Contour Security Release v1.33.5 (GHSA-g3xr-5w5j-w4q4)
0 views
Skip to first unread message
Project Contour
May 28, 2026, 2:38:38 PM (7 days ago) May 28
to Project Contour
Hi all,
We have released Contour v1.33.5 https://github.com/projectcontour/contour/releases/tag/v1.33.5
We have released Contour v1.33.5 https://github.com/projectcontour/contour/releases/tag/v1.33.5
This release fixes a bug where configuring fallback certificate with JWT verification in HTTPProxy allowed requests without TLS SNI or with unrecognized SNI to bypass JWT verification. Contour now rejects this invalid configuration. https://github.com/projectcontour/contour/security/advisories/GHSA-g3xr-5w5j-w4q4
Other security updates:
The Contour team
- Bumps Go to 1.25.10 https://go.dev/doc/devel/release#go1.25.minor
- Bumps golang.org/x/net to v0.55.0 https://github.com/advisories/GHSA-w2q5-6q6x-x959
The Contour team
Reply all
Reply to author
Forward
0 new messages