This release addresses two security issues in Pomerium:
GHSA-35vc-w93w-75c2 (CVE-2021-29651)
GHSA-fv82-r8qv-ch4v (CVE-2021-29652)
Security
- proxy: restrict programmatic URLs to localhost #2047 (@travisgroth)
- authenticate: validate signature on /.pomerium, /.pomerium/sign_in and /.pomerium/sign_out #2046 (@travisgroth)