[security] Pomerium v0.22.2, v0.21.4, v0.20.1, v0.19.2, v0.18.1, and v0.17.4 release

bobby · May 26, 2023, 9:38pm

As mentioned in our pre-announcement yesterday, we have released Pomerium v0.22.2, v0.21.4, v0.20.1, v0.19.2, v0.18.1, and v0.17.4. We recommend all users immediately upgrade.

These patch releases include a CRITICAL security fix to Pomerium Core. In versions prior to v0.22.2, a specially crafted requests could result in incorrect authorization decisions made by Pomerium.

This is CVE-2023-33189 and issue GHSA-pvrc-wvj2-f59p.

Thank you to Alex Bessonov for reporting this issue.

Downloads are immediately available at Github Releases, and Dockerhub for all supported platforms.

denis · May 26, 2023, 10:54pm

Upgrading ingress controller:

v0.22.2

kubectl apply -k github.com/pomerium/ingress-controller/config/default\?ref=v0.22.2

v0.21.3 (uses core v0.21.4)

kubectl apply -k github.com/pomerium/ingress-controller/config/default\?ref=v0.21.3

v0.20.1

kubectl apply -k github.com/pomerium/ingress-controller/config/default\?ref=v0.20.1

Topic		Replies	Views
[security] Pomerium v0.22.2, v0.21.4, v0.20.1, v0.19.2, v0.18.1, and v0.17.4 pre-announcement Security	2	469	May 26, 2023
Pomerium v0.16 is here! Announcements	0	272	January 12, 2022
Kubernetes \| Ingress Controller \| v0.18.0 \| Ingress controller is processing non-pomerium ingresses Support k8s	4	500	August 31, 2022
Announcing Pomerium v0.27.1 Announcements	0	17	October 1, 2024
Pomerium large version upgrade Support k8s	1	308	December 21, 2022

[security] Pomerium v0.22.2, v0.21.4, v0.20.1, v0.19.2, v0.18.1, and v0.17.4 release

Related topics