github ory/oathkeeper v26.2.0
on GitHub

9 hours ago

v26.2.0

Bug Fixes

  • Always retry curl invocations to surmount transient third-party failures (9a8bda2):

  • Clean path while matching to prevent path traversal (8e00021):

  • Context passing in jsonnetsecure (664432e):

  • Correctly scan SQL NULL into go JSON types (9088f91):

  • Down migrations in newer MySQL versions (c92bc2c):

  • Drop all X-Forwarded-* headers when untrusted (36a676e):

  • Fix benchmark test (5862cf6):

  • Incorrect default value for page_tokens (9667983):

  • Incorrect usage of database/sql (73009ca):

  • Only use X-Forwarded-Proto header when trusted (e9acca1):

  • Remove flaky test for unused function (ee67087):

  • Remove WithDumpMigrations option to MigrationBox (5964b69):

  • Request log config key (5ce8122):

  • Restore OTEL trace propagation in remote and remote_json authorizers (6c8b787):

  • Scope cache config key to introspection URL (198a2bc):

  • Stray debug print (b9a2725):

  • Update CONTRIBUTING.md (3af6f3c):

  • Update packages to fix GHSA-7h2j-956f-4vf2 (0b855e4):

  • Upgrade vulnerable dependencies across Go and npm (afdef7d):

    Co-authored-by: Deepak Prabhakara deepak.prabhakara@ory.sh

  • X data race and parallize some tests (ecbebd3):

Code Generation

  • Prepare for OSS release - v26.2.0 (c84dbe0):

Code Refactoring

  • Squash merge old backoffice migration and fix up command (1350d8a):

Documentation

Features

  • Add support for NULL and more column types to keysetpagination (8e36fb7):

  • Automatic transaction retries for postgres (de668c1):

  • Collect external latency data and write to logs (e4e2644):

  • Consider Go migrations DirHash when restoring full schema from backups (cb65b07):

  • Forward (some) user request headers to SMS HTTP channel (f9ef1b2):

  • Generate events for SSO and SCIM provider revisions (bf85260):

  • Hydra benchmarking tool (7dc973b):

  • Improved tracing (a362e6e):

  • Keto-cli improvements (44167e9):

  • Make 429 passthrough instead return 401 (12cc3da):

  • Make SCIM work with MySQL (d717289):

  • Rename project revision columns (96fee1c):

  • Use keysetpagination planner for keto read queries (2b33f5a):

Tests

  • Deflake and improve performance (5c91d9d):

  • Deflake directory watcherx (9ef6345):

  • Faster and more reliable courier tests (7dd339a):

  • hydra: Add plaintext backups for all DB types (cdc1e05):

  • Minor setup improvements (d9f227a):

Changelog

  • 4dcf01a autogen(docs): generate and bump docs
  • 6816c4e autogen(sdk): bump to 05ddc40c27a9fb30a648f0efc7aa5360fef9df7a
  • 4c610a5 autogen(sdk): bump to 9c2abd78343503d5ad1cc4b7a815220c38dd59e0
  • c84dbe0 autogen: prepare for OSS release - v26.2.0
  • 3601987 chore(deps): update actions/checkout action to v6
  • d334de1 chore(deps): update dependency @types/lodash to v4.17.21
  • 3d4762d chore(deps): update go modules
  • 8668033 chore(deps): update golangci/golangci-lint-action action to v9
  • bff5f54 chore(deps): update jackson (major)
  • addb79f chore(deps): update oathkeeper to v4 (major)
  • d5931bc chore(keto): use ory/x router
  • 3bfd8fc chore(kratos): use httprouter from ory/x
  • 271e90e chore: add cause to context cancels with 'context.WithTimeoutCause' in ./x
  • 8888a60 chore: add helpers for Kratos OEL to support various databases
  • 5334a52 chore: add retries to more curl invocations
  • f1ba1cf chore: added CLIENT_SECRET_VERIFIER to our deployment
  • ead66ab chore: always use ristretto/v2
  • 82e6cfb chore: audit and fix npm dependencies
  • add9940 chore: bump to CRDB v25.4
  • e690c00 chore: bump to Go 1.26 massive cleanup in ory/x
  • 3f4085a chore: cleanup package-lock files
  • 97ecec8 chore: correct typos
  • d57bf13 chore: delete unused CRDB changefeed watcherx module
  • 25bbdc3 chore: deprecate organization APIs
  • 77eee56 chore: fix for critical CVE - GHSA-p77j-4mvh-x3m3
  • d1301c9 chore: fix golangci-lint warnings
  • 4304bc3 chore: improve clidoc generation
  • dafc47d chore: improve error reporting to help diagnose flaky test
  • f234fba chore: improve readability of popx.MigrationBox
  • d062731 chore: keysetpagination improvements
  • f8d0fcc chore: more npm security updates
  • 7d92cad chore: remove unused code
  • 116d2b9 chore: remove unused log code
  • 54dae34 chore: remove unused x/watcherx/websocket
  • f054847 chore: run go mod tidy and misc cleanup
  • aced92d chore: run npm audit fix
  • 1caff5e chore: security updates for glob library
  • 8e0f109 chore: simplify HTTP metrics instrumentation
  • 2a11ffc chore: simplify decoderx usage
  • f3ae92b chore: split SCIM from multi-region & make it work with SQLite
  • 93582cf chore: trivial linter issues
  • 9163541 chore: unify common dependency interfaces
  • b32cc90 chore: update @openapitools/openapi-generator-cli
  • c019a13 chore: update OSS ory.sh to ory.com
  • 3a3a6ae chore: update pop to latest & only run pop.SetNowFunc() inside init()
  • 6bfe8cb chore: update to dockertest v4
  • 1322ee3 chore: updated axios
  • 1246bc6 chore: updated golang.org/x/crypto
  • aee85c3 chore: updated minimatch
  • 249608a chore: use pgx pool in Kratos OEL & fix some OEL commands not using enterprise migrations
  • 183aee9 ci: add docker driver to cve scan
  • 0e3dc10 docs: update readmes
  • 8e36fb7 feat: add support for NULL and more column types to keysetpagination
  • de668c1 feat: automatic transaction retries for postgres
  • e4e2644 feat: collect external latency data and write to logs
  • cb65b07 feat: consider Go migrations DirHash when restoring full schema from backups
  • f9ef1b2 feat: forward (some) user request headers to SMS HTTP channel
  • bf85260 feat: generate events for SSO and SCIM provider revisions
  • 7dc973b feat: hydra benchmarking tool
  • a362e6e feat: improved tracing
  • 44167e9 feat: keto-cli improvements
  • 12cc3da feat: make 429 passthrough instead return 401
  • d717289 feat: make SCIM work with MySQL
  • 96fee1c feat: rename project revision columns
  • 2b33f5a feat: use keysetpagination planner for keto read queries
  • 9a8bda2 fix: always retry curl invocations to surmount transient third-party failures
  • 8e00021 fix: clean path while matching to prevent path traversal
  • 664432e fix: context passing in jsonnetsecure
  • 9088f91 fix: correctly scan SQL NULL into go JSON types
  • c92bc2c fix: down migrations in newer MySQL versions
  • 36a676e fix: drop all X-Forwarded-* headers when untrusted
  • 5862cf6 fix: fix benchmark test
  • 9667983 fix: incorrect default value for page_tokens
  • 73009ca fix: incorrect usage of database/sql
  • e9acca1 fix: only use X-Forwarded-Proto header when trusted
  • 5964b69 fix: remove WithDumpMigrations option to MigrationBox
  • ee67087 fix: remove flaky test for unused function
  • 5ce8122 fix: request log config key
  • 6c8b787 fix: restore OTEL trace propagation in remote and remote_json authorizers
  • 198a2bc fix: scope cache config key to introspection URL
  • b9a2725 fix: stray debug print
  • 3af6f3c fix: update CONTRIBUTING.md
  • 0b855e4 fix: update packages to fix GHSA-7h2j-956f-4vf2
  • afdef7d fix: upgrade vulnerable dependencies across Go and npm
  • ecbebd3 fix: x data race and parallize some tests
  • 1350d8a refactor: squash merge old backoffice migration and fix up command
  • cdc1e05 test(hydra): add plaintext backups for all DB types
  • 5c91d9d test: deflake and improve performance
  • 9ef6345 test: deflake directory watcherx
  • 7dd339a test: faster and more reliable courier tests
  • d9f227a test: minor setup improvements

Artifacts can be verified with cosign using this public key.

Check out latest releases or
releases around ory/oathkeeper v26.2.0

Don't miss a new oathkeeper release

NewReleases is sending notifications on new releases.

Get notifications