v0.14.3-alpha

0.14.3-alpha (2024-06-09)

This is just a regular monthly patch release with updated dependencies.

Dependencies

• update golang to v1.22.4 (#1517) (a86784a)
• update golang.org/x/exp digest to fc45aab (#1515) (f07ae39)
• update google.golang.org/genproto/googleapis/rpc digest to ef581f9 (#1516) (acc5740)
• update kubernetes packages to v0.30.1 (#1466) (dc68e5e)
• update module github.com/go-jose/go-jose/v4 to v4.0.2 (#1450) (1aba621)
• update module github.com/go-playground/validator/v10 to v10.21.0 (#1509) (0c9167e)
• update module github.com/go-viper/mapstructure/v2 to v2.0.0 (#1510) (d7224ff)
• update module github.com/goccy/go-json to v0.10.3 (#1476) (32f5eca)
• update module github.com/redis/rueidis to v1.0.38 (#1502) (91569ee)
• update module github.com/redis/rueidis/rueidisotel to v1.0.38 (#1503) (63dec15)
• update module github.com/rs/zerolog to v1.33.0 (#1490) (9579381)
• update module github.com/santhosh-tekuri/jsonschema/v6 to v6.0.1 (#1520) (3648c59)
• update module go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc to v0.52.0 (#1478) (535aa2f)
• update module go.opentelemetry.io/contrib/instrumentation/host to v0.52.0 (#1480) (509d4b3)
• update module go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp to v0.52.0 (#1482) (b112767)
• update module go.opentelemetry.io/contrib/instrumentation/runtime to v0.52.0 (#1483) (4c8707c)
• update module go.opentelemetry.io/contrib/propagators/autoprop to v0.52.0 (#1484) (57c5a6a)
• update module go.opentelemetry.io/otel to v1.27.0 (#1481) (384612e)
• update module go.opentelemetry.io/otel/bridge/opentracing to v1.27.0 (#1481) (384612e)
• update module go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc to v1.27.0 (#1481) (384612e)
• update module go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp to v1.27.0 (#1481) (384612e)
• update module go.opentelemetry.io/otel/exporters/otlp/otlptrace to v1.27.0 (#1481) (384612e)
• update module go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc to v1.27.0 (#1481) (384612e)
• update module go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttpto to v1.27.0 (#1481) (384612e)
• update module go.opentelemetry.io/otel/exporters/prometheus to v0.49.0 (#1481) (384612e)
• update module go.opentelemetry.io/otel/exporters/zipkin to v1.27.0 (#1481) (384612e)
• update module go.opentelemetry.io/otel/metric to v1.27.0 (#1481) (384612e)
• update module go.opentelemetry.io/otel/sdk to v1.27.0 (#1481) (384612e)
• update module go.opentelemetry.io/otel/sdk/metric to v1.27.0 (#1481) (384612e)
• update module go.opentelemetry.io/otel/trace to v1.27.0 (#1481) (384612e)
• update module go.uber.org/fx to v1.22.0 (#1501) (37ddf79)
• update module google.golang.org/grpc to v1.64.0 (#1462) (9d5e47c)

v0.14.2-alpha

0.14.2-alpha (2024-05-12)

This is just a regular monthly patch release with updated dependencies.

Dependencies

• update golang to v1.22.3 (#1428) (524a3d4)
• update kubernetes packages to v0.30.0 (#1368) (04cba69)
• update module github.com/go-co-op/gocron/v2 to v2.5.0 (#1424) (c3449a0)
• update module github.com/go-playground/validator/v10 to v10.20.0 (#1402) (a965ef0)
• update module github.com/prometheus/client_golang to v1.19.1 (#1434) (d778e9c)
• update module github.com/redis/rueidis to v1.0.37 (#1440) (ce2e65b)
• update module github.com/redis/rueidis/rueidisotel to v1.0.37 (#1441) (5c163b5)
• update module github.com/rs/cors to v1.11.0 (#1383) (b44b9c0)
• update module github.com/wi2l/jsondiff to v0.5.2 (#1370) (fd0cb04)
• update module github.com/youmark/pkcs8 to v0.0.0-20240424034433-3c2c7870ae76 (#1407) (587f073)
• update module go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc to v0.51.0 (#1387) (ce65b02)
• update module go.opentelemetry.io/contrib/instrumentation/host to v0.51.0 (#1389) (5688d8f)
• update module go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp to v0.51.0 (#1390) (2357888)
• update module go.opentelemetry.io/contrib/instrumentation/runtime to v0.51.0 (#1391) (a58f629)
• update module go.opentelemetry.io/contrib/propagators/autoprop to v0.51.0 (#1392) (fc87ef5)
• update module go.opentelemetry.io/otel to v1.26.0 (#1385) (3c531d7)
• update module go.opentelemetry.io/otel/bridge/opentracing to v1.26.0 (#1385) (3c531d7)
• update module go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc to v1.26.0 (#1385) (3c531d7)
• update module go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp to v1.26.0 (#1385) (3c531d7)
• update module go.opentelemetry.io/otel/exporters/otlp/otlptrace to v1.26.0 (#1385) (3c531d7)
• update module go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc to v1.26.0 (#1385) (3c531d7)
• update module go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp to v1.26.0 (#1385) (3c531d7)
• update module go.opentelemetry.io/otel/exporters/prometheus to v0.48.0 (#1385) (3c531d7)
• update module go.opentelemetry.io/otel/exporters/zipkin to v1.26.0 (#1385) (3c531d7)
• update module go.opentelemetry.io/otel/metric to v1.26.0 (#1385) (3c531d7)
• update module go.opentelemetry.io/otel/sdk to v1.26.0 (#1385) (3c531d7)
• update module go.opentelemetry.io/otel/sdk/metric to v1.26.0 (#1385) (3c531d7)
• update module go.opentelemetry.io/otel/trace to v1.26.0 (#1385) (3c531d7)
• update module go.uber.org/fx to v1.21.1 (#1384) (614117f)
• update module golang.org/x/exp to v0.0.0-20240506185415-9bf2ced13842 (#1422) (561ee65)
• update module google.golang.org/genproto/googleapis/rpc to v0.0.0-20240509183442-62759503f434 (#1436) (508e22b)
• update module google.golang.org/protobuf to v1.34.1 (#1421) (e25b077)

v0.14.1-alpha

0.14.1-alpha (2024-04-09)

The main reason for this patch release is GO-2024-2687, which has been fixed in go v1.22.2 and golang.org/x/net v0.23.0.

Dependencies

• update golang to v1.22.2 (#1313) (7c37100)
• update golang.org/x/exp digest to c0f41cb (#1318) (723ad16)
• update module github.com/knadh/koanf/v2 to v2.1.1 (#1308) (502cdcb)
• update module go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc to v0.50.0 (#1329) (dbb40bd)
• update module go.opentelemetry.io/contrib/instrumentation/host to v0.50.0 (#1329) (dbb40bd)
• update module go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp to v0.50.0 (#1329) (dbb40bd)
• update module go.opentelemetry.io/contrib/instrumentation/runtime to v0.50.0 (#1329) (dbb40bd)
• update module go.opentelemetry.io/contrib/propagators/autoprop to v0.50.0 (#1329) (dbb40bd)
• update module go.opentelemetry.io/otel to v1.25.0 (#1329) (dbb40bd)
• update module go.opentelemetry.io/otel/bridge/opentracing to v1.25.0 (#1329) (dbb40bd)
• update module go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc to v1.25.0 (#1329) (dbb40bd)
• update module go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp to v1.25.0 (#1329) (dbb40bd)
• update module go.opentelemetry.io/otel/exporters/otlp/otlptrace to v1.25.0 (#1329) (dbb40bd)
• update module go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc to v1.25.0 (#1329) (dbb40bd)
• update module go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp to v1.25.0 (#1329) (dbb40bd)
• update module go.opentelemetry.io/otel/exporters/prometheus to v0.47.0 (#1329) (dbb40bd)
• update module go.opentelemetry.io/otel/exporters/zipkin to v1.25.0 (#1329) (dbb40bd)
• update module go.opentelemetry.io/otel/metric to v1.25.0 (#1329) (dbb40bd)
• update module go.opentelemetry.io/otel/sdk to v1.25.0 (#1329) (dbb40bd)
• update module go.opentelemetry.io/otel/sdk/metric to v1.25.0 (#1329) (dbb40bd)
• update module go.opentelemetry.io/otel/trace to v1.25.0 (#1329) (dbb40bd)
• update module google.golang.org/grpc to v1.63.2 (#1339) (8ee3942)

v0.14.0-alpha

0.14.0-alpha (2024-04-02)

Features

• env settings in helm chart extended to support ConfigMaps, Secrets and Pod configuration in addition to string literals (#1128) by @martin31821 (bf75c97)
• Helm chart supports setting environment variables by referencing either a ConfigMap or a Secret via envFrom (#1128) by @martin31821 (bf75c97)
• Hot reloading of Signer keys store (#1232) (36076e1)
• Hot reloading of TLS key stores (#1230) (9abf723)
• Redis as (distributed) cache (#999) by @tk-innoq (2f9ba81)

Bug Fixes

• audience assertion adheres to RFC-7519, section 4.1.3 (#1237) (560a470)
• Rule set, the rule is loaded from, is considered while updating or deleting rules (#1298) (e571248)

Documentation

• Contour integration guide updated to cover global configuration in addition to the route based one (#1253) (74bcebd)
• Documentation restructured to make it more comprehensive (#1075) by @godrin, @REABMAX, @Ebano and @KieronWiltshire (6612633)
• HAProxy guide updated to cover global integration with the Ingress Controller (#1240) (ed27797)
• Integration guide for OpenFGA (#1299) (1d8bea2)
• Traefik integration guide updated to cover global configuration in addition to the route based one (#1269) (73b1d4c)

Dependencies

• update golang to 1.22.1 (#1219) (4449cb7)
• update golang.org/x/exp digest to a685a6e (#1245) (41ba4a2)
• update google.golang.org/genproto/googleapis/rpc digest to c3f9821 (#1301) (4ccf593)
• update kubernetes packages to v0.29.3 (#1249) (43f3233)
• update module github.com/dlclark/regexp2 to v1.11.0 (#1209) (c51eda9)
• update module github.com/evanphx/json-patch/v5 to v5.9.0 (#1156) (3770509)
• update module github.com/go-co-op/gocron/v2 to v2.2.9 (#1292) (3555329)
• update module github.com/go-jose/go-jose/v4 to v4.0.1 [security] (#1225) (45e5a46)
• update module github.com/go-playground/validator/v10 to v10.19.0 (#1217) (564d256)
• update module github.com/google/cel-go to v0.20.1 (#1224) (a0669a8)
• update module github.com/google/uuid to v1.6.0 (#1151) (5f9dc9c)
• update module github.com/grpc-ecosystem/go-grpc-middleware/v2 to v2.1.0 (#1241) (bff3874)
• update module github.com/jellydator/ttlcache/v3 to v3.2.0 (#1198) (7c560d2)
• update module github.com/knadh/koanf/v2 to v2.1.0 (#1178) (1e344d3)
• update module github.com/ory/ladon to v1.3.0 (#1222) (3ca9ec4)
• update module github.com/prometheus/client_golang to v1.19.0 (#1212) (256932f)
• update module github.com/rs/zerolog to v1.32.0 (#1165) (d4678f6)
• update module github.com/tidwall/gjson to v1.17.1 (#1187) (a1680a1)
• update module github.com/tonglil/opentelemetry-go-datadog-propagator to v0.1.2 (#1215) (0d2a6ce)
• update module go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc to v0.49.0 (#1209) (c51eda9)
• update module go.opentelemetry.io/contrib/instrumentation/host to v0.49.0 (#1209) (c51eda9)
• update module go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp to v0.49.0 (#1209) (c51eda9)
• update module go.opentelemetry.io/contrib/instrumentation/runtime to v0.49.0 (#1209) (c51eda9)
• update module go.opentelemetry.io/contrib/propagators/autoprop to v0.49.0 (#1209) (c51eda9)
• update module go.opentelemetry.io/otel to v1.24.0 (#1209) (c51eda9)
• update module go.opentelemetry.io/otel/bridge/opentracing to v1.24.0 (#1209) (c51eda9)
• update module go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc to v1.24.0 (#1209) (c51eda9)
• update module go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp to v1.24.0 (#1209) (c51eda9)
• update module go.opentelemetry.io/otel/exporters/otlp/otlptrace to v1.24.0 (#1209) (c51eda9)
• update module go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc to v1.24.0 (#1209) (c51eda9)
• update module go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp to v1.24.0 (#1209) (c51eda9)
• update module go.opentelemetry.io/otel/exporters/prometheus to v0.46.0 (#1209) ([c51ed...

v0.13.0-alpha

0.13.0-alpha (2024-01-03)

⚠ BREAKING CHANGES

• Endpoint specific HTTP cache settings refactored to allow HTTP cache ttl definition (#1043)

Features

• OAuth2/OIDC metadata discovery for jwt authenticator (#1043) (2dbfa5f) by @martin31821
• OAuth2/OIDC metadata discovery for oauth2_introspection authenticator (#1043) (2dbfa5f) by @martin31821

Code Refactorings

• Endpoint specific HTTP cache settings refactored to allow HTTP cache ttl definition (#1043) (2dbfa5f)

Bug Fixes

• Accept header usage (#1107) (f738ee8)
• Setting of binary artifacts version fixed (#1087) (f7dbbee)

Dependencies

• update golang to 1.21.5 (#1082) (a996ce7)
• update golang.org/x/exp digest to 02704c9 (#1111) (1e18000)
• update google.golang.org/genproto/googleapis/rpc digest to 50ed04b (#1115) (eda1d2d)
• update kubernetes packages to v0.29.0 (#1100) (65b3619)
• update module github.com/envoyproxy/go-control-plane to v0.12.0 (#1117) (7fbb737)
• update module github.com/go-co-op/gocron/v2 to v2.1.2 (#1116) (13505da)
• update module github.com/google/uuid to v1.5.0 (#1097) (5273ac8)
• update module github.com/jellydator/ttlcache/v3 to v3.1.1 (#1102) (90dcc4d)
• update module github.com/prometheus/client_golang to v1.18.0 (#1112) (57da7ec)
• update module gocloud.dev to v0.36.0 (#1113) (584d51f)
• update module google.golang.org/grpc to v1.60.1 (#1105) (329f647)
• update module google.golang.org/protobuf to v1.32.0 (#1109) (47d7785)

New Contributors

• @martin31821

v0.12.0-alpha

0.12.0-alpha (2023-11-29)

First of all, a big thank you to all indirect and direct (@netthier, @sja) contributors for making this release possible!!!

⚠ BREAKING CHANGES

• Support for X-Forwarded-Path header dropped (#1073)
• if conditional statements for error pipeline mechanisms (#1055)
• Request.ClientIP renamed to Request.ClientIPAddresses to reflect the actual contents (#1066)
• The term "scheme" is used properly as defined by RFC9110 (#1042)
• Rule(-Set) related configuration properties mechanisms , default and providers moved one level up and renamed (#1028)
• Support for noop authenticator removed (#1015)
• Endpoint specific client_credentials auth strategy renamed to oauth2_client_credentials (#975)
• unifier renamed to finalizer (#956)
• Support for OTEL metrics (#948)
• Proxy implementation migrated from fiber to stdlib http package (#889)
• Support for OpenTelemetry Jaeger exporter dropped (It has been deprecated by Jaeger back in 2022) (#884)

Features

• client_credentials authentication strategy for Endpoint enhanced to support the same options as the corresponding finalizer (#971) (ec16d5d)
• finalizers are optional (#1027) (864c879)
• if conditional statements for error pipeline mechanisms (#1055) (7cf97dc)
• Access to request body in templates and CEL expressions (#1069) (69dd7d2)
• Container images are published to GHCR in addition to DockerHub (#1041) (04b1066)
• Helm chart pulls heimdall container image from ghcr.io instead from DockerHub (#1053) (b3c729a)
• HTTP 2.0 support (#889) (ffcccf6)
• Kubernetes RuleSet resource deployment/usage status (#987) (738e3ec)
• New oauth2_client_credentials finalizer (#959) (4c9f807)
• New trace log level allowing dumping HTTP requests, responses and the current Subject contents (#877) (512f1ed)
• Opt-In for url-encoded slashes in URL paths (#1071) (96bb188)
• Release archive contains an SBOM in CycloneDX (json) format (#867) (d8a7cff)
• RuleSet version increased to 1alpha3, respectively to v1alpha3 in k8s CRD (#1054) (943c9ce)
• SBOM and attestations for published container images (#868) (3564870)
• SSE support (#889) (ffcccf6)
• Support for OTEL metrics (#948) (eeb5a82)
• Templating support in remote authorizer and generic contextualizer values property (#1047) (2835faa)
• Validating admission controller for RuleSet resources (#984) (3357e57)
• WebSockets support (#889) (ffcccf6)

Code Refactorings

• Request.ClientIP renamed to Request.ClientIPAddresses to reflect the actual contents (#1066) (0f9484f)
• unifier renamed to finalizer (#956) (d54e39d)
• Endpoint specific client_credentials auth strategy renamed to oauth2_client_credentials (#975) (b11005c)
• Proxy implementation migrated from fiber to stdlib http package (#889) (ffcccf6)
• Rule(-Set) related configuration properties mechanisms , default and providers moved one level up and renamed (#1028) (f6ce3b8)
• Support for noop authenticator removed (#1015) (8cb3bd3)
• Support for X-Forwarded-Path header dropped (#1073) (342c11a)
• Support for OpenTelemetry Jaeger exporter dropped (It has been deprecated by Jaeger back in 2022) (#884) (97b81b1)

Bug Fixes

• HTTP method expansion in k8s RuleSet resources (#1005) (861c2b6)
• Kubernetes RuleSet resource is unloaded by heimdall on authClassName mismatch (#987) (738e3ec)
• Making use of better constraints in the definition of the RuleSet CRD to not exceed the k8s rule cost budget (#1004) (7d71351)
• MIME type decoder covers optional parameters (#1057) (c1c088c)
• The term "scheme" is used properly as defined by RFC9110 (#1042) (aaf4bd3)

Documentation

• Integration guide and demo for (Ambassador) emissary ingress controller (#838) (456cfd5)
• Integration guide and demo for HAProxy ingress controller (#837) (3766fa2)
• New landing page (#853) (fc2a337)
• New sections describing signature verification of released archives, container images and the SBOM. (#872) (8f42c24)

Dependencies

• update golang to 1.21.4 (79a0106)
• update golang.org/x/exp digest to 6522937 (#1068) (83827ae)
• update google.golang.org/genproto/googleapis/rpc digest to 3a041ad ([#1067](https://githu...

v0.11.1-alpha

0.11.1-alpha (2023-08-08)

Bug Fixes

• Usage of X-Forwarded-* headers enhanced security wise (#839) (cd4f7e8)
• Fix for wrong HTTP scheme used while matching the rules if heimdall is operated over TLS (#839) (cd4f7e8)

Documentation

• Available integration guides updated to describe secure integration options only (#839) (cd4f7e8)

Dependencies

• update golang.org/x/exp digest to 050eac2 (#842) (964a867)
• update google.golang.org/genproto/googleapis/rpc digest to 1744710 (#841) (8f5c5e3)

v0.11.0-alpha

0.11.0-alpha (2023-08-04)

⚠ BREAKING CHANGES

• values property for endpoint templating must be configured on the mechanism conf level (#746)

Features

• Helm chart allows usage of optionall volumes and volume mounts (#825) (0ed2cf0)
• Helm chart enhanced to allow passing optional arguments to heimdall (#824) (9b0149d)
• HTTP method expansion with placeholder key words (#774) (d25be3b)
• New CEL and template functions to ease access to different parts of the request and beyond (#689) (730b220)
• Support of env variables in rule sets loaded by the file_system provider using Bash syntax (#775) (6fa6415)
• Values object can be used in payload of generic contextualizer and remote authorizer (#749) (42267cb)

Code Refactorings

• values property for endpoint templating must be configured on the mechanism conf level (#746) (9809fe4)

Bug Fixes

• Loading of structured configuration from env variables (#768) (a76c722)
• Quoting configured env vars in helm chart (#827) (b4eeb96)
• Validation of a self-signed certificate does not require its presence in the system wide trust store any more (#830) (56a2d1f)

Documentation

• New integration guide for Contour ingress controller (#828) (ea62e91)
• Proxy buffer sizes example fixed (#814) (6867822) @vinerich

v0.10.1-alpha

0.10.1-alpha (2023-06-28)

Bug Fixes

• Allow url rewrites with only a subset of fields set (proxy mode) (109365f)
• Include fullname in Helm RBAC resource names (#737) (dff3d4d)
• Working authClassName filter if multiple heimdall deployments are present in a cluster (#742) (109365f)

Thank you @netthier

v0.10.0-alpha

0.10.0-alpha (2023-06-28)

⚠ BREAKING CHANGES

• Support for URL rewriting while forwarding the processed request to the upstream service (#703)

Features

• Support for automatically Helm roll deployments (#731) (bd2d438)
• Support for URL rewriting while forwarding the processed request to the upstream service (#703) (be62972)