Skip to content

v0.19.0
Compare
Choose a tag to compare
@pinniped-ci-bot pinniped-ci-bot released this 26 Aug 20:07
v0.19.0
a5ac710

Release v0.19.0

Release Image

Image Registry
ghcr.io/vmware-tanzu/pinniped/pinniped-server:v0.19.0 GitHub Container Registry
docker.io/getpinniped/pinniped-server:v0.19.0 DockerHub

These images can also be referenced by their digest: sha256:f71d3b973ba111a7b4499a279bf8cdf716e675ab0510645df25969fb2366b209.

Changes

This is a bugfix release for a Pinniped Supervisor bug which could potentially allow a legitimate user to maliciously use their access token to continue their session beyond what proper use of their refresh token might allow.

See GHSA-rp4v-hhm6-rcv9 for more information.

Bug Fixes

  • Improve token exchange error messages and error test cases (#1264)

Minor Changes

  • Several dependency bumps (#1192, #1193, and #1272). Most notably, the Kubernetes libraries were bumped to v1.25.0 and Golang was bumped to v1.19.0.

Diffs

A complete list of changes (54 commits, 362 changed files with 16,656 additions and 1,110 deletions) can be found here.

Updates

The attached yaml files were updated on May 6, 2024 to use ghcr.io/vmware-tanzu/pinniped/pinniped-server instead of projects.registry.vmware.com/pinniped/pinniped-server.

Assets 10
Loading