  - name: brokers
+    value: "http://localhost:5050"
+  - name: topics
+    value: "someTopic"
+  - name: publishTopic
+    value: "someTopic2"
+  - name: consumerGroup
+    value: "group1"
+  - name: "direction"
+    value: "input, output"
+```
+
 ## Invoking Service Code Through Input Bindings
 
 A developer who wants to trigger their app using an input binding can listen on a `POST` http endpoint with the route name being the same as `metadata.name`.

daprdocs/content/en/reference/components-reference/supported-middleware/middleware-bearer.md

@@ -22,22 +22,30 @@ spec:
   version: v1
   metadata:
     - name: audience
-      value: "<your token audience; e.g. the application's client ID>"
+      value: "<your token audience; i.e. the application's client ID>"
     - name: issuer
       value: "<your token issuer, e.g. 'https://accounts.google.com'>"
 
     # Optional values
     - name: jwksURL
-      value: "https://accounts.google.com/.well-known/openid-configuration"
+      value: "<JWKS URL, e.g. 'https://accounts.google.com/.well-known/openid-configuration'>"
 ```
+
 ## Spec metadata fields
 
 | Field | Required | Details | Example |
 |-------|:--------:|---------|---------|
 | `audience` | Y | The audience expected in the tokens. Usually, this corresponds to the client ID of your application that is created as part of a credential hosted by a OpenID Connect platform. | 
-| `issuer` | Y | The issuer authority, which is the value expected in the issuer claim in the tokens. | `"https://accounts.google.com"`, `"https://login.salesforce.com"`
+| `issuer` | Y | The issuer authority, which is the value expected in the issuer claim in the tokens. | `"https://accounts.google.com"`
 | `jwksURL` | N | Address of the JWKS (JWK Set containing the public keys for verifying tokens). If empty, will try to fetch the URL set in the OpenID Configuration document `<issuer>/.well-known/openid-configuration`.  | `"https://accounts.google.com/.well-known/openid-configuration"`
 
+Common values for `issuer` include:
+
+- Auth0: `https://{domain}`, where `{domain}` is the domain of your Auth0 application
+- Azure AD: `https://login.microsoftonline.com/{tenant}/v2.0`, where `{tenant}` should be replaced with the tenant ID of your application, as a UUID
+- Google: `https://accounts.google.com`
+- Salesforce (Force.com): `https://login.salesforce.com`
+
 ## Dapr configuration
 
 To be applied, the middleware must be referenced in [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware.md">}}).