Security
- This release fixes a bug whereby specially crafted requests could result in incorrect authorization decisions made by Pomerium. CVE-2023-33189.
What's Changed
- postgres: return an empty list of addresses on dns errors by @backport-actions-token in #3638
- ppl: support special characters in claim keys by @backport-actions-token in #3640
- authorize: enforce service account expiration by @backport-actions-token in #3662
- config: disable envoy admin by default, expose stats via envoy route by @backport-actions-token in #3684
- fileutil: update watcher to use fsnotify and polling (#3663) by @calebdoxsey in #3685
- httputil: remove error details by @backport-actions-token in #3705
Full Changelog: v0.19.1...v0.19.2