v0.26.0 Changes
v0.26.0 includes improved support for the Pomerium Zero beta.
Breaking
Changes that are expected to cause an incompatibility.
- config: remove deprecated client_ca option by @kenjenkins in #4918
- envoy: set explicit hostname on cluster endpoints by @kenjenkins in #5018
New
- authenticate: apply branding to sign out pages by @kenjenkins in #5044
- authorize: return non-html errors on denied by @calebdoxsey in #4904
- authorize: log service account user ID by @kenjenkins in #4964
- authorize: add support for rego print statements by @calebdoxsey in #5049
- config: implement direct response by @calebdoxsey in #4960
- config: add runtime flags by @wasaga in #5050
- config: disable gRPC ingress when address is the empty string by @calebdoxsey in #5058
- config: add support for TCP proxy chaining by @kenjenkins in #5053
- config: add support for stripping the port for matching routes by @calebdoxsey in #5085
- databroker: disable identity manager user refresh when hosted authenticate is used by @calebdoxsey in #4905
- envoy: only enable port reuse on linux by @calebdoxsey in #5066
- envoy: format envoy local replies by @calebdoxsey in #5067
- envoy: clean up temporary directory on start by @calebdoxsey in #4914
- identity: add enabler by @calebdoxsey in #5084
- identity: refactor identity manager by @calebdoxsey in #5091
- logging: less verbose logs by @calebdoxsey in #5040
- identity: dynamic authenticator registration by @calebdoxsey in #5105
- ppl: add client cert SAN match criteria by @kenjenkins in #4913
- ppl: add groups criterion by @calebdoxsey in #4916
- ui: fix page title by @calebdoxsey in #4957
- zero: add storage health check by @wasaga in #5074
- zero: upgrade oapi-codegen by @calebdoxsey in #4953
- zero: add service accounts support by @wasaga in #5031
- zero: lower log level by @calebdoxsey in #5065
- zero: add route reachability health check by @wasaga in #5093
- zero: health check building config from databroker source by @wasaga in #5104
Fixes
- authenticate: redirect to /.pomerium/signed_out when no signout redirect url is defined by @calebdoxsey in #5060
- envoy: exclude unauthorized access from local replies by @calebdoxsey in #5108
- kubernetes: fix impersonate group header by @calebdoxsey in #5090
- zero: add gRPC keep-alive by @wasaga in #4961
- zero: fix ticker usage by @calebdoxsey in #4969
- zero: fix bootstrap config path by @wasaga in #5035
Changed
- authenticate: rework CORS headers log entry by @kenjenkins in #4900
- authorize: result denied improvements by @calebdoxsey in #4952
- core: use context.WithoutCancel by @calebdoxsey in #4959
- core: switch to uber mock by @calebdoxsey in #5073
- core: move telemetry requestid to pkg directory by @calebdoxsey in #4911
- config: remove cookie secure option by @calebdoxsey in #4907
- config: fix typo by @wasaga in #4963
- envoy: enable TCP keepalive for internal clusters by @kenjenkins in #4902
- envoy: upgrade to v1.30.1 by @kenjenkins in #5080
- envoy: migrate deprecated overload setting by @kenjenkins in #5082
- envoy: address strconv.Atoi warnings by @kenjenkins in #5076
- envoy: preserve Go's max file limit for Envoy by @kenjenkins in #5102
- logging: use standard logger by @wasaga in #5096
- opa: update for rego 1.0 by @calebdoxsey in #4895
- ui: improve frontend build size by @calebdoxsey in #5109
- ui: adds upstream error page by @nhayfield in #5113
- zero: update oapi-codegen by @calebdoxsey in #4898
- zero: remove unused changeset code by @wasaga in #4915
- zero: simplify control loop lease retry code by @wasaga in #4979
- zero: reset back to inmem databroker if connection string is empty by @wasaga in #4955
- zero: add shared secret to the cluster bootstrap params by @wasaga in #5030
- zero: add common healthcheck package, zero reporter and first xds check by @wasaga in #5059
- zero: add checks for ability to save bootstrap parameter and bundle status reporting by @wasaga in #5064
- zero: only report healthcheck transitions by @wasaga in #5068
- zero: add user-agent to requests by @wasaga in #5078
- zero: add connect health check by @wasaga in #5086
Dependency Updates
- chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 by @dependabot in #4919
- chore(deps): bump node from
8d0f16f
tofd01154
by @dependabot in #4921 - chore(deps): bump golang from 1.21.5-bookworm to 1.21.6-bookworm by @dependabot in #4920
- chore(deps): bump google.golang.org/api from 0.154.0 to 0.161.0 by @dependabot in #4938
- chore(deps): bump google.golang.org/grpc from 1.60.1 to 1.61.0 by @dependabot in #4948
- chore(deps): bump actions/upload-artifact from 4.0.0 to 4.3.0 by @dependabot in #4922
- chore(deps): bump docker/metadata-action from 5.4.0 to 5.5.1 by @dependabot in #4923
- chore(deps): bump google-github-actions/setup-gcloud from 2.0.1 to 2.1.0 by @dependabot in #4924
- chore(deps): bump google-github-actions/auth from 2.0.0 to 2.1.0 by @dependabot in #4925
- chore(deps): bump github.com/klauspost/compress from 1.17.4 to 1.17.5 by @dependabot in #4940
- chore(deps): bump busybox from
ba76950
to6d9ac92
in /.github by @dependabot in #4950 - chore(deps): bump github.com/prometheus/common from 0.45.0 to 0.46.0 by @dependabot in #4949
- chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc from 0.44.0 to 0.45.0 by @dependabot in #4947
- chore(deps): bump go.opentelemetry.io/otel/sdk/metric from 1.21.0 to 1.22.0 by @dependabot in #4946
- chore(deps): bump github.com/shirou/gopsutil/v3 from 3.23.12 to 3.24.1 by @dependabot in #4928
- chore(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 by @dependabot in #4933
- chore(deps): bump github.com/aws/aws-sdk-go-v2 from 1.24.0 to 1.24.1 by @dependabot in #4930
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.47.7 to 1.48.1 by @dependabot in #4939
- chore(deps): bump github.com/open-policy-agent/opa from 0.60.0 to 0.61.0 by @dependabot in #4937
- chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.26.2 to 1.26.6 by @dependabot in #4932
- chore(deps): bump github.com/jackc/pgx/v5 from 5.5.1 to 5.5.2 by @dependabot in #4944
- chore(deps): bump github.com/envoyproxy/go-control-plane from 0.11.1 to 0.12.0 by @dependabot in #4935
- chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 1.0.2 to 1.0.4 by @dependabot in #4945
- chore(deps): bump cloud.google.com/go/storage from 1.36.0 to 1.37.0 by @dependabot in #4926
- chore(deps): bump github.com/docker/docker from 24.0.7+incompatible to 25.0.2+incompatible by @dependabot in #4942
- ci: upgrade to Go 1.22 by @wasaga in #4967
- chore(deps): bump distroless/base-debian12 from
0a93daa
to5eae9ef
in /.github by @dependabot in #4970 - chore(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 by @kenjenkins in #5009
- chore(deps): bump distroless/base from
6c1e34e
to9d4e568
in /.github by @dependabot in #4971 - chore(deps): bump distroless/base-debian12 from
996c583
to1d91d5f
by @dependabot in #4980 - chore(deps): bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0 by @dependabot in #4999
- chore(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 by @dependabot in #4972
- chore(deps): bump actions/setup-node from 4.0.1 to 4.0.2 by @dependabot in #4974
- chore(deps): bump google-github-actions/auth from 2.1.0 to 2.1.2 by @dependabot in #4976
- chore(deps): bump google.golang.org/grpc from 1.61.0 to 1.62.1 by @dependabot in #5011
- chore(deps): bump github.com/shirou/gopsutil/v3 from 3.24.1 to 3.24.2 by @dependabot in #5001
- chore(deps): bump github.com/jackc/pgx/v5 from 5.5.2 to 5.5.3 by @dependabot in #5000
- chore(deps): bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by @dependabot in #4978
- chore(deps): bump node from
fd01154
tof3299f1
by @dependabot in #4981 - chore(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 by @dependabot in #4975
- chore(deps): bump go.uber.org/zap from 1.26.0 to 1.27.0 by @dependabot in #4987
- chore(deps): bump github.com/rs/zerolog from 1.31.0 to 1.32.0 by @dependabot in #5004
- chore(deps): bump github.com/aws/aws-sdk-go-v2 from 1.24.1 to 1.25.2 by @dependabot in #4992
- chore(deps): bump mikefarah/yq from 4.40.5 to 4.42.1 by @dependabot in #4977
- chore(deps): bump github.com/go-chi/chi/v5 from 5.0.11 to 5.0.12 by @dependabot in #4986
- chore(deps): bump github.com/minio/minio-go/v7 from 7.0.66 to 7.0.67 by @dependabot in #4996
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.1 to 1.51.3 by @dependabot in #5016
- chore(deps): bump golang.org/x/crypto from 0.18.0 to 0.21.0 by @dependabot in #5013
- chore(deps): bump golang.org/x/oauth2 from 0.16.0 to 0.18.0 by @dependabot in #5012
- chore(deps): bump github.com/open-policy-agent/opa from 0.61.0 to 0.62.1 by @dependabot in #5017
- chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.26.6 to 1.27.6 by @dependabot in #5015
- chore(deps): bump google.golang.org/api from 0.161.0 to 0.168.0 by @dependabot in #5010
- chore(deps): bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.2 by @dependabot in #4984
- chore(deps): bump github.com/prometheus/common from 0.46.0 to 0.49.0 by @dependabot in #4998
- chore(deps): bump go.opentelemetry.io/otel/sdk/metric from 1.22.0 to 1.24.0 by @dependabot in #5003
- chore(deps): bump cloud.google.com/go/storage from 1.37.0 to 1.39.0 by @dependabot in #4989
- chore(deps): bump pre-commit/action from 3.0.0 to 3.0.1 by @dependabot in #4973
- chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc from 0.45.0 to 1.24.0 by @dependabot in #4983
- chore(deps): bump github.com/klauspost/compress from 1.17.5 to 1.17.7 by @dependabot in #4995
- chore(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 by @dependabot in #4990
- chore(deps): bump the docker group with 2 updates by @dependabot in #5024
- chore(deps): bump the go group with 10 updates by @dependabot in #5026
- chore(deps): bump the github-actions group with 1 update by @dependabot in #5025
- chore(deps): bump the docker group in /.github with 2 updates by @dependabot in #5023
- chore(deps): bump github.com/docker/docker from 25.0.4+incompatible to 25.0.5+incompatible by @dependabot in #5032
- envoy: set to v1.29.2 by @wasaga in #5042
- chore(deps): bump the docker group with 3 updates by @dependabot in #5045
- chore(deps): bump the github-actions group with 6 updates by @dependabot in #5047
- chore(deps): bump the docker group in /.github with 3 updates by @dependabot in #5046
- chore(deps): bump the go group with 15 updates by @dependabot in #5048
- chore(deps): bump @trivago/prettier-plugin-sort-imports from 2.0.4 to 4.3.0 by @kenjenkins in #5054
- envoy: upgrade to v1.29.3 by @wasaga in #5056
- chore(deps): bump @babel/traverse from 7.16.10 to 7.23.2 in /ui by @dependabot in #5055
- update dev Dockerfiles to use Go 1.22.2 by @kenjenkins in #5063
- chore(deps): bump github.com/docker/docker from 26.0.0+incompatible to 26.0.2+incompatible by @dependabot in #5075
- chore(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 by @dependabot in #5077
- chore(deps): update UI dependencies by @kenjenkins in #5088
- chore(deps): bump the docker group in /.github with 3 updates by @dependabot in #5095
- chore(deps): bump the docker group with 3 updates by @dependabot in #5098
- core/lint: upgrade golangci-lint, replace interface{} with any by @calebdoxsey in #5099
- chore(deps): bump the go group with 29 updates by @dependabot in #5097
- chore(deps): bump the github-actions group with 5 updates by @dependabot in #5094