As mentioned in our pre-announcement yesterday, we have released Pomerium v0.22.2, v0.21.4, v0.20.1, v0.19.2, v0.18.1, and v0.17.4. We recommend all users immediately upgrade.
These patch releases include a CRITICAL security fix to Pomerium Core. In versions prior to v0.22.2, a specially crafted requests could result in incorrect authorization decisions made by Pomerium.
This is CVE-2023-33189 and issue GHSA-pvrc-wvj2-f59p.
Thank you to Alex Bessonov for reporting this issue.
Downloads are immediately available at Github Releases, and Dockerhub for all supported platforms.
