Pomerium v0.6.0 Release Notes
Release Date: 2020-01-25 // over 4 years ago-
v0.6.0
๐ New
- ๐ authenticate: support backend refresh @desimone [GH-438]
- cache: add cache service @desimone [GH-457]
๐ Changed
- ๐ฆ authorize: consolidate gRPC packages @desimone [GH-443]
- config: added yaml tags to all options struct fields @travisgroth [GH-394],[gh-397]
- config: improved config validation for
shared_secret
@travisgroth [GH-427] - ๐ config: Remove CookieRefresh [GH-428] @u5surf [GH-436]
- config: validate that
shared_key
does not contain whitespace @travisgroth [GH-427] - httputil : wrap handlers for additional context @desimone [GH-413]
๐ Fixed
- proxy: fix unauthorized redirect loop for forward auth @desimone [GH-448]
- ๐ proxy: fixed regression preventing policy reload GH-396
๐ Documentation
- โ add cookie settings @danderson [GH-429]
- ๐ fix typo in forward auth nginx example @travisgroth [GH-445]
- ๐ improved sentence flow and other stuff @Rio [GH-422]
- ๐ rename fwdauth to be forwardauth @desimone [GH-447]
Dependency
- โก๏ธ chore(deps): update golang.org/x/crypto commit hash to 61a8779 @renovate [GH-452]
- โก๏ธ chore(deps): update golang.org/x/crypto commit hash to 530e935 @renovate [GH-458]
- โก๏ธ chore(deps): update golang.org/x/crypto commit hash to 53104e6 @renovate [GH-431]
- โก๏ธ chore(deps): update golang.org/x/crypto commit hash to e9b2fee @renovate [GH-414]
- โก๏ธ chore(deps): update golang.org/x/oauth2 commit hash to 858c2ad @renovate [GH-415]
- โก๏ธ chore(deps): update golang.org/x/oauth2 commit hash to bf48bf1 @renovate [GH-453]
- โก๏ธ chore(deps): update module google.golang.org/grpc to v1.26.0 @renovate [GH-433]
- โก๏ธ chore(deps): update module google/go-cmp to v0.4.0 @renovate [GH-454]
- โก๏ธ chore(deps): update module spf13/viper to v1.6.1 @renovate [GH-423]
- โก๏ธ chore(deps): update module spf13/viper to v1.6.2 @renovate [GH-459]
- โก๏ธ chore(deps): update module square/go-jose to v2.4.1 @renovate [GH-435]
โฌ๏ธ Upgrade Guide
Since 0.5.0
๐ฅ Breaking
๐ New cache service
๐ A back-end cache service was added to support session refreshing from single-page-apps.
- For all-in-one deployments, no changes are required. The cache will be embedded in the binary. By default, autocache an in-memory LRU cache will be used to temporarily store user session data. If you wish to persist session data, it's also possible to use bolt or redis.
- ๐ For split-service deployments, you will need to deploy an additional service called cache. By default, pomerium will use autocache as a distributed, automatically managed cache. It is also possible to use redis as backend in this mode.
For a concrete example of the required changes, consider the following changes for those running split service mode,:
... pomerium-authenticate: environment: - SERVICES=authenticate+ - CACHE\_SERVICE\_URL=http://pomerium-cache:443...+ pomerium-cache:+ image: pomerium/pomerium+ environment:+ - SERVICES=cache+ volumes:+ - ../config/config.example.yaml:/pomerium/config.yaml:ro+ expose:+ - 443
โก๏ธ Please see the updated examples, and [cache service docs] as a reference and for the available cache stores. For more details as to why this was necessary, please see PR438 and PR457.