diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 118a942..db4bb7b 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -12,7 +12,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # ratchet:actions/setup-go@v3
         with:
-          go-version: ">=1.20.4"
+          go-version: ">=1.20.5"
       - name: Test Go
         run: |
           make test
diff --git a/README.md b/README.md
index dd1e8cc..c26c11b 100644
--- a/README.md
+++ b/README.md
@@ -270,7 +270,7 @@ Sessions can be configured with a maximum lifetime with the `session.max-lifetim
 There's also an endpoint that returns metadata about the user's session as a JSON object at `GET /oauth2/session`. This
 endpoint will respond with HTTP status codes on errors:
 
-- `401 Unauthorized` - no session cookie or matching session found
+- `401 Unauthorized` - no session cookie or matching session found, or maximum lifetime reached
 - `500 Internal Server Error` - the session store is unavailable, or Wonderwall wasn't able to process the request
 
 Otherwise, an `HTTP 200 OK` is returned with the metadata with the `application/json` as the `Content-Type`.