WE DO NOT ADVISE CONSUMING THIS RELEASE. PLEASE SKIP TO THE NEXT RELEASE, 0.216.0
, FOR THE BEST EXPERIENCE.
Release Highlights
⚠️ Foundation TLS certificates require Subject Alternative Names (SANs)
Certificates used by the foundation to serve TLS traffic, either by gorouter directly or via a Load Balancer in front of the foundation, now must include at least one Subject Alternative Name due to a deprecation in golang 1.15.
For more information on the context of this change, to understand how the problem presents itself, and what operators need to do, please refer to the golang 1.15 X.509 CommonName deprecation doc.
🐞 Fix: Allow X-Forwarded-Client-Cert header to reach apps in ALWAYS_FORWARD mode
This fix allows the X-Forwarded-Client-Cert
header to reach apps behind route services when Gorouter router.forwarded_client_cert
is set to ALWAYS_FORWARD
.
For more information, see:
- GitHub issue #203
- Pr #281
- Thank you @46bit for the contribution!