[security] Pomerium v0.10.3 is released

9 views
Skip to first unread message

b...@pomerium.com

unread,
Sep 11, 2020, 6:53:05 PM9/11/20
to pomerium-announce
We have just released Pomerium v0.10.3, a patch release that fixes several bugs and addresses a potential security issue. 

Prior to this patch, when Kubernetes API requests were proxied, Impersonate-* headers were not being stripped which could result in potential header injection. We recommend that all affected users update to this release.

Please review the upgrade guide and changelog for a complete list of changes and improvements.

You can download binary and source distributions from github. Or you can pull the v0.10.3 container image from dockerhub.

Thanks to Manatsawin Hanmongkolchai for reporting this issue. 

Best,
Bobby
Reply all
Reply to author
Forward
0 new messages