chore(docs): update of OEL changelog by ory-bot · Pull Request #2542 · ory/docs

ory-bot · 2026-05-05T07:04:00Z

Update OEL changelog

Summary by CodeRabbit

Documentation
- Released v26.2.9 changelog documentation across all components with security patches for dependencies
- Kratos v26.2.9 includes enhanced protection against denial-of-service attacks during identity-schema loading with stricter validation limits and improved error detection
- All releases address security vulnerabilities across Go and JavaScript dependencies

coderabbitai · 2026-05-05T07:06:11Z

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: a097f19d-9a2a-4600-9daa-72f8a29b0993

📥 Commits

Reviewing files that changed from the base of the PR and between 1cce770 and 0854cf7.

📒 Files selected for processing (5)

docs/self-hosted/oel/keto/changelog/v26.2.9.md
docs/self-hosted/oel/kratos/changelog/v26.2.9.md
docs/self-hosted/oel/oathkeeper/changelog/v26.2.9.md
docs/self-hosted/oel/oauth2/changelog/v26.2.9.md
docs/self-hosted/oel/polis/changelog/v26.2.9.md

📝 Walkthrough

Walkthrough

Five self-hosted product changelogs are updated to document the v26.2.9 release. Keto, Oathkeeper, OAuth2, and Polis record dependency-security patches; Kratos additionally documents hardened identity-schema loading with validation limits and SSRF-guarded HTTP client attachment.

Changes

Version 26.2.9 Release Documentation

Layer / File(s)	Summary
Kratos: Schema hardening `docs/self-hosted/oel/kratos/changelog/v26.2.9.md` (lines 1-27)	Describes identity-schema loading hardening: pre-parse structural limits (1 MiB size, 32 nesting, 1024 keys/object, 128 array elements, 8192 nodes), rejects $ref resolving to document root, validates regexes early, and attaches an SSRF-guarded HTTP client when fetching schemas outside request context.
Kratos: Dependency notes `docs/self-hosted/oel/kratos/changelog/v26.2.9.md` (lines 28-42)	Adds a “Patch security vulnerabilities in dependencies” section listing bumped/patched Go and Node dependency versions.
Changelog Documentation `docs/self-hosted/oel/keto/changelog/v26.2.9.md`, `docs/self-hosted/oel/oathkeeper/changelog/v26.2.9.md`, `docs/self-hosted/oel/oauth2/changelog/v26.2.9.md`, `docs/self-hosted/oel/polis/changelog/v26.2.9.md`	New v26.2.9 entries documenting dependency-security patch releases and enumerating bumped versions (e.g., `github.com/jackc/pgx/v5` → v5.9.2, `github.com/moby/spdystream` → v0.5.1, `go.opentelemetry.io/otel` → v1.41.0, and several npm package updates).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Suggested reviewers

vinckr
aeneasr
unatasha8
adamwalach

Poem

🐰 Five changelogs bloom with patches fine,
Security hardened, one release line—
Kratos learns caution, schemas constrained,
While dependencies dance, vulnerabilities drained.
Version twenty-six point two point nine,
Makes the whole ecosystem shine! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description 'Update OEL changelog' is vague and lacks detail required by the template, providing no explanation of changes, related issues, or checklist completion status.	Provide a more detailed description explaining the purpose of the changelog updates (dependency security patches), reference relevant issues if applicable, and confirm checklist items.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'chore(docs): update of OEL changelog' is clear and accurately describes the main change—adding changelog documentation for v26.2.9 across multiple OEL components.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Commit unit tests in branch oel-changelog-update

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

Generate code and open pull requests
Plan features and break down work
Investigate incidents and troubleshoot customer tickets together
Automate recurring tasks and respond to alerts with triggers
Summarize progress and report instantly

Built for teams:

Shared memory across your entire org—no repeating context
Per-thread sandboxes to safely plan and execute work
Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

ory-bot requested review from aeneasr, unatasha8 and vinckr as code owners May 5, 2026 07:04

github-actions Bot added the Needs Triage label May 5, 2026

ory-bot self-assigned this May 5, 2026

vercel Bot deployed to Preview May 5, 2026 07:09 View deployment

github-actions Bot removed the Needs Triage label May 5, 2026

chore(docs): update of OEL changelog

0854cf7

ory-bot force-pushed the oel-changelog-update branch from 1cce770 to 0854cf7 Compare May 7, 2026 07:18

vercel Bot deployed to Preview May 7, 2026 07:24 View deployment

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(docs): update of OEL changelog#2542

chore(docs): update of OEL changelog#2542
ory-bot wants to merge 1 commit intomasterfrom
oel-changelog-update

ory-bot commented May 5, 2026 •

edited by coderabbitai Bot

Loading

Uh oh!

coderabbitai Bot commented May 5, 2026 •

edited

Loading

Walkthrough

Changes

Estimated code review effort

Suggested reviewers

Poem

❌ Failed checks (1 warning)

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

ory-bot commented May 5, 2026 • edited by coderabbitai Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary by CodeRabbit

Uh oh!

coderabbitai Bot commented May 5, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Estimated code review effort

Suggested reviewers

Poem

❌ Failed checks (1 warning)

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

ory-bot commented May 5, 2026 •

edited by coderabbitai Bot

Loading

coderabbitai Bot commented May 5, 2026 •

edited

Loading