- DATE:
- AUTHOR:
- Ory Team
Ory Hydra/Ory Keto/Ory Network v25.4.3 released
Ory Hydra
Stateless JWT Access Token Feature Flag
Ory Hydra introduces feature flags strategies.jwt.stateless.enabled and strategies.jwt.stateless.claim_name to disable database persistence for JWT access tokens. When enabled, Ory Hydra issues self-contained JWTs with a top-level claim indicating stateless mode. Operations requiring token state (introspection, revocation, userinfo) return 501 Not Implemented.
This optimization reduces database load for workloads using JWT access tokens that do not require revocation or introspection. Review the Stateless JWT documentation for configuration guidance.
Internal Fixes
This release also includes internal fixes required for zero-downtime upgrades of future versions. Ory recommends not skipping this version.
Ory Keto
Breaking Change: WebSocket Namespace Watching Removed
Ory Keto no longer supports watching WebSocket URLs (ws://) for legacy namespace configuration. This change affects only the namespaces configuration field when using deprecated legacy namespaces.
To check if your deployment is affected:
keto namespace validate-legacy -c /path/to/keto.ymlMigrate to the Ory Permission Language for namespace configuration. See the migration guide for upgrade steps.
Ory Oathkeeper, Ory Kratos, Ory Polis, Ory Elements
No significant changes in this release.
This release is now available for Ory Network and Ory Enterprise License.