Releases: dadrus/heimdall
Releases · dadrus/heimdall
v0.14.3-alpha
0.14.3-alpha (2024-06-09)
This is just a regular monthly patch release with updated dependencies.
Dependencies
- update golang to v1.22.4 (#1517) (a86784a)
- update golang.org/x/exp digest to fc45aab (#1515) (f07ae39)
- update google.golang.org/genproto/googleapis/rpc digest to ef581f9 (#1516) (acc5740)
- update kubernetes packages to v0.30.1 (#1466) (dc68e5e)
- update module github.com/go-jose/go-jose/v4 to v4.0.2 (#1450) (1aba621)
- update module github.com/go-playground/validator/v10 to v10.21.0 (#1509) (0c9167e)
- update module github.com/go-viper/mapstructure/v2 to v2.0.0 (#1510) (d7224ff)
- update module github.com/goccy/go-json to v0.10.3 (#1476) (32f5eca)
- update module github.com/redis/rueidis to v1.0.38 (#1502) (91569ee)
- update module github.com/redis/rueidis/rueidisotel to v1.0.38 (#1503) (63dec15)
- update module github.com/rs/zerolog to v1.33.0 (#1490) (9579381)
- update module github.com/santhosh-tekuri/jsonschema/v6 to v6.0.1 (#1520) (3648c59)
- update module go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc to v0.52.0 (#1478) (535aa2f)
- update module go.opentelemetry.io/contrib/instrumentation/host to v0.52.0 (#1480) (509d4b3)
- update module go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp to v0.52.0 (#1482) (b112767)
- update module go.opentelemetry.io/contrib/instrumentation/runtime to v0.52.0 (#1483) (4c8707c)
- update module go.opentelemetry.io/contrib/propagators/autoprop to v0.52.0 (#1484) (57c5a6a)
- update module go.opentelemetry.io/otel to v1.27.0 (#1481) (384612e)
- update module go.opentelemetry.io/otel/bridge/opentracing to v1.27.0 (#1481) (384612e)
- update module go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc to v1.27.0 (#1481) (384612e)
- update module go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp to v1.27.0 (#1481) (384612e)
- update module go.opentelemetry.io/otel/exporters/otlp/otlptrace to v1.27.0 (#1481) (384612e)
- update module go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc to v1.27.0 (#1481) (384612e)
- update module go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttpto to v1.27.0 (#1481) (384612e)
- update module go.opentelemetry.io/otel/exporters/prometheus to v0.49.0 (#1481) (384612e)
- update module go.opentelemetry.io/otel/exporters/zipkin to v1.27.0 (#1481) (384612e)
- update module go.opentelemetry.io/otel/metric to v1.27.0 (#1481) (384612e)
- update module go.opentelemetry.io/otel/sdk to v1.27.0 (#1481) (384612e)
- update module go.opentelemetry.io/otel/sdk/metric to v1.27.0 (#1481) (384612e)
- update module go.opentelemetry.io/otel/trace to v1.27.0 (#1481) (384612e)
- update module go.uber.org/fx to v1.22.0 (#1501) (37ddf79)
- update module google.golang.org/grpc to v1.64.0 (#1462) (9d5e47c)
v0.14.2-alpha
0.14.2-alpha (2024-05-12)
This is just a regular monthly patch release with updated dependencies.
Dependencies
- update golang to v1.22.3 (#1428) (524a3d4)
- update kubernetes packages to v0.30.0 (#1368) (04cba69)
- update module github.com/go-co-op/gocron/v2 to v2.5.0 (#1424) (c3449a0)
- update module github.com/go-playground/validator/v10 to v10.20.0 (#1402) (a965ef0)
- update module github.com/prometheus/client_golang to v1.19.1 (#1434) (d778e9c)
- update module github.com/redis/rueidis to v1.0.37 (#1440) (ce2e65b)
- update module github.com/redis/rueidis/rueidisotel to v1.0.37 (#1441) (5c163b5)
- update module github.com/rs/cors to v1.11.0 (#1383) (b44b9c0)
- update module github.com/wi2l/jsondiff to v0.5.2 (#1370) (fd0cb04)
- update module github.com/youmark/pkcs8 to v0.0.0-20240424034433-3c2c7870ae76 (#1407) (587f073)
- update module go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc to v0.51.0 (#1387) (ce65b02)
- update module go.opentelemetry.io/contrib/instrumentation/host to v0.51.0 (#1389) (5688d8f)
- update module go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp to v0.51.0 (#1390) (2357888)
- update module go.opentelemetry.io/contrib/instrumentation/runtime to v0.51.0 (#1391) (a58f629)
- update module go.opentelemetry.io/contrib/propagators/autoprop to v0.51.0 (#1392) (fc87ef5)
- update module go.opentelemetry.io/otel to v1.26.0 (#1385) (3c531d7)
- update module go.opentelemetry.io/otel/bridge/opentracing to v1.26.0 (#1385) (3c531d7)
- update module go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc to v1.26.0 (#1385) (3c531d7)
- update module go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp to v1.26.0 (#1385) (3c531d7)
- update module go.opentelemetry.io/otel/exporters/otlp/otlptrace to v1.26.0 (#1385) (3c531d7)
- update module go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc to v1.26.0 (#1385) (3c531d7)
- update module go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp to v1.26.0 (#1385) (3c531d7)
- update module go.opentelemetry.io/otel/exporters/prometheus to v0.48.0 (#1385) (3c531d7)
- update module go.opentelemetry.io/otel/exporters/zipkin to v1.26.0 (#1385) (3c531d7)
- update module go.opentelemetry.io/otel/metric to v1.26.0 (#1385) (3c531d7)
- update module go.opentelemetry.io/otel/sdk to v1.26.0 (#1385) (3c531d7)
- update module go.opentelemetry.io/otel/sdk/metric to v1.26.0 (#1385) (3c531d7)
- update module go.opentelemetry.io/otel/trace to v1.26.0 (#1385) (3c531d7)
- update module go.uber.org/fx to v1.21.1 (#1384) (614117f)
- update module golang.org/x/exp to v0.0.0-20240506185415-9bf2ced13842 (#1422) (561ee65)
- update module google.golang.org/genproto/googleapis/rpc to v0.0.0-20240509183442-62759503f434 (#1436) (508e22b)
- update module google.golang.org/protobuf to v1.34.1 (#1421) (e25b077)
v0.14.1-alpha
0.14.1-alpha (2024-04-09)
The main reason for this patch release is GO-2024-2687, which has been fixed in go v1.22.2 and golang.org/x/net v0.23.0.
Dependencies
- update golang to v1.22.2 (#1313) (7c37100)
- update golang.org/x/exp digest to c0f41cb (#1318) (723ad16)
- update module github.com/knadh/koanf/v2 to v2.1.1 (#1308) (502cdcb)
- update module go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc to v0.50.0 (#1329) (dbb40bd)
- update module go.opentelemetry.io/contrib/instrumentation/host to v0.50.0 (#1329) (dbb40bd)
- update module go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp to v0.50.0 (#1329) (dbb40bd)
- update module go.opentelemetry.io/contrib/instrumentation/runtime to v0.50.0 (#1329) (dbb40bd)
- update module go.opentelemetry.io/contrib/propagators/autoprop to v0.50.0 (#1329) (dbb40bd)
- update module go.opentelemetry.io/otel to v1.25.0 (#1329) (dbb40bd)
- update module go.opentelemetry.io/otel/bridge/opentracing to v1.25.0 (#1329) (dbb40bd)
- update module go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc to v1.25.0 (#1329) (dbb40bd)
- update module go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp to v1.25.0 (#1329) (dbb40bd)
- update module go.opentelemetry.io/otel/exporters/otlp/otlptrace to v1.25.0 (#1329) (dbb40bd)
- update module go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc to v1.25.0 (#1329) (dbb40bd)
- update module go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp to v1.25.0 (#1329) (dbb40bd)
- update module go.opentelemetry.io/otel/exporters/prometheus to v0.47.0 (#1329) (dbb40bd)
- update module go.opentelemetry.io/otel/exporters/zipkin to v1.25.0 (#1329) (dbb40bd)
- update module go.opentelemetry.io/otel/metric to v1.25.0 (#1329) (dbb40bd)
- update module go.opentelemetry.io/otel/sdk to v1.25.0 (#1329) (dbb40bd)
- update module go.opentelemetry.io/otel/sdk/metric to v1.25.0 (#1329) (dbb40bd)
- update module go.opentelemetry.io/otel/trace to v1.25.0 (#1329) (dbb40bd)
- update module google.golang.org/grpc to v1.63.2 (#1339) (8ee3942)
v0.14.0-alpha
0.14.0-alpha (2024-04-02)
Features
env
settings in helm chart extended to support ConfigMaps, Secrets and Pod configuration in addition to string literals (#1128) by @martin31821 (bf75c97)- Helm chart supports setting environment variables by referencing either a ConfigMap or a Secret via
envFrom
(#1128) by @martin31821 (bf75c97) - Hot reloading of Signer keys store (#1232) (36076e1)
- Hot reloading of TLS key stores (#1230) (9abf723)
- Redis as (distributed) cache (#999) by @tk-innoq (2f9ba81)
Bug Fixes
audience
assertion adheres to RFC-7519, section 4.1.3 (#1237) (560a470)- Rule set, the rule is loaded from, is considered while updating or deleting rules (#1298) (e571248)
Documentation
- Contour integration guide updated to cover global configuration in addition to the route based one (#1253) (74bcebd)
- Documentation restructured to make it more comprehensive (#1075) by @godrin, @REABMAX, @Ebano and @KieronWiltshire (6612633)
- HAProxy guide updated to cover global integration with the Ingress Controller (#1240) (ed27797)
- Integration guide for OpenFGA (#1299) (1d8bea2)
- Traefik integration guide updated to cover global configuration in addition to the route based one (#1269) (73b1d4c)
Dependencies
- update golang to 1.22.1 (#1219) (4449cb7)
- update golang.org/x/exp digest to a685a6e (#1245) (41ba4a2)
- update google.golang.org/genproto/googleapis/rpc digest to c3f9821 (#1301) (4ccf593)
- update kubernetes packages to v0.29.3 (#1249) (43f3233)
- update module github.com/dlclark/regexp2 to v1.11.0 (#1209) (c51eda9)
- update module github.com/evanphx/json-patch/v5 to v5.9.0 (#1156) (3770509)
- update module github.com/go-co-op/gocron/v2 to v2.2.9 (#1292) (3555329)
- update module github.com/go-jose/go-jose/v4 to v4.0.1 [security] (#1225) (45e5a46)
- update module github.com/go-playground/validator/v10 to v10.19.0 (#1217) (564d256)
- update module github.com/google/cel-go to v0.20.1 (#1224) (a0669a8)
- update module github.com/google/uuid to v1.6.0 (#1151) (5f9dc9c)
- update module github.com/grpc-ecosystem/go-grpc-middleware/v2 to v2.1.0 (#1241) (bff3874)
- update module github.com/jellydator/ttlcache/v3 to v3.2.0 (#1198) (7c560d2)
- update module github.com/knadh/koanf/v2 to v2.1.0 (#1178) (1e344d3)
- update module github.com/ory/ladon to v1.3.0 (#1222) (3ca9ec4)
- update module github.com/prometheus/client_golang to v1.19.0 (#1212) (256932f)
- update module github.com/rs/zerolog to v1.32.0 (#1165) (d4678f6)
- update module github.com/tidwall/gjson to v1.17.1 (#1187) (a1680a1)
- update module github.com/tonglil/opentelemetry-go-datadog-propagator to v0.1.2 (#1215) (0d2a6ce)
- update module go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc to v0.49.0 (#1209) (c51eda9)
- update module go.opentelemetry.io/contrib/instrumentation/host to v0.49.0 (#1209) (c51eda9)
- update module go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp to v0.49.0 (#1209) (c51eda9)
- update module go.opentelemetry.io/contrib/instrumentation/runtime to v0.49.0 (#1209) (c51eda9)
- update module go.opentelemetry.io/contrib/propagators/autoprop to v0.49.0 (#1209) (c51eda9)
- update module go.opentelemetry.io/otel to v1.24.0 (#1209) (c51eda9)
- update module go.opentelemetry.io/otel/bridge/opentracing to v1.24.0 (#1209) (c51eda9)
- update module go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc to v1.24.0 (#1209) (c51eda9)
- update module go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp to v1.24.0 (#1209) (c51eda9)
- update module go.opentelemetry.io/otel/exporters/otlp/otlptrace to v1.24.0 (#1209) (c51eda9)
- update module go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc to v1.24.0 (#1209) (c51eda9)
- update module go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp to v1.24.0 (#1209) (c51eda9)
- update module go.opentelemetry.io/otel/exporters/prometheus to v0.46.0 (#1209) ([c51ed...
v0.13.0-alpha
0.13.0-alpha (2024-01-03)
⚠ BREAKING CHANGES
- Endpoint specific HTTP cache settings refactored to allow HTTP cache ttl definition (#1043)
Features
- OAuth2/OIDC metadata discovery for
jwt
authenticator (#1043) (2dbfa5f) by @martin31821 - OAuth2/OIDC metadata discovery for
oauth2_introspection
authenticator (#1043) (2dbfa5f) by @martin31821
Code Refactorings
- Endpoint specific HTTP cache settings refactored to allow HTTP cache ttl definition (#1043) (2dbfa5f)
Bug Fixes
Dependencies
- update golang to 1.21.5 (#1082) (a996ce7)
- update golang.org/x/exp digest to 02704c9 (#1111) (1e18000)
- update google.golang.org/genproto/googleapis/rpc digest to 50ed04b (#1115) (eda1d2d)
- update kubernetes packages to v0.29.0 (#1100) (65b3619)
- update module github.com/envoyproxy/go-control-plane to v0.12.0 (#1117) (7fbb737)
- update module github.com/go-co-op/gocron/v2 to v2.1.2 (#1116) (13505da)
- update module github.com/google/uuid to v1.5.0 (#1097) (5273ac8)
- update module github.com/jellydator/ttlcache/v3 to v3.1.1 (#1102) (90dcc4d)
- update module github.com/prometheus/client_golang to v1.18.0 (#1112) (57da7ec)
- update module gocloud.dev to v0.36.0 (#1113) (584d51f)
- update module google.golang.org/grpc to v1.60.1 (#1105) (329f647)
- update module google.golang.org/protobuf to v1.32.0 (#1109) (47d7785)
New Contributors
v0.12.0-alpha
0.12.0-alpha (2023-11-29)
First of all, a big thank you to all indirect and direct (@netthier, @sja) contributors for making this release possible!!!
⚠ BREAKING CHANGES
- Support for
X-Forwarded-Path
header dropped (#1073) if
conditional statements for error pipeline mechanisms (#1055)Request.ClientIP
renamed toRequest.ClientIPAddresses
to reflect the actual contents (#1066)- The term "scheme" is used properly as defined by RFC9110 (#1042)
- Rule(-Set) related configuration properties
mechanisms
,default
andproviders
moved one level up and renamed (#1028) - Support for
noop
authenticator removed (#1015) - Endpoint specific
client_credentials
auth strategy renamed tooauth2_client_credentials
(#975) unifier
renamed tofinalizer
(#956)- Support for OTEL metrics (#948)
- Proxy implementation migrated from fiber to stdlib http package (#889)
- Support for OpenTelemetry Jaeger exporter dropped (It has been deprecated by Jaeger back in 2022) (#884)
Features
client_credentials
authentication strategy forEndpoint
enhanced to support the same options as the corresponding finalizer (#971) (ec16d5d)finalizers
are optional (#1027) (864c879)if
conditional statements for error pipeline mechanisms (#1055) (7cf97dc)- Access to request body in templates and CEL expressions (#1069) (69dd7d2)
- Container images are published to GHCR in addition to DockerHub (#1041) (04b1066)
- Helm chart pulls heimdall container image from ghcr.io instead from DockerHub (#1053) (b3c729a)
- HTTP 2.0 support (#889) (ffcccf6)
- Kubernetes RuleSet resource deployment/usage status (#987) (738e3ec)
- New
oauth2_client_credentials
finalizer (#959) (4c9f807) - New
trace
log level allowing dumping HTTP requests, responses and the current Subject contents (#877) (512f1ed) - Opt-In for url-encoded slashes in URL paths (#1071) (96bb188)
- Release archive contains an SBOM in CycloneDX (json) format (#867) (d8a7cff)
- RuleSet version increased to
1alpha3
, respectively tov1alpha3
in k8s CRD (#1054) (943c9ce) - SBOM and attestations for published container images (#868) (3564870)
- SSE support (#889) (ffcccf6)
- Support for OTEL metrics (#948) (eeb5a82)
- Templating support in
remote
authorizer andgeneric
contextualizervalues
property (#1047) (2835faa) - Validating admission controller for RuleSet resources (#984) (3357e57)
- WebSockets support (#889) (ffcccf6)
Code Refactorings
Request.ClientIP
renamed toRequest.ClientIPAddresses
to reflect the actual contents (#1066) (0f9484f)unifier
renamed tofinalizer
(#956) (d54e39d)- Endpoint specific
client_credentials
auth strategy renamed tooauth2_client_credentials
(#975) (b11005c) - Proxy implementation migrated from fiber to stdlib http package (#889) (ffcccf6)
- Rule(-Set) related configuration properties
mechanisms
,default
andproviders
moved one level up and renamed (#1028) (f6ce3b8) - Support for
noop
authenticator removed (#1015) (8cb3bd3) - Support for
X-Forwarded-Path
header dropped (#1073) (342c11a) - Support for OpenTelemetry Jaeger exporter dropped (It has been deprecated by Jaeger back in 2022) (#884) (97b81b1)
Bug Fixes
- HTTP method expansion in k8s RuleSet resources (#1005) (861c2b6)
- Kubernetes RuleSet resource is unloaded by heimdall on authClassName mismatch (#987) (738e3ec)
- Making use of better constraints in the definition of the RuleSet CRD to not exceed the k8s rule cost budget (#1004) (7d71351)
- MIME type decoder covers optional parameters (#1057) (c1c088c)
- The term "scheme" is used properly as defined by RFC9110 (#1042) (aaf4bd3)
Documentation
- Integration guide and demo for (Ambassador) emissary ingress controller (#838) (456cfd5)
- Integration guide and demo for HAProxy ingress controller (#837) (3766fa2)
- New landing page (#853) (fc2a337)
- New sections describing signature verification of released archives, container images and the SBOM. (#872) (8f42c24)
Dependencies
- update golang to 1.21.4 (79a0106)
- update golang.org/x/exp digest to 6522937 (#1068) (83827ae)
- update google.golang.org/genproto/googleapis/rpc digest to 3a041ad ([#1067](https://githu...
v0.11.1-alpha
0.11.1-alpha (2023-08-08)
Bug Fixes
- Usage of
X-Forwarded-*
headers enhanced security wise (#839) (cd4f7e8) - Fix for wrong HTTP scheme used while matching the rules if heimdall is operated over TLS (#839) (cd4f7e8)
Documentation
Dependencies
v0.11.0-alpha
0.11.0-alpha (2023-08-04)
⚠ BREAKING CHANGES
values
property for endpoint templating must be configured on the mechanism conf level (#746)
Features
- Helm chart allows usage of optionall volumes and volume mounts (#825) (0ed2cf0)
- Helm chart enhanced to allow passing optional arguments to heimdall (#824) (9b0149d)
- HTTP method expansion with placeholder key words (#774) (d25be3b)
- New CEL and template functions to ease access to different parts of the request and beyond (#689) (730b220)
- Support of env variables in rule sets loaded by the
file_system
provider using Bash syntax (#775) (6fa6415) - Values object can be used in payload of generic contextualizer and remote authorizer (#749) (42267cb)
Code Refactorings
values
property for endpoint templating must be configured on the mechanism conf level (#746) (9809fe4)
Bug Fixes
- Loading of structured configuration from env variables (#768) (a76c722)
- Quoting configured env vars in helm chart (#827) (b4eeb96)
- Validation of a self-signed certificate does not require its presence in the system wide trust store any more (#830) (56a2d1f)
Documentation
v0.10.1-alpha
v0.10.0-alpha
0.10.0-alpha (2023-06-28)
⚠ BREAKING CHANGES
- Support for URL rewriting while forwarding the processed request to the upstream service (#703)