Releases: pomerium/pomerium
Releases · pomerium/pomerium
v0.21.3
v0.21.2
Changelog
v0.21.2 (2023-02-23)
Changed
- authenticate: fix identity provider id in encrypted query string #4011 (@backport-actions-token[bot])
- authenticate: fix callback handler for split mode #4010 (@backport-actions-token[bot])
- authenticate: don't require a session for sign_out #4009 (@backport-actions-token[bot])
- authenticate: fix authenticate_internal_service_url for all in one #4005 (@backport-actions-token[bot])
- derivecert: fix ecdsa code to be deterministic #3991 (@backport-actions-token[bot])
- fix webauthn url #3988 (@backport-actions-token[bot])
- webauthn: only return known device credentials that match the given type #3987 (@backport-actions-token[bot])
v0.21.1
What's Changed
- authenticate: save the session cookie with a different name by @calebdoxsey in #3984
- lua: fix rewrite response headers to handle dashes in URLs by @calebdoxsey in #3986
Full Changelog: v0.21.0...v0.21.1
Contributors
calebdoxsey
Assets 11
v0.21.0
Changelog
v0.21.0 (2023-02-09)
Changed
- docker: switch to debian #3939 (@backport-actions-token[bot])
- identity: fix nil reference error when there is no authenticator #3933 (@backport-actions-token[bot])
- authenticate: always trust the passed in idp #3931 (@backport-actions-token[bot])
- add google cloud creds to ignore #3907 (@backport-actions-token[bot])
- tls_derive: rename for consistency #3905 (@wasaga)
- envoyconfig: clean up filter chain construction #3844 (@calebdoxsey)
- use tlsClientConfig instead of custom dialer #3830 (@wasaga)
- controlplane: remove gorilla handlers dependency #3813 (@calebdoxsey)
- events: remove xds configuraton update #3792 (@wasaga)
Breaking
- proxy: add userinfo and webauthn endpoints #3755 (@calebdoxsey)
- remove forward auth #3628 (@calebdoxsey)
New
- scripts: update get-envoy script to download all binaries #3886 (@calebdoxsey)
- explicitly list gRPC services accessible via the gRPC listener #3879 (@wasaga)
- authenticate: add additional error details for hmac errors #3878 (@calebdoxsey)
- auto tls #3856 (@wasaga)
- mTLS: allow gRPC TLS for all in one #3854 (@wasaga)
- authorize: log check() error #3846 (@wasaga)
- config: add support for extended TCP route URLs #3845 (@calebdoxsey)
- derive CA from pre-shared key #3815 (@wasaga)
- httputil: ignore errors < 400 #3781 (@calebdoxsey)
- authenticate: implement hpke-based login flow #3779 (@calebdoxsey)
- identity: add identity profile #3777 (@calebdoxsey)
- urlutil: add time validation functions #3776 (@calebdoxsey)
- httputil: add cookie chunker #3775 (@calebdoxsey)
- config: add option for tls renegotiation #3773 (@calebdoxsey)
- hpke: add HPKE key to JWKS endpoint #3762 (@calebdoxsey)
- hpke: add hpke package #3761 (@calebdoxsey)
Fixed
- config: add missing options #3882 (@calebdoxsey)
- postgres: return unknown records instead of skipping them #3876 (@calebdoxsey)
- config: use insecure skip verify if derived certificates are not used #3861 (@calebdoxsey)
- config: generate derived certificates instead of self-signed certificates #3860 (@calebdoxsey)
- identity: fix expired session deletion #3855 (@calebdoxsey)
- proxy: fix sign out redirect #3827 (@calebdoxsey)
- dashboard: fix missing avatar and logout menu #3819 (@calebdoxsey)
- autocert: use atomic pointer to allow nil #3816 (@calebdoxsey)
- webauthn: require session when accessing /.pomerium/webauthn #3814 (@calebdoxsey)
- oidc: fix token revocation #3810 (@calebdoxsey)
- jwt: require logged in user to return .pomerium/jwt #3807 (@calebdoxsey)
- storage: ignore removed fields when deserializing the data #3768 (@wasaga)
Dependency
- chore(deps): bump debian from
7ca0fecto12931ad#3904 (@dependabot[bot]) - chore(deps): bump distroless/base from
8ee3d86to9eeffdc#3903 (@dependabot[bot]) - chore(deps): bump golang from 1.19.4-buster to 1.19.5-buster #3902 (@dependabot[bot])
- chore(deps): bump alpine from
8914eb5tof271e74#3901 (@dependabot[bot]) - chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.18.7 to 1.18.8 #3900 (@dependabot[bot])
- chore(deps): bump github.com/minio/minio-go/v7 from 7.0.46 to 7.0.47 #3899 (@dependabot[bot])
- chore(deps): bump github.com/open-policy-agent/opa from 0.47.4 to 0.48.0 #3898 (@dependabot[bot])
- chore(deps): bump google.golang.org/api from 0.105.0 to 0.107.0 #3897 (@dependabot[bot])
- chore(deps): bump actions/setup-python from 4.4.0 to 4.5.0 #3896 (@dependabot[bot])
- chore(deps): bump mikefarah/yq from 4.30.6 to 4.30.8 #3895 (@dependabot[bot])
- chore(deps): bump docker/build-push-action from 3.2.0 to 3.3.0 #3894 (@dependabot[bot])
- chore(deps): bump google.golang.org/grpc from 1.51.0 to 1.52.0 #3893 (@dependabot[bot])
- chore(deps): bump distroless/base from
8848703to8ee3d86#3874 (@dependabot[bot]) - chore(deps): bump golang.org/x/crypto from 0.4.0 to 0.5.0 #3873 (@dependabot[bot])
- chore(deps): bump actions/download-artifact from 3.0.1 to 3.0.2 #3872 (@dependabot[bot])
- chore(deps): bump actions/upload-artifact from 3.1.1 to 3.1.2 #3871 (@dependabot[bot])
- chore(deps): bump actions/cache from 3.2.2 to 3.2.3 #3870 (@dependabot[bot])
- chore(deps): bump actions/setup-node from 3.5.1 to 3.6.0 #3869 (@dependabot[bot])
- chore(deps): bump github.com/coreos/go-oidc/v3 from 3.4.0 to 3.5.0 #3868 (@dependabot[bot])
- chore(deps): bump actions/checkout from 3.2.0 to 3.3.0 #3867 (@dependabot[bot])
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.29.6 to 1.30.0 #3866 (@dependabot[bot])
- chore(deps): bump golang.org/x/oauth2 from 0.3.0 to 0.4.0 #3865 (@dependabot[bot])
- chore(deps): bump github.com/minio/minio-go/v7 from 7.0.45 to 7.0.46 #3864 (@dependabot[bot])
- chore(deps): bump golang.org/x/net from 0.4.0 to 0.5.0 #3863 (@dependabot[bot])
- chore(deps): bump luxon from 2.3.0 to 2.5.2 in /ui #3862 (@dependabot[bot])
- chore(deps): bump json5 from 2.2.0 to 2.2.3 in /ui #3853 (@dependabot[bot])
- chore(deps): bump actions/stale from 6.0.1 to 7.0.0 #3852 (@dependabot[bot])
- chore(deps): bump actions/cache from 3.0.11 to 3.2.2 #3851 (@dependabot[bot])
- chore(deps): bump github.com/prometheus/procfs from 0.8.0 to 0.9.0 #3850 (@dependabot[bot])
- chore(deps): bump github.com/shirou/gopsutil/v3 from 3.22.11 to 3.22.12 #3849 (@dependabot[bot])
- chore(deps): bump github.com/rs/cors from 1.8.2 to 1.8.3 #3848 (@dependabot[bot])
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.29.5 to 1.29.6 #3847 (@dependabot[bot])
- chore(deps): bump golang from
e464bb0to7c97bae#3843 (@dependabot[bot]) - chore(deps): bump distroless/base from
9283685to8848703#3842 (@dependabot[bot]) - chore(deps): bump debian from
880aa5fto7ca0fec#3841 (@dependabot[bot]) - chore(deps): bump google.golang.org/api from 0.104.0 to 0.105.0 #3840 (@dependabot[bot])
- chore(deps): bump github.com...
Contributors
calebdoxsey, wasaga, and dependabot
Assets 11
v0.21.0-rc2
Full Changelog: v0.21.0-rc1...v0.21.0-rc2
v0.21.0-rc1
Changelog
v0.21.0 (2023-01-18)
Breaking
- proxy: add userinfo and webauthn endpoints #3755 (@calebdoxsey)
- remove forward auth #3628 (@calebdoxsey)
New
- scripts: update get-envoy script to download all binaries #3886 (@calebdoxsey)
- authenticate: add additional error details for hmac errors #3878 (@calebdoxsey)
- config: add support for extended TCP route URLs #3845 (@calebdoxsey)
- authenticate: implement hpke-based login flow #3779 (@calebdoxsey)
- identity: add identity profile #3777 (@calebdoxsey)
- urlutil: add time validation functions #3776 (@calebdoxsey)
- httputil: add cookie chunker #3775 (@calebdoxsey)
- config: add option for tls renegotiation #3773 (@calebdoxsey)
- hpke: add HPKE key to JWKS endpoint #3762 (@calebdoxsey)
- hpke: add hpke package #3761 (@calebdoxsey)
Fixed
- config: add missing options #3882 (@calebdoxsey)
- postgres: return unknown records instead of skipping them #3876 (@calebdoxsey)
- config: use insecure skip verify if derived certificates are not used #3861 (@calebdoxsey)
- config: generate derived certificates instead of self-signed certificates #3860 (@calebdoxsey)
- identity: fix expired session deletion #3855 (@calebdoxsey)
- proxy: fix sign out redirect #3827 (@calebdoxsey)
- dashboard: fix missing avatar and logout menu #3819 (@calebdoxsey)
- autocert: use atomic pointer to allow nil #3816 (@calebdoxsey)
- webauthn: require session when accessing /.pomerium/webauthn #3814 (@calebdoxsey)
- oidc: fix token revocation #3810 (@calebdoxsey)
- jwt: require logged in user to return .pomerium/jwt #3807 (@calebdoxsey)
- storage: ignore removed fields when deserializing the data #3768 (@wasaga)
Dependency
- chore(deps): bump debian from
7ca0fecto12931ad#3904 (@dependabot[bot]) - chore(deps): bump distroless/base from
8ee3d86to9eeffdc#3903 (@dependabot[bot]) - chore(deps): bump golang from 1.19.4-buster to 1.19.5-buster #3902 (@dependabot[bot])
- chore(deps): bump alpine from
8914eb5tof271e74#3901 (@dependabot[bot]) - chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.18.7 to 1.18.8 #3900 (@dependabot[bot])
- chore(deps): bump github.com/minio/minio-go/v7 from 7.0.46 to 7.0.47 #3899 (@dependabot[bot])
- chore(deps): bump github.com/open-policy-agent/opa from 0.47.4 to 0.48.0 #3898 (@dependabot[bot])
- chore(deps): bump google.golang.org/api from 0.105.0 to 0.107.0 #3897 (@dependabot[bot])
- chore(deps): bump actions/setup-python from 4.4.0 to 4.5.0 #3896 (@dependabot[bot])
- chore(deps): bump mikefarah/yq from 4.30.6 to 4.30.8 #3895 (@dependabot[bot])
- chore(deps): bump docker/build-push-action from 3.2.0 to 3.3.0 #3894 (@dependabot[bot])
- chore(deps): bump google.golang.org/grpc from 1.51.0 to 1.52.0 #3893 (@dependabot[bot])
- chore(deps): bump distroless/base from
8848703to8ee3d86#3874 (@dependabot[bot]) - chore(deps): bump golang.org/x/crypto from 0.4.0 to 0.5.0 #3873 (@dependabot[bot])
- chore(deps): bump actions/download-artifact from 3.0.1 to 3.0.2 #3872 (@dependabot[bot])
- chore(deps): bump actions/upload-artifact from 3.1.1 to 3.1.2 #3871 (@dependabot[bot])
- chore(deps): bump actions/cache from 3.2.2 to 3.2.3 #3870 (@dependabot[bot])
- chore(deps): bump actions/setup-node from 3.5.1 to 3.6.0 #3869 (@dependabot[bot])
- chore(deps): bump github.com/coreos/go-oidc/v3 from 3.4.0 to 3.5.0 #3868 (@dependabot[bot])
- chore(deps): bump actions/checkout from 3.2.0 to 3.3.0 #3867 (@dependabot[bot])
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.29.6 to 1.30.0 #3866 (@dependabot[bot])
- chore(deps): bump golang.org/x/oauth2 from 0.3.0 to 0.4.0 #3865 (@dependabot[bot])
- chore(deps): bump github.com/minio/minio-go/v7 from 7.0.45 to 7.0.46 #3864 (@dependabot[bot])
- chore(deps): bump golang.org/x/net from 0.4.0 to 0.5.0 #3863 (@dependabot[bot])
- chore(deps): bump luxon from 2.3.0 to 2.5.2 in /ui #3862 (@dependabot[bot])
- chore(deps): bump json5 from 2.2.0 to 2.2.3 in /ui #3853 (@dependabot[bot])
- chore(deps): bump actions/stale from 6.0.1 to 7.0.0 #3852 (@dependabot[bot])
- chore(deps): bump actions/cache from 3.0.11 to 3.2.2 #3851 (@dependabot[bot])
- chore(deps): bump github.com/prometheus/procfs from 0.8.0 to 0.9.0 #3850 (@dependabot[bot])
- chore(deps): bump github.com/shirou/gopsutil/v3 from 3.22.11 to 3.22.12 #3849 (@dependabot[bot])
- chore(deps): bump github.com/rs/cors from 1.8.2 to 1.8.3 #3848 (@dependabot[bot])
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.29.5 to 1.29.6 #3847 (@dependabot[bot])
- chore(deps): bump golang from
e464bb0to7c97bae#3843 (@dependabot[bot]) - chore(deps): bump distroless/base from
9283685to8848703#3842 (@dependabot[bot]) - chore(deps): bump debian from
880aa5fto7ca0fec#3841 (@dependabot[bot]) - chore(deps): bump google.golang.org/api from 0.104.0 to 0.105.0 #3840 (@dependabot[bot])
- chore(deps): bump github.com/docker/docker from 20.10.21+incompatible to 20.10.22+incompatible #3839 (@dependabot[bot])
- chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.18.5 to 1.18.7 #3838 (@dependabot[bot])
- chore(deps): bump mikefarah/yq from 4.30.5 to 4.30.6 #3837 (@dependabot[bot])
- chore(deps): bump actions/setup-go from 3.4.0 to 3.5.0 #3836 (@dependabot[bot])
- chore(deps): bump actions/setup-python from 4.3.1 to 4.4.0 #3834 (@dependabot[bot])
- chore(deps): bump actions/checkout from 3.1.0 to 3.2.0 #3833 (@dependabot[bot])
- chore(deps): bump github.com/open-policy-agent/opa from 0.47.3 to 0.47.4 #3832 (@dependabot[bot])
- chore(deps): bump github.com/cloudflare/circl from 1.3.0 to 1.3.1 #3831 (@dependabot[bot])
- postgres: upgrade to pgx v5 #3826 (@calebdoxsey)
- chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.18.4 to 1.18.5 #3825 (@dependabot[bot])
- chore(deps): bump github.com/open-policy-agent/opa from 0.47.0 to 0.47.3 #3824 (@dependabot[bot])
- chore(deps): bump github.com/prometheus/common from 0.37.0 to 0.39.0 #3823 (@dependabot[bot])
- chore(deps): bump golang.org/x/crypto ...
Contributors
calebdoxsey, wasaga, and dependabot
Assets 11
v0.20.0
v0.20.0
Please refer to the upgrade guide before upgrading.
v0.20.0 (2022-11-14)
Breaking
- envoyconfig: add all routes to all filter chains #3596 (@calebdoxsey)
- groups via directory sync are no longer supported #3633 (@calebdoxsey)
Security
- httputil: remove error details #3703 (@calebdoxsey)
New
- config: disable Strict-Transport-Security when using a self-signed certificate #3743 (@calebdoxsey)
- config: generate cookie secret if not set in all-in-one mode #3742 (@calebdoxsey)
- authorize: fix user caching #3734 (@calebdoxsey)
- authorize: performance improvements #3723 (@calebdoxsey)
- postgres: increase record batch size #3708 (@calebdoxsey)
- sessions: check idp id to detect provider changes to force session invalidation #3707 (@calebdoxsey)
- controlplane: move jwks.json endpoint to control plane #3691 (@calebdoxsey)
- config: default to http2 #3660 (@calebdoxsey)
Fixed
- authenticate: get/set identity provider id for all sessions #3597 (@calebdoxsey)
- authorize: enforce service account expiration #3661 (@calebdoxsey)
- config: allow blank identity providers when loading sessions for service account support #3709 (@calebdoxsey)
- config: disable envoy admin by default, expose stats via envoy route #3677 (@calebdoxsey)
- controlplane: fix /.well-known/pomerium missing CORS headers #3738 (@calebdoxsey)
- fileutil: update watcher to use fsnotify and polling #3663 (@calebdoxsey)
- postgres: return an empty list of addresses on dns errors #3637 (@calebdoxsey)
- ppl: support special characters in claim keys #3639 (@calebdoxsey)
Changed
- add config option check logging #3722 (@wasaga)
- authenticate: remove ecjson #3688 (@calebdoxsey)
- authenticate: update user info dashboard to show group info for enterprise #3736 (@calebdoxsey)
- device: add generic methods for working with user+session devices #3710 (@calebdoxsey)
- envoyconfig: fix databroker health checks #3706 (@calebdoxsey)
- fix unused key warnings in routes #3711 (@wasaga)
- keep trace span context #3724 (@wasaga)
- postgres: handle unknown types #3632 (@calebdoxsey)
- test: use
T.TempDirto create temporary test directory #3725 (@Juneezee) - upgrade envoy to v1.23.1 #3599 (@calebdoxsey)
Dependency
- bump Envoy to 1.23.2 #3739 (@wasaga)
- bump protoc to 3.21.7 #3646 (@wasaga)
- chore(deps): bump actions/cache from 3.0.10 to 3.0.11 #3671 (@dependabot[bot])
- chore(deps): bump actions/cache from 3.0.8 to 3.0.10 #3642 (@dependabot[bot])
- chore(deps): bump actions/checkout from 3.0.2 to 3.1.0 #3652 (@dependabot[bot])
- chore(deps): bump actions/download-artifact from 3.0.0 to 3.0.1 #3700 (@dependabot[bot])
- chore(deps): bump actions/setup-go from 3.3.0 to 3.3.1 #3681 (@dependabot[bot])
- chore(deps): bump actions/setup-node from 3.4.1 to 3.5.0 #3641 (@dependabot[bot])
- chore(deps): bump actions/setup-node from 3.5.0 to 3.5.1 #3672 (@dependabot[bot])
- chore(deps): bump actions/setup-python from 4.2.0 to 4.3.0 #3651 (@dependabot[bot])
- chore(deps): bump actions/upload-artifact from 3.1.0 to 3.1.1 #3698 (@dependabot[bot])
- chore(deps): bump alpine from
bc41182tob95359c#3751 (@dependabot[bot]) - chore(deps): bump debian from
1b1d158to9583740#3719 (@dependabot[bot]) - chore(deps): bump debian from
3d2aa50to6005bd9#3625 (@dependabot[bot]) - chore(deps): bump debian from
6005bd9to1b1d158#3656 (@dependabot[bot]) - chore(deps): bump distroless/base from
4689543to6ef742b#3654 (@dependabot[bot]) - chore(deps): bump distroless/base from
59fe963to8a7afd5#3627 (@dependabot[bot]) - chore(deps): bump distroless/base from
65afaf8to59fe963#3616 (@dependabot[bot]) - chore(deps): bump distroless/base from
6ef742bto9681f07#3676 (@dependabot[bot]) - chore(deps): bump distroless/base from
856944etocd1bf87#3732 (@dependabot[bot]) - chore(deps): bump distroless/base from
8a7afd5to4689543#3647 (@dependabot[bot]) - chore(deps): bump distroless/base from
9681f07to856944e#3702 (@dependabot[bot]) - chore(deps): bump docker/build-push-action from 3.1.1 to 3.2.0 #3673 (@dependabot[bot])
- chore(deps): bump docker/login-action from 2.0.0 to 2.1.0 #3682 (@dependabot[bot])
- chore(deps): bump docker/setup-buildx-action from 2.0.0 to 2.2.1 #3679 (@dependabot[bot])
- chore(deps): bump docker/setup-qemu-action from 2.0.0 to 2.1.0 #3675 (@dependabot[bot])
- chore(deps): bump github.com/caddyserver/certmagic from 0.16.3 to 0.17.0 #3604 (@dependabot[bot])
- chore(deps): bump github.com/caddyserver/certmagic from 0.17.0 to 0.17.1 #3619 (@dependabot[bot])
- chore(deps): bump github.com/caddyserver/certmagic from 0.17.1 to 0.17.2 #3644 (@dependabot[bot])
- chore(deps): bump github.com/coreos/go-oidc/v3 from 3.2.0 to 3.3.0 #3605 (@dependabot[bot])
- chore(deps): bump github.com/coreos/go-oidc/v3 from 3.3.0 to 3.4.0 #3612 (@dependabot[bot])
- chore(deps): bump github.com/docker/docker from 20.10.17+incompatible to 20.10.18+incompatible #3614 (@dependabot[bot])
- chore(deps): bump github.com/docker/docker from 20.10.18+incompatible to 20.10.19+incompatible #3666 (@dependabot[bot])
- chore(deps): bump github.com/docker/docker from 20.10.19+incompatible to 20.10.20+incompatible #3694 (@dependabot[bot])
- chore(deps): bump github.com/docker/docker from 20.10.20+incompatible to 20.10.21+incompatible #3712 (@dependabot[bot])
- chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.6.10 to 0.6.13 #3648 (@dependabot[bot])
- chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.6.13 to 0.8.0 #3731 (@dependabot[bot])
- chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.6.7 to 0.6.8 #3624 (@dependabot[bot])
- chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.6.8 to 0.6.10 #3630 (@dependabot[bot])
- chore(deps): bump github.com/fsnotify/fsnotify from 1.5.4 to 1.6.0 #3713 (@dependabot[bot])
- chore(deps): bump github.com/golangci/golangci-lint from 1.48.0 to 1.50.0 #3667 (@dependabot[bot])
- chore(deps): bump github.com/golangci/golangci-lint from 1.50.0 to 1....
Contributors
calebdoxsey, wasaga, and 2 other contributors
Assets 11
v0.19.1
Changelog
c0a8870 authenticate: get/set identity provider id for all sessions (#3608)
c3ef43c upgrade envoy to v1.23.1 (#3600)
Docker images
docker pull pomerium/pomerium:v0.19.1docker pull pomerium/pomerium:nonroot-v0.19.1docker pull pomerium/pomerium:debug-v0.19.1docker pull pomerium/pomerium:debug-nonroot-v0.19.1
v0.19.0
Changelog
v0.19.0 (2022-09-01)
New
- add the traces error details #3557 (@nhayfield)
- authorize: add policy error details for custom error messages #3542 (@calebdoxsey)
- autocert: add support for ACME TLS-ALPN #3590 (@calebdoxsey)
- config: add branding settings #3558 (@calebdoxsey)
- controlplane: add well-known endpoint to the controlplane http handler #3555 (@calebdoxsey)
- Dynamic style changes #3544 (@nhayfield)
- envoy: upgrade to 1.23.0 #3560 (@calebdoxsey)
- envoyconfig: add virtual host domains for certificates in addition to routes #3593 (@calebdoxsey)
Fixed
- authenticate: add CORS headers to jwks endpoint #3574 (@calebdoxsey)
- envoyconfig: add authority header to outbound gRPC requests #3545 (@calebdoxsey)
- postgres: remove not null constraint on data column of record changes table #3594 (@calebdoxsey)
Changed
- Fix typos #3575 (@alexrudd2)
- authenticate: fix branding for webauthn device registration page #3572 (@calebdoxsey)
- publish to any-distro #3570 (@calebdoxsey)
- Update README.md #3569 (@cmo-pomerium)
- authorize: handle user-unauthenticated response for deny blocks #3559 (@calebdoxsey)
- add front end support for optional first paragraph of markdown on err... #3546 (@nhayfield)
- sets: convert set types to generics #3519 (@calebdoxsey)
- atomicutil: use atomicutil.Value wherever possible #3517 (@calebdoxsey)
Dependency
- chore(deps): bump actions/cache from 3.0.5 to 3.0.6 #3537 (@dependabot[bot])
- chore(deps): bump actions/cache from 3.0.6 to 3.0.7 #3552 (@dependabot[bot])
- chore(deps): bump actions/cache from 3.0.7 to 3.0.8 #3565 (@dependabot[bot])
- chore(deps): bump actions/setup-go from 3.2.1 to 3.3.0 #3583 (@dependabot[bot])
- chore(deps): bump actions/setup-python from 4.1.0 to 4.2.0 #3535 (@dependabot[bot])
- chore(deps): bump actions/stale from 5.1.0 to 5.1.1 #3513 (@dependabot[bot])
- chore(deps): bump alpine from
6af1b11to7580ece#3512 (@dependabot[bot]) - chore(deps): bump alpine from
7580ecetobc41182#3553 (@dependabot[bot]) - chore(deps): bump contrib.go.opencensus.io/exporter/prometheus from 0.4.1 to 0.4.2 #3586 (@dependabot[bot])
- chore(deps): bump debian from
1c34464to4567e1e#3508 (@dependabot[bot]) - chore(deps): bump debian from
4567e1etob9b1f4a#3538 (@dependabot[bot]) - chore(deps): bump debian from
b9b1f4ato3d2aa50#3588 (@dependabot[bot]) - chore(deps): bump distroless/base from
3a62194toec73486#3554 (@dependabot[bot]) - chore(deps): bump distroless/base from
d6db599to3a62194#3511 (@dependabot[bot]) - chore(deps): bump distroless/base from
ec73486to65afaf8#3568 (@dependabot[bot]) - chore(deps): bump docker/build-push-action from 3.1.0 to 3.1.1 #3536 (@dependabot[bot])
- chore(deps): bump github.com/caddyserver/certmagic from 0.16.0 to 0.16.2 #3532 (@dependabot[bot])
- chore(deps): bump github.com/caddyserver/certmagic from 0.16.2 to 0.16.3 #3563 (@dependabot[bot])
- chore(deps): bump github.com/golangci/golangci-lint from 1.46.2 to 1.47.2 #3499 (@dependabot[bot])
- chore(deps): bump github.com/golangci/golangci-lint from 1.47.2 to 1.47.3 #3522 (@dependabot[bot])
- chore(deps): bump github.com/golangci/golangci-lint from 1.47.3 to 1.48.0 #3541 (@dependabot[bot])
- chore(deps): bump github.com/jackc/pgx/v4 from 4.16.1 to 4.17.0 #3533 (@dependabot[bot])
- chore(deps): bump github.com/jackc/pgx/v4 from 4.17.0 to 4.17.1 #3582 (@dependabot[bot])
- chore(deps): bump github.com/open-policy-agent/opa from 0.42.2 to 0.43.0 #3523 (@dependabot[bot])
- chore(deps): bump github.com/peterbourgon/ff/v3 from 3.1.2 to 3.3.0 #3540 (@dependabot[bot])
- chore(deps): bump github.com/prometheus/client_golang from 1.12.2 to 1.13.0 #3530 (@dependabot[bot])
- chore(deps): bump github.com/prometheus/procfs from 0.7.3 to 0.8.0 #3516 (@dependabot[bot])
- chore(deps): bump github.com/rs/zerolog from 1.27.0 to 1.28.0 #3587 (@dependabot[bot])
- chore(deps): bump github.com/shirou/gopsutil/v3 from 3.22.6 to 3.22.7 #3524 (@dependabot[bot])
- chore(deps): bump go.uber.org/zap from 1.21.0 to 1.22.0 #3551 (@dependabot[bot])
- chore(deps): bump go.uber.org/zap from 1.22.0 to 1.23.0 #3581 (@dependabot[bot])
- chore(deps): bump golang from
6960d62to477b10a#3527 (@dependabot[bot]) - chore(deps): bump golang from
a7a23f1tod84495e#3589 (@dependabot[bot]) - chore(deps): bump golang from 1.18-buster to 1.18.4-buster #3509 (@dependabot[bot])
- chore(deps): bump golang from 1.18.4-buster to 1.19.0-buster #3539 (@dependabot[bot])
- chore(deps): bump google.golang.org/api from 0.88.0 to 0.89.0 #3514 (@dependabot[bot])
- chore(deps): bump google.golang.org/api from 0.89.0 to 0.90.0 #3525 (@dependabot[bot])
- chore(deps): bump google.golang.org/api from 0.90.0 to 0.91.0 #3531 (@dependabot[bot])
- chore(deps): bump google.golang.org/api from 0.91.0 to 0.92.0 #3550 (@dependabot[bot])
- chore(deps): bump google.golang.org/api from 0.92.0 to 0.93.0 #3562 (@dependabot[bot])
- chore(deps): bump google.golang.org/api from 0.93.0 to 0.94.0 #3580 (@dependabot[bot])
- chore(deps): bump google.golang.org/grpc from 1.48.0 to 1.49.0 #3579 (@dependabot[bot])
- chore(deps): bump google.golang.org/protobuf from 1.28.0 to 1.28.1 #3515 (@dependabot[bot])
- chore(deps): bump goreleaser/goreleaser-action from 3.0.0 to 3.1.0 #3585 (@dependabot[bot])
- chore(deps): bump mikefarah/yq from 4.26.1 to 4.27.2 #3526 (@dependabot[bot])
- chore(deps): bump mikefarah/yq from 4.27.2 to 4.27.3 #3584 (@dependabot[bot])
- chore(deps): bump pomerium/backport from a2e620de9fc4166f774ee2a389e170046cfad426 to 1.1.1 #3564 (@dependabot[bot])
- chore(deps): bump pre-commit/action from 876132a3c26aa072b09eab6c5395b4749eeb2435 to 3.0.0 #3567 (@dependabot[bot])
- chore(deps): bump tibdex/github-app-token from 1.5.1 to 1.6 #3566 (@dependabot[bot])
- deployment: update RELEASING.md #3503 (@desimone)
Contributors
calebdoxsey, desimone, and 4 other contributors
Assets 11
v0.18.0
Changelog
v0.18.0 (2022-07-27)
New
- add databroker multi lease handlers #3255 (@wasaga)
- add lease name to the log #3498 (@wasaga)
- add metrics aggregation #3452 (@wasaga)
- add x-request-id in responses #3366 (@wasaga)
- allow pomerium to be embedded as a library #3415 (@wasaga)
- authenticate: allow changing the authenticate service URL at runtime #3378 (@calebdoxsey)
- authenticate: show the device enrolled page as the user info page #3151 (@calebdoxsey)
- authorize: add name claim #3238 (@calebdoxsey)
- authorize: track session and service account access date #3220 (@calebdoxsey)
- authorize: use query instead of sync for databroker data #3377 (@calebdoxsey)
- databroker: add support for field masks on Put #3210 (@calebdoxsey)
- databroker: add support for putting multiple records #3291 (@calebdoxsey)
- databroker: add support for query filtering #3369 (@calebdoxsey)
- databroker: add support for syncing by type #3412 (@calebdoxsey)
- directory: support non-base64 encoded service accounts #3150 (@calebdoxsey)
- do not require idp set in the bootstrap config, as it may be later configured via the databroker #3386 (@wasaga)
- eliminate global events manager #3422 (@wasaga)
- envoy: upgrade to 1.21.1 #3186 (@calebdoxsey)
- envoy: use typed extension protocol options for static bootstrap cluster #3268 (@calebdoxsey)
- Expand PR template #3403 (@alexfornuto)
- github: pin github actions #3183 (@calebdoxsey)
- grpc: regenerate protobuf code #3208 (@calebdoxsey)
- grpc: wait for connect to be ready before making calls #3253 (@calebdoxsey)
- identity: batch directory updates #3411 (@calebdoxsey)
- integration: add test for query string params #3302 (@calebdoxsey)
- postgres: databroker storage backend #3370 (@calebdoxsey)
- postgres: registry support #3454 (@calebdoxsey)
- storage: add filter expressions, upgrade go to 1.18.1 #3365 (@calebdoxsey)
- storage: add filtering to SyncLatest #3368 (@calebdoxsey)
- try pinning docker dependency #3185 (@calebdoxsey)
- ui: remove version #3184 (@calebdoxsey)
Fixed
-
authenticate: fix debug and metrics endpoints #3212 (@calebdoxsey)
-
authenticate: fix internal service URL CORS check #3279 (@calebdoxsey)
-
authenticate: fix internal service URL dashboard redirect #3305 (@calebdoxsey)
-
authenticate: fix internal url with webauthn #3194 (@calebdoxsey)
-
authenticate: save session for bare webauthn redirects, consider external service URL to be a pomerium url #3280 (@calebdoxsey)
-
authorize: add request id to context #3497 (@calebdoxsey)
-
authorize: allow missing user for authorization #3421 (@calebdoxsey)
-
authorize: fix device synchronization #3482 (@calebdoxsey)
-
authorize: fix not found check #3410 (@calebdoxsey)
-
authorize: fix x-forwarded-uri #3479 (@calebdoxsey)
-
authorize: pass idp id for webauthn url, allow unauthenticated access to static files #3282 (@calebdoxsey)
-
authorize: show plain text error page for traefik and nginx #3477 (@calebdoxsey)
-
autocert: continue on error #3476 (@calebdoxsey)
-
config: fix DefaultTransport so it is still a *http.Transport #3257 (@calebdoxsey)
-
databroker: fix in-memory backend deadlock #3300 (@calebdoxsey)
-
deployment: update syntax installing
dlvin debug image #3179 (@travisgroth) -
device enrollment: fix ip address #3430 (@calebdoxsey)
-
fix: The built binary file is missing "ui/dist/index.js" and "ui/dist... #3391 (@cfanbo)
-
github: fix missing groups #3171 (@calebdoxsey)
-
httputil/reproxy: fix policy transport #3322 (@calebdoxsey)
-
options: fix overlapping certificate test #3492 (@calebdoxsey)
-
postgres: fix CIDR query #3389 (@calebdoxsey)
-
postgres: fix record deletion #3446 (@calebdoxsey)
-
userinfo: embed assets as data URLs for forward auth #3460 (@calebdoxsey)
-
userinfo: fix missing profile picture #3154 (@calebdoxsey)
Dependency
-
chore(deps): bump actions/cache from 2 to 3 #3167 (@dependabot[bot])
-
chore(deps): bump actions/cache from 3.0.0 to 3.0.1 #3235 (@dependabot[bot])
-
chore(deps): bump actions/cache from 3.0.1 to 3.0.2 #3265 (@dependabot[bot])
-
chore(deps): bump actions/cache from 3.0.2 to 3.0.3 #3399 (@dependabot[bot])
-
chore(deps): bump actions/cache from 3.0.3 to 3.0.4 #3440 (@dependabot[bot])
-
chore(deps): bump actions/cache from 3.0.4 to 3.0.5 #3489 (@dependabot[bot])
-
chore(deps): bump actions/checkout from 3.0.0 to 3.0.1 #3275 (@dependabot[bot])
-
chore(deps): bump actions/checkout from 3.0.1 to 3.0.2 #3297 (@dependabot[bot])
-
chore(deps): bump actions/download-artifact from 2.1.0 to 3 #3202 (@dependabot[bot])
-
chore(deps): bump actions/setup-go from 2.2.0 to 3 #3204 (@dependabot[bot])
-
chore(deps): bump actions/setup-go from 3.0.0 to 3.1.0 #3362 (@dependabot[bot])
-
chore(deps): bump actions/setup-go from 3.1.0 to 3.2.0 #3384 (@dependabot[bot])
-
chore(deps): bump actions/setup-go from 3.2.0 to 3.2.1 #3470 (@dependabot[bot])
-
chore(deps): bump actions/setup-node from 3.0.0 to 3.1.0 #3236 (@dependabot[bot])
-
chore(deps): bump actions/setup-node from 3.1.0 to 3.1.1 #3267 (@dependabot[bot])
-
chore(deps): bump actions/setup-node from 3.1.1 to 3.2.0 #3363 (@dependabot[bot])
-
chore(deps): bump actions/setup-node from 3.2.0 to 3.3.0 #3400 (@dependabot[bot])
-
chore(deps): bump actions/setup-node from 3.3.0 to 3.4.0 #3471 (@dependabot[bot])
-
chore(deps): bump actions/setup-node from 3.4.0 to 3.4.1 #3490 (@dependabot[bot])
-
chore(deps): bump actions/setup-python from 3.0.0 to 3.1.0 #3234 (@dependabot[bot])
-
chore(deps): bump actions/setup-python from 3.1.0 to 3.1.2 #3266 (@dependabot[bot])
-
chore(deps): bump actions/setup-python from 3.1.2 to 4 [#3439](h...
Contributors
calebdoxsey, wasaga, and 6 other contributors