diff --git a/docs/self-hosted/oel/keto/changelog/v26.2.8.md b/docs/self-hosted/oel/keto/changelog/v26.2.8.md new file mode 100644 index 000000000..03ee1d36a --- /dev/null +++ b/docs/self-hosted/oel/keto/changelog/v26.2.8.md @@ -0,0 +1,6 @@ +## v26.2.8 + +### SSRF protection improvements + +Error messages originating from the SSRF protection mechanism no longer leak IP addresses if the hostname resolves to an internal +IP address. This prevents SSRF recon through user-supplied URLs and hostnames. diff --git a/docs/self-hosted/oel/kratos/changelog/v26.2.8.md b/docs/self-hosted/oel/kratos/changelog/v26.2.8.md new file mode 100644 index 000000000..03ee1d36a --- /dev/null +++ b/docs/self-hosted/oel/kratos/changelog/v26.2.8.md @@ -0,0 +1,6 @@ +## v26.2.8 + +### SSRF protection improvements + +Error messages originating from the SSRF protection mechanism no longer leak IP addresses if the hostname resolves to an internal +IP address. This prevents SSRF recon through user-supplied URLs and hostnames. diff --git a/docs/self-hosted/oel/oathkeeper/changelog/v26.2.8.md b/docs/self-hosted/oel/oathkeeper/changelog/v26.2.8.md new file mode 100644 index 000000000..03ee1d36a --- /dev/null +++ b/docs/self-hosted/oel/oathkeeper/changelog/v26.2.8.md @@ -0,0 +1,6 @@ +## v26.2.8 + +### SSRF protection improvements + +Error messages originating from the SSRF protection mechanism no longer leak IP addresses if the hostname resolves to an internal +IP address. This prevents SSRF recon through user-supplied URLs and hostnames. diff --git a/docs/self-hosted/oel/oauth2/changelog/v26.2.8.md b/docs/self-hosted/oel/oauth2/changelog/v26.2.8.md new file mode 100644 index 000000000..a34f3cc9b --- /dev/null +++ b/docs/self-hosted/oel/oauth2/changelog/v26.2.8.md @@ -0,0 +1,20 @@ +## v26.2.8 + +### Fix 409 Conflict errors on fresh CockroachDB v26.1 installs + +Fresh Hydra installs on CockroachDB v26.1 returned a +`409 Conflict: Unable to insert or update resource because a resource with that value exists already` error on the first request +to `/.well-known/jwks.json` after running migrations. The error blocked Hydra from auto-generating its JSON Web Key Sets, which in +turn prevented OAuth token verification by relying parties. + +**Only fresh installs are affected.** Existing deployments that ran the initial migrations on an earlier CockroachDB version and +later upgraded their cluster to v26.1 are not affected, because the problematic behavior happens at migration time rather than at +cluster upgrade time. Deployments on PostgreSQL, MySQL, or SQLite are also unaffected. + +A new CockroachDB-only migration drops both phantom indexes if they are present. No operator action is required beyond applying +migrations. + +### SSRF protection improvements + +Error messages originating from the SSRF protection mechanism no longer leak IP addresses if the hostname resolves to an internal +IP address. This prevents SSRF recon through user-supplied URLs and hostnames. diff --git a/docs/self-hosted/oel/oel-hydra-image-tags.md b/docs/self-hosted/oel/oel-hydra-image-tags.md index 560e59538..91bd4c27d 100644 --- a/docs/self-hosted/oel/oel-hydra-image-tags.md +++ b/docs/self-hosted/oel/oel-hydra-image-tags.md @@ -1,5 +1,6 @@ | Image Tag | Release Date | | ---------------------------------------- | ------------ | +| 26.2.8 | 2026-04-28 | | 26.2.7 | 2026-04-24 | | 26.2.6 | 2026-04-22 | | 26.2.5 | 2026-04-20 | diff --git a/docs/self-hosted/oel/oel-keto-image-tags.md b/docs/self-hosted/oel/oel-keto-image-tags.md index e1a78a3ef..8203ed3e9 100644 --- a/docs/self-hosted/oel/oel-keto-image-tags.md +++ b/docs/self-hosted/oel/oel-keto-image-tags.md @@ -1,5 +1,6 @@ | Image Tag | Release Date | | ---------------------------------------- | ------------ | +| 26.2.8 | 2026-04-28 | | 26.2.7 | 2026-04-24 | | 26.2.6 | 2026-04-22 | | 26.2.5 | 2026-04-20 | diff --git a/docs/self-hosted/oel/oel-kratos-image-tags.md b/docs/self-hosted/oel/oel-kratos-image-tags.md index 958f0dde2..39665bcdb 100644 --- a/docs/self-hosted/oel/oel-kratos-image-tags.md +++ b/docs/self-hosted/oel/oel-kratos-image-tags.md @@ -1,5 +1,6 @@ | Image Tag | Release Date | | ---------------------------------------- | ------------ | +| 26.2.8 | 2026-04-28 | | 26.2.7 | 2026-04-24 | | 26.2.6 | 2026-04-22 | | 26.2.5 | 2026-04-20 | diff --git a/docs/self-hosted/oel/oel-oathkeeper-image-tags.md b/docs/self-hosted/oel/oel-oathkeeper-image-tags.md index 33576fe6c..065bba49e 100644 --- a/docs/self-hosted/oel/oel-oathkeeper-image-tags.md +++ b/docs/self-hosted/oel/oel-oathkeeper-image-tags.md @@ -1,5 +1,6 @@ | Image Tag | Release Date | | ---------------------------------------- | ------------ | +| 26.2.8 | 2026-04-28 | | 26.2.7 | 2026-04-24 | | 26.2.6 | 2026-04-22 | | 26.2.5 | 2026-04-20 | diff --git a/docs/self-hosted/oel/oel-polis-image-tags.md b/docs/self-hosted/oel/oel-polis-image-tags.md index 7951a171a..b368d29fd 100644 --- a/docs/self-hosted/oel/oel-polis-image-tags.md +++ b/docs/self-hosted/oel/oel-polis-image-tags.md @@ -1,5 +1,6 @@ | Image Tag | Release Date | | ---------------------------------------- | ------------ | +| 26.2.8 | 2026-04-28 | | 26.2.7 | 2026-04-24 | | 26.2.6 | 2026-04-22 | | 26.2.5 | 2026-04-20 | diff --git a/docs/self-hosted/oel/polis/changelog/v26.2.8.md b/docs/self-hosted/oel/polis/changelog/v26.2.8.md new file mode 100644 index 000000000..bc1fe3e95 --- /dev/null +++ b/docs/self-hosted/oel/polis/changelog/v26.2.8.md @@ -0,0 +1 @@ +No changelog entries found for polis/oel in versions v26.2.8