pocket-id

Bug Fixes

• delete refresh tokens on end-session to prevent reuse after logout (#1458 by @wucm667)
• return 404 status code for .well-known routes if not found (714b5b3 by @stonith404)
• add email_verified to reserved claims list (8b22fca by @stonith404)
• reject unknown PKCE code challenge methods (ce6bdb9 by @stonith404)
• make stream of downloaded logos seekable for S3 checksum calculation (cc9163f by @stonith404)
• scope confirmation wasn't shown if account selection was prompted (272d147 by @stonith404)
• add support for unix socket mode in healthcheck (a712196 by @stonith404)
• restore cross-platform binary builds (7027296 by @stonith404)

Documentation

• update SECURITY.md (bb5a111 by @stonith404)

Features

• delete OAuth refresh token on RP initiated logout (#1480 by @stonith404)
• remove EXIF/XMP metadata from uploaded images (#1477 by @stonith404)
• add support for response_mode=fragment (0c95b7c by @stonith404)
• add support for systemd socket activation (#1479 by @deviant)
• improve design trough the whole application (b3d40a4 by @stonith404)

Other

• update AAGUIDs (#1476 by @github-actions[bot])
• upgrade dependencies (91c2ea2 by @stonith404)
• remove deprecated http2 package (e56dc12 by @stonith404)
• apply go 1.26.0 syntax updated (8ad95b8 by @stonith404)
• delete refresh tokens on end-session to prevent reuse after logout (b27a52a by @stonith404)
• use dependabot for automatic dependency upgrades (b9fdd53 by @stonith404)
• fix invalid schema (e8c398f by @stonith404)
• update AAGUIDs (#1487 by @github-actions[bot])
• use custom Playwright route for callback URL checks (f134247 by @stonith404)
• fix linter issues (bc4f75c by @stonith404)
• don't compare hashes of profile pictures (9ad2bfc by @stonith404)
• run formatter (0616aba by @stonith404)
• use fixed minor version of Go (e046a03 by @stonith404)

Full Changelog: https://github.com/pocket-id/pocket-id/compare/v2.7.0...v2.8.0