github pomerium/pomerium v0.22.2

latest release: v0.21.4
one day ago

Security

  • This release fixes a bug whereby specially crafted requests could result in incorrect authorization decisions made by Pomerium. CVE-2023-33189.

What's Changed

  • fix WillHaveCertificateForServerName check to be strict match for derived cert name by @backport-actions-token in #4169
  • improve certificate matching performance by @backport-actions-token in #4188
  • envoy: set re2 limits very high by @backport-actions-token in #4189
  • databroker: sort configs by @backport-actions-token in #4191
  • databroker: fix fast forward by @backport-actions-token in #4194

Full Changelog: v0.22.1...v0.22.2

Don't miss a new pomerium release

NewReleases is sending notifications on new releases.