All Versions
46
Latest Version
Avg Release Cycle
13 days
Latest Release
1379 days ago
Changelog History
Page 1
Changelog History
Page 1
-
v0.11.0 Changes
December 07, 2020๐ฅ Breaking
- remove deprecated cache_service_url config option #1614 (@calebdoxsey)
- โ add flag to enable user impersonation #1514 (@calebdoxsey)
๐ New
- ๐ microsoft: add support for common endpoint #1648 (@desimone)
- ๐ use the directory email when provided for the jwt #1647 (@calebdoxsey)
- ๐ fix profile image on dashboard #1637 (@calebdoxsey)
- ๐ wait for initial sync to complete before starting control plane #1636 (@calebdoxsey)
- ๐ authorize: add signature algo support (RSA / EdDSA) #1631 (@desimone)
- ๐ replace GetAllPages with InitialSync, improve merge performance #1624 (@calebdoxsey)
- cryptutil: more explicit decryption error #1607 (@desimone)
- โ add paging support to GetAll #1601 (@calebdoxsey)
- ๐ attach version to gRPC server metadata #1598 (@calebdoxsey)
- 0๏ธโฃ use custom default http transport #1576 (@calebdoxsey)
- โก๏ธ update user info in addition to refreshing the token #1572 (@calebdoxsey)
- databroker: add audience to session #1557 (@calebdoxsey)
- authorize: implement allowed_idp_claims #1542 (@calebdoxsey)
- ๐ autocert: support certificate renewal #1516 (@calebdoxsey)
- โ add policy to allow any authenticated user #1515 (@pflipp)
- debug: add pprof endpoints #1504 (@calebdoxsey)
- databroker: require JWT for access #1503 (@calebdoxsey)
- ๐ authenticate: remove unused paths, generate cipher at startup, remove qp store #1495 (@desimone)
- forward-auth: use envoy's ext_authz check #1482 (@desimone)
- auth0: implement directory provider #1479 (@grounded042)
- ๐ azure: incremental sync #1471 (@calebdoxsey)
- auth0: implement identity provider #1470 (@calebdoxsey)
- dashboard: format timestamps #1468 (@calebdoxsey)
- directory: additional user info #1467 (@calebdoxsey)
- ๐ directory: add explicit RefreshUser endpoint for faster sync #1460 (@calebdoxsey)
- ๐ config: add support for host header rewriting #1457 (@calebdoxsey)
- proxy: preserve path and query string for http->https redirect #1456 (@calebdoxsey)
- redis: use pubsub instead of keyspace events #1450 (@calebdoxsey)
- ๐ proxy: add support for /.pomerium/jwt #1446 (@calebdoxsey)
- ๐ databroker: add support for querying the databroker #1443 (@calebdoxsey)
- config: add dns_lookup_family option to customize DNS IP resolution #1436 (@calebdoxsey)
- okta: handle deleted groups #1418 (@calebdoxsey)
- ๐ controlplane: support P-384 / P-512 EC curves #1409 (@desimone)
- ๐ azure: add support for nested groups #1408 (@calebdoxsey)
- ๐ authorize: add support for service accounts #1374 (@calebdoxsey)
- โฑ Cuonglm/improve timeout error message #1373 (@cuonglm)
- ๐ internal/directory/okta: remove rate limiter #1370 (@cuonglm)
- {proxy/controlplane}: make health checks debug level #1368 (@desimone)
- ๐ databroker: add tracing for rego evaluation and databroker sync, fix bug in databroker config source #1367 (@calebdoxsey)
- authorize: use impersonate email/groups in JWT #1364 (@calebdoxsey)
- ๐ config: support explicit prefix and regex path rewriting #1363 (@calebdoxsey)
- ๐ proxy: support websocket timeouts #1362 (@calebdoxsey)
- proxy: disable control-plane robots.txt for public unauthenticated routes #1361 (@calebdoxsey)
- ๐ฒ certmagic: improve logging #1358 (@calebdoxsey)
- ๐ logs: add new log scrubber #1346 (@calebdoxsey)
- ๐ Allow setting the shared secret via an environment variable. #1337 (@rspier)
- ๐ฐ authorize: add jti to JWT payload #1328 (@calebdoxsey)
- all: add signout redirect url #1324 (@cuonglm)
- ๐ proxy: remove unused handlers #1317 (@desimone)
- ๐ azure: support deriving credentials from client id, client secret and provider url #1300 (@calebdoxsey)
- ๐ cache: support databroker option changes #1294 (@calebdoxsey)
- ๐ authenticate: move databroker connection to state #1292 (@calebdoxsey)
- authorize: use atomic state for properties #1290 (@calebdoxsey)
- โก๏ธ proxy: move properties to atomically updated state #1280 (@calebdoxsey)
- Improving okta API requests #1278 (@cuonglm)
- โก๏ธ authenticate: move properties to atomically updated state #1277 (@calebdoxsey)
- ๐ authenticate: support reloading IDP settings #1273 (@calebdoxsey)
- Rate limit for okta #1271 (@cuonglm)
- ๐ง config: allow dynamic configuration of cookie settings #1267 (@calebdoxsey)
- 0๏ธโฃ internal/directory/okta: increase default batch size to 200 #1264 (@cuonglm)
- ๐ง envoy: add support for hot-reloading bootstrap configuration #1259 (@calebdoxsey)
- config: allow reloading of telemetry settings #1255 (@calebdoxsey)
- ๐ databroker: add support for config settings #1253 (@calebdoxsey)
- config: warn if custom scopes set for builtin providers #1252 (@cuonglm)
- authorize: add databroker url check #1228 (@desimone)
- ๐ internal/databroker: make Sync send data in smaller batches #1226 (@cuonglm)
๐ Fixed
- ๐ fix config race #1660 (@calebdoxsey)
- ๐ fix ordering of autocert config source #1640 (@calebdoxsey)
- pkg/storage/redis: Prevent connection churn #1603 (@travisgroth)
- ๐ forward-auth: fix special character support for nginx #1578 (@desimone)
- proxy/forward_auth: copy response headers as request headers #1577 (@desimone)
- ๐ fix querying claim data on the dashboard #1560 (@calebdoxsey)
- github: fix retrieving team id with graphql API (#1554) #1555 (@toshipp)
- store raw id token so it can be passed to the logout url #1543 (@calebdoxsey)
- ๐ fix databroker requiring signed jwt #1538 (@calebdoxsey)
- authorize: add redirect url to debug page #1533 (@desimone)
- internal/frontend: resolve authN helper url #1521 (@desimone)
- fwd-auth: match nginx-ingress config #1505 (@desimone)
- authenticate: protect /.pomerium/admin endpoint #1500 (@calebdoxsey)
- ๐ฆ ci: ensure systemd unit file is in packages #1481 (@travisgroth)
- ๐ identity manager: fix directory sync timing #1455 (@calebdoxsey)
- proxy/forward_auth: don't reset forward auth path if X-Forwarded-Uri is not set #1447 (@whs)
- ๐ httputil: remove retry button #1438 (@desimone)
- proxy: always use https for application callback #1433 (@travisgroth)
- ๐ controplane: remove p-521 EC #1420 (@desimone)
- redirect-server: add config headers to responses #1416 (@calebdoxsey)
- ๐ proxy: remove impersonate headers for kubernetes #1394 (@calebdoxsey)
- 0๏ธโฃ Desimone/authenticate default logout #1390 (@desimone)
- proxy: for filter matches only include bare domain name #1389 (@calebdoxsey)
- internal/envoy: start epoch from 0 #1387 (@travisgroth)
- internal/directory/okta: acceept non-json service account #1359 (@cuonglm)
- internal/controlplane: add telemetry http handler #1353 (@travisgroth)
- autocert: fix locking issue #1310 (@calebdoxsey)
- ๐ฒ authorize: log users and groups #1303 (@desimone)
- proxy: fix wrong applied middleware #1298 (@cuonglm)
- internal/directory/okta: fix wrong API query filter #1296 (@cuonglm)
- autocert: fix bootstrapped cache store path #1283 (@desimone)
- config: validate databroker settings #1260 (@calebdoxsey)
- internal/autocert: re-use cert if renewing failed but cert not expired #1237 (@cuonglm)
๐ Security
๐ Documentation
- ๐ move signing key algorithm documentation into yaml file #1646 (@calebdoxsey)
- โก๏ธ update docs #1645 (@desimone)
- ๐ docs: update build badge #1635 (@travisgroth)
- docs: add cache_service_url upgrade notice #1621 (@travisgroth)
- ๐ docs: use standard language for lists #1590 (@desimone)
- ๐ Fix command in Kubernetes Quick start docs #1582 (@wesleyw72)
- ๐ move docs to settings.yaml #1579 (@calebdoxsey)
- ๐ docs: add round logo #1574 (@desimone)
- โ add settings.yaml file #1540 (@calebdoxsey)
- ๐ update the documentation for auth0 to include group/role information #1502 (@grounded042)
- examples: fix nginx example #1478 (@desimone)
- ๐ docs: add architecture diagram for cloudrun #1444 (@travisgroth)
- ๐ fix(examples): Use X-Pomerium-Claim headers #1422 (@tdorsey)
- ๐ chore(docs): Fix typo in example policy #1419 (@tdorsey)
- ๐ docs: fix grammar #1412 (@shinebayar-g)
- ๐ docs: Add Traefik + Kubernetes example #1411 (@travisgroth)
- Remove typo on remove_request_headers docs #1388 (@whs)
- ๐ docs: update azure docs #1377 (@desimone)
- ๐ docs: add nginx example #1329 (@travisgroth)
- ๐ docs: use .com sitemap hostname #1274 (@desimone)
- ๐ docs: fix in-action video #1268 (@travisgroth)
- ๐ docs: image, sitemap and redirect fixes #1263 (@travisgroth)
- ๐ Fix broken logo link in README.md #1261 (@cuonglm)
- ๐ docs/docs: fix wrong okta service account field #1251 (@cuonglm)
- โ [Backport latest] Docs/enterprise button #1247 (@github-actions[bot])
- ๐ Docs/enterprise button #1245 (@desimone)
- โ remove rootDomain from examples #1244 (@karelbilek)
- ๐ docs: add / redirect #1241 (@desimone)
- ๐ docs: prepare for enterprise / oss split #1238 (@desimone)
Dependency
- โก๏ธ chore(deps): update module open-policy-agent/opa to v0.25.1 #1659 (@renovate[bot])
- โก๏ธ chore(deps): update module lithammer/shortuuid/v3 to v3.0.5 #1658 (@renovate[bot])
- โก๏ธ chore(deps): update module google.golang.org/grpc to v1.34.0 #1657 (@renovate[bot])
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to 9ee31aa #1655 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/oauth2 commit hash to 9317641 #1654 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/net commit hash to c7110b5 #1653 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/crypto commit hash to be400ae #1652 (@renovate[bot])
- โก๏ธ deps: update hashstructure v2 #1632 (@desimone)
- โก๏ธ chore(deps): update precommit hook pre-commit/pre-commit-hooks to v3 #1630 (@renovate[bot])
- โก๏ธ chore(deps): update module yaml to v2.4.0 #1629 (@renovate[bot])
- โก๏ธ chore(deps): update module google/go-cmp to v0.5.4 #1628 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/crypto commit hash to c8d3bf9 #1627 (@renovate[bot])
- โก๏ธ chore(deps): update module google/go-jsonnet to v0.17.0 #1611 (@renovate[bot])
- โก๏ธ chore(deps): update codecov/codecov-action action to v1.0.15 #1610 (@renovate[bot])
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to 9b1e624 #1609 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/crypto commit hash to c1f2f97 #1608 (@renovate[bot])
- โก๏ธ chore(deps): update module google/go-cmp to v0.5.3 #1597 (@renovate[bot])
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to ce600e9 #1596 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/oauth2 commit hash to 9fd6049 #1595 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/net commit hash to 69a7880 #1594 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/crypto commit hash to 0c6587e #1593 (@renovate[bot])
- โก๏ธ chore(deps): update module google.golang.org/grpc to v1.33.2 #1585 (@renovate[bot])
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to f9bfe23 #1583 (@renovate[bot])
- โก๏ธ chore(deps): update mikefarah/yq action to v3.4.1 #1567 (@renovate[bot])
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to 24207fd #1566 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/net commit hash to ff519b6 #1565 (@renovate[bot])
- โก๏ธ chore(deps): update olegtarasov/get-tag action to v2 #1552 (@renovate[bot])
- ๐ chore(deps): update goreleaser/goreleaser-action action to v2 #1551 (@renovate[bot])
- โก๏ธ chore(deps): update actions/setup-go action to v2 #1550 (@renovate[bot])
- ๐ chore(deps): update toolmantim/release-drafter action to v5.12.1 #1549 (@renovate[bot])
- โก๏ธ chore(deps): update module google.golang.org/grpc to v1.33.1 #1548 (@renovate[bot])
- โก๏ธ chore(deps): update codecov/codecov-action action to v1.0.14 #1547 (@renovate[bot])
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to 0ff5f38 #1546 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/sync commit hash to 67f06af #1545 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/net commit hash to be3efd7 #1544 (@renovate[bot])
- โก๏ธ chore(deps): update vuepress monorepo to v1.7.1 #1531 (@renovate[bot])
- โก๏ธ chore(deps): update module spf13/cobra to v1.1.1 #1530 (@renovate[bot])
- โก๏ธ chore(deps): update module prometheus/client_golang to v1.8.0 #1529 (@renovate[bot])
- โก๏ธ chore(deps): update module ory/dockertest/v3 to v3.6.2 #1528 (@renovate[bot])
- โก๏ธ chore(deps): update module open-policy-agent/opa to v0.24.0 #1527 (@renovate[bot])
- โก๏ธ chore(deps): update module golang/protobuf to v1.4.3 #1525 (@renovate[bot])
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to 32ed001 #1524 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/net commit hash to 7b1cca2 #1523 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/crypto commit hash to 9e8e0b3 #1522 (@renovate[bot])
- โฌ๏ธ chore(deps): upgrade envoy to v0.16.0 #1519 (@desimone)
- ๐ deployment: run go mod tidy #1512 (@desimone)
- โก๏ธ chore(deps): update module ory/dockertest/v3 to v3.6.1 #1511 (@renovate[bot])
- โก๏ธ chore(deps): update module go.opencensus.io to v0.22.5 #1510 (@renovate[bot])
- โก๏ธ chore(deps): update module cenkalti/backoff/v4 to v4.1.0 #1509 (@renovate[bot])
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to 4d944d3 #1508 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/sync commit hash to b3e1573 #1507 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/net commit hash to 4f7140c #1506 (@renovate[bot])
- ๐ deployment: pin /x/sys to fix dockertest #1491 (@desimone)
- โก๏ธ chore(deps): update module openzipkin/zipkin-go to v0.2.5 #1488 (@renovate[bot])
- โก๏ธ chore(deps): update module envoyproxy/go-control-plane to v0.9.7 #1487 (@renovate[bot])
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to bcad7cf #1486 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/sync commit hash to 3042136 #1485 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/crypto commit hash to 7f63de1 #1483 (@renovate[bot])
- โก๏ธ deps: update envoy arm64 to v1.15.1 #1475 (@travisgroth)
- chore(deps): envoy 1.15.1 #1473 (@desimone)
- โก๏ธ chore(deps): update vuepress monorepo to v1.6.0 #1463 (@renovate[bot])
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to c2d885f #1462 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/net commit hash to 5d4f700 #1461 (@renovate[bot])
- deps: go mod tidy #1434 (@travisgroth)
- โก๏ธ chore(deps): update module rs/zerolog to v1.20.0 #1431 (@renovate[bot])
- โก๏ธ chore(deps): update module caddyserver/certmagic to v0.12.0 #1429 (@renovate[bot])
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to d0d6055 #1428 (@renovate[bot])
- โก๏ธ chore(deps): update module openzipkin/zipkin-go to v0.2.4 #1407 (@renovate[bot])
- โก๏ธ chore(deps): update module gorilla/handlers to v1.5.1 #1406 (@renovate[bot])
- โก๏ธ chore(deps): update module google.golang.org/grpc to v1.32.0 #1405 (@renovate[bot])
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to 645f7a4 #1404 (@renovate[bot])
- โ Run go mod tidy #1384 (@cuonglm)
- โก๏ธ chore(deps): update module go.uber.org/zap to v1.16.0 #1381 (@renovate[bot])
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to 0bd0a95 #1380 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/oauth2 commit hash to 5d25da1 #1379 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/net commit hash to 62affa3 #1378 (@renovate[bot])
- deps: ensure renovate runs
go mod tidy
#1357 (@travisgroth) - deps: go mod tidy #1356 (@travisgroth)
- โก๏ธ Update module open-policy-agent/opa to v0.23.2 #1351 (@renovate[bot])
- โก๏ธ Update module google/uuid to v1.1.2 #1350 (@renovate[bot])
- โก๏ธ Update module google/go-cmp to v0.5.2 #1349 (@renovate[bot])
- โก๏ธ Update module google.golang.org/grpc to v1.31.1 #1348 (@renovate[bot])
- โก๏ธ Update google.golang.org/genproto commit hash to 2bf3329 #1347 (@renovate[bot])
- โก๏ธ chore(deps): update vuepress monorepo to v1.5.4 #1323 (@renovate[bot])
- โก๏ธ chore(deps): update module open-policy-agent/opa to v0.23.1 #1322 (@renovate[bot])
- โก๏ธ chore(deps): update module gorilla/mux to v1.8.0 #1321 (@renovate[bot])
- โก๏ธ chore(deps): update module gorilla/handlers to v1.5.0 #1320 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/net commit hash to c890458 #1319 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/crypto commit hash to 5c72a88 #1318 (@renovate[bot])
- โฌ๏ธ Upgrade zipkin-go to v0.2.3 #1288 (@cuonglm)
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to f69a880 #1286 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/time commit hash to 3af7569 #1285 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/net commit hash to 3edf25e #1284 (@renovate[bot])
- โฌ๏ธ .github/workflows: upgrade to go1.15 #1258 (@cuonglm)
- ๐ Fix tests failed with go115 #1257 (@cuonglm)
- โก๏ธ chore(deps): update dependency @vuepress/plugin-google-analytics to v1.5.3 #1236 (@renovate[bot])
- โก๏ธ Update module google.golang.org/api to v0.30.0 #1235 (@renovate[bot])
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to a062522 #1234 (@renovate[bot])
๐ Deployment
- ๐ deployment: enable multi-arch release images #1643 (@travisgroth)
- ci: add bintray publishing #1618 (@travisgroth)
- ๐ ci: remove bad quoting in publish steps #1617 (@travisgroth)
- โก๏ธ ci: update tag parsing step #1616 (@travisgroth)
- โ remove memberlist #1615 (@calebdoxsey)
- โก๏ธ ci: automatically update test environment with master #1562 (@travisgroth)
- ๐ deployment: add debug build / container / docs #1513 (@travisgroth)
- ๐ deployment: Generate deb and rpm packages #1458 (@travisgroth)
- ๐ deployment: bump release go to v1.15.x #1439 (@desimone)
- โ ci: publish cloudrun latest tag #1398 (@travisgroth)
- ๐ deployment: fully split release archives and brews #1365 (@travisgroth)
- ๐ณ Include pomerium-cli in the docker image by default. Fixes #1343. #1345 (@rspier)
- โ Use apt-get instead of apt to eliminate warning. #1344 (@rspier)
- ๐ deployment: add goimports with path awareness #1316 (@desimone)
๐ Changed
- identity/oidc/azure: goimports #1651 (@travisgroth)
- ๐ fix panic when deleting a record twice from the inmemory data store #1639 (@calebdoxsey)
- ๐ ci: improve release snapshot name template #1602 (@travisgroth)
- ๐ ci: fix release workflow syntax #1592 (@travisgroth)
- โก๏ธ ci: update changelog generation to script #1589 (@travisgroth)
- ๐ [Backport 0-10-0] docs: add round logo #1575 (@github-actions[bot])
- tidy #1494 (@desimone)
- dev: add remote container debug configs #1459 (@desimone)
- ci: add stale issue automation #1366 (@travisgroth)
- ๐ internal/urlutil: remove un-used constants #1326 (@cuonglm)
- โ integration: add forward auth test #1312 (@cuonglm)
- โก๏ธ pkg/storage/redis: update tests to use local certs + upstream image #1306 (@travisgroth)
- config: omit empty subpolicies in yaml/json #1229 (@travisgroth)
- Cuonglm/increase coverrage 1 #1227 (@cuonglm)
-
v0.11.0-rc2 Changes
November 20, 2020๐ New
- โ add paging support to GetAll #1601 (@calebdoxsey)
- ๐ attach version to gRPC server metadata #1598 (@calebdoxsey)
๐ Fixed
- pkg/storage/redis: Prevent connection churn #1603 (@travisgroth)
Dependency
- โก๏ธ chore(deps): update module google/go-cmp to v0.5.3 #1597 (@renovate[bot])
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to ce600e9 #1596 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/oauth2 commit hash to 9fd6049 #1595 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/net commit hash to 69a7880 #1594 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/crypto commit hash to 0c6587e #1593 (@renovate[bot])
๐ Changed
- ๐ ci: improve release snapshot name template #1602 (@travisgroth)
-
v0.11.0-rc1 Changes
November 13, 2020๐ฅ Breaking
- โ add flag to enable user impersonation #1514 (@calebdoxsey)
๐ New
- 0๏ธโฃ use custom default http transport #1576 (@calebdoxsey)
- โก๏ธ update user info in addition to refreshing the token #1572 (@calebdoxsey)
- databroker: add audience to session #1557 (@calebdoxsey)
- authorize: implement allowed_idp_claims #1542 (@calebdoxsey)
- ๐ autocert: support certificate renewal #1516 (@calebdoxsey)
- โ add policy to allow any authenticated user #1515 (@pflipp)
- debug: add pprof endpoints #1504 (@calebdoxsey)
- databroker: require JWT for access #1503 (@calebdoxsey)
- ๐ authenticate: remove unused paths, generate cipher at startup, remove qp store #1495 (@desimone)
- forward-auth: use envoy's ext_authz check #1482 (@desimone)
- auth0: implement directory provider #1479 (@grounded042)
- ๐ azure: incremental sync #1471 (@calebdoxsey)
- auth0: implement identity provider #1470 (@calebdoxsey)
- dashboard: format timestamps #1468 (@calebdoxsey)
- directory: additional user info #1467 (@calebdoxsey)
- ๐ directory: add explicit RefreshUser endpoint for faster sync #1460 (@calebdoxsey)
- ๐ config: add support for host header rewriting #1457 (@calebdoxsey)
- proxy: preserve path and query string for http->https redirect #1456 (@calebdoxsey)
- redis: use pubsub instead of keyspace events #1450 (@calebdoxsey)
- ๐ proxy: add support for /.pomerium/jwt #1446 (@calebdoxsey)
- ๐ databroker: add support for querying the databroker #1443 (@calebdoxsey)
- config: add dns_lookup_family option to customize DNS IP resolution #1436 (@calebdoxsey)
- okta: handle deleted groups #1418 (@calebdoxsey)
- ๐ controlplane: support P-384 / P-512 EC curves #1409 (@desimone)
- ๐ azure: add support for nested groups #1408 (@calebdoxsey)
- ๐ authorize: add support for service accounts #1374 (@calebdoxsey)
- โฑ Cuonglm/improve timeout error message #1373 (@cuonglm)
- ๐ internal/directory/okta: remove rate limiter #1370 (@cuonglm)
- {proxy/controlplane}: make health checks debug level #1368 (@desimone)
- ๐ databroker: add tracing for rego evaluation and databroker sync, fix bug in databroker config source #1367 (@calebdoxsey)
- authorize: use impersonate email/groups in JWT #1364 (@calebdoxsey)
- ๐ config: support explicit prefix and regex path rewriting #1363 (@calebdoxsey)
- ๐ proxy: support websocket timeouts #1362 (@calebdoxsey)
- proxy: disable control-plane robots.txt for public unauthenticated routes #1361 (@calebdoxsey)
- ๐ฒ certmagic: improve logging #1358 (@calebdoxsey)
- ๐ logs: add new log scrubber #1346 (@calebdoxsey)
- ๐ Allow setting the shared secret via an environment variable. #1337 (@rspier)
- ๐ฐ authorize: add jti to JWT payload #1328 (@calebdoxsey)
- all: add signout redirect url #1324 (@cuonglm)
- ๐ proxy: remove unused handlers #1317 (@desimone)
- ๐ azure: support deriving credentials from client id, client secret and provider url #1300 (@calebdoxsey)
- ๐ cache: support databroker option changes #1294 (@calebdoxsey)
- ๐ authenticate: move databroker connection to state #1292 (@calebdoxsey)
- authorize: use atomic state for properties #1290 (@calebdoxsey)
- โก๏ธ proxy: move properties to atomically updated state #1280 (@calebdoxsey)
- Improving okta API requests #1278 (@cuonglm)
- โก๏ธ authenticate: move properties to atomically updated state #1277 (@calebdoxsey)
- ๐ authenticate: support reloading IDP settings #1273 (@calebdoxsey)
- Rate limit for okta #1271 (@cuonglm)
- ๐ง config: allow dynamic configuration of cookie settings #1267 (@calebdoxsey)
- 0๏ธโฃ internal/directory/okta: increase default batch size to 200 #1264 (@cuonglm)
- ๐ง envoy: add support for hot-reloading bootstrap configuration #1259 (@calebdoxsey)
- config: allow reloading of telemetry settings #1255 (@calebdoxsey)
- ๐ databroker: add support for config settings #1253 (@calebdoxsey)
- config: warn if custom scopes set for builtin providers #1252 (@cuonglm)
- authorize: add databroker url check #1228 (@desimone)
- ๐ internal/databroker: make Sync send data in smaller batches #1226 (@cuonglm)
๐ Fixed
- ๐ forward-auth: fix special character support for nginx #1578 (@desimone)
- proxy/forward_auth: copy response headers as request headers #1577 (@desimone)
- ๐ fix querying claim data on the dashboard #1560 (@calebdoxsey)
- github: fix retrieving team id with graphql API (#1554) #1555 (@toshipp)
- store raw id token so it can be passed to the logout url #1543 (@calebdoxsey)
- ๐ fix databroker requiring signed jwt #1538 (@calebdoxsey)
- authorize: add redirect url to debug page #1533 (@desimone)
- internal/frontend: resolve authN helper url #1521 (@desimone)
- fwd-auth: match nginx-ingress config #1505 (@desimone)
- authenticate: protect /.pomerium/admin endpoint #1500 (@calebdoxsey)
- ๐ฆ ci: ensure systemd unit file is in packages #1481 (@travisgroth)
- ๐ identity manager: fix directory sync timing #1455 (@calebdoxsey)
- proxy/forward_auth: don't reset forward auth path if X-Forwarded-Uri is not set #1447 (@whs)
- ๐ httputil: remove retry button #1438 (@desimone)
- proxy: always use https for application callback #1433 (@travisgroth)
- ๐ controplane: remove p-521 EC #1420 (@desimone)
- redirect-server: add config headers to responses #1416 (@calebdoxsey)
- ๐ proxy: remove impersonate headers for kubernetes #1394 (@calebdoxsey)
- 0๏ธโฃ Desimone/authenticate default logout #1390 (@desimone)
- proxy: for filter matches only include bare domain name #1389 (@calebdoxsey)
- internal/envoy: start epoch from 0 #1387 (@travisgroth)
- internal/directory/okta: acceept non-json service account #1359 (@cuonglm)
- internal/controlplane: add telemetry http handler #1353 (@travisgroth)
- autocert: fix locking issue #1310 (@calebdoxsey)
- ๐ฒ authorize: log users and groups #1303 (@desimone)
- proxy: fix wrong applied middleware #1298 (@cuonglm)
- internal/directory/okta: fix wrong API query filter #1296 (@cuonglm)
- autocert: fix bootstrapped cache store path #1283 (@desimone)
- config: validate databroker settings #1260 (@calebdoxsey)
- internal/autocert: re-use cert if renewing failed but cert not expired #1237 (@cuonglm)
๐ Documentation
- ๐ docs: use standard language for lists #1590 (@desimone)
- ๐ Fix command in Kubernetes Quick start docs #1582 (@wesleyw72)
- ๐ move docs to settings.yaml #1579 (@calebdoxsey)
- ๐ docs: add round logo #1574 (@desimone)
- โ add settings.yaml file #1540 (@calebdoxsey)
- ๐ update the documentation for auth0 to include group/role information #1502 (@grounded042)
- examples: fix nginx example #1478 (@desimone)
- ๐ docs: add architecture diagram for cloudrun #1444 (@travisgroth)
- ๐ fix(examples): Use X-Pomerium-Claim headers #1422 (@tdorsey)
- ๐ chore(docs): Fix typo in example policy #1419 (@tdorsey)
- ๐ docs: fix grammar #1412 (@shinebayar-g)
- ๐ docs: Add Traefik + Kubernetes example #1411 (@travisgroth)
- Remove typo on remove_request_headers docs #1388 (@whs)
- ๐ docs: update azure docs #1377 (@desimone)
- ๐ docs: add nginx example #1329 (@travisgroth)
- ๐ docs: use .com sitemap hostname #1274 (@desimone)
- ๐ docs: fix in-action video #1268 (@travisgroth)
- ๐ docs: image, sitemap and redirect fixes #1263 (@travisgroth)
- ๐ Fix broken logo link in README.md #1261 (@cuonglm)
- ๐ docs/docs: fix wrong okta service account field #1251 (@cuonglm)
- ๐ Docs/enterprise button #1245 (@desimone)
- โ remove rootDomain from examples #1244 (@karelbilek)
- ๐ docs: add / redirect #1241 (@desimone)
- ๐ docs: prepare for enterprise / oss split #1238 (@desimone)
Dependency
- โก๏ธ chore(deps): update module google.golang.org/grpc to v1.33.2 #1585 (@renovate[bot])
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to f9bfe23 #1583 (@renovate[bot])
- โก๏ธ chore(deps): update mikefarah/yq action to v3.4.1 #1567 (@renovate[bot])
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to 24207fd #1566 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/net commit hash to ff519b6 #1565 (@renovate[bot])
- โก๏ธ chore(deps): update olegtarasov/get-tag action to v2 #1552 (@renovate[bot])
- ๐ chore(deps): update goreleaser/goreleaser-action action to v2 #1551 (@renovate[bot])
- โก๏ธ chore(deps): update actions/setup-go action to v2 #1550 (@renovate[bot])
- ๐ chore(deps): update toolmantim/release-drafter action to v5.12.1 #1549 (@renovate[bot])
- โก๏ธ chore(deps): update module google.golang.org/grpc to v1.33.1 #1548 (@renovate[bot])
- โก๏ธ chore(deps): update codecov/codecov-action action to v1.0.14 #1547 (@renovate[bot])
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to 0ff5f38 #1546 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/sync commit hash to 67f06af #1545 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/net commit hash to be3efd7 #1544 (@renovate[bot])
- โก๏ธ chore(deps): update vuepress monorepo to v1.7.1 #1531 (@renovate[bot])
- โก๏ธ chore(deps): update module spf13/cobra to v1.1.1 #1530 (@renovate[bot])
- โก๏ธ chore(deps): update module prometheus/client_golang to v1.8.0 #1529 (@renovate[bot])
- โก๏ธ chore(deps): update module ory/dockertest/v3 to v3.6.2 #1528 (@renovate[bot])
- โก๏ธ chore(deps): update module open-policy-agent/opa to v0.24.0 #1527 (@renovate[bot])
- โก๏ธ chore(deps): update module golang/protobuf to v1.4.3 #1525 (@renovate[bot])
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to 32ed001 #1524 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/net commit hash to 7b1cca2 #1523 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/crypto commit hash to 9e8e0b3 #1522 (@renovate[bot])
- โฌ๏ธ chore(deps): upgrade envoy to v0.16.0 #1519 (@desimone)
- ๐ deployment: run go mod tidy #1512 (@desimone)
- โก๏ธ chore(deps): update module ory/dockertest/v3 to v3.6.1 #1511 (@renovate[bot])
- โก๏ธ chore(deps): update module go.opencensus.io to v0.22.5 #1510 (@renovate[bot])
- โก๏ธ chore(deps): update module cenkalti/backoff/v4 to v4.1.0 #1509 (@renovate[bot])
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to 4d944d3 #1508 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/sync commit hash to b3e1573 #1507 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/net commit hash to 4f7140c #1506 (@renovate[bot])
- ๐ deployment: pin /x/sys to fix dockertest #1491 (@desimone)
- โก๏ธ chore(deps): update module openzipkin/zipkin-go to v0.2.5 #1488 (@renovate[bot])
- โก๏ธ chore(deps): update module envoyproxy/go-control-plane to v0.9.7 #1487 (@renovate[bot])
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to bcad7cf #1486 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/sync commit hash to 3042136 #1485 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/crypto commit hash to 7f63de1 #1483 (@renovate[bot])
- โก๏ธ deps: update envoy arm64 to v1.15.1 #1475 (@travisgroth)
- chore(deps): envoy 1.15.1 #1473 (@desimone)
- โก๏ธ chore(deps): update vuepress monorepo to v1.6.0 #1463 (@renovate[bot])
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to c2d885f #1462 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/net commit hash to 5d4f700 #1461 (@renovate[bot])
- deps: go mod tidy #1434 (@travisgroth)
- โก๏ธ chore(deps): update module rs/zerolog to v1.20.0 #1431 (@renovate[bot])
- โก๏ธ chore(deps): update module caddyserver/certmagic to v0.12.0 #1429 (@renovate[bot])
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to d0d6055 #1428 (@renovate[bot])
- โก๏ธ chore(deps): update module openzipkin/zipkin-go to v0.2.4 #1407 (@renovate[bot])
- โก๏ธ chore(deps): update module gorilla/handlers to v1.5.1 #1406 (@renovate[bot])
- โก๏ธ chore(deps): update module google.golang.org/grpc to v1.32.0 #1405 (@renovate[bot])
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to 645f7a4 #1404 (@renovate[bot])
- โ Run go mod tidy #1384 (@cuonglm)
- โก๏ธ chore(deps): update module go.uber.org/zap to v1.16.0 #1381 (@renovate[bot])
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to 0bd0a95 #1380 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/oauth2 commit hash to 5d25da1 #1379 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/net commit hash to 62affa3 #1378 (@renovate[bot])
- deps: ensure renovate runs
go mod tidy
#1357 (@travisgroth) - deps: go mod tidy #1356 (@travisgroth)
- โก๏ธ Update module open-policy-agent/opa to v0.23.2 #1351 (@renovate[bot])
- โก๏ธ Update module google/uuid to v1.1.2 #1350 (@renovate[bot])
- โก๏ธ Update module google/go-cmp to v0.5.2 #1349 (@renovate[bot])
- โก๏ธ Update module google.golang.org/grpc to v1.31.1 #1348 (@renovate[bot])
- โก๏ธ Update google.golang.org/genproto commit hash to 2bf3329 #1347 (@renovate[bot])
- โก๏ธ chore(deps): update vuepress monorepo to v1.5.4 #1323 (@renovate[bot])
- โก๏ธ chore(deps): update module open-policy-agent/opa to v0.23.1 #1322 (@renovate[bot])
- โก๏ธ chore(deps): update module gorilla/mux to v1.8.0 #1321 (@renovate[bot])
- โก๏ธ chore(deps): update module gorilla/handlers to v1.5.0 #1320 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/net commit hash to c890458 #1319 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/crypto commit hash to 5c72a88 #1318 (@renovate[bot])
- โฌ๏ธ Upgrade zipkin-go to v0.2.3 #1288 (@cuonglm)
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to f69a880 #1286 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/time commit hash to 3af7569 #1285 (@renovate[bot])
- โก๏ธ chore(deps): update golang.org/x/net commit hash to 3edf25e #1284 (@renovate[bot])
- โฌ๏ธ .github/workflows: upgrade to go1.15 #1258 (@cuonglm)
- ๐ Fix tests failed with go115 #1257 (@cuonglm)
- โก๏ธ chore(deps): update dependency @vuepress/plugin-google-analytics to v1.5.3 #1236 (@renovate[bot])
- โก๏ธ Update module google.golang.org/api to v0.30.0 #1235 (@renovate[bot])
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to a062522 #1234 (@renovate[bot])
๐ Deployment
- โก๏ธ ci: automatically update test environment with master #1562 (@travisgroth)
- ๐ deplyoment: add debug build / container / docs #1513 (@travisgroth)
- ๐ deployment: Generate deb and rpm packages #1458 (@travisgroth)
- ๐ deployment: bump release go to v1.15.x #1439 (@desimone)
- โ ci: publish cloudrun latest tag #1398 (@travisgroth)
- ๐ deployment: fully split release archives and brews #1365 (@travisgroth)
- ๐ณ Include pomerium-cli in the docker image by default. Fixes #1343. #1345 (@rspier)
- โ Use apt-get instead of apt to eliminate warning. #1344 (@rspier)
- ๐ deployment: add goimports with path awareness #1316 (@desimone)
๐ Changed
- tidy #1494 (@desimone)
- dev: add remote container debug configs #1459 (@desimone)
- ci: add stale issue automation #1366 (@travisgroth)
- ๐ internal/urlutil: remove un-used constants #1326 (@cuonglm)
- โ integration: add forward auth test #1312 (@cuonglm)
- โก๏ธ pkg/storage/redis: update tests to use local certs + upstream image #1306 (@travisgroth)
- config: omit empty subpolicies in yaml/json #1229 (@travisgroth)
- Cuonglm/increase coverrage 1 #1227 (@cuonglm)
* This Changelog was automatically generated by github_changelog_generator
-
v0.10.6 Changes
October 01, 2020๐ Security
๐ Envoy released a security update to addresses the following CVE(s):
- CVE-2020-25017 (CVSS score 6.5, Medium): Incorrect handling of duplicate HTTP headers
โก๏ธ This patch updates the underlying embedded version of Envoy to
1.15.1
. If you instead are using the Envoy from your local$PATH
you are encouraged to upgrade that binary as well.- deps: envoy 1.15.1 @desimone GH-1473
- โก๏ธ deps: update envoy arm64 to v1.15.1 @travisgroth GH-1475
-
v0.10.5 Changes
September 28, 2020๐ Changes
- redis: use pubsub instead of keyspace events @calebdoxsey GH-1451
-
v0.10.4 Changes
September 22, 2020๐ Fixed
- ๐ controlplane: support P-384 / P-512 EC curves @desimone GH-1409
- ๐ controlplane: remove p-521 EC @desimone GH-1420
- redirect-server: add config headers to responses @calebdoxsey GH-1416
- proxy: always use https for application callback @travisgroth GH-1433
๐ Security
-
v0.10.3 Changes
September 11, 2020๐ Changes
- โ ci: publish cloudrun latest tag @travisgroth GH-1398
- ๐ docs: add nginx example @travisgroth GH-1329
- ๐ docs: update azure docs @desimone GH-1377
- internal/directory/okta: accept non-json service account @cuonglm GH-1359
- ๐ internal/directory/okta: remove rate limiter @cuonglm GH-1370
๐ Fixed
- authenticate: fix unset post_logout_redirect_uri @desimone GH-1390
- internal/controlplane: add telemetry http handler @travisgroth GH-1353
๐ Security
- ๐ proxy: remove impersonate headers for kubernetes @calebdoxsey GH-1394
-
v0.10.2 Changes
August 26, 2020 -
v0.10.1 Changes
August 20, 2020๐ Changes
- config: omit empty subpolicies in yaml/json @travisgroth GH-1230
๐ New
- authorize: add databroker url check @desimone GH-1231
- ๐ azure: support deriving credentials from client id, client secret and provider url @calebdoxsey GH-1300
๐ Fixed
- autocert: fix bootstrapped cache store path @desimone GH-1291
- ๐ฒ authorize: log users and groups @desimone GH-1303
๐ Documentation
- ๐ docs: prepare for enterprise / oss split @desimone GH-1239
- ๐ docs: add / redirect @desimone GH-1242
- ๐ docs: remove enterprise button @desimone GH-1246
- ๐ docs: image, sitemap and redirect fixes @travisgroth GH-1265
- ๐ docs: fix in-action video @travisgroth GH-1269
- ๐ docs: use .com sitemap hostname @desimone GH-1275
-
v0.10.0 Changes
August 07, 2020v0.10.0
๐ Please be sure to review the upgrade guide! This release include many bug fixes and improvements, but also several breaking changes.
๐ Changes
- โ Add storage backend interface @cuonglm GH-1072
- โก๏ธ all: update outdated comments about OptionsUpdater interface @cuonglm GH-1207
- ๐ Allow specify go executable in Makefile @cuonglm GH-1008
- audit: add protobuf definitions @calebdoxsey GH-1047
- authenticate: hide impersonation form from non-admin users @cuonglm GH-979
- ๐ authenticate: move impersonate from proxy to authenticate @calebdoxsey GH-965
- ๐ authenticate: remove useless/duplicated code block @cuonglm GH-962
- authenticate: revoke current session oauth token before sign out @cuonglm GH-964
- authorize,proxy: allow traefik forward auth without uri query @cuonglm GH-1103
- authorize: add evaluator store @calebdoxsey GH-1105
- โ authorize: add test for denied response @cuonglm GH-1197
- ๐ authorize: avoid serializing databroker data map to improve performance @calebdoxsey GH-995
- authorize: clear session state if session was deleted in databroker @cuonglm GH-1053
- authorize: derive check response message from reply message @cuonglm GH-1193
- authorize: include "kid" in JWT header @cuonglm GH-1049
- authorize: store policy evaluator on success only @cuonglm GH-1206
- โ authorize/evaluator: add more test cases @cuonglm GH-1198
- authorize/evaluator: fix wrong custom policies decision @cuonglm GH-1199
- authorize/evaluator/opa: use route policy object instead of array index @cuonglm GH-1001
- cache: add client telemetry @travisgroth GH-975
- โ cache: add test for runMemberList @cuonglm GH-1007
- cache: attempt to join memberlist cluster for sanity check @travisgroth GH-1004
- cache: fix missing parameter @travisgroth GH-1005
- cache: only run memberlist for in-memory databroker @travisgroth GH-1224
- ๐ ci: Add cloudrun build @travisgroth GH-1097
- ๐ ci: support rc releases @travisgroth GH-1011
- cmd/pomerium-cli: do not require terminal with cached creds @travisgroth GH-1196
- config: add check to assert service account is required for policies with allowed_groups @desimone GH-997
- ๐ config: add support for policies stored in the databroker @calebdoxsey GH-1099
- ๐ config: additional kubernetes token source support @travisgroth GH-1200
- ๐ config: allow setting directory sync interval and timeout @cuonglm GH-1098
- 0๏ธโฃ config: default to google idp credentials for serverless @travisgroth GH-1170
- config: fix loading storage client cert from wrong location @travisgroth GH-1212
- config: Set loopback address by ipv4 IP @travisgroth GH-1116
- ๐ cryptutil: move to pkg dir, add token generator @calebdoxsey GH-1029
- ๐ deployment: fix brew creation for pomerium-cli @travisgroth GH-1192
- directory.Group entry for groups @calebdoxsey GH-1118
- ๐ docs/docs: update upgrading to mention redis storage backend @cuonglm GH-1172
- envoy: disable idle timeouts to controlplane @travisgroth GH-1000
- grpc: rename internal/grpc to pkg/grpc @calebdoxsey GH-1010
- grpc: use relative paths in codegen @desimone GH-1106
- ๐ grpcutil: add functions for JWTs in gRPC metadata @calebdoxsey GH-1165
- Increasing authorize coverage @cuonglm GH-1221
- integration: add dummy value for idp_service_account @cuonglm GH-1009
- internal/controlplane: set envoy prefix rewrite if present @cuonglm GH-1034
- internal/controlplane: using envoy strip host port matching @cuonglm GH-1126
- internal/databroker: handle new db error @cuonglm GH-1129
- internal/databroker: store server version @cuonglm GH-1121
- internal/directory: improve google user groups list @cuonglm GH-1092
- internal/directory: use both id and name for group @cuonglm GH-1086
- internal/directory/google: return both group e-mail and id @travisgroth GH-1083
- ๐ฑ internal/frontend/assets/html: make timestamp human readable @cuonglm GH-1107
- internal/sessions: handle claims "ver" field generally @cuonglm GH-990
- โ internal/urlutil: add tests for GetDomainsForURL @cuonglm GH-1183
- memberlist: use bufio reader instead of scanner @calebdoxsey GH-1002
- ๐จ config: options refactor @calebdoxsey GH-1088
- ๐ฆ pkg: add grpcutil package @calebdoxsey GH-1032
- ๐ฆ pkg/storage: add package docs @cuonglm GH-1078
- pkg/storage: change backend interface to return error @cuonglm GH-1131
- pkg/storage: introduce storage.Backend Watch method @cuonglm GH-1135
- pkg/storage: make Watch returns receive only channel @cuonglm GH-1211
- ๐ฆ pkg/storage/redis: do not use timeout to signal redis conn to stop @cuonglm GH-1155
- pkg/storage/redis: fix multiple data race @cuonglm GH-1210
- โก๏ธ pkg/storage/redis: metrics updates @travisgroth GH-1195
- ๐ pkg/storage/redis: move last version to redis @cuonglm GH-1134
- โฌ๏ธ proxy: add support for spdy upgrades @travisgroth GH-1203
- proxy: avoid second policy validation @travisgroth GH-1204
- ๐จ proxy: refactor handler setup code @travisgroth GH-1205
- set session state expiry @calebdoxsey GH-1215
- โ Sleep longer before running integration tests @cuonglm GH-968
- telemetry: add tracing spans to cache and databroker @travisgroth GH-987
๐ New
- authenticate: allow hot reloaded admin users config @cuonglm [GH-984]
- ๐ authenticate: support hot reloaded config @cuonglm GH-984
- authorize: custom rego policies @calebdoxsey GH-1123
- authorize: include "kid" in JWT headers @cuonglm [GH-1046]
- azure: use OID for user id in session @calebdoxsey GH-985
- config: add pass_identity_headers @cuonglm [GH-903]
- config: add remove_request_headers @cuonglm [GH-822]
- config: both base64 and file reference can be used for "certificates" @dmitrif [GH-1055]
- ๐ config: change config key parsing to attempt Base64 decoding first. @dmitrif GH-1055
- 0๏ธโฃ config: change default log level to INFO @cuonglm [GH-902]
- custom rego in databroker @calebdoxsey GH-1124
- databroker server backend config @cuonglm GH-1127
- databroker: add encryption for records @calebdoxsey GH-1168
- ๐ deploy: Add homebrew tap publishing @travisgroth GH-1179
- ๐ deployment: cut separate archive for cli @desimone GH-1177
- ๐ directory: add service account struct and parsing method @calebdoxsey GH-971
- envoy: enable strip host port matching @cuonglm [GH-1126]
- github: implement github directory provider @calebdoxsey GH-963
- google: store directory information by user id @calebdoxsey GH-988
- ๐ identity: support custom code flow request params @desimone GH-998
- implement google cloud serverless authentication @calebdoxsey GH-1080
- internal/directory/okta: store directory information by user id @cuonglm GH-991
- internal/directory/onelogin: store directory information by user id @cuonglm GH-992
- kubernetes apiserver integration @calebdoxsey GH-1063
- ๐ pkg/storage/redis: add authentication support @cuonglm GH-1159
- ๐ pkg/storage/redis: add redis TLS support @cuonglm GH-1163
- pomerium-cli k8s exec-credential @calebdoxsey GH-1073
- redis storage backend @cuonglm GH-1082
- telmetry: add databroker storage metrics and tracing @travisgroth GH-1161
- ๐ use custom binary for arm64 linux release @calebdoxsey GH-1065
๐ Fixed
- authenticate: fix wrong condition checking in VerifySession @cuonglm GH-1146
- authenticate: fix wrong SignIn telemetry name @cuonglm GH-1038
- authorize: Force redirect scheme to https @travisgroth GH-1075
- authorize: strip port from host header if necessary @cuonglm GH-1175
- authorize/evaluator/opa: set client tls cert usage explicitly @travisgroth GH-1026
- authorize/evaluator/opa/policy: fix allow rules with impersonate @cuonglm GH-1094
- cache: fix data race in NotifyJoin @cuonglm GH-1028
- ๐ ci: fix arm docker image releases @travisgroth GH-1178
- ci: Prevent dirty git state @travisgroth GH-1117
- ๐ ci: release fixes @travisgroth GH-1181
- config: fix deep copy of config @calebdoxsey GH-1089
- controlplane: add robots route @desimone GH-966
- ๐ deploy: ensure pomerium-cli is built correctly @travisgroth GH-1180
- ๐ deployment: fix pomerium-cli release @desimone GH-1104
- envoy: Set ExtAuthz Cluster name to URL Host @travisgroth GH-1132
- ๐ fix databroker restart versioning, handle missing sessions @calebdoxsey GH-1145
- ๐ fix lint errors @travisgroth GH-1171
- ๐ fix redirect loop, remove user/session services, remove duplicate deleted_at fields @calebdoxsey GH-1162
- ๐ handle example.com and example.com:443 @calebdoxsey GH-1153
- internal/controlplane: enable envoy use remote address @cuonglm GH-1023
- internal/databroker: fix wrong server version init @cuonglm GH-1125
- pkg/grpc: fix wrong audit protoc gen file @cuonglm GH-1048
- pkg/storage/redis: handling connection to redis backend failure @cuonglm GH-1174
- pomerium-cli: fix kubernetes token caching @calebdoxsey GH-1169
- ๐ pomerium-cli: kubernetes fixes @calebdoxsey GH-1176
- 0๏ธโฃ proxy: do not set X-Pomerium-Jwt-Assertion/X-Pomerium-Claim-* headers by default @cuonglm [GH-903]
- proxy: fix invalid session after logout in forward auth mode @cuonglm GH-1062
- proxy: fix redirect url with traefik forward auth @cuonglm GH-1037
- proxy: fix wrong forward auth request @cuonglm GH-1030
๐ Documentation
- ๐ docs: Update synology.md @roulesse GH-1219
- ๐ docs: add installation section @travisgroth GH-1223
- ๐ docs: add kubectl config commands @travisgroth GH-1152
- ๐ docs: add kubernetes docs @calebdoxsey GH-1087
- ๐ docs: add recipe for TiddlyWiki on Node.js @favadi GH-1143
- ๐ docs: add required in cookie_secret @mig4ng GH-1142
- ๐ docs: add warnings cones around requiring IdP Service Accounts @travisgroth GH-999
- ๐ docs: cloud Run / GCP Serverless @travisgroth GH-1101
- docs: document preserve_host_header with policy routes to static ip @cuonglm GH-1024
- ๐ docs: fix incorrect example middleware @travisgroth GH-1128
- ๐ docs: fix links, clarify upgrade guide for v0.10 @desimone GH-1220
- ๐ docs: fix minor errors @travisgroth GH-1214
- ๐ docs: Kubernetes topic @travisgroth GH-1222
- ๐ docs: Move examples repo into main repo @travisgroth GH-1102
- ๐ docs: Redis and stateful storage docs @travisgroth GH-1173
- ๐ docs: refactor sections, consolidate examples @desimone GH-1164
- ๐ docs: rename docs/reference to docs/topics @desimone GH-1182
- ๐ docs: service account instructions for azure @calebdoxsey GH-969
- ๐ docs: service account instructions for gitlab @calebdoxsey GH-970
- ๐ docs: update architecture diagrams + descriptions @travisgroth GH-1218
- ๐ docs: update GitHub documentation for service account @calebdoxsey GH-967
- ๐ docs: Update Istio VirtualService example @jeffhubLR GH-1006
- ๐ docs: update okta service account docs to match new format @calebdoxsey GH-972
- ๐ Docs: Update README stating specific requirements for SIGNING_KEY @bradjones1 GH-1217
- ๐ docs: update reference docs @desimone GH-1208
- ๐ docs: update service account instructions for OneLogin @calebdoxsey GH-973
- ๐ docs: update upgrading document for breaking changes @calebdoxsey GH-974
- ๐ docs/.vuepress: fix missing local-oidc recipes section @cuonglm GH-1147
- ๐ docs/configuration: add doc for trailing slash limitation in "To" field @cuonglm GH-1040
- ๐ docs/docs: add changelog for #1055 @cuonglm GH-1084
- ๐ docs/docs/identity-providers: document gitlab default scopes changed @cuonglm GH-980
- ๐ docs/recipes: add local oidc example @cuonglm GH-1045
Dependency
- chore(deps): bump envoy to 1.15.0 @desimone GH-1119
- chore(deps): google.golang.org/genproto commit hash to da3ae01 @renovate GH-1138
- chore(deps): module google/go-cmp to v0.5.1 @renovate GH-1139
- โก๏ธ chore(deps): update envoy to 1.14.4 @desimone GH-1076
- โก๏ธ chore(deps): update github.com/skratchdot/open-golang commit hash to eef8423 @renovate GH-1108
- โก๏ธ chore(deps): update golang.org/x/crypto commit hash to 123391f @renovate GH-1184
- โก๏ธ chore(deps): update golang.org/x/crypto commit hash to 948cd5f @renovate GH-1056
- โก๏ธ chore(deps): update golang.org/x/net commit hash to 4c52546 @renovate GH-1017
- โก๏ธ chore(deps): update golang.org/x/net commit hash to ab34263 @renovate GH-1057
- โก๏ธ chore(deps): update golang.org/x/sync commit hash to 6e8e738 @renovate GH-1018
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to 11fb19a @renovate GH-1109
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to 8145dea @renovate GH-1185
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to 8698661 @renovate GH-1058
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to 8e8330b @renovate GH-1039
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to ee7919e @renovate GH-1019
- โก๏ธ chore(deps): update google.golang.org/genproto commit hash to fbb79ea @renovate GH-945
- โก๏ธ chore(deps): update module cenkalti/backoff/v4 to v4.0.2 @renovate GH-946
- โก๏ธ chore(deps): update module contrib.go.opencensus.io/exporter/jaeger to v0.2.1 @renovate GH-1186
- โก๏ธ chore(deps): update module contrib.go.opencensus.io/exporter/zipkin to v0.1.2 @renovate GH-1187
- โก๏ธ chore(deps): update module envoyproxy/go-control-plane to v0.9.6 @renovate GH-1059
- โก๏ธ chore(deps): update module go.opencensus.io to v0.22.4 @renovate GH-948
- โก๏ธ chore(deps): update module golang/mock to v1.4.4 @renovate GH-1188
- โก๏ธ chore(deps): update module google.golang.org/api to v0.28.0 @renovate GH-949
- โก๏ธ chore(deps): update module google.golang.org/api to v0.29.0 @renovate GH-1060
- โก๏ธ chore(deps): update module google.golang.org/grpc to v1.30.0 @renovate GH-1020
- โก๏ธ chore(deps): update module google.golang.org/grpc to v1.31.0 @renovate GH-1189
- โก๏ธ chore(deps): update module google.golang.org/protobuf to v1.25.0 @renovate GH-1021
- โก๏ธ chore(deps): update module google/go-cmp to v0.5.0 @renovate GH-950
- โก๏ธ chore(deps): update module hashicorp/memberlist to v0.2.2 @renovate GH-951
- โก๏ธ chore(deps): update module open-policy-agent/opa to v0.21.0 @renovate GH-952
- โก๏ธ chore(deps): update module open-policy-agent/opa to v0.21.1 @renovate GH-1061
- โก๏ธ chore(deps): update module open-policy-agent/opa to v0.22.0 @renovate GH-1110
- โก๏ธ chore(deps): update module prometheus/client_golang to v1.7.0 @renovate GH-953
- โก๏ธ chore(deps): update module prometheus/client_golang to v1.7.1 @renovate GH-1022
- โก๏ธ chore(deps): update module spf13/cobra to v1 @renovate GH-1111
- โก๏ธ chore(deps): update module spf13/viper to v1.7.1 @renovate GH-1190
- chore(deps):s bump opa v0.21.0 @desimone GH-993