Breaking
- identity: only assign
access\_type
uri params to google. #2782 (@desimone) - tls: fallback to self-signed certificate #2760 (@calebdoxsey)
- github: use GraphQL API to reduce number of API calls for directory sync #2715 (@calebdoxsey)
New
- more idp metrics #2842 (@wasaga)
- devices: add experimental icon #2836 (@calebdoxsey)
- devices: switch "default" device type to two built-in default device types #2835 (@calebdoxsey)
- dashboard: improve display of device credentials, allow deletion #2829 (@calebdoxsey)
- ppl: add support for http_path and http_method #2813 (@calebdoxsey)
- config: add internal service URLs #2801 (@calebdoxsey)
- envoy: add hash policy and routing key for hash-based load balancers #2791 (@calebdoxsey)
- authorize: support X-Pomerium-Authorization in addition to Authorization #2780 (@calebdoxsey)
- envoy: treat configuration errors as fatal #2777 (@calebdoxsey)
- envoy: add support for bind_config bootstrap options #2772 (@calebdoxsey)
- authenticate: redirect / to /.pomerium/ #2770 (@calebdoxsey)
- device: add type id and credential id to enrollment for easier referencing #2749 (@calebdoxsey)
- databroker: add additional log for config source #2718 (@calebdoxsey)
- grpc: remove peer field from logs #2712 (@calebdoxsey)
- desktop client api #2711 (@wasaga)
- telemetry: improve zipkin error logs #2710 (@calebdoxsey)
- authorize: add support for webauthn device policy enforcement #2700 (@calebdoxsey)
- webauthn: update session to support device credentials per type #2699 (@calebdoxsey)
- ppl: add support for additional data #2696 (@calebdoxsey)
- Add additional ACME CA (autocert) options #2695 (@hslatman)
- skip configuration updates to the most recent one #2690 (@wasaga)
- authenticate: add support for webauthn #2688 (@calebdoxsey)
- webauthnutil: add helpers for webauthn #2686 (@calebdoxsey)
- devices: add device protobuf types #2682 (@calebdoxsey)
- cryptutil: add SecureToken #2681 (@calebdoxsey)
- config/envoyconfig: better duplicate message #2661 (@desimone)
- pomerium-cli: add support for a custom browser command #2617 (@calebdoxsey)
- ppl: pass contextual information through policy #2612 (@calebdoxsey)
- add description to service accounts #2611 (@nhayfield)
- DOCS: Add copy button to code snippets #2597 (@alexfornuto)
- pomerium-cli: use cache dir instead of config dir #2588 (@calebdoxsey)
- cli: update tcp log output format #2586 (@travisgroth)
- directory: implement exponential backoff for refresh #2570 (@calebdoxsey)
- google: support provider URL #2567 (@calebdoxsey)
- config: remove signature_key_algorithm #2557 (@calebdoxsey)
- allow pomerium to start without certs #2555 (@wasaga)
- integration: kubernetes support #2536 (@calebdoxsey)
- integration: nginx #2532 (@calebdoxsey)
- integration: add traefik tests #2530 (@calebdoxsey)
- envoy: remove deprecated access_log_path #2523 (@calebdoxsey)
- config: remove headers #2522 (@calebdoxsey)
- integration: add multi test #2519 (@calebdoxsey)
- Remove api from GitLab defaultScope #2518 (@alexfornuto)
- integration: add single-cluster integration tests #2516 (@calebdoxsey)
- integration: remove tests #2514 (@calebdoxsey)
- github: support provider URL #2490 (@calebdoxsey)
- protoutil: add NewAny method for deterministic serialization #2462 (@calebdoxsey)
- fix go get, improve redis test #2450 (@calebdoxsey)
- all: remove unused handler code #2439 (@desimone)
Security
- identity: fix user refresh #2724 (@calebdoxsey)
- deps: update envoy to 1.19.1 #2526 (@travisgroth)
Fixed
- config: allow specifying auto codec type in all-in-one mode #2846 (@calebdoxsey)
- dashboard: add confirmation dialog, fix button in firefox #2841 (@calebdoxsey)
- fix: Fixed return description error #2825 (@cfanbo)
- internal/telemetry: fix grpc server metrics #2811 (@travisgroth)
- Fix IdP client metrics #2810 (@travisgroth)
- envoyconfig: fix tls_downstream_client_ca for non-standard ports #2802 (@calebdoxsey)
- config: detect changes to the kubernetes service account token file #2767 (@calebdoxsey)
- deps: update goreleaser #2757 (@travisgroth)
Documentation
- add docs for ingress regex path #2822 (@wasaga)
- fix typo in docs #2819 (@wasaga)
- DOCS: add Grafana to Guides index #2808 (@alexfornuto)
- DOCS: Fix indentation in API doc #2798 (@alexfornuto)
- DOCS: Create Consolidated Troubleshooting Guide and Replace FAQ #2797 (@alexfornuto)
- docs: update pomerium-cli location #2790 (@travisgroth)
- Document Pomerium Policy Language #2789 (@backport-actions-token[bot])
- Copy edit to changelog entry #2786 (@alexfornuto)
- Document Pomerium Policy Language #2784 (@alexfornuto)
- Remove forward_auth_url from Enterprise #2779 (@alexfornuto)
- Docs: Update Kubernetes Dashboard Guide #2759 (@alexfornuto)
- Docs: Update Securing Kubernetes Guide #2758 (@alexfornuto)
- Docs: Add spdy annotation #2747 (@alexfornuto)
- Docs: Update JWT Verification Guide #2746 (@alexfornuto)
- Docs: Add Grafana Integration Guide #2742 (@alexfornuto)
- Docs: Update Traefik Example Headers #2732 (@alexfornuto)
- Docs: Reference gRPC API Docs #2717 (@alexfornuto)
- Minor fix in routes documentation #2714 (@Kerwood)
- Docs: Update Community Page #2713 (@cmo-pomerium)
- Update architecture.md #2701 (@cmo-pomerium)
- Update create TLS command to quote strings. #2694 (@FutureMatt)
- Docs: Correct Claim Example #2689 (@alexfornuto)
- Fix typo in docs #2683 (@nihaals)
- Fixed 'kubtctl' typo on releases page #2673 (@ChaosInTheCRD)
- add service account redirects #2664 (@alexfornuto)
- DOCS: Standardize Relative Links #2651 (@alexfornuto)
- Docs: cross-reference links between concepts and reference #2648 (@alexfornuto)
- adjust sidebarDepths and document Desktop Client releases #2645 (@backport-actions-token[bot])
- typo #2644 (@alexfornuto)
- adjust sidebarDepths and document Desktop Client releases #2643 (@alexfornuto)
- DOCS: CORS preflight in console #2642 (@alexfornuto)
- DOCS: Collapse IDP Header #2641 (@alexfornuto)
- docs: remove extra word / updated docs link #2638 (@cmo-pomerium)
- Docs: Batch Updates #2628 (@alexfornuto)
- Refresh and Update TCP documentation #2627 (@alexfornuto)
- DOC: Copy edits to Okta IdP doc. #2623 (@alexfornuto)
- Docs/batch link fixes #2621 (@alexfornuto)
- Add redirect for installation #2618 (@alexfornuto)
- Add docs team as a code owner of packages.json #2605 (@alexfornuto)
- Update CODEOWNERS #2603 (@alexfornuto)
- DOCS: Update Enterprise Reference Docs #2599 (@alexfornuto)
- Document Enterprise API #2595 (@alexfornuto)
- docs: rename updated icon image #2582 (@travisgroth)
- docs: add updated icon asset #2580 (@travisgroth)
- Document recovery token generation #2579 (@alexfornuto)
- New Topic Page: Original Request Context #2569 (@alexfornuto)
- docs: enterprise console v0.15.2 changelog #2564 (@travisgroth)
- TCP Client Doc #2561 (@alexfornuto)
- Docs: Fix merged PR #2546 (@alexfornuto)
- docs: enterprise v0.15.1 changelog #2542 (@travisgroth)
- Update Ping Identity IdP #2537 (@alexfornuto)
- update OneLogin IdP doc #2533 (@alexfornuto)
- Update GitLab IdP doc #2520 (@alexfornuto)
- update GitHub IdP doc #2503 (@alexfornuto)
- Update AWS cognito IdP doc #2498 (@alexfornuto)
- Update Azure IdP Doc #2497 (@alexfornuto)
- Auth0 Doc Refresh #2494 (@alexfornuto)
- Update IdP Overview Page #2493 (@alexfornuto)
- Update Okta IdP doc #2491 (@alexfornuto)
- adjust comment blocking #2488 (@alexfornuto)
- document binding service to 443 #2487 (@alexfornuto)
- docs: use generic email #2484 (@alexfornuto)
- Update Docker Quickstart #2482 (@alexfornuto)
- Wrap mkcert command in quotes #2481 (@alexfornuto)
- Updates to Enterprise Quickstart instructions #2480 (@alexfornuto)
- wrap header example values as inline code. #2474 (@alexfornuto)
- docs: clarify custom request header limitations #2471 (@desimone)
- Update Helm Instructions #2467 (@alexfornuto)
- docs: update enterprise helm instructions to use main repo #2463 (@travisgroth)
- Document tracing sample rate in console #2461 (@alexfornuto)
- Document moving routes #2460 (@alexfornuto)
- Enterprise Upgrade & Changelog Pages #2453 (@alexfornuto)
- docs: update codeowners #2451 (@travisgroth)
- Update binary install doc #2447 (@alexfornuto)
- docs: update branding, concepts #2445 (@desimone)
- specify expected audience in Console config #2442 (@alexfornuto)
- docs: update default version to v0.15 #2437 (@travisgroth)
- docs: update branding #2435 (@desimone)
Dependency
- chore(deps): bump google.golang.org/api from 0.62.0 to 0.63.0 #2834 (@dependabot[bot])
- chore(deps): bump github.com/rs/zerolog from 1.26.0 to 1.26.1 #2833 (@dependabot[bot])
- chore(deps): bump github.com/spf13/viper from 1.10.0 to 1.10.1 #2832 (@dependabot[bot])
- chore(deps): bump google.golang.org/grpc from 1.42.0 to 1.43.0 #2831 (@dependabot[bot])
- chore(deps): bump github.com/docker/docker from 20.10.11+incompatible to 20.10.12+incompatible #2817 (@dependabot[bot])
- chore(deps): bump github.com/spf13/viper from 1.9.0 to 1.10.0 #2816 (@dependabot[bot])
- dev build support for darwin-arm64 from envoy tip #2815 (@wasaga)
- chore(deps): bump github.com/shirou/gopsutil/v3 from 3.21.10 to 3.21.11 #2807 (@dependabot[bot])
- chore(deps): bump github.com/mitchellh/mapstructure from 1.4.2 to 1.4.3 #2806 (@dependabot[bot])
- chore(deps): bump google.golang.org/api from 0.60.0 to 0.61.0 #2805 (@dependabot[bot])
- chore(deps): bump github.com/open-policy-agent/opa from 0.34.2 to 0.35.0 #2804 (@dependabot[bot])
- chore(deps): bump mikefarah/yq from 4.15.1 to 4.16.1 #2803 (@dependabot[bot])
- chore(deps): bump github.com/ory/dockertest/v3 from 3.8.0 to 3.8.1 #2785 (@dependabot[bot])
- chore(deps): bump mikefarah/yq from 4.14.2 to 4.15.1 #2783 (@dependabot[bot])
- chore(deps): bump github.com/docker/docker from 20.10.10+incompatible to 20.10.11+incompatible #2776 (@dependabot[bot])
- chore(deps): bump coverallsapp/github-action from 1.1.2 to 1.1.3 #2775 (@dependabot[bot])
- chore(deps): bump mikefarah/yq from 4.6.3 to 4.14.2 #2774 (@dependabot[bot])
- chore(deps): bump github.com/caddyserver/certmagic from 0.15.1 to 0.15.2 #2769 (@dependabot[bot])
- chore(deps): bump github.com/cenkalti/backoff/v4 from 4.1.1 to 4.1.2 #2768 (@dependabot[bot])
- chore(deps): bump github.com/open-policy-agent/opa from 0.34.1 to 0.34.2 #2765 (@dependabot[bot])
- chore(deps): bump github.com/mholt/acmez from 1.0.0 to 1.0.1 #2764 (@dependabot[bot])
- chore(deps): bump gopkg.in/auth0.v5 from 5.21.0 to 5.21.1 #2763 (@dependabot[bot])
- chore(deps): bump github.com/golangci/golangci-lint from 1.42.1 to 1.43.0 #2756 (@dependabot[bot])
- chore(deps): bump github.com/open-policy-agent/opa from 0.34.0 to 0.34.1 #2755 (@dependabot[bot])
- chore(deps): bump google.golang.org/grpc from 1.41.0 to 1.42.0 #2754 (@dependabot[bot])
- chore(deps): bump github.com/rs/zerolog from 1.25.0 to 1.26.0 #2753 (@dependabot[bot])
- chore(deps): bump gopkg.in/auth0.v5 from 5.20.0 to 5.21.0 #2752 (@dependabot[bot])
- dependencies: vendor base58, remove shortuuid #2739 (@calebdoxsey)
- chore(deps): bump google.golang.org/api from 0.58.0 to 0.60.0 #2737 (@dependabot[bot])
- chore(deps): bump github.com/shirou/gopsutil/v3 from 3.21.9 to 3.21.10 #2736 (@dependabot[bot])
- chore(deps): bump github.com/open-policy-agent/opa from 0.33.1 to 0.34.0 #2735 (@dependabot[bot])
- chore(deps): bump github.com/openzipkin/zipkin-go from 0.2.5 to 0.3.0 #2734 (@dependabot[bot])
- chore(deps): bump github.com/prometheus/common from 0.31.1 to 0.32.1 #2706 (@dependabot[bot])
- chore(deps): bump github.com/docker/docker from 20.10.9+incompatible to 20.10.10+incompatible #2705 (@dependabot[bot])
- chore(deps): bump gopkg.in/auth0.v5 from 5.19.2 to 5.20.0 #2704 (@dependabot[bot])
- chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.6.1 to 0.6.2 #2703 (@dependabot[bot])
- chore(deps): bump github.com/caddyserver/certmagic from 0.14.5 to 0.15.1 #2685 (@dependabot[bot])
- chore(deps): bump github.com/peterbourgon/ff/v3 from 3.1.0 to 3.1.2 #2672 (@dependabot[bot])
- chore(deps): bump github.com/shirou/gopsutil/v3 from 3.21.8 to 3.21.9 #2671 (@dependabot[bot])
- chore(deps): bump github.com/docker/docker from 20.10.8+incompatible to 20.10.9+incompatible #2670 (@dependabot[bot])
- chore(deps): bump google.golang.org/api from 0.57.0 to 0.58.0 #2660 (@dependabot[bot])
- chore(deps): bump github.com/go-redis/redis/v8 from 8.11.3 to 8.11.4 #2659 (@dependabot[bot])
- chore(deps): bump github.com/open-policy-agent/opa from 0.32.1 to 0.33.1 #2658 (@dependabot[bot])
- chore(deps): bump github.com/prometheus/common from 0.31.0 to 0.31.1 #2656 (@dependabot[bot])
- chore(deps): bump github.com/open-policy-agent/opa from 0.32.0 to 0.32.1 #2633 (@dependabot[bot])
- chore(deps): bump google.golang.org/grpc from 1.40.0 to 1.41.0 #2632 (@dependabot[bot])
- chore(deps): bump github.com/prometheus/common from 0.30.0 to 0.31.0 #2631 (@dependabot[bot])
- chore(deps): bump sigs.k8s.io/yaml from 1.2.0 to 1.3.0 #2630 (@dependabot[bot])
- chore(deps): bump github.com/ory/dockertest/v3 from 3.7.0 to 3.8.0 #2629 (@dependabot[bot])
- chore(deps): bump github.com/spf13/viper from 1.8.1 to 1.9.0 #2616 (@dependabot[bot])
- chore(deps): bump google.golang.org/api from 0.56.0 to 0.57.0 #2615 (@dependabot[bot])
- chore(deps): bump github.com/coreos/go-oidc/v3 from 3.0.0 to 3.1.0 #2614 (@dependabot[bot])
- bump protoc-validate #2606 (@wasaga)
- chore(deps): bump go.uber.org/zap from 1.19.0 to 1.19.1 #2592 (@dependabot[bot])
- chore(deps): bump github.com/rs/zerolog from 1.24.0 to 1.25.0 #2591 (@dependabot[bot])
- chore(deps): bump github.com/shirou/gopsutil/v3 from 3.21.7 to 3.21.8 #2577 (@dependabot[bot])
- chore(deps): bump github.com/golangci/golangci-lint from 1.42.0 to 1.42.1 #2576 (@dependabot[bot])
- chore(deps): bump github.com/caddyserver/certmagic from 0.14.4 to 0.14.5 #2575 (@dependabot[bot])
- chore(deps): bump google.golang.org/api from 0.54.0 to 0.56.0 #2574 (@dependabot[bot])
- chore(deps): bump github.com/open-policy-agent/opa from 0.31.0 to 0.32.0 #2573 (@dependabot[bot])
- chore(deps): bump github.com/fsnotify/fsnotify from 1.5.0 to 1.5.1 #2554 (@dependabot[bot])
- chore(deps): bump github.com/caddyserver/certmagic from 0.14.3 to 0.14.4 #2553 (@dependabot[bot])
- chore(deps): bump github.com/rs/zerolog from 1.23.0 to 1.24.0 #2552 (@dependabot[bot])
- chore(deps): bump github.com/docker/docker from 20.10.7+incompatible to 20.10.8+incompatible #2551 (@dependabot[bot])
- chore(deps): bump github.com/caddyserver/certmagic from 0.14.1 to 0.14.3 #2550 (@dependabot[bot])
- chore(deps): bump contrib.go.opencensus.io/exporter/prometheus from 0.3.0 to 0.4.0 #2549 (@dependabot[bot])
- chore(deps): bump github.com/cespare/xxhash/v2 from 2.1.1 to 2.1.2 #2548 (@dependabot[bot])
- chore(deps): bump github.com/prometheus/procfs from 0.7.2 to 0.7.3 #2512 (@dependabot[bot])
- chore(deps): bump github.com/golangci/golangci-lint from 1.41.1 to 1.42.0 #2511 (@dependabot[bot])
- chore(deps): bump github.com/fsnotify/fsnotify from 1.4.9 to 1.5.0 #2510 (@dependabot[bot])
- ci: use go 1.17.x #2492 (@desimone)
- chore(deps): bump google.golang.org/grpc from 1.39.1 to 1.40.0 #2478 (@dependabot[bot])
- chore(deps): bump github.com/go-redis/redis/v8 from 8.11.2 to 8.11.3 #2477 (@dependabot[bot])
- chore(deps): bump google.golang.org/api from 0.52.0 to 0.54.0 #2476 (@dependabot[bot])
- chore(deps): bump go.uber.org/zap from 1.18.1 to 1.19.0 #2475 (@dependabot[bot])
- ci: support darwn/arm64 aka m1 for cli #2473 (@desimone)
- chore(deps): bump google.golang.org/grpc from 1.39.0 to 1.39.1 #2457 (@dependabot[bot])
- chore(deps): bump github.com/prometheus/procfs from 0.7.1 to 0.7.2 #2456 (@dependabot[bot])
- chore(deps): bump github.com/go-redis/redis/v8 from 8.11.1 to 8.11.2 #2455 (@dependabot[bot])
- Hadolint #2363 (@stephengroat)
Deployment
- deployment: migrate pomerium-cli automation to new repo #2771 (@travisgroth)
- deployment: remove DST_Root_CA_X3 from docker images #2677 (@travisgroth)
- deployment: update goreleaser syntax #2524 (@travisgroth)
Changed
- move NewGRPCClientConn to public package #2826 (@wasaga)
- rm cli code #2824 (@wasaga)
- ci: remove hadolint #2726 (@travisgroth)
- ci: ignore multiple run commands #2566 (@travisgroth)
- redirect logo to the marketing site #2441 (@alexfornuto)
- ci: use github app for backport credentials #2369 (@travisgroth)