-
released this
2026-07-13 12:16:16 +03:00 | 0 commits to main since this release📅 Originally published on GitHub: Mon, 13 Jul 2026 09:21:14 GMT
🏷️ Git tag created: Mon, 13 Jul 2026 09:16:16 GMTBug Fixes
- postgres migration 20250822 remove public schema references (#1582 by @MarcoScabbiolo)
- allow insecure callback URLs by default until next major release (d9ead47 by @stonith404)
- sort signup tokens by creation date explicitly (77398a5 by @stonith404)
- login code mobile ux (#1584 by @James18232)
INTERNAL_APP_URLnot reflected in UI URLs (316cf47 by @stonith404)- ignore tab URL hashes in navigation history (a3f27ec by @stonith404)
- block link-local addresses in SSRF protection (9714296 by @stonith404)
Features
- add support for CIDR and IP address lists in
TRUST_PROXY(187cd8d by @stonith404)
Other
- manage instance ID in the KV table (#1579 by @ItalyPaleAle)
- Bump the "all-dependencies" group with 3 updates across multiple ecosystems (#1578 by @dependabot[bot])
- remove low demand issue closer (bb03660 by @stonith404)
Full Changelog: https://github.com/pocket-id/pocket-id/compare/v2.10.0...v2.11.0
Downloads
-
released this
2026-07-10 18:08:11 +03:00 | 15 commits to main since this release📅 Originally published on GitHub: Fri, 10 Jul 2026 15:18:27 GMT
🏷️ Git tag created: Fri, 10 Jul 2026 15:08:11 GMTFeatures
- upgrade shadcn components (80509c8 by @stonith404)
- add ability to skip consent for client (d467855 by @stonith404)
- prompt admin with PKCE client support hint (#1499 by @James18232)
- login code input boxes (#1545 by @James18232)
- drop TOFU support for callback URL (931a6c2 by @stonith404)
- add OAuth APIs with scoped permissions (#1542 by @stonith404)
- add support for unencrypted OIDC request parameter (25dcad7 by @stonith404)
- add description field to oidc clients (#1547 by @seanmckenzie428)
- add tab bar navigation for crowded pages (28a553f by @stonith404)
Bug Fixes
- login code null submission and login code length check (#1512 by @James18232)
- various bugs in observability / OTel (#1564 by @ItalyPaleAle)
- /authorize endpoint crashes when list of scopes is empty (#1575 by @ItalyPaleAle)
- mobile layout improvements (2910c51 by @stonith404)
Documentation
- add link to API docs (968d072 by @stonith404)
- fix wrong OpenAPI documentation (da3677f by @stonith404)
Other
- close low-demand feature requests (35987b9 by @stonith404)
- Bump the "all-dependencies" group with 2 updates across multiple ecosystems (#1528 by @dependabot[bot])
- fix locators after shadcn upgrade (dbbe2a4 by @stonith404)
- use fosite for OAuth 2.0 logic (#1520 by @stonith404)
- wrap last two migrations into transaction (cf9a319 by @stonith404)
- remove dead code (519cda0 by @stonith404)
- update vulnerable dependencies (e538ea0 by @stonith404)
- fix flaky test (7eaaea7 by @stonith404)
- add AGENTS.md (d0243fe by @stonith404)
- use goreleaser for binaries and static image builds (#1478 by @kmendell)
- add support for Docker Hub (99ab38d by @stonith404)
- remove static next image tag (49305ed by @stonith404)
- don't build unnecessary binaries for
nextimage (4b957a0 by @stonith404) - change Depot project (cdc2374 by @stonith404)
- don't tag
nextimage with current version (cf54786 by @stonith404) - add exempt user to PR quality checks (254ae88 by @stonith404)
- migrate API key functionality to single
apikeymodule (9fce987 by @stonith404) - migrate Webauthn functionality to single
webauthnmodule (58fcf7c by @stonith404) - migrate signup functionality to single
usersignupmodule (ecad31c by @stonith404) - make API key renewal date picker navigation date-independent (#1560 by @ItalyPaleAle)
- integrate Francis actor framework for background jobs, cron scheduling, and rate limiting (#1556 by @ItalyPaleAle)
- Bump the "all-dependencies" group with 3 updates across multiple ecosystems (#1563 by @dependabot[bot])
- use go-kit for sending emails (#1565 by @ItalyPaleAle)
- update AAGUIDs (#1567 by @github-actions[bot])
- move Pocket ID specific logic from Fosite into Pocket ID repo (9a94aa0 by @stonith404)
- update Fosite version (337fc6f by @stonith404)
- pass transaction to
resolveResource(7667377 by @stonith404) - remove redundant dtos (fa2d08c by @stonith404)
- rename migrations (c72da58 by @stonith404)
- remove duplicate fosite config properties (190914f by @stonith404)
- fix migration version in
database.json(a5f2192 by @stonith404) - fix wrong migration name (ce7d3a7 by @stonith404)
- run formatter (59a6868 by @stonith404)
- upgrade go version (f62d476 by @stonith404)
Full Changelog: https://github.com/pocket-id/pocket-id/compare/v2.9.0...v2.10.0
Downloads
-
released this
2026-06-16 13:28:24 +03:00 | 83 commits to main since this release📅 Originally published on GitHub: Tue, 16 Jun 2026 10:33:10 GMT
🏷️ Git tag created: Tue, 16 Jun 2026 10:28:24 GMTBug Fixes
- issues with loading new font (#1496 by @MelvinSnijders)
- PAR parameters not respected by authorize page (3d9d4de by @stonith404)
- add responsive css for api/user/group/client page add buttons (#1508 by @James18232)
- load Gloock font from static path instead of inline (89b4abb by @stonith404)
- update terminology from public key code exchange to proof key co… (#1515 by @maxwassiljew)
- callback URL validation not validated if prompt=none (8a75774 by @stonith404)
- passkey card not rounded (84678c3 by @stonith404)
Documentation
- add AI Usage Policy to CONTRIBUTING.md (fea933b by @stonith404)
- add PR template (bf9f76b by @stonith404)
- add "needs more upvotes" label as default (fc42f62 by @stonith404)
- fix link to watchtower repo (#1500 by @wollew)
Features
- add support for Pushed Authorization Requests (RFC9126) (#1404 by @Zenithar)
Other
- fix linter issues (4f97cd4 by @stonith404)
- update AAGUIDs (#1511 by @github-actions[bot])
- run svelte check and unit tests in breaking branches (83b45f6 by @stonith404)
- run formatter (2726ddd by @stonith404)
- bump vite from 8.0.13 to 8.0.16 (#1521 by @dependabot[bot])
- npm dependabot not run from root (c0d96a0 by @stonith404)
- fix wrong assertion (effd2a1 by @stonith404)
- Bump the "all-dependencies" group with 4 updates across multiple ecosystems (#1523 by @dependabot[bot])
Full Changelog: https://github.com/pocket-id/pocket-id/compare/v2.8.0...v2.9.0
Downloads
-
released this
2026-05-31 21:04:59 +03:00 | 107 commits to main since this release📅 Originally published on GitHub: Sun, 31 May 2026 18:09:57 GMT
🏷️ Git tag created: Sun, 31 May 2026 18:04:59 GMTBug Fixes
- delete refresh tokens on end-session to prevent reuse after logout (#1458 by @wucm667)
- return 404 status code for
.well-knownroutes if not found (714b5b3 by @stonith404) - add
email_verifiedto reserved claims list (8b22fca by @stonith404) - reject unknown PKCE code challenge methods (ce6bdb9 by @stonith404)
- make stream of downloaded logos seekable for S3 checksum calculation (cc9163f by @stonith404)
- scope confirmation wasn't shown if account selection was prompted (272d147 by @stonith404)
- add support for unix socket mode in healthcheck (a712196 by @stonith404)
- restore cross-platform binary builds (7027296 by @stonith404)
Documentation
- update SECURITY.md (bb5a111 by @stonith404)
Features
- delete OAuth refresh token on RP initiated logout (#1480 by @stonith404)
- remove EXIF/XMP metadata from uploaded images (#1477 by @stonith404)
- add support for
response_mode=fragment(0c95b7c by @stonith404) - add support for systemd socket activation (#1479 by @deviant)
- improve design trough the whole application (b3d40a4 by @stonith404)
Other
- update AAGUIDs (#1476 by @github-actions[bot])
- upgrade dependencies (91c2ea2 by @stonith404)
- remove deprecated http2 package (e56dc12 by @stonith404)
- apply go 1.26.0 syntax updated (8ad95b8 by @stonith404)
- delete refresh tokens on end-session to prevent reuse after logout (b27a52a by @stonith404)
- use dependabot for automatic dependency upgrades (b9fdd53 by @stonith404)
- fix invalid schema (e8c398f by @stonith404)
- update AAGUIDs (#1487 by @github-actions[bot])
- use custom Playwright route for callback URL checks (f134247 by @stonith404)
- fix linter issues (bc4f75c by @stonith404)
- don't compare hashes of profile pictures (9ad2bfc by @stonith404)
- run formatter (0616aba by @stonith404)
- use fixed minor version of Go (e046a03 by @stonith404)
Full Changelog: https://github.com/pocket-id/pocket-id/compare/v2.7.0...v2.8.0
Downloads
-
released this
2026-05-11 19:06:09 +03:00 | 137 commits to main since this release📅 Originally published on GitHub: Mon, 11 May 2026 16:17:22 GMT
🏷️ Git tag created: Mon, 11 May 2026 16:06:09 GMTBug Fixes
- add
_FILEsupport forS3_SECRET_ACCESS_KEY_FILEenv var (#1452 by @ItalyPaleAle) - invalidate cache when changing image (#1462 by @GameTec-live)
- fall back to Basic auth when PKCE puts client_id in body (#1466 by @mgabor3141)
Documentation
- add missing /api prefix to app config swagger routes (#1454 by @aclerici38)
Features
- add support for response_mode=form_post (#1360 by @Johnwulp)
- add support for "select_account" prompt (#1453 by @ItalyPaleAle)
Other
- add script to update deps (f9f93f0 by @stonith404)
- upgrade dependencies (20df033 by @stonith404)
- post dependency upgrade fixes (e33a9b8 by @stonith404)
- migrate github actions runners to depot runners (#1329 by @kmendell)
- fix caching of ldap-cli e2e tests docker build (#1457 by @kmendell)
- fix incorrect container name variable (5c7e5f6 by @kmendell)
Full Changelog: https://github.com/pocket-id/pocket-id/compare/v2.6.2...v2.7.0
Downloads
- add
-
released this
2026-04-22 00:47:45 +03:00 | 153 commits to main since this release📅 Originally published on GitHub: Tue, 21 Apr 2026 22:02:47 GMT
🏷️ Git tag created: Tue, 21 Apr 2026 21:47:45 GMTBug Fixes
- return correct byte count in HEAD request writer (#1443 by @ahampal)
- improve keyboard navigation and screen-reader labels (#1445 by @bjoernch)
Other
- upgrade to vite 8.0 and pnpm 10.33.0 (#1446 by @kmendell)
Full Changelog: https://github.com/pocket-id/pocket-id/compare/v2.6.1...v2.6.2
Downloads
-
released this
2026-04-21 20:10:30 +03:00 | 158 commits to main since this release📅 Originally published on GitHub: Tue, 21 Apr 2026 17:25:57 GMT
🏷️ Git tag created: Tue, 21 Apr 2026 17:10:30 GMTBug Fixes
- restore login screen background from not showing up (975d3c7 by @kmendell)
Other
- ignore webauthn type for swagger generation (ce4b89d by @kmendell)
- update golangci-lint (#1440 by @ItalyPaleAle)
- Add catalan language (#1436 by @mcasellas)
Full Changelog: https://github.com/pocket-id/pocket-id/compare/v2.6.0...v2.6.1
Downloads
-
released this
2026-04-19 23:48:47 +03:00 | 164 commits to main since this release📅 Originally published on GitHub: Sun, 19 Apr 2026 21:04:42 GMT
🏷️ Git tag created: Sun, 19 Apr 2026 20:48:47 GMTBug Fixes
- disable callback URLs with protocols "javascript" and "data" (#1397 by @ItalyPaleAle)
- strip Root prefix from S3 List() returned paths (#1413 by @vtmocanu)
- use valid Tailwind v4 transition class for auth animation squares (#1415 by @CoolShades)
- resolve posixGroup memberUid as bare usernames (#1422 by @gucong3000)
- prevent flickering if no background image is set on login page (027e6f0 by @stonith404)
- improve form input layout if description next to it is multi col (9ec4683 by @stonith404)
- access token renewal bypasses important checks (978ac87 by @stonith404)
Features
- add ability to revoke passkeys of users as admin (#1386 by @jose-d)
- add auth method claim (
amr) to tokens (#1433 by @stonith404) - add TLS support for HTTP/2 server (#1429 by @IngmarStein)
- add OpenID Connect
promptParameter Handling (#1299 by @rjaakke) - return not found. on
/setupif already completed (444f7ff by @stonith404)
Other
- update AAGUIDs (#1403 by @github-actions[bot])
- upgrade dependencies (f8f7222 by @stonith404)
- combobox not closed in e2e test (fbdb93f by @stonith404)
- Security upgrade alpine from latest to 3.23.4 (#1431 by @stonith404)
- security upgrade alpine from latest to 3.23.4 (#1432 by @stonith404)
- add Catalan language files (4f09de2 by @stonith404)
- reduce complexity of
ValidateEnvConfigandinitRouter(a0cb574 by @stonith404) - pass context to
shutdownServer(ff26c42 by @stonith404)
Full Changelog: https://github.com/pocket-id/pocket-id/compare/v2.5.0...v2.6.0
Downloads
-
released this
2026-03-26 21:15:22 +03:00 | 188 commits to main since this release📅 Originally published on GitHub: Thu, 26 Mar 2026 18:30:59 GMT
🏷️ Git tag created: Thu, 26 Mar 2026 18:15:22 GMTBug Fixes
- better error messages when there's another instance of Pocket ID running (#1370 by @ItalyPaleAle)
- move tooltip inside of form input to prevent shifting (#1369 by @GameTec-live)
- derive LDAP admin access from group membership (#1374 by @kmendell)
- avoid fmt.Sprintf on custom GeoLiteDBUrl without %s placeholder (#1384 by @choyri)
- show a warning when SQLite DB is stored on NFS/SMB/FUSE (#1381 by @ItalyPaleAle)
- empty background restore after reboot (#1379 by @taoso)
- allow one-char username on signup (#1378 by @taoso)
- separate querying LDAP and updating DB during sync (#1371 by @ItalyPaleAle)
Features
- allow use of svg, png, and ico images types for favicon (#1289 by @taoso)
- allow clearing background image (#1290 by @taoso)
- add
token_endpoint_auth_methods_supportedto.well-known(#1388 by @owenvoke) - add TRUSTED_PLATFORM environment variable for gin (#1372 by @choyri)
Other
- add pr quality action (e3905cf by @stonith404)
- bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /backend in the go_modules group across 1 directory (#1391 by @dependabot[bot])
- Improve Latvian translations in lv.json (#1382 by @Raito00)
- ignore linter on app image bootstrap (5251cd9 by @kmendell)
- upgrade dependencies (e7e0176 by @kmendell)
- upgrade dependencies (3c42a71 by @kmendell)
Full Changelog: https://github.com/pocket-id/pocket-id/compare/v2.4.0...v2.5.0
Downloads
-
released this
2026-03-07 20:36:42 +03:00 | 209 commits to main since this release📅 Originally published on GitHub: Sat, 07 Mar 2026 17:51:41 GMT
🏷️ Git tag created: Sat, 07 Mar 2026 17:36:42 GMTBug Fixes
- improve wildcard matching by using
go-urlpattern(#1332 by @stonith404) - federated client credentials not working if sub ≠ client_id (#1342 by @ItalyPaleAle)
- handle IPv6 addresses in callback URLs (#1355 by @ItalyPaleAle)
- wildcard callback URLs blocked by browser-native URL validation (#1359 by @Copilot)
- one-time-access-token route should get user ID from URL only (#1358 by @ItalyPaleAle)
- various fixes in background jobs (#1362 by @ItalyPaleAle)
- use URL keyboard type for callback URL inputs (a675d07 by @stonith404)
Features
- allow first name and display name to be optional (#1288 by @taoso)
Other
- bump svelte from 5.53.2 to 5.53.5 in the npm_and_yarn group across 1 directory (#1348 by @dependabot[bot])
- bump @sveltejs/kit from 2.53.0 to 2.53.3 in the npm_and_yarn group across 1 directory (#1349 by @dependabot[bot])
- update AAGUIDs (#1354 by @github-actions[bot])
- add Português files (01141b8 by @kmendell)
- add Latvian files (e0fc4cc by @kmendell)
- fix wrong seed data (e7bd66d by @stonith404)
- fix wrong seed data in
database.json(f4eb8db by @stonith404)
Performance Improvements
- frontend performance optimizations (#1344 by @ItalyPaleAle)
Full Changelog: https://github.com/pocket-id/pocket-id/compare/v2.3.0...v2.4.0
Downloads
- improve wildcard matching by using
mirror of
https://github.com/pocket-id/pocket-id.git
synced 2026-07-15 21:48:13 +03:00