Kong incident

OIDC tls_client_auth_ssl_verify field defaulted to `false` for new updates not explicitly setting the property

Notice Resolved View vendor source →
Started
Apr 09, 2026, 06:06 PM UTC
Resolved
Apr 09, 2026, 06:06 PM UTC
Duration
Detected by Pingoru
Apr 09, 2026, 06:06 PM UTC

Affected components

Kong Konnect Cloud

Update timeline

  1. resolved Apr 09, 2026, 06:06 PM UTC

    Customers running 3.13 and below who use the OIDC plugin with `tls_client_auth_ssl_verify` unset would have seen this value change to `false` if they updated the config after the rollback of new defaults following the 3.14 release. The rollback incorrectly flipped the oidc plugin tls_client_auth_ssl_verify to false as a default, which was not one of the items recently switched to default true and has instead been defaulted true for some time. We have rolled out a fix to prod to change this default back to true. Updates to the OIDC plugin should once again keep this value set to true if not specifically defined.

Looking to track Kong downtime and outages?

Pingoru polls Kong's status page every 5 minutes and alerts you the moment it reports an issue — before your customers do.

  • Real-time alerts when Kong reports an incident
  • Email, Slack, Discord, Microsoft Teams, and webhook notifications
  • Track Kong alongside 5,000+ providers in one dashboard
  • Component-level filtering
  • Notification groups + maintenance calendar
Start monitoring Kong for free

5 free monitors · No credit card required