Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

Pomerium v0.27.1 is released!

12 views
Skip to first unread message

c...@pomerium.com

unread,
Oct 1, 2024, 6:36:25 PM10/1/24
to pomerium-announce

Pomerium v0.27.1 is here to address a security vulnerability and several bug fixes.


Overall:

  • We fixed a security vulnerability affecting the internal API. This affected only Pomerium Enterprise and Pomerium Zero deployments utilizing service accounts.


Core

  • Security: We've added additional validation checks for gRPC API authorization.

  • Standardized: The user info dashboard page (at URL path /.pomerium/) now provides user info also for the programmatic access flow.


Enterprise 

  • Security: We've restricted the debug "DataBroker Browser" page to users with global admin privileges.

  • Fixed: 

    • ID sync correction: Our user info dashboard page now correctly displays group membership info for Pomerium Enterprise deployments with directory sync configured.

    • Can now be used: Previously, the Kubernetes service account token route setting could be seen in the UI, but couldn't be used.

    • Rollbacks: We've fixed the database migration command to keep the schema version metadata in sync when rolling back to a previous schema version.


Please view the Core and Enterprise changelogs for more information and make sure to address any necessary changes to your configuration before upgrading.


Big thank you to all our users, and to everyone who contributed to this release!


Best,

Pomerium Team

Reply all
Reply to author
Forward
0 new messages