v26.2.8

Fix 409 Conflict errors on fresh CockroachDB v26.1 installs

Fresh Hydra installs on CockroachDB v26.1 returned a 409 Conflict: Unable to insert or update resource because a resource with that value exists already error on the first request to /.well-known/jwks.json after running migrations. The error blocked Hydra from auto-generating its JSON Web Key Sets, which in turn prevented OAuth token verification by relying parties.

Only fresh installs are affected. Existing deployments that ran the initial migrations on an earlier CockroachDB version and later upgraded their cluster to v26.1 are not affected, because the problematic behavior happens at migration time rather than at cluster upgrade time. Deployments on PostgreSQL, MySQL, or SQLite are also unaffected.

A new CockroachDB-only migration drops both phantom indexes if they are present. No operator action is required beyond applying migrations.

SSRF protection improvements

Error messages originating from the SSRF protection mechanism no longer leak IP addresses if the hostname resolves to an internal IP address. This prevents SSRF recon through user-supplied URLs and hostnames.

v26.2.8​

Fix 409 Conflict errors on fresh CockroachDB v26.1 installs​

SSRF protection improvements​

Ory Network

v26.2.8

Fix 409 Conflict errors on fresh CockroachDB v26.1 installs

SSRF protection improvements