Release v0.19.0
Release Image
| Image | Registry |
|---|---|
projects.registry.vmware.com/pinniped/pinniped-server:v0.19.0
| VMware Harbor |
docker.io/getpinniped/pinniped-server:v0.19.0
| DockerHub |
These images can also be referenced by their digest: sha256:f71d3b973ba111a7b4499a279bf8cdf716e675ab0510645df25969fb2366b209.
Changes
This is a bugfix release for a Pinniped Supervisor bug which could potentially allow a legitimate user to maliciously use their access token to continue their session beyond what proper use of their refresh token might allow.
See GHSA-rp4v-hhm6-rcv9 for more information.
Bug Fixes
- Improve token exchange error messages and error test cases (#1264)
Minor Changes
- Several dependency bumps (#1192, #1193, and #1272). Most notably, the Kubernetes libraries were bumped to v1.25.0 and Golang was bumped to v1.19.0.
A complete list of changes (54 commits, 362 changed files with 16,656 additions and 1,110 deletions) can be found here.