diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 00000000..7cd48993
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,47 @@
+name: Release new version
+
+on:
+  push:
+    tags:
+      - v*
+
+jobs:
+
+    build:
+        runs-on: ubuntu-latest
+        container:
+          image: antonengelhardt/rust-docker-tools
+        steps:
+          - name: Checkout code
+            uses: actions/checkout@v3
+
+          - name: Build
+            run: |
+              cargo build --target wasm32-wasi --release
+
+          - name: Archive production artifacts
+            uses: actions/upload-artifact@v2
+            with:
+              name: wasm_oidc_plugin.wasm
+              path: target/wasm32-wasi/release/wasm_oidc_plugin.wasm
+
+    docker-image:
+        runs-on: ubuntu-latest
+
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@v3
+
+            - name: Login
+              uses: docker/login-action@v2
+              with:
+                username: ${{ secrets.DOCKERHUB_USERNAME }}
+                password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+            - name: Push to Docker Hub
+              uses: docker/build-push-action@v2
+              with:
+                context: .
+                push: true
+                tags: antonengelhardt/wasm-oidc-plugin:${{ github.ref }}
+
diff --git a/README.md b/README.md
index c6c4897b..7e787593 100644
--- a/README.md
+++ b/README.md
@@ -10,7 +10,7 @@ This repo is the result of a bachelor thesis in Information Systems. It is inspi
 
 1. **Encryption**: The session in which the authorization state is stored is encrypted using AES-256, by providing a Key in the config and a session-based nonce. This prevents the session from being read by the user and potentially modified. If the user tries to modify the session, the decryption fails and the user is redirected to the `authorization_endpoint` to authenticate again.
 2. **Configuration**: Many configuration options are available to customize the plugin to your needs. More are coming ;)
-3. **No crash during startup**: The plugin does not crash during startup, if the OIDC configuration is not available. Instead, it waits until the configuration is loaded and then starts handling requests by pausing them and resuming them once the configuration is loaded.
+3. **Stability**: The plugin aims to be stable and ready for production. All forceful value unwraps are expected to be valid. If the value may be invalid or in the wrong format, error handling is in place.
 4. **Optional validation**: The plugin can be configured to validate the token or not. If the validation is disabled, the plugin only checks for the presence of the token and passes the request to the backend. This is because the validation is taking a considerable amount of time. This time becomes worse with the length of the signing key. Cryptographic support is not fully mature in WASM yet, but [there is hope](https://github.com/WebAssembly/wasi-crypto/blob/main/docs/HighLevelGoals.md).
 5. **Documentation and comments**: The code is documented and commented, so that it is easy to understand and extend.