Release v0.29.0
Release Image
Image | Registry |
---|---|
ghcr.io/vmware-tanzu/pinniped/pinniped-server:v0.29.0
| GitHub Container Registry |
docker.io/getpinniped/pinniped-server:v0.29.0
| DockerHub |
These images can also be referenced by their digest: sha256:c78eb3828a6fe87e449e3e666ec933fa6f770967edc195cb6c92e01daf1f2ade
.
Changes
This release includes new features and bug fixes. Starting in this release, and going forward, the container image will be published to ghcr.io
instead of projects.registry.vmware.com
. This release also upgrades all project dependencies.
Minor Changes
- Get the container image from
ghcr.io
by default during deployment of the Concierge or Supervisor. (#1883) - All
JWTAuthenticator
resources will have detailedstatus
written to them automatically, to aid in debugging. (#1851) OIDCClients
will now always request user groups from the external identity provider, and provide these groups to the configuredFederationDomain
identity transformations and policies. See Identity transformations and policies for more details. As before, the final groups list will only be included in the Supervisor-issued ID tokens when thatOIDCClient
is configured withgroups
in the list ofallowedScopes
and that client requests thegroups
scope at the authorization endpoint. (#1871, #1867)- Update the CLI's callback listener to prepare for additional CORS preflight checks that may be included in future releases of Chrome. (#1887, #1882)
- For those compiling Pinniped in FIPS compatibility mode, please note that the Go patch release v1.21.6 is not supported. Earlier and later versions are supported. This is because the Go team upgraded the version of goboring included in 1.21.6, and then reverted that change in v1.21.7. Go 1.22 was released at the same time as Go v1.21.7, and Go 1.22 also does not update goboring, so Go 1.22.x also works for compiling Pinniped in FIPS compatibility mode. (#1841, #1863)
- Updates Go to v1.22.1, updates the Kubernetes libraries to v0.29.2, and updates all other project dependencies. (#1892, #1890, #1885, #1881, #1878, #1876, #1875, #1872, #1870, #1869, #1862, #1858, #1856, #1855, #1854, #1853, #1852, #1850, #1836, #1835, #1830, #1829, #1880, #1861, #1879, #1825, #1877, #1891, #1866, #1884)
Bug Fixes
- The
pinniped login oidc
CLI command checks the lifetime of the access token before performing the RFC8693 token exchange. If needed, it will perform a refresh to get a new access token before the RFC8693 token exchange. (#1864, #1873)
A complete list of changes (121 commits, 1,553 changed files with 54,860 additions and 15,218 deletions) can be found here.