Oathkeeper Versions Save

autogen: pin v0.39.3-pre.0 release commit

Code Generation

• Pin v0.39.3-pre.0 release commit (7569903)

Changelog

• dc4e7f7 autogen(docs): regenerate and update changelog
• 7b41921 autogen(openapi): regenerate swagger spec and internal client
• 7569903 autogen: pin v0.39.3-pre.0 release commit
• 1676024 ci: pin to go 1.18

Artifacts can be verified with cosign using this public key.

Introduces better prometheus metrics.

Bug Fixes

• Swagger generation issues (259b192)

Code Generation

• Pin v0.39.2 release commit (d6b3014)

Documentation

• Use GitHub Actions badge (#979) (756e465)

Features

• Customizable Prometheus metric names (#989) (46e09d5)

Changelog

• 628f50e autogen(docs): generate and bump docs
• daa3933 autogen(docs): regenerate and update changelog
• 6ef9a07 autogen(docs): regenerate and update changelog
• f06b06d autogen(docs): regenerate and update changelog
• d6c7c55 autogen(openapi): regenerate swagger spec and internal client
• 4cb5266 autogen(openapi): regenerate swagger spec and internal client
• 258b3d6 autogen(openapi): regenerate swagger spec and internal client
• 3abab71 autogen(openapi): regenerate swagger spec and internal client
• 5705a78 autogen(openapi): regenerate swagger spec and internal client
• c5a6c43 autogen: pin v0.39.1 release commit
• d6b3014 autogen: pin v0.39.2 release commit
• d0cb639 chore: delete semantic.yml (#980)
• da00cc2 chore: update repository templates
• efc93da chore: update repository templates
• 503706f chore: update repository templates
• 7b998a0 chore: update repository templates
• 4eda590 chore: update repository templates
• 25cb969 ci: improve formatting checks (#978)
• 756e465 docs: use GitHub Actions badge (#979)
• 46e09d5 feat: customizable Prometheus metric names (#989)
• 259b192 fix: swagger generation issues

Artifacts can be verified with cosign using this public key.

This release ships several improvements to cache logic and request detection. Additionally, the bearer_token and cookie_session handlers pass only the needed header (Authorization, Cookie) to the check URL. To pass additional headers, use the forward_http_headers configuration key.

Breaking Changes

From now on, the bearer_token and cookie_session handlers pass only the needed header (Authorization, Cookie) to the check URL. To pass additional headers, use the forward_http_headers configuration key.

Closes https://github.com/ory/oathkeeper/pull/954 Closes https://github.com/ory/cloud/issues/76

Co-authored-by: hackerman [email protected]

Bug Fixes

• Cache behavior with TTL (#968) (c4836f5):

  This test will fail since everytime Authenticate() succeeds the token is cached, even if it was already cached. This behavior makes it possible to keep a token in cache if it is authenticated in a period less than the TTL.

• Less flaky rule tests (#973) (6ee6a73):

  Instead of (flaky) fixed sleeps, we now use assert.Eventually to wait until the rule changes were propagated.

• Update format (#970) (17c4214)

Code Generation

• Pin v0.39.0 release commit (f96f2be)

Features

• JWT should only respect JWT-formats (#958) (6959524)
• Pass only essential and configured headers to authenticator (#952) (e5e4de4)

Changelog

• 84a0fe0 autogen(docs): generate and bump docs
• 353635e autogen(docs): regenerate and update changelog
• 83097aa autogen(docs): regenerate and update changelog
• 1d5b187 autogen(docs): regenerate and update changelog
• 6243059 autogen(docs): regenerate and update changelog
• 022f7c5 autogen(openapi): regenerate swagger spec and internal client
• 59b0d9b autogen(openapi): regenerate swagger spec and internal client
• 5fa3cbc autogen(openapi): regenerate swagger spec and internal client
• 93cbdd6 autogen(openapi): regenerate swagger spec and internal client
• 7f370a1 autogen(openapi): regenerate swagger spec and internal client
• f714cd3 autogen(openapi): regenerate swagger spec and internal client
• fb938d4 autogen(openapi): regenerate swagger spec and internal client
• 9731100 autogen(openapi): regenerate swagger spec and internal client
• f96f2be autogen: pin v0.39.0 release commit
• 8908ddb chore: apply prettier formatting (#972)
• 988c3b7 chore: format (#971)
• e49c0c5 chore: update repository templates
• a06464b chore: update repository templates
• 58c7fdf chore: update repository templates
• 7618fec chore: update repository templates
• cc5ac32 chore: update repository templates
• ddf20ea chore: update repository templates
• 6721bed chore: update to ory-prettier-styles 1.3.0 (#975)
• 6959524 feat: JWT should only respect JWT-formats (#958)
• e5e4de4 feat: pass only essential and configured headers to authenticator (#952)
• c4836f5 fix: cache behavior with TTL (#968)
• 6ee6a73 fix: less flaky rule tests (#973)
• 17c4214 fix: update format (#970)

Artifacts can be verified with cosign using this public key.

This release provides some minor fixes around headers, see the changelog for more info.

Bug Fixes

• Case insensitive headers (#951) (2d04cfc), closes #950
• Log proxy errors with logrus (#937) (46bfd70)
• Overzealous url validation (#953) (d0c8d64), closes #930

Code Generation

• Pin v0.38.25-beta.1 release commit (87df0d9)

Documentation

• Fix version schema (c5497f3)

Changelog

• f55cfef autogen(docs): generate and bump docs
• d351dbf autogen(docs): regenerate and update changelog
• 94db619 autogen(docs): regenerate and update changelog
• 66c2560 autogen(openapi): regenerate swagger spec and internal client
• 33ae248 autogen(openapi): regenerate swagger spec and internal client
• 034a2ec autogen(openapi): regenerate swagger spec and internal client
• aed568e autogen(openapi): regenerate swagger spec and internal client
• 87df0d9 autogen: pin v0.38.25-beta.1 release commit
• 06f9f68 chore(deps): bump alpine
• 0a52541 chore(deps): bump minimist from 1.2.5 to 1.2.6 (#948)
• c5497f3 docs: fix version schema
• 2d04cfc fix: case insensitive headers (#951)
• 46bfd70 fix: log proxy errors with logrus (#937)
• d0c8d64 fix: overzealous url validation (#953)

Artifacts can be verified with cosign using this public key.

With this release we improve tracing capabilities for Ory Oathkeeper.

Code Generation

• Pin v0.38.24-beta.1 release commit (fb2c246)

Features

• Trace for upstream request (#931) (21ff340), closes #928

Changelog

• 2610d2c autogen(openapi): regenerate swagger spec and internal client
• fb2c246 autogen: pin v0.38.24-beta.1 release commit
• f9440a3 chore(deps): bump alpine version (#941)
• 4357b10 chore: update repository templates
• 21ff340 feat: trace for upstream request (#931)

Artifacts can be verified with cosign using this public key.

Ory Oathkeeper has a new place for documentation at github.com/ory/docs and www.ory.sh/docs/oathkeeper! Additionally, the CI/CD infrastructure was moved to GitHub Actions.

Code Generation

• Pin v0.38.23-beta.1 release commit (69ad28f)

Changelog

• 69ad28f autogen: pin v0.38.23-beta.1 release commit

Artifacts can be verified with cosign using this public key.

Ory Oathkeeper has a new place for documentation at github.com/ory/docs and www.ory.sh/docs/oathkeeper! Additionally, the CI/CD infrastructure was moved to GitHub Actions.

Code Generation

• Pin v0.38.22-beta.1 release commit (0dcb7c1)

Changelog

• 0dcb7c1 autogen: pin v0.38.22-beta.1 release commit

Artifacts can be verified with cosign using this public key.

This release introduces caching capabilities for the OAuth2 Client Credentials authenticator as well as compatibility with Traefik!

Bug Fixes

• Add pre-steps with packr2 (#921) (d53ef01), closes #920
• Bump goreleaser orb (#919) (f8dcda2)
• Use all pre-hooks (09be55f)

Code Generation

• Pin v0.38.20-beta.1 release commit (410d69e)

Code Refactoring

• Move docs to ory/docs (a0c6927)

Documentation

• Recover sidebar (165224f)

Features

• Add post-release step (e7fd550)

• Introduce token caching for client credentials authentication (#922) (9a56154), closes #870:

  Right now every request via Oathkeeper that uses client credentials authentication requests a new access token. This can introduce a lot of latency in the critical path of an application in case of a slow token endpoint.

  This change introduces a cache similar to the one that is used in the introspection authentication.

• Migrate to openapi 3.0 generation (190d1a7)

• Traefik decision api support (#904) (bfde9df), closes #521 #441 #487 #263:

  Closes https://github.com/ory/oathkeeper/discussions/899

Changelog

• 8579000 autogen(docs): generate and format documentation
• 71e69ef autogen(docs): regenerate and update changelog
• a3b5b28 autogen(docs): regenerate and update changelog
• 31fe9b7 autogen(docs): regenerate and update changelog
• cb01565 autogen(docs): regenerate and update changelog
• 3fea697 autogen(openapi): Regenerate openapi spec and internal client
• 84c15a6 autogen(openapi): Regenerate openapi spec and internal client
• 83d6728 autogen: add v0.38.19-beta.1 to version.schema.json
• 410d69e autogen: pin v0.38.20-beta.1 release commit
• 33b0c63 autogen: pin v0.38.20-beta.1.pre.0 release commit
• 06bc33f autogen: update release artifacts
• bd1b03a autogen: update release artifacts
• 2cd6282 chore: bump sprig version (#917)
• f8f82c4 chore: update repository templates
• 5d3e1bf chore: update repository templates
• 3c8b49e ci: add next cli docs generator
• 729fadc ci: remove docs/build from cci
• 962f57e ci: update cli location and fix generation script
• 165224f docs: recover sidebar
• bfde9df feat: Traefik decision api support (#904)
• e7fd550 feat: add post-release step
• 9a56154 feat: introduce token caching for client credentials authentication (#922)
• 190d1a7 feat: migrate to openapi 3.0 generation
• d53ef01 fix: add pre-steps with packr2 (#921)
• f8dcda2 fix: bump goreleaser orb (#919)
• 09be55f fix: use all pre-hooks
• a0c6927 refactor: move docs to ory/docs

Artifacts can be verified with cosign using this public key.

This release adds support for rewriting the HTTP method in certain authenticators.

Bug Fixes

• Bump Ory CLI (5c03d4f)
• Update cve scanners (#905) (57c38c0)

Code Generation

• Pin v0.38.19-beta.1 release commit (dedb92c)

Documentation

• Fix "decisions" typo in Introduction (#907) (db346d5)

Features

• Allow overriding HTTP method for upstream calls (69c64e7):

  This patch adds new configuration force_method to the bearer token and cookie session authenticators. It allows overriding the HTTP method for upstream calls.

Changelog

• 5ee5b44 autogen(docs): generate and format documentation
• a6c6cf3 autogen(docs): generate and format documentation
• 2ff93eb autogen(docs): generate and format documentation
• bc655dd autogen(openapi): Regenerate swagger spec and internal client
• 4a87707 autogen: add v0.38.17-beta.1 to version.schema.json
• dedb92c autogen: pin v0.38.19-beta.1 release commit
• 6463019 autogen: update release artifacts
• db346d5 docs: fix "decisions" typo in Introduction (#907)
• 69c64e7 feat: allow overriding HTTP method for upstream calls
• 5c03d4f fix: bump Ory CLI
• 57c38c0 fix: update cve scanners (#905)

This release adds CVE scanners for Docker Images and updates several dependencies to resolve CVE issues.

Additionally, support for various tracers has been added, patches to caching and JWT audiences have been made, and more configuration options have been added for various rules.

Bug Fixes

• Add config schema for tracing for jaeger (#830) (59871fc)

• Add hiring notice to README (#884) (9dea379)

• Add ory cli (df8a19b)

• Allow forwarding query parameters to the session store (#817) (9375f92), closes #786 #786

• Building docker image for docker-compose (#889) (adf0d1b)

• Remote_json default configuration (#880) (18788d1), closes #797

• Use NYT capitalistaion for all Swagger headlines (#859) (8c2da46), closes #503:

  Capitalised all the Swagger headlines for files found in /api.

Code Generation

• Pin v0.38.18-beta.1 release commit (0bf4a98)

Documentation

• Update authz.md (#879) (b6b5824)

• Use correct casing (58b1d43), closes #900

• Warn that gzip is unsupported (#835) (78e612e):

  Note to users that gzip responses are as of now unsupported for Cookie and Bearer authenticators. The result is that the subject and extra will not be filled in, and will fail silently.

Features

• Add retry and timeout support in authorizers (#883) (ec926b0):

  Adds the ability to define HTTP timeouts for authorizers.

• Add support for X-Forwarded-Proto header (#665) (a8c9354), closes #153

• Allow both string and []string in aud field (#822) (1897f31), closes #491 #601 #792 #810

• Introduce cve scanning (#839) (1432e2c)

• jwt: Replace jwt module (#818) (301b673)

• Store oauth2 introspection result as bytes in cache (#811) (5645605)

• Support Zipkin tracer (#832) (2f2552d)

Tests

• Echo output in run.sh (871b3c6)
• Fix typo (1b21d81)
• Reintroduce -s -o (792477f)
• Verbose curl (5d86cd3)

Unclassified

• docs: declare s3, gs, and azblob access rule repositories in config schema (#829) (e2433f6), closes #829

Changelog

• 08324dd autogen(docs): regenerate and update changelog
• a6afe42 autogen(docs): regenerate and update changelog
• 0725820 autogen(docs): regenerate and update changelog
• 6cb417c autogen(docs): regenerate and update changelog
• 0dcd1f5 autogen(docs): regenerate and update changelog
• 255ad15 autogen(docs): regenerate and update changelog
• c89737b autogen(docs): regenerate and update changelog
• 317f874 autogen(docs): regenerate and update changelog
• 133e8a5 autogen(docs): regenerate and update changelog
• 83cb5c0 autogen(docs): regenerate and update changelog
• 168086e autogen(docs): regenerate and update changelog
• 38dfbcc autogen(docs): regenerate and update changelog
• 9636c96 autogen(docs): regenerate and update changelog
• be93f1e autogen(docs): regenerate and update changelog
• 057293f autogen(docs): regenerate and update changelog
• 667aeed autogen(docs): regenerate and update changelog
• 1f1f03a autogen(docs): regenerate and update changelog
• b131d94 autogen(docs): regenerate and update changelog
• e807863 autogen(docs): regenerate and update changelog
• 511d4b7 autogen(docs): update milestone document
• 19f2c68 autogen(docs): update milestone document
• e785140 autogen(docs): update milestone document
• 8a51d52 autogen(docs): update milestone document
• 7504e1e autogen(docs): update milestone document
• 9910160 autogen(openapi): Regenerate swagger spec and internal client
• cf63dc5 autogen(openapi): Regenerate swagger spec and internal client
• 8db79c9 autogen: add v0.38.15-beta.1 to version.schema.json
• 737320f autogen: pin v0.38.16-beta.1 release commit
• f16db10 autogen: pin v0.38.17-beta.1 release commit
• 0bf4a98 autogen: pin v0.38.18-beta.1 release commit
• 5cc648e chore(deps): bump github.com/tidwall/gjson from 1.6.7 to 1.9.3 (#873)
• 65e53b6 chore: bump alpine version in dockerfiles (#837)
• 9b41eed chore: remove old sdk generator (#842)
• a686910 chore: update docusaurus template
• e49dbbd chore: update docusaurus template
• 2d359d9 chore: update docusaurus template
• 3f4c2ed chore: update docusaurus template
• 23e624d chore: update docusaurus template (#820)
• 1f64342 chore: update docusaurus template (#821)
• 9ca90e3 chore: update docusaurus template (#840)
• 002a2a8 chore: update docusaurus template (#847)
• 14dd31a chore: update docusaurus template (#866)
• 1564e0c chore: update docusaurus template (#872)
• 3381b6c chore: update docusaurus template (#875)
• 2980573 chore: update docusaurus template (#891)
• 1553c14 chore: update repository templates
• ee210a3 chore: update repository templates
• 9f6644a chore: update repository templates
• 62ebb22 chore: update repository templates
• 9f29fc4 chore: update repository templates
• da516f5 chore: update repository templates
• bc70566 chore: update repository templates
• 9c80149 chore: update repository templates (#823)
• be72846 chore: update repository templates (#825)
• 80bc079 chore: update repository templates (#827)
• 1da447d chore: update repository templates (#857)
• 8f23209 chore: update repository templates (#858)
• 497cd3c chore: update repository templates (#863)
• 7cd7bca chore: update repository templates (#864)
• ade680b chore: update repository templates to 8191b78131173cce8788143f6ad95119d9b813c5
• b1e772e ci: bump goreleaser (#816)
• 38d0883 ci: bump orbs (#815)
• 30ff27f ci: resolve regression issues (#881)
• e2433f6 docs: declare s3, gs, and azblob access rule repositories in config schema (#829)
• b6b5824 docs: update authz.md (#879)
• 58b1d43 docs: use correct casing
• 78e612e docs: warn that gzip is unsupported (#835)
• 301b673 feat(jwt): replace jwt module (#818)
• ec926b0 feat: add retry and timeout support in authorizers (#883)
• a8c9354 feat: add support for X-Forwarded-Proto header (#665)
• 1897f31 feat: allow both string and []string in aud field (#822)
• 1432e2c feat: introduce cve scanning (#839)
• 5645605 feat: store oauth2 introspection result as bytes in cache (#811)
• 2f2552d feat: support Zipkin tracer (#832)
• 59871fc fix: add config schema for tracing for jaeger (#830)
• 9dea379 fix: add hiring notice to README (#884)
• df8a19b fix: add ory cli
• 9375f92 fix: allow forwarding query parameters to the session store (#817)
• adf0d1b fix: building docker image for docker-compose (#889)
• 18788d1 fix: remote_json default configuration (#880)
• 8c2da46 fix: use NYT capitalistaion for all Swagger headlines (#859)
• 871b3c6 test: echo output in run.sh
• 1b21d81 test: fix typo
• 792477f test: reintroduce -s -o
• 5d86cd3 test: verbose curl