10000 Release v0.20.1 · pomerium/pomerium · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

v0.20.1
Compare
Choose a tag to compare
@desimone desimone released this 26 May 20:57
v0.20.1
2bc2be7
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Security

  • This release fixes a bug whereby specially crafted requests could result in incorrect authorization decisions made by Pomerium. CVE-2023-33189.

What's Changed

  • storage: ignore removed fields when deserializing the data by @backport-actions-token in #3772
  • jwt: require logged in user to return .pomerium/jwt by @backport-actions-token in #3809
  • oidc: fix token revocation by @backport-actions-token in #3818
  • autocert: use atomic pointer to allow nil by @backport-actions-token in #3817
  • identity: fix expired session deletion by @backport-actions-token in #3857
  • postgres: return unknown records instead of skipping them (#3876) by @calebdoxsey in #3877
  • identity: fix nil reference error when there is no authenticator by @backport-actions-token in #3932

Full Changelog: v0.20.0...v0.20.1

Contributors

calebdoxsey
Assets 11
Loading
0