github pomerium/pomerium v0.20.1

latest releases: v0.21.4, v0.22.2
one day ago


  • This release fixes a bug whereby specially crafted requests could result in incorrect authorization decisions made by Pomerium. CVE-2023-33189.

What's Changed

  • storage: ignore removed fields when deserializing the data by @backport-actions-token in #3772
  • jwt: require logged in user to return .pomerium/jwt by @backport-actions-token in #3809
  • oidc: fix token revocation by @backport-actions-token in #3818
  • autocert: use atomic pointer to allow nil by @backport-actions-token in #3817
  • identity: fix expired session deletion by @backport-actions-token in #3857
  • postgres: return unknown records instead of skipping them (#3876) by @calebdoxsey in #3877
  • identity: fix nil reference error when there is no authenticator by @backport-actions-token in #3932

Full Changelog: v0.20.0...v0.20.1

Don't miss a new pomerium release

NewReleases is sending notifications on new releases.