Pomerium Versions Save

Pomerium is an identity and context-aware access proxy.

v0.20.0

1 year ago

v0.20.0

Please refer to the upgrade guide before upgrading.

v0.20.0 (2022-11-14)

Full Changelog

Breaking

envoyconfig: add all routes to all filter chains #3596 (@calebdoxsey)
groups via directory sync are no longer supported #3633 (@calebdoxsey)

Security

httputil: remove error details #3703 (@calebdoxsey)

New

config: disable Strict-Transport-Security when using a self-signed certificate #3743 (@calebdoxsey)
config: generate cookie secret if not set in all-in-one mode #3742 (@calebdoxsey)
authorize: fix user caching #3734 (@calebdoxsey)
authorize: performance improvements #3723 (@calebdoxsey)
postgres: increase record batch size #3708 (@calebdoxsey)
sessions: check idp id to detect provider changes to force session invalidation #3707 (@calebdoxsey)
controlplane: move jwks.json endpoint to control plane #3691 (@calebdoxsey)
config: default to http2 #3660 (@calebdoxsey)

Fixed

authenticate: get/set identity provider id for all sessions #3597 (@calebdoxsey)
authorize: enforce service account expiration #3661 (@calebdoxsey)
config: allow blank identity providers when loading sessions for service account support #3709 (@calebdoxsey)
config: disable envoy admin by default, expose stats via envoy route #3677 (@calebdoxsey)
controlplane: fix /.well-known/pomerium missing CORS headers #3738 (@calebdoxsey)
fileutil: update watcher to use fsnotify and polling #3663 (@calebdoxsey)
postgres: return an empty list of addresses on dns errors #3637 (@calebdoxsey)
ppl: support special characters in claim keys #3639 (@calebdoxsey)

Changed

add config option check logging #3722 (@wasaga)
authenticate: remove ecjson #3688 (@calebdoxsey)
authenticate: update user info dashboard to show group info for enterprise #3736 (@calebdoxsey)
device: add generic methods for working with user+session devices #3710 (@calebdoxsey)
envoyconfig: fix databroker health checks #3706 (@calebdoxsey)
fix unused key warnings in routes #3711 (@wasaga)
keep trace span context #3724 (@wasaga)
postgres: handle unknown types #3632 (@calebdoxsey)
test: use T.TempDir to create temporary test directory #3725 (@Juneezee)
upgrade envoy to v1.23.1 #3599 (@calebdoxsey)

Dependency

bump Envoy to 1.23.2 #3739 (@wasaga)
bump protoc to 3.21.7 #3646 (@wasaga)
chore(deps): bump actions/cache from 3.0.10 to 3.0.11 #3671 (@dependabot[bot])
chore(deps): bump actions/cache from 3.0.8 to 3.0.10 #3642 (@dependabot[bot])
chore(deps): bump actions/checkout from 3.0.2 to 3.1.0 #3652 (@dependabot[bot])
chore(deps): bump actions/download-artifact from 3.0.0 to 3.0.1 #3700 (@dependabot[bot])
chore(deps): bump actions/setup-go from 3.3.0 to 3.3.1 #3681 (@dependabot[bot])
chore(deps): bump actions/setup-node from 3.4.1 to 3.5.0 #3641 (@dependabot[bot])
chore(deps): bump actions/setup-node from 3.5.0 to 3.5.1 #3672 (@dependabot[bot])
chore(deps): bump actions/setup-python from 4.2.0 to 4.3.0 #3651 (@dependabot[bot])
chore(deps): bump actions/upload-artifact from 3.1.0 to 3.1.1 #3698 (@dependabot[bot])
chore(deps): bump alpine from bc41182 to b95359c #3751 (@dependabot[bot])
chore(deps): bump debian from 1b1d158 to 9583740 #3719 (@dependabot[bot])
chore(deps): bump debian from 3d2aa50 to 6005bd9 #3625 (@dependabot[bot])
chore(deps): bump debian from 6005bd9 to 1b1d158 #3656 (@dependabot[bot])
chore(deps): bump distroless/base from 4689543 to 6ef742b #3654 (@dependabot[bot])
chore(deps): bump distroless/base from 59fe963 to 8a7afd5 #3627 (@dependabot[bot])
chore(deps): bump distroless/base from 65afaf8 to 59fe963 #3616 (@dependabot[bot])
chore(deps): bump distroless/base from 6ef742b to 9681f07 #3676 (@dependabot[bot])
chore(deps): bump distroless/base from 856944e to cd1bf87 #3732 (@dependabot[bot])
chore(deps): bump distroless/base from 8a7afd5 to 4689543 #3647 (@dependabot[bot])
chore(deps): bump distroless/base from 9681f07 to 856944e #3702 (@dependabot[bot])
chore(deps): bump docker/build-push-action from 3.1.1 to 3.2.0 #3673 (@dependabot[bot])
chore(deps): bump docker/login-action from 2.0.0 to 2.1.0 #3682 (@dependabot[bot])
chore(deps): bump docker/setup-buildx-action from 2.0.0 to 2.2.1 #3679 (@dependabot[bot])
chore(deps): bump docker/setup-qemu-action from 2.0.0 to 2.1.0 #3675 (@dependabot[bot])
chore(deps): bump github.com/caddyserver/certmagic from 0.16.3 to 0.17.0 #3604 (@dependabot[bot])
chore(deps): bump github.com/caddyserver/certmagic from 0.17.0 to 0.17.1 #3619 (@dependabot[bot])
chore(deps): bump github.com/caddyserver/certmagic from 0.17.1 to 0.17.2 #3644 (@dependabot[bot])
chore(deps): bump github.com/coreos/go-oidc/v3 from 3.2.0 to 3.3.0 #3605 (@dependabot[bot])
chore(deps): bump github.com/coreos/go-oidc/v3 from 3.3.0 to 3.4.0 #3612 (@dependabot[bot])
chore(deps): bump github.com/docker/docker from 20.10.17+incompatible to 20.10.18+incompatible #3614 (@dependabot[bot])
chore(deps): bump github.com/docker/docker from 20.10.18+incompatible to 20.10.19+incompatible #3666 (@dependabot[bot])
chore(deps): bump github.com/docker/docker from 20.10.19+incompatible to 20.10.20+incompatible #3694 (@dependabot[bot])
chore(deps): bump github.com/docker/docker from 20.10.20+incompatible to 20.10.21+incompatible #3712 (@dependabot[bot])
chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.6.10 to 0.6.13 #3648 (@dependabot[bot])
chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.6.13 to 0.8.0 #3731 (@dependabot[bot])
chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.6.7 to 0.6.8 #3624 (@dependabot[bot])
chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.6.8 to 0.6.10 #3630 (@dependabot[bot])
chore(deps): bump github.com/fsnotify/fsnotify from 1.5.4 to 1.6.0 #3713 (@dependabot[bot])
chore(deps): bump github.com/golangci/golangci-lint from 1.48.0 to 1.50.0 #3667 (@dependabot[bot])
chore(deps): bump github.com/golangci/golangci-lint from 1.50.0 to 1.50.1 #3697 (@dependabot[bot])
chore(deps): bump github.com/google/go-cmp from 0.5.8 to 0.5.9 #3611 (@dependabot[bot])
chore(deps): bump github.com/google/go-jsonnet from 0.18.0 to 0.19.1 #3715 (@dependabot[bot])
chore(deps): bump github.com/jackc/pgx/v4 from 4.17.1 to 4.17.2 #3603 (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.43.0 to 0.44.0 #3620 (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.44.0 to 0.45.0 #3650 (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.45.0 to 0.46.1 #3729 (@dependabot[bot])
chore(deps): bump github.com/openzipkin/zipkin-go from 0.4.0 to 0.4.1 #3668 (@dependabot[bot])
chore(deps): bump github.com/prometheus/client_model from 0.2.0 to 0.3.0 #3696 (@dependabot[bot])
chore(deps): bump github.com/shirou/gopsutil/v3 from 3.22.7 to 3.22.8 #3606 (@dependabot[bot])
chore(deps): bump github.com/shirou/gopsutil/v3 from 3.22.8 to 3.22.9 #3643 (@dependabot[bot])
chore(deps): bump github.com/spf13/viper from 1.12.0 to 1.13.0 #3613 (@dependabot[bot])
chore(deps): bump github.com/spf13/viper from 1.13.0 to 1.14.0 #3728 (@dependabot[bot])
chore(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 #3695 (@dependabot[bot])
chore(deps): bump github.com/VictoriaMetrics/fastcache from 1.10.0 to 1.12.0 #3623 (@dependabot[bot])
chore(deps): bump go.opencensus.io from 0.23.0 to 0.24.0 #3727 (@dependabot[bot])
chore(deps): bump golang from 403f389 to b448089 #3718 (@dependabot[bot])
chore(deps): bump golang from d71125b to 4b2498d #3626 (@dependabot[bot])
chore(deps): bump golang from 1.19.0-buster to 1.19.1-buster #3617 (@dependabot[bot])
chore(deps): bump golang from 1.19.1-buster to 1.19.2-buster #3655 (@dependabot[bot])
chore(deps): bump golang from 1.19.2-buster to 1.19.3-buster #3733 (@dependabot[bot])
chore(deps): bump golang.org/x/net from 0.1.0 to 0.2.0 #3748 (@dependabot[bot])
chore(deps): bump google-github-actions/setup-gcloud from 0.6.0 to 0.6.2 #3674 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.100.0 to 0.101.0 #3714 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.94.0 to 0.95.0 #3618 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.95.0 to 0.96.0 #3622 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.96.0 to 0.97.0 #3629 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.97.0 to 0.98.0 #3645 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.98.0 to 0.99.0 #3670 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.99.0 to 0.100.0 #3693 (@dependabot[bot])
chore(deps): bump google.golang.org/grpc from 1.49.0 to 1.50.0 #3649 (@dependabot[bot])
chore(deps): bump google.golang.org/grpc from 1.50.0 to 1.50.1 #3669 (@dependabot[bot])
chore(deps): bump goreleaser/goreleaser-action from 3.1.0 to 3.2.0 #3680 (@dependabot[bot])
chore(deps): bump mikefarah/yq from 4.27.3 to 4.27.5 #3615 (@dependabot[bot])
chore(deps): bump mikefarah/yq from 4.27.5 to 4.28.1 #3653 (@dependabot[bot])
chore(deps): bump mikefarah/yq from 4.28.1 to 4.28.2 #3690 (@dependabot[bot])
chore(deps): bump mikefarah/yq from 4.28.2 to 4.29.2 #3717 (@dependabot[bot])
chore(deps): bump stefanzweifel/git-auto-commit-action from 4.14.1 to 4.15.0 #3631 (@dependabot[bot])
chore(deps): bump stefanzweifel/git-auto-commit-action from 4.15.0 to 4.15.1 #3658 (@dependabot[bot])
chore(deps): bump stefanzweifel/git-auto-commit-action from 4.15.1 to 4.15.2 #3699 (@dependabot[bot])
chore(deps): bump stefanzweifel/git-auto-commit-action from 4.15.2 to 4.15.3 #3716 (@dependabot[bot])
chore(deps): bump stefanzweifel/git-auto-commit-action from 4.15.3 to 4.15.4 #3726 (@dependabot[bot])

v0.19.1

1 year ago

Changelog

c0a88707 authenticate: get/set identity provider id for all sessions (#3608) c3ef43cd upgrade envoy to v1.23.1 (#3600)

Docker images

docker pull pomerium/pomerium:v0.19.1
docker pull pomerium/pomerium:nonroot-v0.19.1
docker pull pomerium/pomerium:debug-v0.19.1
docker pull pomerium/pomerium:debug-nonroot-v0.19.1

v0.19.0

1 year ago

Changelog

v0.19.0 (2022-09-01)

Full Changelog

New

add the traces error details #3557 (@nhayfield)
authorize: add policy error details for custom error messages #3542 (@calebdoxsey)
autocert: add support for ACME TLS-ALPN #3590 (@calebdoxsey)
config: add branding settings #3558 (@calebdoxsey)
controlplane: add well-known endpoint to the controlplane http handler #3555 (@calebdoxsey)
Dynamic style changes #3544 (@nhayfield)
envoy: upgrade to 1.23.0 #3560 (@calebdoxsey)
envoyconfig: add virtual host domains for certificates in addition to routes #3593 (@calebdoxsey)

Fixed

authenticate: add CORS headers to jwks endpoint #3574 (@calebdoxsey)
envoyconfig: add authority header to outbound gRPC requests #3545 (@calebdoxsey)
postgres: remove not null constraint on data column of record changes table #3594 (@calebdoxsey)

Changed

Fix typos #3575 (@alexrudd2)
authenticate: fix branding for webauthn device registration page #3572 (@calebdoxsey)
publish to any-distro #3570 (@calebdoxsey)
Update README.md #3569 (@cmo-pomerium)
authorize: handle user-unauthenticated response for deny blocks #3559 (@calebdoxsey)
add front end support for optional first paragraph of markdown on err... #3546 (@nhayfield)
sets: convert set types to generics #3519 (@calebdoxsey)
atomicutil: use atomicutil.Value wherever possible #3517 (@calebdoxsey)

Dependency

chore(deps): bump actions/cache from 3.0.5 to 3.0.6 #3537 (@dependabot[bot])
chore(deps): bump actions/cache from 3.0.6 to 3.0.7 #3552 (@dependabot[bot])
chore(deps): bump actions/cache from 3.0.7 to 3.0.8 #3565 (@dependabot[bot])
chore(deps): bump actions/setup-go from 3.2.1 to 3.3.0 #3583 (@dependabot[bot])
chore(deps): bump actions/setup-python from 4.1.0 to 4.2.0 #3535 (@dependabot[bot])
chore(deps): bump actions/stale from 5.1.0 to 5.1.1 #3513 (@dependabot[bot])
chore(deps): bump alpine from 6af1b11 to 7580ece #3512 (@dependabot[bot])
chore(deps): bump alpine from 7580ece to bc41182 #3553 (@dependabot[bot])
chore(deps): bump contrib.go.opencensus.io/exporter/prometheus from 0.4.1 to 0.4.2 #3586 (@dependabot[bot])
chore(deps): bump debian from 1c34464 to 4567e1e #3508 (@dependabot[bot])
chore(deps): bump debian from 4567e1e to b9b1f4a #3538 (@dependabot[bot])
chore(deps): bump debian from b9b1f4a to 3d2aa50 #3588 (@dependabot[bot])
chore(deps): bump distroless/base from 3a62194 to ec73486 #3554 (@dependabot[bot])
chore(deps): bump distroless/base from d6db599 to 3a62194 #3511 (@dependabot[bot])
chore(deps): bump distroless/base from ec73486 to 65afaf8 #3568 (@dependabot[bot])
chore(deps): bump docker/build-push-action from 3.1.0 to 3.1.1 #3536 (@dependabot[bot])
chore(deps): bump github.com/caddyserver/certmagic from 0.16.0 to 0.16.2 #3532 (@dependabot[bot])
chore(deps): bump github.com/caddyserver/certmagic from 0.16.2 to 0.16.3 #3563 (@dependabot[bot])
chore(deps): bump github.com/golangci/golangci-lint from 1.46.2 to 1.47.2 #3499 (@dependabot[bot])
chore(deps): bump github.com/golangci/golangci-lint from 1.47.2 to 1.47.3 #3522 (@dependabot[bot])
chore(deps): bump github.com/golangci/golangci-lint from 1.47.3 to 1.48.0 #3541 (@dependabot[bot])
chore(deps): bump github.com/jackc/pgx/v4 from 4.16.1 to 4.17.0 #3533 (@dependabot[bot])
chore(deps): bump github.com/jackc/pgx/v4 from 4.17.0 to 4.17.1 #3582 (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.42.2 to 0.43.0 #3523 (@dependabot[bot])
chore(deps): bump github.com/peterbourgon/ff/v3 from 3.1.2 to 3.3.0 #3540 (@dependabot[bot])
chore(deps): bump github.com/prometheus/client_golang from 1.12.2 to 1.13.0 #3530 (@dependabot[bot])
chore(deps): bump github.com/prometheus/procfs from 0.7.3 to 0.8.0 #3516 (@dependabot[bot])
chore(deps): bump github.com/rs/zerolog from 1.27.0 to 1.28.0 #3587 (@dependabot[bot])
chore(deps): bump github.com/shirou/gopsutil/v3 from 3.22.6 to 3.22.7 #3524 (@dependabot[bot])
chore(deps): bump go.uber.org/zap from 1.21.0 to 1.22.0 #3551 (@dependabot[bot])
chore(deps): bump go.uber.org/zap from 1.22.0 to 1.23.0 #3581 (@dependabot[bot])
chore(deps): bump golang from 6960d62 to 477b10a #3527 (@dependabot[bot])
chore(deps): bump golang from a7a23f1 to d84495e #3589 (@dependabot[bot])
chore(deps): bump golang from 1.18-buster to 1.18.4-buster #3509 (@dependabot[bot])
chore(deps): bump golang from 1.18.4-buster to 1.19.0-buster #3539 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.88.0 to 0.89.0 #3514 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.89.0 to 0.90.0 #3525 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.90.0 to 0.91.0 #3531 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.91.0 to 0.92.0 #3550 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.92.0 to 0.93.0 #3562 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.93.0 to 0.94.0 #3580 (@dependabot[bot])
chore(deps): bump google.golang.org/grpc from 1.48.0 to 1.49.0 #3579 (@dependabot[bot])
chore(deps): bump google.golang.org/protobuf from 1.28.0 to 1.28.1 #3515 (@dependabot[bot])
chore(deps): bump goreleaser/goreleaser-action from 3.0.0 to 3.1.0 #3585 (@dependabot[bot])
chore(deps): bump mikefarah/yq from 4.26.1 to 4.27.2 #3526 (@dependabot[bot])
chore(deps): bump mikefarah/yq from 4.27.2 to 4.27.3 #3584 (@dependabot[bot])
chore(deps): bump pomerium/backport from a2e620de9fc4166f774ee2a389e170046cfad426 to 1.1.1 #3564 (@dependabot[bot])
chore(deps): bump pre-commit/action from 876132a3c26aa072b09eab6c5395b4749eeb2435 to 3.0.0 #3567 (@dependabot[bot])
chore(deps): bump tibdex/github-app-token from 1.5.1 to 1.6 #3566 (@dependabot[bot])
deployment: update RELEASING.md #3503 (@desimone)

v0.18.0

1 year ago

Changelog

v0.18.0 (2022-07-27)

Full Changelog

New

add databroker multi lease handlers #3255 (@wasaga)
add lease name to the log #3498 (@wasaga)
add metrics aggregation #3452 (@wasaga)
add x-request-id in responses #3366 (@wasaga)
allow pomerium to be embedded as a library #3415 (@wasaga)
authenticate: allow changing the authenticate service URL at runtime #3378 (@calebdoxsey)
authenticate: show the device enrolled page as the user info page #3151 (@calebdoxsey)
authorize: add name claim #3238 (@calebdoxsey)
authorize: track session and service account access date #3220 (@calebdoxsey)
authorize: use query instead of sync for databroker data #3377 (@calebdoxsey)
databroker: add support for field masks on Put #3210 (@calebdoxsey)
databroker: add support for putting multiple records #3291 (@calebdoxsey)
databroker: add support for query filtering #3369 (@calebdoxsey)
databroker: add support for syncing by type #3412 (@calebdoxsey)
directory: support non-base64 encoded service accounts #3150 (@calebdoxsey)
do not require idp set in the bootstrap config, as it may be later configured via the databroker #3386 (@wasaga)
eliminate global events manager #3422 (@wasaga)
envoy: upgrade to 1.21.1 #3186 (@calebdoxsey)
envoy: use typed extension protocol options for static bootstrap cluster #3268 (@calebdoxsey)
Expand PR template #3403 (@alexfornuto)
github: pin github actions #3183 (@calebdoxsey)
grpc: regenerate protobuf code #3208 (@calebdoxsey)
grpc: wait for connect to be ready before making calls #3253 (@calebdoxsey)
identity: batch directory updates #3411 (@calebdoxsey)
integration: add test for query string params #3302 (@calebdoxsey)
postgres: databroker storage backend #3370 (@calebdoxsey)
postgres: registry support #3454 (@calebdoxsey)
storage: add filter expressions, upgrade go to 1.18.1 #3365 (@calebdoxsey)
storage: add filtering to SyncLatest #3368 (@calebdoxsey)
try pinning docker dependency #3185 (@calebdoxsey)
ui: remove version #3184 (@calebdoxsey)

Fixed

authenticate: fix debug and metrics endpoints #3212 (@calebdoxsey)
authenticate: fix internal service URL CORS check #3279 (@calebdoxsey)
authenticate: fix internal service URL dashboard redirect #3305 (@calebdoxsey)
authenticate: fix internal url with webauthn #3194 (@calebdoxsey)
authenticate: save session for bare webauthn redirects, consider external service URL to be a pomerium url #3280 (@calebdoxsey)
authorize: add request id to context #3497 (@calebdoxsey)
authorize: allow missing user for authorization #3421 (@calebdoxsey)
authorize: fix device synchronization #3482 (@calebdoxsey)
authorize: fix not found check #3410 (@calebdoxsey)
authorize: fix x-forwarded-uri #3479 (@calebdoxsey)
authorize: pass idp id for webauthn url, allow unauthenticated access to static files #3282 (@calebdoxsey)
authorize: show plain text error page for traefik and nginx #3477 (@calebdoxsey)
autocert: continue on error #3476 (@calebdoxsey)
config: fix DefaultTransport so it is still a *http.Transport #3257 (@calebdoxsey)
databroker: fix in-memory backend deadlock #3300 (@calebdoxsey)
deployment: update syntax installing dlv in debug image #3179 (@travisgroth)
device enrollment: fix ip address #3430 (@calebdoxsey)
envoyconfig: prevent nil reproxy handler #3345 (@wasaga)
fix: close the ticker after opened #3318 (@clwluvw)
fix: The built binary file is missing "ui/dist/index.js" and "ui/dist... #3391 (@cfanbo)
github: fix missing groups #3171 (@calebdoxsey)
httputil/reproxy: fix policy transport #3322 (@calebdoxsey)
options: fix overlapping certificate test #3492 (@calebdoxsey)
postgres: fix CIDR query #3389 (@calebdoxsey)
postgres: fix record deletion #3446 (@calebdoxsey)
userinfo: embed assets as data URLs for forward auth #3460 (@calebdoxsey)
userinfo: fix missing profile picture #3154 (@calebdoxsey)

Dependency
bump envoy to 1.21.3 #3413 (@wasaga)
chore(deps): bump actions/cache from 2 to 3 #3167 (@dependabot[bot])
chore(deps): bump actions/cache from 3.0.0 to 3.0.1 #3235 (@dependabot[bot])
chore(deps): bump actions/cache from 3.0.1 to 3.0.2 #3265 (@dependabot[bot])
chore(deps): bump actions/cache from 3.0.2 to 3.0.3 #3399 (@dependabot[bot])
chore(deps): bump actions/cache from 3.0.3 to 3.0.4 #3440 (@dependabot[bot])
chore(deps): bump actions/cache from 3.0.4 to 3.0.5 #3489 (@dependabot[bot])
chore(deps): bump actions/checkout from 3.0.0 to 3.0.1 #3275 (@dependabot[bot])
chore(deps): bump actions/checkout from 3.0.1 to 3.0.2 #3297 (@dependabot[bot])
chore(deps): bump actions/download-artifact from 2.1.0 to 3 #3202 (@dependabot[bot])
chore(deps): bump actions/setup-go from 2.2.0 to 3 #3204 (@dependabot[bot])
chore(deps): bump actions/setup-go from 3.0.0 to 3.1.0 #3362 (@dependabot[bot])
chore(deps): bump actions/setup-go from 3.1.0 to 3.2.0 #3384 (@dependabot[bot])
chore(deps): bump actions/setup-go from 3.2.0 to 3.2.1 #3470 (@dependabot[bot])
chore(deps): bump actions/setup-node from 3.0.0 to 3.1.0 #3236 (@dependabot[bot])
chore(deps): bump actions/setup-node from 3.1.0 to 3.1.1 #3267 (@dependabot[bot])
chore(deps): bump actions/setup-node from 3.1.1 to 3.2.0 #3363 (@dependabot[bot])
chore(deps): bump actions/setup-node from 3.2.0 to 3.3.0 #3400 (@dependabot[bot])
chore(deps): bump actions/setup-node from 3.3.0 to 3.4.0 #3471 (@dependabot[bot])
chore(deps): bump actions/setup-node from 3.4.0 to 3.4.1 #3490 (@dependabot[bot])
chore(deps): bump actions/setup-python from 3.0.0 to 3.1.0 #3234 (@dependabot[bot])
chore(deps): bump actions/setup-python from 3.1.0 to 3.1.2 #3266 (@dependabot[bot])
chore(deps): bump actions/setup-python from 3.1.2 to 4 #3439 (@dependabot[bot])
chore(deps): bump actions/setup-python from 4.0.0 to 4.1.0 #3472 (@dependabot[bot])
chore(deps): bump actions/stale from 5.0.0 to 5.1.0 #3488 (@dependabot[bot])
chore(deps): bump actions/upload-artifact from 2.3.1 to 3 #3203 (@dependabot[bot])
chore(deps): bump actions/upload-artifact from 3.0.0 to 3.1.0 #3374 (@dependabot[bot])
chore(deps): bump async from 2.6.3 to 2.6.4 #3278 (@dependabot[bot])
chore(deps): bump contrib.go.opencensus.io/exporter/prometheus from 0.4.0 to 0.4.1 #3164 (@dependabot[bot])
chore(deps): bump docker/build-push-action from 2.10.0 to 3 #3336 (@dependabot[bot])
chore(deps): bump docker/build-push-action from 3.0.0 to 3.1.0 #3501 (@dependabot[bot])
chore(deps): bump docker/login-action from 1.14.1 to 2 #3338 (@dependabot[bot])
chore(deps): bump docker/setup-buildx-action from 1.6.0 to 1.7.0 #3317 (@dependabot[bot])
chore(deps): bump docker/setup-buildx-action from 1.7.0 to 2 #3337 (@dependabot[bot])
chore(deps): bump docker/setup-qemu-action from 1.2.0 to 2 #3339 (@dependabot[bot])
chore(deps): bump eventsource from 1.1.0 to 1.1.1 #3388 (@dependabot[bot])
chore(deps): bump github.com/caddyserver/certmagic from 0.15.3 to 0.15.4 #3143 (@dependabot[bot])
chore(deps): bump github.com/caddyserver/certmagic from 0.15.4 to 0.16.0 #3198 (@dependabot[bot])
chore(deps): bump github.com/cenkalti/backoff/v4 from 4.1.2 to 4.1.3 #3264 (@dependabot[bot])
chore(deps): bump github.com/coreos/go-oidc/v3 from 3.1.0 to 3.2.0 #3360 (@dependabot[bot])
chore(deps): bump github.com/docker/docker from 20.10.12+incompatible to 20.10.13+incompatible #3142 (@dependabot[bot])
chore(deps): bump github.com/docker/docker from 20.10.13+incompatible to 20.10.14+incompatible #3199 (@dependabot[bot])
chore(deps): bump github.com/docker/docker from 20.10.14+incompatible to 20.10.15+incompatible #3335 (@dependabot[bot])
chore(deps): bump github.com/docker/docker from 20.10.15+incompatible to 20.10.16+incompatible #3359 (@dependabot[bot])
chore(deps): bump github.com/docker/docker from 20.10.16+incompatible to 20.10.17+incompatible #3417 (@dependabot[bot])
chore(deps): bump github.com/fsnotify/fsnotify from 1.5.1 to 1.5.4 #3312 (@dependabot[bot])
chore(deps): bump github.com/go-redis/redis/v8 from 8.11.4 to 8.11.5 #3166 (@dependabot[bot])
chore(deps): bump github.com/golangci/golangci-lint from 1.44.2 to 1.45.0 #3162 (@dependabot[bot])
chore(deps): bump github.com/golangci/golangci-lint from 1.45.0 to 1.45.2 #3200 (@dependabot[bot])
chore(deps): bump github.com/golangci/golangci-lint from 1.45.2 to 1.46.0 #3334 (@dependabot[bot])
chore(deps): bump github.com/golangci/golangci-lint from 1.46.0 to 1.46.1 #3357 (@dependabot[bot])
chore(deps): bump github.com/golangci/golangci-lint from 1.46.1 to 1.46.2 #3373 (@dependabot[bot])
chore(deps): bump github.com/google/btree from 1.0.1 to 1.1.1 #3402 (@dependabot[bot])
chore(deps): bump github.com/google/btree from 1.1.1 to 1.1.2 #3434 (@dependabot[bot])
chore(deps): bump github.com/google/go-cmp from 0.5.7 to 0.5.8 #3315 (@dependabot[bot])
chore(deps): bump github.com/martinlindhe/base36 from 1.1.0 to 1.1.1 #3437 (@dependabot[bot])
chore(deps): bump github.com/mholt/acmez from 1.0.2 to 1.0.3 #3469 (@dependabot[bot])
chore(deps): bump github.com/mitchellh/mapstructure from 1.4.3 to 1.5.0 #3292 (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.38.0 to 0.38.1 #3144 (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.38.1 to 0.39.0 #3232 (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.39.0 to 0.40.0 #3311 (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.40.0 to 0.41.0 #3395 (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.41.0 to 0.42.1 #3468 (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.42.1 to 0.42.2 #3483 (@dependabot[bot])
chore(deps): bump github.com/ory/dockertest/v3 from 3.8.1 to 3.9.1 #3381 (@dependabot[bot])
chore(deps): bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 #3358 (@dependabot[bot])
chore(deps): bump github.com/prometheus/common from 0.32.1 to 0.33.0 #3230 (@dependabot[bot])
chore(deps): bump github.com/prometheus/common from 0.33.0 to 0.34.0 #3298 (@dependabot[bot])
chore(deps): bump github.com/prometheus/common from 0.34.0 to 0.35.0 #3438 (@dependabot[bot])
chore(deps): bump github.com/prometheus/common from 0.35.0 to 0.37.0 #3486 (@dependabot[bot])
chore(deps): bump github.com/rs/zerolog from 1.26.1 to 1.27.0 #3418 (@dependabot[bot])
chore(deps): bump github.com/shirou/gopsutil/v3 from 3.22.2 to 3.22.3 #3231 (@dependabot[bot])
chore(deps): bump github.com/shirou/gopsutil/v3 from 3.22.3 to 3.22.4 #3313 (@dependabot[bot])
chore(deps): bump github.com/shirou/gopsutil/v3 from 3.22.4 to 3.22.5 #3396 (@dependabot[bot])
chore(deps): bump github.com/shirou/gopsutil/v3 from 3.22.5 to 3.22.6 #3464 (@dependabot[bot])
chore(deps): bump github.com/spf13/viper from 1.10.1 to 1.11.0 #3273 (@dependabot[bot])
chore(deps): bump github.com/spf13/viper from 1.11.0 to 1.12.0 #3380 (@dependabot[bot])
chore(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 #3165 (@dependabot[bot])
chore(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2 #3397 (@dependabot[bot])
chore(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.3 #3435 (@dependabot[bot])
chore(deps): bump github.com/stretchr/testify from 1.7.3 to 1.7.5 #3448 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.70.0 to 0.72.0 #3152 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.72.0 to 0.73.0 #3163 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.73.0 to 0.74.0 #3233 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.74.0 to 0.75.0 #3296 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.75.0 to 0.77.0 #3314 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.77.0 to 0.79.0 #3347 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.79.0 to 0.80.0 #3372 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.80.0 to 0.81.0 #3382 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.81.0 to 0.82.0 #3401 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.82.0 to 0.83.0 #3416 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.83.0 to 0.84.0 #3436 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.84.0 to 0.85.0 #3447 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.85.0 to 0.86.0 #3463 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.86.0 to 0.87.0 #3484 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.87.0 to 0.88.0 #3500 (@dependabot[bot])
chore(deps): bump google.golang.org/grpc from 1.44.0 to 1.45.0 #3141 (@dependabot[bot])
chore(deps): bump google.golang.org/grpc from 1.45.0 to 1.46.0 #3294 (@dependabot[bot])
chore(deps): bump google.golang.org/grpc from 1.46.0 to 1.46.2 #3361 (@dependabot[bot])
chore(deps): bump google.golang.org/grpc from 1.46.2 to 1.47.0 #3393 (@dependabot[bot])
chore(deps): bump google.golang.org/grpc from 1.47.0 to 1.48.0 #3487 (@dependabot[bot])
chore(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0 #3197 (@dependabot[bot])
chore(deps): bump gopkg.in/yaml.v3 from 3.0.0 to 3.0.1 #3394 (@dependabot[bot])
chore(deps): bump goreleaser/goreleaser-action from 2.9.1 to 3 #3375 (@dependabot[bot])
chore(deps): bump jandelgado/gcov2lcov-action from 1.0.8 to 1.0.9 #3376 (@dependabot[bot])
chore(deps): bump jandelgado/gcov2lcov-action from fc567b789b78d676959759edfb9b7a30e884fc1d to 1.0.9 #3385 (@dependabot[bot])
chore(deps): bump mikefarah/yq from 4.21.1 to 4.22.1 #3145 (@dependabot[bot])
chore(deps): bump mikefarah/yq from 4.22.1 to 4.23.1 #3168 (@dependabot[bot])
chore(deps): bump mikefarah/yq from 4.23.1 to 4.24.2 #3201 (@dependabot[bot])
chore(deps): bump mikefarah/yq from 4.24.2 to 4.24.5 #3276 (@dependabot[bot])
chore(deps): bump mikefarah/yq from 4.24.5 to 4.25.1 #3316 (@dependabot[bot])
chore(deps): bump mikefarah/yq from 4.25.1 to 4.25.2 #3383 (@dependabot[bot])
chore(deps): bump mikefarah/yq from 4.25.2 to 4.25.3 #3449 (@dependabot[bot])
chore(deps): bump mikefarah/yq from 4.25.3 to 4.26.1 #3491 (@dependabot[bot])
chore(deps): bump minimist from 1.2.5 to 1.2.6 #3189 (@dependabot[bot])
chore(deps): bump minimist from 1.2.5 to 1.2.6 in /ui #3188 (@dependabot[bot])
chore(deps): bump stefanzweifel/git-auto-commit-action from 4.14.0 to 4.14.1 #3274 (@dependabot[bot])
deps: bump backport action version #3224 (@travisgroth)
use generic version of btree #3404 (@wasaga)

Deployment
deployment: remove vals based entrypoint #3254 (@travisgroth)

Changed

databroker: support rotating shared secret #3502 (@calebdoxsey)
Revert "userinfo: embed assets as data URLs for forward auth" #3474 (@calebdoxsey)
github-actions: build docker platforms together #3426 (@calebdoxsey)
replace fmt.Sprintf with net.JoinHostPort #3407 (@cfanbo)
docs: fix a typo in auth0 config example #3332 (@imlonghao)
Allow docs changes without review #3242 (@alexfornuto)
ci: use forked backport to copy original PR labels #3223 (@travisgroth)
Revert "databroker: add support for field masks on Put" #3217 (@calebdoxsey)
docs: update changelog and upgrade notes for enterprise v0.17 #3105 (@travisgroth)

v0.17.3

2 years ago

Changes

authenticate: fix internal service URL dashboard redirect by @calebdoxsey in https://github.com/pomerium/pomerium/pull/3306
fix: close the ticker after opened by @clwluvw https://github.com/pomerium/pomerium/pull/3323
httputil/reproxy: fix policy transport by @calebdoxsey https://github.com/pomerium/pomerium/pull/3324
authenticate: fix internal service URL CORS check by @calebdoxsey in https://github.com/pomerium/pomerium/pull/3328

Docs

DOCS: update helm values file https://github.com/pomerium/pomerium/pull/3287
DOCS: Add device identity video https://github.com/pomerium/pomerium/pull/3307
DOCS: Update changelog https://github.com/pomerium/pomerium/pull/3308
Update docs for supported Ingress annotations https://github.com/pomerium/pomerium/pull/3325

Full Changelog: https://github.com/pomerium/pomerium/compare/v0.17.2...v0.17.3

v0.17.2

2 years ago

Changelog

v0.17.2 (2022-04-22)

Full Changelog

Fixed

authorize: pass idp id for webauthn url, allow unauthenticated access to static files [#3284] (@calebdoxsey)
config: fix DefaultTransport so it is still a *http.Transport [#3260] (@calebdoxsey)

Dependency

chore(deps): bump actions/setup-python from 3.1.0 to 3.1.2 [#3266]

Docs

Add UUID to docs yaml blocks (#3251) [#3259] (@alexfornuto)

v0.17.1

2 years ago

Full Changelog

Security Notice

This release includes a fix to a medium severity security issue.

We recommend that all users upgrade.

Security

authenticate: fix debug and metrics endpoints #3215 (@backport-actions-token[bot])

Fixed

authenticate: fix internal url with webauthn #3195 (@backport-actions-token[bot])
github: fix missing groups #3176 (@backport-actions-token[bot])

v0.17.0

2 years ago

Full Changelog

New

adds pomerium version to the user info endpoint #3093 (@nhayfield)
grpc: remove ptypes references #3078 (@calebdoxsey)
userinfo: add webauthn buttons to user info page #3075 (@calebdoxsey)
Style update for User Info Endpoint #3055 (@nhayfield)
session: remove unused session state properties #3022 (@calebdoxsey)
frontend: react+mui #3004 (@calebdoxsey)
controlplane: add compression middleware #3000 (@calebdoxsey)
authenticate: fix expiring user info endpoint #2976 (@calebdoxsey)
last known metric error #2974 (@wasaga)
directory: save IDP errors to databroker, put event handling in dedicated package #2957 (@calebdoxsey)
google: support groups for users outside of the organization #2950 (@calebdoxsey)
return explicit error when directory sync is disabled #2949 (@wasaga)
authenticate: add device-enrolled page #2892 (@calebdoxsey)
remove deprecated ioutil usages #2877 (@cfanbo)

Fixed

databroker: use contextual logging for errors, use original record type for encryption #3096 (@calebdoxsey)
fix link for picture in avatar #3066 (@nhayfield)
userinfo: fix logout button, add sign out confirm page #3058 (@calebdoxsey)
config: fix httptest local certificate #3056 (@calebdoxsey)
proxy: fix error page #3020 (@calebdoxsey)
deployment: only include pomerium binary #3007 (@travisgroth)
auth0: support explicit domains in the service account #2996 (@backport-actions-token[bot])
auth0: support explicit domains in the service account #2980 (@calebdoxsey)
config: fix TLS config when address and grpc_address are the same #2975 (@calebdoxsey)
deployment: enable goreleaser buildx #2968 (@travisgroth)
config: fix policy matching for regular expressions #2966 (@calebdoxsey)
fix: frontend html tag mismatch #2954 (@cfanbo)
devices: shrink credentials by removing unnecessary data #2951 (@calebdoxsey)
Remove spurious </ul> tags #2946 (@sylr)
authenticate: support webauthn redirects to non-pomerium domains #2936 (@calebdoxsey)
webauthn: use absolute URL for delete redirect #2935 (@calebdoxsey)
authenticate: add callback endpoint #2931 (@calebdoxsey)
devices: treat undefined device types as any #2927 (@calebdoxsey)
deployment: fix distroless base arch #2925 (@travisgroth)
handle device states in deny block, fix default device type #2919 (@calebdoxsey)
envoy: check certificates for must-staple flag and drop them if they are missing the response #2909 (@calebdoxsey)
integration: fix default port for verify service #2895 (@calebdoxsey)

Dependency

chore(deps): bump actions/setup-node from 2 to 3 #3089 (@dependabot[bot])
chore(deps): bump actions/setup-python from 2 to 3 #3088 (@dependabot[bot])
chore(deps): bump mikefarah/yq from 4.20.2 to 4.21.1 #3087 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.69.0 to 0.70.0 #3086 (@dependabot[bot])
chore(deps): bump url-parse from 1.5.7 to 1.5.10 #3085 (@dependabot[bot])
chore(deps): bump prismjs from 1.26.0 to 1.27.0 #3084 (@dependabot[bot])
deps: bump envoy to v1.20.2 #3082 (@travisgroth)
chore(deps): bump mikefarah/yq from 4.20.1 to 4.20.2 #3072 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.68.0 to 0.69.0 #3071 (@dependabot[bot])
chore(deps): bump github.com/golangci/golangci-lint from 1.44.0 to 1.44.2 #3070 (@dependabot[bot])
chore(deps): bump url-parse from 1.5.1 to 1.5.7 #3068 (@dependabot[bot])
chore(deps): bump github.com/gorilla/websocket from 1.4.2 to 1.5.0 #3052 (@dependabot[bot])
chore(deps): bump mikefarah/yq from 4.18.1 to 4.20.1 #3051 (@dependabot[bot])
chore(deps): bump follow-redirects from 1.14.7 to 1.14.8 #3043 (@dependabot[bot])
chore(deps): bump go.uber.org/zap from 1.20.0 to 1.21.0 #3041 (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.37.1 to 0.37.2 #3040 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.66.0 to 0.68.0 #3033 (@dependabot[bot])
deps: increase yarn network timeout #3018 (@travisgroth)
chore(deps): bump github.com/caddyserver/certmagic from 0.15.2 to 0.15.3 #3014 (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.36.1 to 0.37.1 #3013 (@dependabot[bot])
chore(deps): bump github.com/shirou/gopsutil/v3 from 3.21.12 to 3.22.1 #3012 (@dependabot[bot])
chore(deps): bump github.com/mholt/acmez from 1.0.1 to 1.0.2 #3011 (@dependabot[bot])
chore(deps): bump mermaid from 8.12.1 to 8.13.10 #3010 (@dependabot[bot])
chore(deps): bump follow-redirects from 1.14.1 to 1.14.7 #3009 (@dependabot[bot])
chore(deps): bump prismjs from 1.24.1 to 1.26.0 #3008 (@dependabot[bot])
chore(deps): bump mikefarah/yq from 4.17.2 to 4.18.1 #2989 (@dependabot[bot])
chore(deps): bump google.golang.org/grpc from 1.43.0 to 1.44.0 #2988 (@dependabot[bot])
chore(deps): bump github.com/golangci/golangci-lint from 1.43.0 to 1.44.0 #2987 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.65.0 to 0.66.0 #2986 (@dependabot[bot])
chore(deps): bump github.com/prometheus/client_golang from 1.12.0 to 1.12.1 #2985 (@dependabot[bot])
chore(deps): bump mikefarah/yq from 4.16.2 to 4.17.2 #2963 (@dependabot[bot])
chore(deps): bump github.com/google/go-cmp from 0.5.6 to 0.5.7 #2962 (@dependabot[bot])
chore(deps): bump github.com/prometheus/client_golang from 1.11.0 to 1.12.0 #2961 (@dependabot[bot])
chore(deps): bump github.com/openzipkin/zipkin-go from 0.3.0 to 0.4.0 #2942 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.64.0 to 0.65.0 #2941 (@dependabot[bot])
chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.6.2 to 0.6.3 #2940 (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.36.0 to 0.36.1 #2939 (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.63.0 to 0.64.0 #2913 (@dependabot[bot])
chore(deps): bump go.uber.org/zap from 1.19.1 to 1.20.0 #2912 (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.35.0 to 0.36.0 #2911 (@dependabot[bot])
chore(deps): bump github.com/go-chi/chi from 1.5.4 to 4.1.2+incompatible #2910 (@dependabot[bot])
envoy: upgrade to 1.20.1 #2902 (@calebdoxsey)
chore(deps): bump github.com/shirou/gopsutil/v3 from 3.21.11 to 3.21.12 #2886 (@dependabot[bot])
chore(deps): bump github.com/rs/cors from 1.8.0 to 1.8.2 #2855 (@dependabot[bot])
chore(deps): bump github.com/google/go-jsonnet from 0.17.0 to 0.18.0 #2854 (@dependabot[bot])
chore(deps): bump mikefarah/yq from 4.16.1 to 4.16.2 #2853 (@dependabot[bot])

Deployment

deployment: remove DST cert workaround from debug image #2958 (@travisgroth)
deployment: multi-arch master images #2896 (@travisgroth)

Changed

config: add idp_client_id and idp_client_secret to protobuf #3060 (@calebdoxsey)
Extract email for active directory users that don't have access to exchange #3053 (@JBodkin-Amphora)
disable blank github issues #2898 (@travisgroth)

v0.16.4

2 years ago

Full Changelog

Dependency

deps: update envoy to v1.19.3 #3083 (@travisgroth)

v0.16.3

2 years ago

Full Changelog

Fixed

deployment: only include pomerium binary #3007 (@travisgroth)
auth0: support explicit domains in the service account #2996 (@backport-actions-token[bot])