All Versions
Latest Version
Avg Release Cycle
13 days
Latest Release
1023 days ago

Changelog History
Page 5

  • v0.4.1 Changes

    October 18, 2019


    โฌ†๏ธ UPGRADING FROM 0.4.0

    ๐Ÿ’ฅ Breaking

    Previously, routes were verified by taking the downstream applications hostname in the form of a path (e.g. ${fwdauth}/.pomerium/verify/httpbin.some.example) variable. The new method for verifying a route using forward authentication is to pass the entire requested url in the form of a query string (e.g. ${fwdauth}/.pomerium/verify?url=https://httpbin.some.example) where the routed domain is the value of the uri key.

    Note that the verification URL is no longer nested under the .pomerium endpoint.

    For example, in nginx this would look like:


    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed an issue where requests handled by forward-auth would not be redirected back to the underlying route after successful authentication and authorization. [GH-363]
    • ๐Ÿ›  Fixed an issue where requests handled by forward-auth would add an extraneous query-param following sign-in causing issues in some configurations. [GH-366]
  • v0.4.0 Changes

    October 08, 2019

    โฌ†๏ธ Upgrade Guide

    Since 0.3.0

    ๐Ÿ’ฅ Breaking

    โœ‚ Removed Authenticate Internal URL

    The authenticate service no longer uses gRPC to do back channel communication. As a result, AUTHENTICATE_INTERNAL_URL/authenticate_internal_url is no longer required.

    0๏ธโƒฃ No default certificate location

    ๐Ÿ”ง In previous versions, if no explicit certificate pair (in base64 or file form) was set, Pomerium would make a last ditch effort to check for certificate files (cert.key/privkey.pem) in the root directory. With the introduction of insecure server configuration, we've removed that functionality. If there settings for certificates and insecure server mode are unset, pomerium will give a appropriate error instead of a failed to find/open certificate error.

    Authorize service health-check is non-http

    ๐Ÿ”ง The Authorize service will no longer respond to HTTP-based healthcheck queries when run as a distinct service (vs all-in-one). As an alternative, you can used on TCP based checks. For example, if using Kubernetes:

    ---readinessProbe: tcpSocket: port: 443initialDelaySeconds: 5periodSeconds: 10livenessProbe: tcpSocket: port: 443initialDelaySeconds: 15periodSeconds: 20

    Non-breaking changes


    0๏ธโƒฃ If service mode (SERVICES/services) is set to all, gRPC communication with the authorize service will by default occur over localhost, on port :5443.

    ๐Ÿ”„ Changes

    ๐Ÿ†• New

    • ๐Ÿ‘ Allow setting request headers on a per route basis in policy. [GH-308]
    • ๐Ÿ‘Œ Support "forward-auth" integration with third-party ingresses and proxies. nginx, nginx-ingress, and Traefik are currently supported. [GH-324]
    • โž• Add insecure transport / TLS termination support. [GH-328]
    • โž• Add setting to override a route's TLS Server Name. [GH-297]
    • Pomerium's session can now be passed as a bearer-auth header or query string in addition to as a session cookie.
    • โž• Add host to the main request logger middleware. [GH-308]
    • โž• Add AWS cognito identity provider settings. [GH-314]

    ๐Ÿ”’ Security

    • The user's original intended location before completing the authentication process is now encrypted and kept confidential from the identity provider. [GH-316]
    • ๐Ÿ”Š Under certain circumstances, where debug logging was enabled, pomerium's shared secret could be leaked to http access logs as a query param. [GH-338]

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed an issue where CSRF would fail if multiple tabs were open. [GH-306]
    • ๐Ÿ›  Fixed an issue where pomerium would clean double slashes from paths. [GH-262]
    • ๐Ÿ›  Fixed a bug where the impersonate form would persist an empty string for groups value if none set. [GH-303]
    • ๐Ÿ›  Fixed HTTP redirect server which was not redirecting the correct hostname.

    ๐Ÿ”„ Changed

    • The healthcheck endpoints (/ping) now returns the http status 405 StatusMethodNotAllowed for non-GET requests.
    • Authenticate service no longer uses gRPC.
    • The global request logger now captures the full array of proxies from X-Forwarded-For, in addition to just the client IP.
    • ๐Ÿ”จ Options code refactored to eliminate global Viper state. [GH-332]
    • 0๏ธโƒฃ Pomerium will no longer default to looking for certificates in the root directory. [GH-328]
    • Pomerium will validate that either insecure_server, or a valid certificate bundle is set. [GH-328]

    โœ‚ Removed

    • Removed AUTHENTICATE_INTERNAL_URL/authenticate_internal_url which is no longer used.
  • v0.3.1 Changes

    September 26, 2019

    ๐Ÿ”’ Security

    • ๐Ÿ›  Fixes vulnerabilities fixed in Go 1.13.1 including CVE-2019-16276.
  • v0.3.0 Changes

    September 01, 2019


    ๐Ÿ†• New

    GRPC Improvements. [GH-261] / [GH-69]

    • Enable WaitForReady to allow background retries through transient failures
    • Expose a configurable timeout for backend requests to Authorize and Authenticate

    - Enable DNS round_robin load balancing to Authorize and Authenticate services by default

    โž• Add ability to set client certificates for downstream connections. [GH-259]

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed non-amd64 based docker images.[GH-284]
    • ๐Ÿ›  Fixed an issue where stripped cookie headers would result in a cookie full of semi-colons (Cookie: ;;;). [GH-285]
    • ๐ŸŒ HTTP status codes now better adhere to RFC7235. In particular, authentication failures reply with 401 Unauthorized while authorization failures reply with 403 Forbidden. [GH-272]

    ๐Ÿ”„ Changed

    Pomerium will now strip _csrf cookies in addition to session cookies. [GG-285]

    Disabled gRPC service config. [GH-280]

    A policy's custom certificate authority can set as a file or a base64 encoded blob(tls_custom_ca/tls_custom_ca_file). [GH-259]

    โœ‚ Remove references to service named ports and instead use their numeric equivalent. [GH-266]

  • v0.2.1 Changes

    August 14, 2019



    • ๐Ÿ›  Fixes vulnerabilities fixed in Go 1.12.8 including CVE-2019-9512, CVE-2019-9514 and CVE-2019-14809.
  • v0.2.0 Changes

    August 04, 2019

    ๐Ÿ†• New

    Telemetry [GH-35]

    Tracing [GH-230] aka distributed tracing, provides insight into the full lifecycles, aka traces, of requests to the system, allowing you to pinpoint failures and performance issues.

    - Add Jaeger support. [GH-230]

    Metrics provide quantitative information about processes running inside the system, including counters, gauges, and histograms.

    โž• Add informational metrics. [GH-227]

    GRPC Metrics Implementation. [GH-218]

    - Additional GRPC server metrics and request sizes
    - Improved GRPC metrics implementation internals
    - The GRPC method label is now 'grpc\_method' and GRPC status is now `grpc_client_status` and `grpc_server_status`

    HTTP Metrics Implementation. [GH-220]

    - Support HTTP request sizes on client and server side of proxy
    - Improved HTTP metrics implementation internals
    - The HTTP method label is now `http_method`, and HTTP status label is now `http_status`

    ๐Ÿ”„ Changed

    • โฌ†๏ธ GRPC version upgraded to v1.22 [GH-219]
    • โž• Add support for large cookie sessions by chunking. [GH-211]
    • Prefer curve X25519 to P256 for TLS connections. [GH-233]
    • ๐Ÿง Pomerium and its services will gracefully shutdown on interrupt signal. [GH-230]
    • Google now prompts the user to select a user account (by adding select_account to the sign in url). This allows a user who has multiple accounts at the authorization server to select amongst the multiple accounts that they may have current sessions for.

    ๐Ÿ›  FIXED

    • ๐Ÿ›  Fixed potential race condition when signing requests. [GH-240]