The new SameSite attribute is now enforced on Google Chrome and may cause issues with your current ORY Hydra deployment: `SameSite=None` no longer works without `secure` flag cookies. If you are using the `--dangerous-force-http` flag and have not configured `SameSite=Lax` your users will no longer be able to perform OAuth2 flows. The next FireFox release will follow this implementation as well. To prevent your users from experiencing issues: - Remove `--dangerous-force-http` from your deployment. This flag should never be set outside of local development machines anyways! - Set environment variable `SERVE_COOKIES_SAME_SITE_MODE=Lax` or configuration value `serve.cookies.same_site_mode = Lax`. By applying this release, the above recommendations will be set per default, for example using `Lax` when `--dangerous-force-http` is set. Many of you reached out in the past asking about managed / SaaS offerings from ORY, for more support, automated updates, and automated fixes for issues like the `SameSite` behavior above. We would like to invite those interested in that kind of an offering and service to engage in a dialogue to better help us understand how you are using ORY, what requirements your businesses have and how we can better help and service you. Together, we can shape some of this journey together. If you like to be part of this conversation please send an email to jared@ory.sh so we can get in touch directly and begin talking about what an ideal and fully supported offering from ORY would look like for you. This patch additionally includes a breaking API change for the "Revoke Consent Sessions API endpoint" - please check the breaking changes below. Bugfixes are included in this release as well - such as pretty JSON format logging, fixes to Jaeger configuration, and more!