Release v0.9.2
Release Images
| Image | Registry |
|---|---|
projects.registry.vmware.com/pinniped/pinniped-server:v0.9.2
| VMware Harbor |
docker.io/getpinniped/pinniped-server:v0.9.2
| DockerHub |
Changes
Pinniped v0.9.2 is a small security hardening release on top of the recent v0.9.1 release.
Minor Changes
-
We've made several changes to harden the impersonation proxy against potential future security vulnerabilities. These changes are proactive based on our understanding of potential issues:
-
The impersonation proxy now always authorizes every request, rather than deferring authorization to the Kubernetes API.
-
The impersonation proxy now uses a distinct service account with no RBAC privileges other than impersonation.
-
On clusters where anonymous authentication is disabled (such as AKS), the impersonation proxy now refuses anonymous requests. The Pinniped TokenCredentialRequest API is still allowed, since it is necessarily a pre-authentication API.
-
-
Upgraded Go from 1.16.4 to 1.16.5.
A complete list of changes (16 commits, 15 changed files with 1,197 additions and 210 deletions) can be found here.