# Changelog

# v0.16.0 (opens new window) (2021-12-22)

Full Changelog (opens new window)

# Breaking

identity: only assign access\_type uri params to google. #2782 (opens new window) (@desimone)
tls: fallback to self-signed certificate #2760 (opens new window) (@calebdoxsey)
github: use GraphQL API to reduce number of API calls for directory sync #2715 (opens new window) (@calebdoxsey)

# New

more idp metrics #2842 (opens new window) (@wasaga)
devices: add experimental icon #2836 (opens new window) (@calebdoxsey)
devices: switch "default" device type to two built-in default device types #2835 (opens new window) (@calebdoxsey)
dashboard: improve display of device credentials, allow deletion #2829 (opens new window) (@calebdoxsey)
ppl: add support for http_path and http_method #2813 (opens new window) (@calebdoxsey)
config: add internal service URLs #2801 (opens new window) (@calebdoxsey)
envoy: add hash policy and routing key for hash-based load balancers #2791 (opens new window) (@calebdoxsey)
authorize: support X-Pomerium-Authorization in addition to Authorization #2780 (opens new window) (@calebdoxsey)
envoy: treat configuration errors as fatal #2777 (opens new window) (@calebdoxsey)
envoy: add support for bind_config bootstrap options #2772 (opens new window) (@calebdoxsey)
authenticate: redirect / to /.pomerium/ #2770 (opens new window) (@calebdoxsey)
device: add type id and credential id to enrollment for easier referencing #2749 (opens new window) (@calebdoxsey)
databroker: add additional log for config source #2718 (opens new window) (@calebdoxsey)
grpc: remove peer field from logs #2712 (opens new window) (@calebdoxsey)
desktop client api #2711 (opens new window) (@wasaga)
telemetry: improve zipkin error logs #2710 (opens new window) (@calebdoxsey)
authorize: add support for webauthn device policy enforcement #2700 (opens new window) (@calebdoxsey)
webauthn: update session to support device credentials per type #2699 (opens new window) (@calebdoxsey)
ppl: add support for additional data #2696 (opens new window) (@calebdoxsey)
Add additional ACME CA (autocert) options #2695 (opens new window) (@hslatman)
skip configuration updates to the most recent one #2690 (opens new window) (@wasaga)
authenticate: add support for webauthn #2688 (opens new window) (@calebdoxsey)
webauthnutil: add helpers for webauthn #2686 (opens new window) (@calebdoxsey)
devices: add device protobuf types #2682 (opens new window) (@calebdoxsey)
cryptutil: add SecureToken #2681 (opens new window) (@calebdoxsey)
config/envoyconfig: better duplicate message #2661 (opens new window) (@desimone)
pomerium-cli: add support for a custom browser command #2617 (opens new window) (@calebdoxsey)
ppl: pass contextual information through policy #2612 (opens new window) (@calebdoxsey)
add description to service accounts #2611 (opens new window) (@nhayfield)
DOCS: Add copy button to code snippets #2597 (opens new window) (@alexfornuto)
pomerium-cli: use cache dir instead of config dir #2588 (opens new window) (@calebdoxsey)
cli: update tcp log output format #2586 (opens new window) (@travisgroth)
directory: implement exponential backoff for refresh #2570 (opens new window) (@calebdoxsey)
google: support provider URL #2567 (opens new window) (@calebdoxsey)
config: remove signature_key_algorithm #2557 (opens new window) (@calebdoxsey)
allow pomerium to start without certs #2555 (opens new window) (@wasaga)
integration: kubernetes support #2536 (opens new window) (@calebdoxsey)
integration: nginx #2532 (opens new window) (@calebdoxsey)
integration: add traefik tests #2530 (opens new window) (@calebdoxsey)
envoy: remove deprecated access_log_path #2523 (opens new window) (@calebdoxsey)
config: remove headers #2522 (opens new window) (@calebdoxsey)
integration: add multi test #2519 (opens new window) (@calebdoxsey)
Remove api from GitLab defaultScope #2518 (opens new window) (@alexfornuto)
integration: add single-cluster integration tests #2516 (opens new window) (@calebdoxsey)
integration: remove tests #2514 (opens new window) (@calebdoxsey)
github: support provider URL #2490 (opens new window) (@calebdoxsey)
protoutil: add NewAny method for deterministic serialization #2462 (opens new window) (@calebdoxsey)
fix go get, improve redis test #2450 (opens new window) (@calebdoxsey)
all: remove unused handler code #2439 (opens new window) (@desimone)

# Security

identity: fix user refresh #2724 (opens new window) (@calebdoxsey)
deps: update envoy to 1.19.1 #2526 (opens new window) (@travisgroth)

# Fixed

config: allow specifying auto codec type in all-in-one mode #2846 (opens new window) (@calebdoxsey)
dashboard: add confirmation dialog, fix button in firefox #2841 (opens new window) (@calebdoxsey)
fix: Fixed return description error #2825 (opens new window) (@cfanbo)
internal/telemetry: fix grpc server metrics #2811 (opens new window) (@travisgroth)
Fix IdP client metrics #2810 (opens new window) (@travisgroth)
envoyconfig: fix tls_downstream_client_ca for non-standard ports #2802 (opens new window) (@calebdoxsey)
config: detect changes to the kubernetes service account token file #2767 (opens new window) (@calebdoxsey)
deps: update goreleaser #2757 (opens new window) (@travisgroth)

# Documentation

add docs for ingress regex path #2822 (opens new window) (@wasaga)
fix typo in docs #2819 (opens new window) (@wasaga)
DOCS: add Grafana to Guides index #2808 (opens new window) (@alexfornuto)
DOCS: Fix indentation in API doc #2798 (opens new window) (@alexfornuto)
DOCS: Create Consolidated Troubleshooting Guide and Replace FAQ #2797 (opens new window) (@alexfornuto)
docs: update pomerium-cli location #2790 (opens new window) (@travisgroth)
Document Pomerium Policy Language #2789 (opens new window) (@backport-actions-token[bot])
Copy edit to changelog entry #2786 (opens new window) (@alexfornuto)
Document Pomerium Policy Language #2784 (opens new window) (@alexfornuto)
Remove forward_auth_url from Enterprise #2779 (opens new window) (@alexfornuto)
Docs: Update Kubernetes Dashboard Guide #2759 (opens new window) (@alexfornuto)
Docs: Update Securing Kubernetes Guide #2758 (opens new window) (@alexfornuto)
Docs: Add spdy annotation #2747 (opens new window) (@alexfornuto)
Docs: Update JWT Verification Guide #2746 (opens new window) (@alexfornuto)
Docs: Add Grafana Integration Guide #2742 (opens new window) (@alexfornuto)
Docs: Update Traefik Example Headers #2732 (opens new window) (@alexfornuto)
Docs: Reference gRPC API Docs #2717 (opens new window) (@alexfornuto)
Minor fix in routes documentation #2714 (opens new window) (@Kerwood)
Docs: Update Community Page #2713 (opens new window) (@cmo-pomerium)
Update architecture.md #2701 (opens new window) (@cmo-pomerium)
Update create TLS command to quote strings. #2694 (opens new window) (@FutureMatt)
Docs: Correct Claim Example #2689 (opens new window) (@alexfornuto)
Fix typo in docs #2683 (opens new window) (@nihaals)
Fixed 'kubtctl' typo on releases page #2673 (opens new window) (@ChaosInTheCRD)
add service account redirects #2664 (opens new window) (@alexfornuto)
DOCS: Standardize Relative Links #2651 (opens new window) (@alexfornuto)
Docs: cross-reference links between concepts and reference #2648 (opens new window) (@alexfornuto)
adjust sidebarDepths and document Desktop Client releases #2645 (opens new window) (@backport-actions-token[bot])
typo #2644 (opens new window) (@alexfornuto)
adjust sidebarDepths and document Desktop Client releases #2643 (opens new window) (@alexfornuto)
DOCS: CORS preflight in console #2642 (opens new window) (@alexfornuto)
DOCS: Collapse IDP Header #2641 (opens new window) (@alexfornuto)
docs: remove extra word / updated docs link #2638 (opens new window) (@cmo-pomerium)
Docs: Batch Updates #2628 (opens new window) (@alexfornuto)
Refresh and Update TCP documentation #2627 (opens new window) (@alexfornuto)
DOC: Copy edits to Okta IdP doc. #2623 (opens new window) (@alexfornuto)
Docs/batch link fixes #2621 (opens new window) (@alexfornuto)
Add redirect for installation #2618 (opens new window) (@alexfornuto)
Add docs team as a code owner of packages.json #2605 (opens new window) (@alexfornuto)
Update CODEOWNERS #2603 (opens new window) (@alexfornuto)
DOCS: Update Enterprise Reference Docs #2599 (opens new window) (@alexfornuto)
Document Enterprise API #2595 (opens new window) (@alexfornuto)
docs: rename updated icon image #2582 (opens new window) (@travisgroth)
docs: add updated icon asset #2580 (opens new window) (@travisgroth)
Document recovery token generation #2579 (opens new window) (@alexfornuto)
New Topic Page: Original Request Context #2569 (opens new window) (@alexfornuto)
docs: enterprise console v0.15.2 changelog #2564 (opens new window) (@travisgroth)
TCP Client Doc #2561 (opens new window) (@alexfornuto)
Docs: Fix merged PR #2546 (opens new window) (@alexfornuto)
docs: enterprise v0.15.1 changelog #2542 (opens new window) (@travisgroth)
Update Ping Identity IdP #2537 (opens new window) (@alexfornuto)
update OneLogin IdP doc #2533 (opens new window) (@alexfornuto)
Update GitLab IdP doc #2520 (opens new window) (@alexfornuto)
update GitHub IdP doc #2503 (opens new window) (@alexfornuto)
Update AWS cognito IdP doc #2498 (opens new window) (@alexfornuto)
Update Azure IdP Doc #2497 (opens new window) (@alexfornuto)
Auth0 Doc Refresh #2494 (opens new window) (@alexfornuto)
Update IdP Overview Page #2493 (opens new window) (@alexfornuto)
Update Okta IdP doc #2491 (opens new window) (@alexfornuto)
adjust comment blocking #2488 (opens new window) (@alexfornuto)
document binding service to 443 #2487 (opens new window) (@alexfornuto)
docs: use generic email #2484 (opens new window) (@alexfornuto)
Update Docker Quickstart #2482 (opens new window) (@alexfornuto)
Wrap mkcert command in quotes #2481 (opens new window) (@alexfornuto)
Updates to Enterprise Quickstart instructions #2480 (opens new window) (@alexfornuto)
wrap header example values as inline code. #2474 (opens new window) (@alexfornuto)
docs: clarify custom request header limitations #2471 (opens new window) (@desimone)
Update Helm Instructions #2467 (opens new window) (@alexfornuto)
docs: update enterprise helm instructions to use main repo #2463 (opens new window) (@travisgroth)
Document tracing sample rate in console #2461 (opens new window) (@alexfornuto)
Document moving routes #2460 (opens new window) (@alexfornuto)
Enterprise Upgrade & Changelog Pages #2453 (opens new window) (@alexfornuto)
docs: update codeowners #2451 (opens new window) (@travisgroth)
Update binary install doc #2447 (opens new window) (@alexfornuto)
docs: update branding, concepts #2445 (opens new window) (@desimone)
specify expected audience in Console config #2442 (opens new window) (@alexfornuto)
docs: update default version to v0.15 #2437 (opens new window) (@travisgroth)
docs: update branding #2435 (opens new window) (@desimone)

# Dependency

chore(deps): bump google.golang.org/api from 0.62.0 to 0.63.0 #2834 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/rs/zerolog from 1.26.0 to 1.26.1 #2833 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/spf13/viper from 1.10.0 to 1.10.1 #2832 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/grpc from 1.42.0 to 1.43.0 #2831 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/docker/docker from 20.10.11+incompatible to 20.10.12+incompatible #2817 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/spf13/viper from 1.9.0 to 1.10.0 #2816 (opens new window) (@dependabot[bot])
dev build support for darwin-arm64 from envoy tip #2815 (opens new window) (@wasaga)
chore(deps): bump github.com/shirou/gopsutil/v3 from 3.21.10 to 3.21.11 #2807 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/mitchellh/mapstructure from 1.4.2 to 1.4.3 #2806 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.60.0 to 0.61.0 #2805 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.34.2 to 0.35.0 #2804 (opens new window) (@dependabot[bot])
chore(deps): bump mikefarah/yq from 4.15.1 to 4.16.1 #2803 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/ory/dockertest/v3 from 3.8.0 to 3.8.1 #2785 (opens new window) (@dependabot[bot])
chore(deps): bump mikefarah/yq from 4.14.2 to 4.15.1 #2783 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/docker/docker from 20.10.10+incompatible to 20.10.11+incompatible #2776 (opens new window) (@dependabot[bot])
chore(deps): bump coverallsapp/github-action from 1.1.2 to 1.1.3 #2775 (opens new window) (@dependabot[bot])
chore(deps): bump mikefarah/yq from 4.6.3 to 4.14.2 #2774 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/caddyserver/certmagic from 0.15.1 to 0.15.2 #2769 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/cenkalti/backoff/v4 from 4.1.1 to 4.1.2 #2768 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.34.1 to 0.34.2 #2765 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/mholt/acmez from 1.0.0 to 1.0.1 #2764 (opens new window) (@dependabot[bot])
chore(deps): bump gopkg.in/auth0.v5 from 5.21.0 to 5.21.1 #2763 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/golangci/golangci-lint from 1.42.1 to 1.43.0 #2756 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.34.0 to 0.34.1 #2755 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/grpc from 1.41.0 to 1.42.0 #2754 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/rs/zerolog from 1.25.0 to 1.26.0 #2753 (opens new window) (@dependabot[bot])
chore(deps): bump gopkg.in/auth0.v5 from 5.20.0 to 5.21.0 #2752 (opens new window) (@dependabot[bot])
dependencies: vendor base58, remove shortuuid #2739 (opens new window) (@calebdoxsey)
chore(deps): bump google.golang.org/api from 0.58.0 to 0.60.0 #2737 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/shirou/gopsutil/v3 from 3.21.9 to 3.21.10 #2736 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.33.1 to 0.34.0 #2735 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/openzipkin/zipkin-go from 0.2.5 to 0.3.0 #2734 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/prometheus/common from 0.31.1 to 0.32.1 #2706 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/docker/docker from 20.10.9+incompatible to 20.10.10+incompatible #2705 (opens new window) (@dependabot[bot])
chore(deps): bump gopkg.in/auth0.v5 from 5.19.2 to 5.20.0 #2704 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.6.1 to 0.6.2 #2703 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/caddyserver/certmagic from 0.14.5 to 0.15.1 #2685 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/peterbourgon/ff/v3 from 3.1.0 to 3.1.2 #2672 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/shirou/gopsutil/v3 from 3.21.8 to 3.21.9 #2671 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/docker/docker from 20.10.8+incompatible to 20.10.9+incompatible #2670 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.57.0 to 0.58.0 #2660 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/go-redis/redis/v8 from 8.11.3 to 8.11.4 #2659 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.32.1 to 0.33.1 #2658 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/prometheus/common from 0.31.0 to 0.31.1 #2656 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.32.0 to 0.32.1 #2633 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/grpc from 1.40.0 to 1.41.0 #2632 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/prometheus/common from 0.30.0 to 0.31.0 #2631 (opens new window) (@dependabot[bot])
chore(deps): bump sigs.k8s.io/yaml from 1.2.0 to 1.3.0 #2630 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/ory/dockertest/v3 from 3.7.0 to 3.8.0 #2629 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/spf13/viper from 1.8.1 to 1.9.0 #2616 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.56.0 to 0.57.0 #2615 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/coreos/go-oidc/v3 from 3.0.0 to 3.1.0 #2614 (opens new window) (@dependabot[bot])
bump protoc-validate #2606 (opens new window) (@wasaga)
chore(deps): bump go.uber.org/zap from 1.19.0 to 1.19.1 #2592 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/rs/zerolog from 1.24.0 to 1.25.0 #2591 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/shirou/gopsutil/v3 from 3.21.7 to 3.21.8 #2577 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/golangci/golangci-lint from 1.42.0 to 1.42.1 #2576 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/caddyserver/certmagic from 0.14.4 to 0.14.5 #2575 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.54.0 to 0.56.0 #2574 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.31.0 to 0.32.0 #2573 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/fsnotify/fsnotify from 1.5.0 to 1.5.1 #2554 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/caddyserver/certmagic from 0.14.3 to 0.14.4 #2553 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/rs/zerolog from 1.23.0 to 1.24.0 #2552 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/docker/docker from 20.10.7+incompatible to 20.10.8+incompatible #2551 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/caddyserver/certmagic from 0.14.1 to 0.14.3 #2550 (opens new window) (@dependabot[bot])
chore(deps): bump contrib.go.opencensus.io/exporter/prometheus from 0.3.0 to 0.4.0 #2549 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/cespare/xxhash/v2 from 2.1.1 to 2.1.2 #2548 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/prometheus/procfs from 0.7.2 to 0.7.3 #2512 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/golangci/golangci-lint from 1.41.1 to 1.42.0 #2511 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/fsnotify/fsnotify from 1.4.9 to 1.5.0 #2510 (opens new window) (@dependabot[bot])
ci: use go 1.17.x #2492 (opens new window) (@desimone)
chore(deps): bump google.golang.org/grpc from 1.39.1 to 1.40.0 #2478 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/go-redis/redis/v8 from 8.11.2 to 8.11.3 #2477 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.52.0 to 0.54.0 #2476 (opens new window) (@dependabot[bot])
chore(deps): bump go.uber.org/zap from 1.18.1 to 1.19.0 #2475 (opens new window) (@dependabot[bot])
ci: support darwn/arm64 aka m1 for cli #2473 (opens new window) (@desimone)
chore(deps): bump google.golang.org/grpc from 1.39.0 to 1.39.1 #2457 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/prometheus/procfs from 0.7.1 to 0.7.2 #2456 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/go-redis/redis/v8 from 8.11.1 to 8.11.2 #2455 (opens new window) (@dependabot[bot])
Hadolint #2363 (opens new window) (@stephengroat)

# Deployment

deployment: migrate pomerium-cli automation to new repo #2771 (opens new window) (@travisgroth)
deployment: remove DST_Root_CA_X3 from docker images #2677 (opens new window) (@travisgroth)
deployment: update goreleaser syntax #2524 (opens new window) (@travisgroth)

# Changed

move NewGRPCClientConn to public package #2826 (opens new window) (@wasaga)
rm cli code #2824 (opens new window) (@wasaga)
ci: remove hadolint #2726 (opens new window) (@travisgroth)
ci: ignore multiple run commands #2566 (opens new window) (@travisgroth)
redirect logo to the marketing site #2441 (opens new window) (@alexfornuto)
ci: use github app for backport credentials #2369 (opens new window) (@travisgroth)

# v0.15.8 (opens new window) (2021-12-17)

Full Changelog (opens new window)

# Fixed

authorize: fix nginx infinite redirect #2812 (opens new window) (@calebdoxsey)

# Documentation

DOCS: add Grafana to Guides index #2809 (opens new window) (@backport-actions-token[bot])
DOCS: Fix indentation in API doc #2799 (opens new window) (@backport-actions-token[bot])
Docs: Update Kubernetes Dashboard Guide #2795 (opens new window) (@backport-actions-token[bot])
Docs: Update Securing Kubernetes Guide #2792 (opens new window) (@backport-actions-token[bot])
Docs: Update JWT Verification Guide #2787 (opens new window) (@backport-actions-token[bot])

# Dependency

deps: pin release to latest go version #2827 (opens new window) (@travisgroth)

# v0.15.7 (opens new window) (2021-11-15)

Full Changelog (opens new window)

# Fixed

autocert: remove log #2750 (opens new window) (@backport-actions-token[bot])

# Security

identity: fix user refresh #2725 (opens new window) (@backport-actions-token[bot])

# Documentation

Docs: Add Grafana Integration Guide #2762 (opens new window) (@backport-actions-token[bot])
Docs: Add spdy annotation #2751 (opens new window) (@backport-actions-token[bot])
Docs: Ingress Controller #2745 (opens new window) (@backport-actions-token[bot])
Docs: Update Traefik Example Headers #2741 (opens new window) (@backport-actions-token[bot])
Docs: Update Community Page #2731 (opens new window) (@backport-actions-token[bot])
Minor fix in routes documentation #2721 (opens new window) (@backport-actions-token[bot])
Docs: Reference gRPC API Docs #2720 (opens new window) (@backport-actions-token[bot])
Update architecture.md #2707 (opens new window) (@backport-actions-token[bot])

# v0.15.6 (opens new window) (2021-11-04)

Full Changelog (opens new window)

# Breaking

github: use GraphQL API to reduce number of API calls for directory sync #2715 (opens new window) (@calebdoxsey)

# New

databroker: add additional log for config source #2718 (opens new window) (@calebdoxsey)
grpc: remove peer field from logs #2712 (opens new window) (@calebdoxsey)
desktop client api #2711 (opens new window) (@wasaga)
telemetry: improve zipkin error logs #2710 (opens new window) (@calebdoxsey)
authorize: add support for webauthn device policy enforcement #2700 (opens new window) (@calebdoxsey)
webauthn: update session to support device credentials per type #2699 (opens new window) (@calebdoxsey)
ppl: add support for additional data #2696 (opens new window) (@calebdoxsey)
Add additional ACME CA (autocert) options #2695 (opens new window) (@hslatman)
skip configuration updates to the most recent one #2690 (opens new window) (@wasaga)
authenticate: add support for webauthn #2688 (opens new window) (@calebdoxsey)
webauthnutil: add helpers for webauthn #2686 (opens new window) (@calebdoxsey)
devices: add device protobuf types #2682 (opens new window) (@calebdoxsey)
cryptutil: add SecureToken #2681 (opens new window) (@calebdoxsey)
config/envoyconfig: better duplicate message #2661 (opens new window) (@desimone)
pomerium-cli: add support for a custom browser command #2617 (opens new window) (@calebdoxsey)
ppl: pass contextual information through policy #2612 (opens new window) (@calebdoxsey)
add description to service accounts #2611 (opens new window) (@nhayfield)
DOCS: Add copy button to code snippets #2597 (opens new window) (@alexfornuto)
pomerium-cli: use cache dir instead of config dir #2588 (opens new window) (@calebdoxsey)
cli: update tcp log output format #2586 (opens new window) (@travisgroth)
directory: implement exponential backoff for refresh #2570 (opens new window) (@calebdoxsey)
google: support provider URL #2567 (opens new window) (@calebdoxsey)
allow pomerium to start without certs #2555 (opens new window) (@wasaga)
integration: kubernetes support #2536 (opens new window) (@calebdoxsey)
integration: nginx #2532 (opens new window) (@calebdoxsey)
integration: add traefik tests #2530 (opens new window) (@calebdoxsey)
envoy: remove deprecated access_log_path #2523 (opens new window) (@calebdoxsey)
config: remove headers #2522 (opens new window) (@calebdoxsey)
integration: add multi test #2519 (opens new window) (@calebdoxsey)
Remove api from GitLab defaultScope #2518 (opens new window) (@alexfornuto)
integration: add single-cluster integration tests #2516 (opens new window) (@calebdoxsey)
integration: remove tests #2514 (opens new window) (@calebdoxsey)
github: support provider URL #2490 (opens new window) (@calebdoxsey)
protoutil: add NewAny method for deterministic serialization #2462 (opens new window) (@calebdoxsey)
fix go get, improve redis test #2450 (opens new window) (@calebdoxsey)
all: remove unused handler code #2439 (opens new window) (@desimone)

# Fixed

deployment: relocate pomerium-cli to /usr/bin #2727 (opens new window) (@travisgroth)
authenticate: always update user record on login #2719 (opens new window) (@calebdoxsey)
authenticate: add databroker versions to session cookie #2709 (opens new window) (@calebdoxsey)
protoc: add xds repo #2687 (opens new window) (@calebdoxsey)
add host-rewrite options to config.proto #2668 (opens new window) (@wasaga)
authclient: clone TLS configuration to prevent overriding NextProtos #2594 (opens new window) (@calebdoxsey)
tcptunnel: force the use of HTTP/1.1 during ALPN #2593 (opens new window) (@calebdoxsey)
userinfo: format exp, iat and updated_at #2585 (opens new window) (@calebdoxsey)
autocert: remove log #2584 (opens new window) (@calebdoxsey)
authorize: use session.user_id in headers #2571 (opens new window) (@calebdoxsey)
ppl: use session.user_id instead of user.id for user criterion #2562 (opens new window) (@calebdoxsey)
authorize: fix google cloudrun header audience #2558 (opens new window) (@calebdoxsey)
authorize: fix X-Pomerium-Claim-Groups #2539 (opens new window) (@calebdoxsey)
grpc: disable gRPC connection re-use across services #2515 (opens new window) (@calebdoxsey)
fix forward-auth, logging #2509 (opens new window) (@calebdoxsey)
grpc: send client traffic through envoy #2469 (opens new window) (@calebdoxsey)
options: remove refresh_cooldown, add allow_spdy to proto #2446 (opens new window) (@calebdoxsey)

# Security

identity: fix user refresh #2724 (opens new window) (@calebdoxsey)
deps: update envoy to 1.19.1 #2526 (opens new window) (@travisgroth)

# Documentation

Docs: Update Traefik Example Headers #2732 (opens new window) (@alexfornuto)
Docs: Reference gRPC API Docs #2717 (opens new window) (@alexfornuto)
Minor fix in routes documentation #2714 (opens new window) (@Kerwood)
Docs: Update Community Page #2713 (opens new window) (@cmo-pomerium)
Update architecture.md #2701 (opens new window) (@cmo-pomerium)
Update create TLS command to quote strings. #2694 (opens new window) (@FutureMatt)
Docs: Correct Claim Example #2689 (opens new window) (@alexfornuto)
Fix typo in docs #2683 (opens new window) (@nihaals)
Fixed 'kubtctl' typo on releases page #2673 (opens new window) (@ChaosInTheCRD)
Docs: Ingress Controller #2667 (opens new window) (@alexfornuto)
add service account redirects #2664 (opens new window) (@alexfornuto)
DOCS: Standardize Relative Links #2651 (opens new window) (@alexfornuto)
Docs: cross-reference links between concepts and reference #2648 (opens new window) (@alexfornuto)
typo #2644 (opens new window) (@alexfornuto)
adjust sidebarDepths and document Desktop Client releases #2643 (opens new window) (@alexfornuto)
DOCS: CORS preflight in console #2642 (opens new window) (@alexfornuto)
DOCS: Collapse IDP Header #2641 (opens new window) (@alexfornuto)
docs: remove extra word / updated docs link #2638 (opens new window) (@cmo-pomerium)
Docs: Batch Updates #2628 (opens new window) (@alexfornuto)
Refresh and Update TCP documentation #2627 (opens new window) (@alexfornuto)
DOC: Copy edits to Okta IdP doc. #2623 (opens new window) (@alexfornuto)
Docs/batch link fixes #2621 (opens new window) (@alexfornuto)
Add redirect for installation #2618 (opens new window) (@alexfornuto)
Add docs team as a code owner of packages.json #2605 (opens new window) (@alexfornuto)
Update CODEOWNERS #2603 (opens new window) (@alexfornuto)
DOCS: Update Enterprise Reference Docs #2599 (opens new window) (@alexfornuto)
Document Enterprise API #2595 (opens new window) (@alexfornuto)
docs: rename updated icon image #2582 (opens new window) (@travisgroth)
docs: add updated icon asset #2580 (opens new window) (@travisgroth)
Document recovery token generation #2579 (opens new window) (@alexfornuto)
New Topic Page: Original Request Context #2569 (opens new window) (@alexfornuto)
docs: enterprise console v0.15.2 changelog #2564 (opens new window) (@travisgroth)
TCP Client Doc #2561 (opens new window) (@alexfornuto)
Docs: Fix merged PR #2546 (opens new window) (@alexfornuto)
docs: enterprise v0.15.1 changelog #2542 (opens new window) (@travisgroth)
Update Ping Identity IdP #2537 (opens new window) (@alexfornuto)
update OneLogin IdP doc #2533 (opens new window) (@alexfornuto)
Update GitLab IdP doc #2520 (opens new window) (@alexfornuto)
update GitHub IdP doc #2503 (opens new window) (@alexfornuto)
Update AWS cognito IdP doc #2498 (opens new window) (@alexfornuto)
Update Azure IdP Doc #2497 (opens new window) (@alexfornuto)
Auth0 Doc Refresh #2494 (opens new window) (@alexfornuto)
Update IdP Overview Page #2493 (opens new window) (@alexfornuto)
Update Okta IdP doc #2491 (opens new window) (@alexfornuto)
adjust comment blocking #2488 (opens new window) (@alexfornuto)
document binding service to 443 #2487 (opens new window) (@alexfornuto)
docs: use generic email #2484 (opens new window) (@alexfornuto)
Update Docker Quickstart #2482 (opens new window) (@alexfornuto)
Wrap mkcert command in quotes #2481 (opens new window) (@alexfornuto)
Updates to Enterprise Quickstart instructions #2480 (opens new window) (@alexfornuto)
wrap header example values as inline code. #2474 (opens new window) (@alexfornuto)
docs: clarify custom request header limitations #2471 (opens new window) (@desimone)
Update Helm Instructions #2467 (opens new window) (@alexfornuto)
docs: update enterprise helm instructions to use main repo #2463 (opens new window) (@travisgroth)
Document tracing sample rate in console #2461 (opens new window) (@alexfornuto)
Document moving routes #2460 (opens new window) (@alexfornuto)
Enterprise Upgrade & Changelog Pages #2453 (opens new window) (@alexfornuto)
docs: update codeowners #2451 (opens new window) (@travisgroth)
Update binary install doc #2447 (opens new window) (@alexfornuto)
docs: update branding, concepts #2445 (opens new window) (@desimone)
specify expected audience in Console config #2442 (opens new window) (@alexfornuto)
docs: update default version to v0.15 #2437 (opens new window) (@travisgroth)
docs: update branding #2435 (opens new window) (@desimone)

# Dependency

dependencies: vendor base58, remove shortuuid #2739 (opens new window) (@calebdoxsey)
chore(deps): bump github.com/shirou/gopsutil/v3 from 3.21.9 to 3.21.10 #2736 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.33.1 to 0.34.0 #2735 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/openzipkin/zipkin-go from 0.2.5 to 0.3.0 #2734 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/prometheus/common from 0.31.1 to 0.32.1 #2706 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/docker/docker from 20.10.9+incompatible to 20.10.10+incompatible #2705 (opens new window) (@dependabot[bot])
chore(deps): bump gopkg.in/auth0.v5 from 5.19.2 to 5.20.0 #2704 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.6.1 to 0.6.2 #2703 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/caddyserver/certmagic from 0.14.5 to 0.15.1 #2685 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/peterbourgon/ff/v3 from 3.1.0 to 3.1.2 #2672 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/shirou/gopsutil/v3 from 3.21.8 to 3.21.9 #2671 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/docker/docker from 20.10.8+incompatible to 20.10.9+incompatible #2670 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.57.0 to 0.58.0 #2660 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/go-redis/redis/v8 from 8.11.3 to 8.11.4 #2659 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.32.1 to 0.33.1 #2658 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/prometheus/common from 0.31.0 to 0.31.1 #2656 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.32.0 to 0.32.1 #2633 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/grpc from 1.40.0 to 1.41.0 #2632 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/prometheus/common from 0.30.0 to 0.31.0 #2631 (opens new window) (@dependabot[bot])
chore(deps): bump sigs.k8s.io/yaml from 1.2.0 to 1.3.0 #2630 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/ory/dockertest/v3 from 3.7.0 to 3.8.0 #2629 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/spf13/viper from 1.8.1 to 1.9.0 #2616 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.56.0 to 0.57.0 #2615 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/coreos/go-oidc/v3 from 3.0.0 to 3.1.0 #2614 (opens new window) (@dependabot[bot])
bump protoc-validate #2606 (opens new window) (@wasaga)
chore(deps): bump go.uber.org/zap from 1.19.0 to 1.19.1 #2592 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/rs/zerolog from 1.24.0 to 1.25.0 #2591 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/shirou/gopsutil/v3 from 3.21.7 to 3.21.8 #2577 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/golangci/golangci-lint from 1.42.0 to 1.42.1 #2576 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/caddyserver/certmagic from 0.14.4 to 0.14.5 #2575 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.54.0 to 0.56.0 #2574 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.31.0 to 0.32.0 #2573 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/fsnotify/fsnotify from 1.5.0 to 1.5.1 #2554 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/caddyserver/certmagic from 0.14.3 to 0.14.4 #2553 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/rs/zerolog from 1.23.0 to 1.24.0 #2552 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/docker/docker from 20.10.7+incompatible to 20.10.8+incompatible #2551 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/caddyserver/certmagic from 0.14.1 to 0.14.3 #2550 (opens new window) (@dependabot[bot])
chore(deps): bump contrib.go.opencensus.io/exporter/prometheus from 0.3.0 to 0.4.0 #2549 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/cespare/xxhash/v2 from 2.1.1 to 2.1.2 #2548 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/prometheus/procfs from 0.7.2 to 0.7.3 #2512 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/golangci/golangci-lint from 1.41.1 to 1.42.0 #2511 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/fsnotify/fsnotify from 1.4.9 to 1.5.0 #2510 (opens new window) (@dependabot[bot])
ci: use go 1.17.x #2492 (opens new window) (@desimone)
chore(deps): bump google.golang.org/grpc from 1.39.1 to 1.40.0 #2478 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/go-redis/redis/v8 from 8.11.2 to 8.11.3 #2477 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.52.0 to 0.54.0 #2476 (opens new window) (@dependabot[bot])
chore(deps): bump go.uber.org/zap from 1.18.1 to 1.19.0 #2475 (opens new window) (@dependabot[bot])
ci: support darwn/arm64 aka m1 for cli #2473 (opens new window) (@desimone)
chore(deps): bump github.com/go-redis/redis/v8 from 8.11.1 to 8.11.2 #2459 (opens new window) (@backport-actions-token[bot])
chore(deps): bump google.golang.org/grpc from 1.39.0 to 1.39.1 #2457 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/prometheus/procfs from 0.7.1 to 0.7.2 #2456 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/go-redis/redis/v8 from 8.11.1 to 8.11.2 #2455 (opens new window) (@dependabot[bot])
Hadolint #2363 (opens new window) (@stephengroat)

# Deployment

deployment: remove DST_Root_CA_X3 from docker images #2677 (opens new window) (@travisgroth)
deployment: update goreleaser syntax #2524 (opens new window) (@travisgroth)

# Changed

ci: remove hadolint #2726 (opens new window) (@travisgroth)
ci: ignore multiple run commands #2566 (opens new window) (@travisgroth)
redirect logo to the marketing site #2441 (opens new window) (@alexfornuto)

# v0.15.5 (opens new window) (2021-10-22)

Full Changelog (opens new window)

# New

skip configuration updates to the most recent one #2692 (opens new window) (@backport-actions-token[bot])

# Documentation

Update create TLS command to quote strings. #2697 (opens new window) (@backport-actions-token[bot])
DOCS: CORS preflight in console #2693 (opens new window) (@backport-actions-token[bot])
Docs: Correct Claim Example #2691 (opens new window) (@backport-actions-token[bot])
Fix typo in docs #2684 (opens new window) (@backport-actions-token[bot])

# Deployment

deployment: remove DST_Root_CA_X3 from docker images #2698 (opens new window) (@travisgroth)

# v0.15.4 (opens new window) (2021-10-14)

Full Changelog (opens new window)

# New

protoutil: add NewAny method for deterministic serialization #2662 (opens new window) (@backport-actions-token[bot])

# Fixed

backport: host rewrite #2669 (opens new window) (@wasaga)

# Documentation

Fixed 'kubtctl' typo on releases page #2680 (opens new window) (@backport-actions-token[bot])
Refresh and Update TCP documentation #2679 (opens new window) (@backport-actions-token[bot])
Docs: Ingress Controller #2667 (opens new window) (@alexfornuto)
add service account redirects #2665 (opens new window) (@backport-actions-token[bot])
DOCS: Standardize Relative Links (#2651) #2654 (opens new window) (@alexfornuto)
Docs: cross-reference links between concepts and reference #2650 (opens new window) (@backport-actions-token[bot])
DOCS: Collapse IDP Header #2649 (opens new window) (@backport-actions-token[bot])
typo #2646 (opens new window) (@backport-actions-token[bot])
Docs: Batch Updates #2640 (opens new window) (@backport-actions-token[bot])
docs: remove extra word / updated docs link #2639 (opens new window) (@backport-actions-token[bot])
TCP Client Doc #2626 (opens new window) (@backport-actions-token[bot])
DOC: Copy edits to Okta IdP doc. #2625 (opens new window) (@backport-actions-token[bot])
DOCS: Update Enterprise Reference Docs #2624 (opens new window) (@backport-actions-token[bot])
Docs/batch link fixes #2622 (opens new window) (@backport-actions-token[bot])
Add redirect for installation #2620 (opens new window) (@backport-actions-token[bot])
Document Enterprise API #2619 (opens new window) (@backport-actions-token[bot])

# v0.15.3 (opens new window) (2021-09-17)

Full Changelog (opens new window)

# New

cli: update tcp log output format #2587 (opens new window) (@travisgroth)

# Fixed

backport 2593 and 2594 to 0.15 #2598 (opens new window) (@calebdoxsey)

# Documentation

Add docs team as a code owner of packages.json #2607 (opens new window) (@backport-actions-token[bot])
New Topic Page: Original Request Context #2602 (opens new window) (@backport-actions-token[bot])
Document recovery token generation #2601 (opens new window) (@backport-actions-token[bot])
DOCS: Add copy button to code snippets #2600 (opens new window) (@backport-actions-token[bot])
docs: rename updated icon image #2583 (opens new window) (@backport-actions-token[bot])
docs: add updated icon asset #2581 (opens new window) (@backport-actions-token[bot])

# Changed

Update CODEOWNERS #2604 (opens new window) (@backport-actions-token[bot])

# v0.15.2 (opens new window) (2021-09-03)

Full Changelog (opens new window)

# New

allow pomerium to start without certs #2556 (opens new window) (@backport-actions-token[bot])

# Fixed

authorize: use session.user_id in headers #2572 (opens new window) (@backport-actions-token[bot])
ppl: use session.user_id instead of user.id for user criterion #2563 (opens new window) (@backport-actions-token[bot])
authorize: fix google cloudrun header audience #2560 (opens new window) (@backport-actions-token[bot])
authorize: fix X-Pomerium-Claim-Groups #2540 (opens new window) (@backport-actions-token[bot])

# Documentation

docs: enterprise console v0.15.2 changelog #2565 (opens new window) (@backport-actions-token[bot])
Docs: Fix merged PR #2547 (opens new window) (@backport-actions-token[bot])
Update Ping Identity IdP #2545 (opens new window) (@backport-actions-token[bot])
update OneLogin IdP doc #2544 (opens new window) (@backport-actions-token[bot])
docs: enterprise v0.15.1 changelog #2543 (opens new window) (@backport-actions-token[bot])
Updates to Enterprise Quickstart instructions #2531 (opens new window) (@backport-actions-token[bot])

# v0.15.0 (opens new window) (2021-08-05)

Full Changelog (opens new window)

# Breaking

config: remove support for ed25519 signing keys #2430 (opens new window) (@calebdoxsey)

# New

telemetry: add nonce and make explicit ack/nack #2434 (opens new window) (@wasaga)
authorize: log additional session details #2419 (opens new window) (@calebdoxsey)
telemetry: try guess hostname or external IP addr for metrics #2412 (opens new window) (@wasaga)
sessions: add impersonate_session_id, remove legacy impersonation #2407 (opens new window) (@calebdoxsey)
envoyconfig: improvements #2402 (opens new window) (@calebdoxsey)
config: add support for embedded PPL policy #2401 (opens new window) (@calebdoxsey)
ppl: remove support for aliases #2400 (opens new window) (@calebdoxsey)
directory: add logging http client to help with debugging outbound http requests #2385 (opens new window) (@calebdoxsey)
evaluator: use cryptutil.Hash for script spans #2384 (opens new window) (@desimone)
authorize: add additional tracing for rego evaluation #2381 (opens new window) (@calebdoxsey)
k8s: add flush-credentials command #2379 (opens new window) (@calebdoxsey)
urlutil: improve error message for urls with port in path #2377 (opens new window) (@calebdoxsey)
ci: use revive instead of golint #2370 (opens new window) (@calebdoxsey)
authorize: remove service account impersonate user id, email and groups #2365 (opens new window) (@calebdoxsey)
envoyconfig: default zipkin path to / when empty #2359 (opens new window) (@calebdoxsey)
config: add warning about http URLs #2358 (opens new window) (@calebdoxsey)
authorize: log service account and impersonation details #2354 (opens new window) (@calebdoxsey)
tools: add tools.go to pin go run apps #2344 (opens new window) (@calebdoxsey)
envoyconfig: add bootstrap layered runtime configuration #2343 (opens new window) (@calebdoxsey)
registry/redis: call publish from within lua function #2337 (opens new window) (@calebdoxsey)

# Fixed

config: remove grpc server max connection age options #2427 (opens new window) (@calebdoxsey)
authorize: add sid to JWT claims #2420 (opens new window) (@calebdoxsey)
disable http/2 for websockets #2399 (opens new window) (@calebdoxsey)
ci: update gcloud action #2393 (opens new window) (@travisgroth)
google: remove WithHTTPClient #2391 (opens new window) (@calebdoxsey)
telemetry: support b3 headers on gRPC server calls #2376 (opens new window) (@calebdoxsey)
authorize: allow redirects on deny #2361 (opens new window) (@calebdoxsey)
authorize: decode CheckRequest path for redirect #2357 (opens new window) (@calebdoxsey)
envoyconfig: only delete cached files, ignore noisy error #2356 (opens new window) (@calebdoxsey)
envoy: only check for pid with monitor #2355 (opens new window) (@calebdoxsey)
fix: timeout in protobuf #2341 (opens new window) (@wasaga)
authorize: support boolean deny results #2338 (opens new window) (@calebdoxsey)

# Security

envoy: only allow embedding #2368 (opens new window) (@calebdoxsey)

# Documentation

update v0.15 changelog #2436 (opens new window) (@travisgroth)
doc updates #2433 (opens new window) (@calebdoxsey)
Update Console installs to match signing_key #2432 (opens new window) (@alexfornuto)
docs/reference: Clarify use of idp_service_account #2431 (opens new window) (@the-maldridge)
docs: clarify device identity, not state via client certs #2428 (opens new window) (@desimone)
v0.15 release notes #2409 (opens new window) (@travisgroth)
docs: only secure schemes are supported #2408 (opens new window) (@desimone)
Installation Docs Restructuring #2406 (opens new window) (@alexfornuto)
symlink security policy to root of project #2396 (opens new window) (@desimone)
Enterprise Docs #2390 (opens new window) (@alexfornuto)
Docs bug fixes #2362 (opens new window) (@alexfornuto)
Docs sorting #2346 (opens new window) (@alexfornuto)
Update installation source for mkcert #2340 (opens new window) (@alexfornuto)

# Dependency

chore(deps): bump gopkg.in/auth0.v5 from 5.19.1 to 5.19.2 #2422 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/go-jose/go-jose/v3 from 3.0.0-rc.1 to 3.0.0 #2421 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/prometheus/common from 0.29.0 to 0.30.0 #2417 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.30.2 to 0.31.0 #2416 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.51.0 to 0.52.0 #2415 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/shirou/gopsutil/v3 from 3.21.6 to 3.21.7 #2414 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/go-redis/redis/v8 from 8.11.0 to 8.11.1 #2413 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/prometheus/procfs from 0.7.0 to 0.7.1 #2395 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.50.0 to 0.51.0 #2394 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/google/uuid from 1.2.0 to 1.3.0 #2374 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.30.1 to 0.30.2 #2373 (opens new window) (@dependabot[bot])
ci: convert to FOSSA scan #2371 (opens new window) (@travisgroth)
chore(deps): bump github.com/golangci/golangci-lint from 1.40.1 to 1.41.1 #2353 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/caddyserver/certmagic from 0.14.0 to 0.14.1 #2352 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/rs/cors from 1.7.0 to 1.8.0 #2334 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.49.0 to 0.50.0 #2333 (opens new window) (@dependabot[bot])
chore(deps): upgrade kind action to v1.2.0 #2331 (opens new window) (@travisgroth)
chore(deps): bump github.com/spf13/cobra from 1.1.3 to 1.2.1 #2330 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/go-redis/redis/v8 from 8.10.0 to 8.11.0 #2329 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/prometheus/procfs from 0.6.0 to 0.7.0 #2328 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/shirou/gopsutil/v3 from 3.21.5 to 3.21.6 #2326 (opens new window) (@dependabot[bot])
chore(deps): bump go.uber.org/zap from 1.17.0 to 1.18.1 #2325 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/grpc from 1.38.0 to 1.39.0 #2324 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.29.4 to 0.30.1 #2323 (opens new window) (@dependabot[bot])

# Changed

redis: increase timeout on test #2425 (opens new window) (@calebdoxsey)
build: add envoy files to make clean #2411 (opens new window) (@travisgroth)
envoy: bump to 1.19 #2392 (opens new window) (@travisgroth)
ci: use github app for backport credentials #2369 (opens new window) (@travisgroth)
databroker: tests #2367 (opens new window) (@calebdoxsey)
storage/inmemory: add tests for close behavior #2336 (opens new window) (@calebdoxsey)
redis: refactor change signal test to be more deterministic #2335 (opens new window) (@calebdoxsey)

# v0.14.8 (opens new window) (2021-08-26)

Full Changelog (opens new window)

# Security

deps: bump envoy to v0.17.4 #2535 (opens new window) (@travisgroth)

# Documentation

docs: only secure schemes are supported #2410 (opens new window) (@backport-actions-token[bot])
Docs bug fixes #2364 (opens new window) (@github-actions[bot])
Docs backporting #2351 (opens new window) (@alexfornuto)
docs: google gcp / workspace instructions #2350 (opens new window) (@github-actions[bot])

# Dependency

chore(deps): upgrade kind action to v1.2.0 (#2281) #2366 (opens new window) (@travisgroth)

# Changed

ci: update gcloud action #2538 (opens new window) (@backport-actions-token[bot])

# v0.15.1 (opens new window) (2021-08-25)

Full Changelog (opens new window)

# Fixed

options: remove refresh_cooldown, add allow_spdy to proto #2448 (opens new window) (@backport-actions-token[bot])

# Security

deps: update envoy to 1.19.1 #2527 (opens new window) (@backport-actions-token[bot])

# Documentation

Update GitLab IdP doc #2529 (opens new window) (@backport-actions-token[bot])
Remove api from GitLab defaultScope #2528 (opens new window) (@backport-actions-token[bot])
update GitHub IdP doc #2508 (opens new window) (@backport-actions-token[bot])
docs: update codeowners #2506 (opens new window) (@backport-actions-token[bot])
Update Helm Instructions #2505 (opens new window) (@backport-actions-token[bot])
Update Azure IdP Doc #2504 (opens new window) (@backport-actions-token[bot])
Update IdP Overview Page #2502 (opens new window) (@backport-actions-token[bot])
Update AWS cognito IdP doc #2501 (opens new window) (@backport-actions-token[bot])
Auth0 Doc Refresh #2500 (opens new window) (@backport-actions-token[bot])
document binding service to 443 #2499 (opens new window) (@backport-actions-token[bot])
Update Okta IdP doc #2495 (opens new window) (@backport-actions-token[bot])
adjust comment blocking #2489 (opens new window) (@backport-actions-token[bot])
Update Docker Quickstart (#2482) #2486 (opens new window) (@alexfornuto)
docs: use generic email #2485 (opens new window) (@backport-actions-token[bot])
wrap header example values as inline code. #2479 (opens new window) (@backport-actions-token[bot])
docs: clarify custom request header limitations #2472 (opens new window) (@backport-actions-token[bot])
Document moving routes #2466 (opens new window) (@backport-actions-token[bot])
Document tracing sample rate in console #2465 (opens new window) (@backport-actions-token[bot])
docs: update enterprise helm instructions to use main repo #2464 (opens new window) (@backport-actions-token[bot])
Enterprise Upgrade & Changelog Pages #2458 (opens new window) (@backport-actions-token[bot])
Update binary install doc #2452 (opens new window) (@backport-actions-token[bot])
docs: update branding, concepts #2449 (opens new window) (@backport-actions-token[bot])
specify expected audience in Console config #2444 (opens new window) (@backport-actions-token[bot])
redirect logo to the marketing site #2443 (opens new window) (@backport-actions-token[bot])
docs: update branding #2440 (opens new window) (@backport-actions-token[bot])
docs: update default version to v0.15 #2438 (opens new window) (@backport-actions-token[bot])

# Dependency

chore(deps): bump github.com/go-redis/redis/v8 from 8.11.1 to 8.11.2 #2459 (opens new window) (@backport-actions-token[bot])

# Deployment

deployment: update goreleaser syntax #2525 (opens new window) (@backport-actions-token[bot])
ci: support darwn/arm64 aka m1 for cli #2521 (opens new window) (@travisgroth)

# v0.15.0 (opens new window) (2021-08-05)

Full Changelog (opens new window)

# Breaking

config: remove support for ed25519 signing keys #2430 (opens new window) (@calebdoxsey)

# New

telemetry: add nonce and make explicit ack/nack #2434 (opens new window) (@wasaga)
authorize: log additional session details #2419 (opens new window) (@calebdoxsey)
telemetry: try guess hostname or external IP addr for metrics #2412 (opens new window) (@wasaga)
sessions: add impersonate_session_id, remove legacy impersonation #2407 (opens new window) (@calebdoxsey)
envoyconfig: improvements #2402 (opens new window) (@calebdoxsey)
config: add support for embedded PPL policy #2401 (opens new window) (@calebdoxsey)
ppl: remove support for aliases #2400 (opens new window) (@calebdoxsey)
directory: add logging http client to help with debugging outbound http requests #2385 (opens new window) (@calebdoxsey)
evaluator: use cryptutil.Hash for script spans #2384 (opens new window) (@desimone)
authorize: add additional tracing for rego evaluation #2381 (opens new window) (@calebdoxsey)
k8s: add flush-credentials command #2379 (opens new window) (@calebdoxsey)
urlutil: improve error message for urls with port in path #2377 (opens new window) (@calebdoxsey)
ci: use revive instead of golint #2370 (opens new window) (@calebdoxsey)
authorize: remove service account impersonate user id, email and groups #2365 (opens new window) (@calebdoxsey)
envoyconfig: default zipkin path to / when empty #2359 (opens new window) (@calebdoxsey)
config: add warning about http URLs #2358 (opens new window) (@calebdoxsey)
authorize: log service account and impersonation details #2354 (opens new window) (@calebdoxsey)
tools: add tools.go to pin go run apps #2344 (opens new window) (@calebdoxsey)
envoyconfig: add bootstrap layered runtime configuration #2343 (opens new window) (@calebdoxsey)
registry/redis: call publish from within lua function #2337 (opens new window) (@calebdoxsey)
proxy: add idle timeout #2319 (opens new window) (@wasaga)
cli: use proxy from environment #2316 (opens new window) (@tskinn)
authorize: do not send redirects to gRPC #2314 (opens new window) (@wasaga)
certs: reject certs from databroker if they conflict with local #2309 (opens new window) (@wasaga)
config: add enable_google_cloud_serverless_authentication to config protobuf #2306 (opens new window) (@calebdoxsey)
envoy: refactor envoy embedding #2296 (opens new window) (@calebdoxsey)
envoy: add full version #2287 (opens new window) (@calebdoxsey)
authorize: handle grpc-web content types like json #2268 (opens new window) (@calebdoxsey)
xds: retry storing configuration events #2266 (opens new window) (@calebdoxsey)
envoyconfig: use zipkin tracer #2265 (opens new window) (@calebdoxsey)
authorize: preserve original context #2247 (opens new window) (@wasaga)
ppl: add data type, implement string and list matchers #2228 (opens new window) (@calebdoxsey)
ppl: refactor authorize to evaluate PPL #2224 (opens new window) (@calebdoxsey)
ppl: convert config policy to ppl #2218 (opens new window) (@calebdoxsey)
Pomerium Policy Language #2202 (opens new window) (@calebdoxsey)
telemetry: add hostname tag to metrics #2191 (opens new window) (@wasaga)
envoy: disable timeouts for kubernetes #2189 (opens new window) (@calebdoxsey)
registry: implement redis backend #2179 (opens new window) (@calebdoxsey)
report instance hostname in xds events #2175 (opens new window) (@wasaga)
databroker: implement leases #2172 (opens new window) (@calebdoxsey)

# Fixed

config: remove grpc server max connection age options #2427 (opens new window) (@calebdoxsey)
authorize: add sid to JWT claims #2420 (opens new window) (@calebdoxsey)
disable http/2 for websockets #2399 (opens new window) (@calebdoxsey)
ci: update gcloud action #2393 (opens new window) (@travisgroth)
google: remove WithHTTPClient #2391 (opens new window) (@calebdoxsey)
telemetry: support b3 headers on gRPC server calls #2376 (opens new window) (@calebdoxsey)
authorize: allow redirects on deny #2361 (opens new window) (@calebdoxsey)
authorize: decode CheckRequest path for redirect #2357 (opens new window) (@calebdoxsey)
envoyconfig: only delete cached files, ignore noisy error #2356 (opens new window) (@calebdoxsey)
envoy: only check for pid with monitor #2355 (opens new window) (@calebdoxsey)
fix: timeout in protobuf #2341 (opens new window) (@wasaga)
authorize: support boolean deny results #2338 (opens new window) (@calebdoxsey)
ppl: fix not/nor rules #2313 (opens new window) (@calebdoxsey)
directory/azure: add paging support to user group members call #2311 (opens new window) (@calebdoxsey)
ocsp: reload on response changes #2286 (opens new window) (@wasaga)
envoy: fix usage of codec_type with alpn #2277 (opens new window) (@calebdoxsey)
databroker: only tag contexts used for UpdateRecords #2269 (opens new window) (@wasaga)
redis: enforce capacity via ZREVRANGE to avoid race #2267 (opens new window) (@calebdoxsey)
authorize: only redirect for HTML pages #2264 (opens new window) (@calebdoxsey)
tracing: support dynamic reloading, more aggressive envoy restart #2262 (opens new window) (@calebdoxsey)
envoy: always set jwt claim headers even if no value is available #2261 (opens new window) (@calebdoxsey)
envoy: disable hot-reload for macos #2259 (opens new window) (@calebdoxsey)
authorize: round timestamp #2258 (opens new window) (@wasaga)
options: s/shared-key/shared secret #2257 (opens new window) (@desimone)
config: warn about unrecognized keys #2256 (opens new window) (@wasaga)
darwin: use gopsutil v3 to fix arm issue #2245 (opens new window) (@calebdoxsey)
policy: fix allowed idp claims PPL generation #2243 (opens new window) (@calebdoxsey)
envoy: exit if envoy exits #2240 (opens new window) (@calebdoxsey)
envoyconfig: fallback to global custom ca when no policy ca is defined #2235 (opens new window) (@calebdoxsey)
envoy: add global response headers to local replies #2217 (opens new window) (@calebdoxsey)
forward auth: don't strip query parameters #2216 (opens new window) (@wasaga)
PPL: bubble up values, bug fixes #2213 (opens new window) (@calebdoxsey)
Revert "authenticate,proxy: add same site lax to cookies" #2203 (opens new window) (@desimone)
authorize: grpc health check #2200 (opens new window) (@wasaga)
proxy / controplane: use old upstream cipher suite #2196 (opens new window) (@desimone)
deployment: fix empty version on master builds #2193 (opens new window) (@travisgroth)

# Security

envoy: only allow embedding #2368 (opens new window) (@calebdoxsey)
deps: bump envoy to v1.17.3 #2198 (opens new window) (@travisgroth)

# Documentation

doc updates #2433 (opens new window) (@calebdoxsey)
Update Console installs to match signing_key #2432 (opens new window) (@alexfornuto)
docs/reference: Clarify use of idp_service_account #2431 (opens new window) (@the-maldridge)
docs: clarify device identity, not state via client certs #2428 (opens new window) (@desimone)
v0.15 release notes #2409 (opens new window) (@travisgroth)
docs: only secure schemes are supported #2408 (opens new window) (@desimone)
Installation Docs Restructuring #2406 (opens new window) (@alexfornuto)
symlink security policy to root of project #2396 (opens new window) (@desimone)
Enterprise Docs #2390 (opens new window) (@alexfornuto)
Helm Quickstart Update #2380 (opens new window) (@alexfornuto)
Docs bug fixes #2362 (opens new window) (@alexfornuto)
Docs sorting #2346 (opens new window) (@alexfornuto)
Update installation source for mkcert #2340 (opens new window) (@alexfornuto)
Update kubernetes-dashboard.md #2285 (opens new window) (@WeeHong)
Transmission BitTorrent Client Guide #2281 (opens new window) (@alexfornuto)
docs: google gcp / workspace instructions #2272 (opens new window) (@desimone)
docs: update helm values for chart v20.0.0 #2242 (opens new window) (@travisgroth)
docs: update _redirects #2237 (opens new window) (@desimone)
add support for latest version of code-server #2229 (opens new window) (@bpmct)
fix(docs): use correct name for code-server #2223 (opens new window) (@jsjoeio)
docs: rm broken link #2215 (opens new window) (@alexfornuto)
docs: Match Tenses #2214 (opens new window) (@alexfornuto)
Update programmatic-access.md #2190 (opens new window) (@yyolk)
docs: add v0.14 feature highlights #2184 (opens new window) (@github-actions[bot])
docs: add v0.14 feature highlights #2183 (opens new window) (@travisgroth)
docs: update slack link to vanity url #2177 (opens new window) (@travisgroth)

# Dependency

chore(deps): bump gopkg.in/auth0.v5 from 5.19.1 to 5.19.2 #2422 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/go-jose/go-jose/v3 from 3.0.0-rc.1 to 3.0.0 #2421 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/prometheus/common from 0.29.0 to 0.30.0 #2417 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.30.2 to 0.31.0 #2416 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.51.0 to 0.52.0 #2415 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/shirou/gopsutil/v3 from 3.21.6 to 3.21.7 #2414 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/go-redis/redis/v8 from 8.11.0 to 8.11.1 #2413 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/prometheus/procfs from 0.7.0 to 0.7.1 #2395 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.50.0 to 0.51.0 #2394 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/google/uuid from 1.2.0 to 1.3.0 #2374 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.30.1 to 0.30.2 #2373 (opens new window) (@dependabot[bot])
ci: convert to FOSSA scan #2371 (opens new window) (@travisgroth)
chore(deps): bump github.com/golangci/golangci-lint from 1.40.1 to 1.41.1 #2353 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/caddyserver/certmagic from 0.14.0 to 0.14.1 #2352 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/rs/cors from 1.7.0 to 1.8.0 #2334 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.49.0 to 0.50.0 #2333 (opens new window) (@dependabot[bot])
chore(deps): upgrade kind action to v1.2.0 #2331 (opens new window) (@travisgroth)
chore(deps): bump github.com/spf13/cobra from 1.1.3 to 1.2.1 #2330 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/go-redis/redis/v8 from 8.10.0 to 8.11.0 #2329 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/prometheus/procfs from 0.6.0 to 0.7.0 #2328 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/shirou/gopsutil/v3 from 3.21.5 to 3.21.6 #2326 (opens new window) (@dependabot[bot])
chore(deps): bump go.uber.org/zap from 1.17.0 to 1.18.1 #2325 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/grpc from 1.38.0 to 1.39.0 #2324 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.29.4 to 0.30.1 #2323 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/protobuf from 1.26.0 to 1.27.0 #2318 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/spf13/viper from 1.8.0 to 1.8.1 #2317 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.48.0 to 0.49.0 #2315 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/spf13/viper from 1.7.1 to 1.8.0 #2305 (opens new window) (@dependabot[bot])
chore(deps): bump gopkg.in/auth0.v5 from 5.18.0 to 5.19.1 #2304 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/ory/dockertest/v3 from 3.6.5 to 3.7.0 #2303 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.47.0 to 0.48.0 #2295 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/prometheus/client_golang from 1.10.0 to 1.11.0 #2294 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/rs/zerolog from 1.22.0 to 1.23.0 #2293 (opens new window) (@dependabot[bot])
chore(deps): bump gopkg.in/auth0.v5 from 5.17.0 to 5.18.0 #2292 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/caddyserver/certmagic from 0.13.1 to 0.14.0 #2291 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/golang/mock from 1.5.0 to 1.6.0 #2290 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/prometheus/common from 0.25.0 to 0.29.0 #2289 (opens new window) (@dependabot[bot])
deps: upgrade to go-jose v3 #2284 (opens new window) (@calebdoxsey)
chore(deps): bump github.com/go-redis/redis/v8 from 8.9.0 to 8.10.0 #2276 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/shirou/gopsutil/v3 from 3.21.4 to 3.21.5 #2274 (opens new window) (@dependabot[bot])
chore(deps): bump gopkg.in/square/go-jose.v2 from 2.5.1 to 2.6.0 #2273 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.28.0 to 0.29.4 #2255 (opens new window) (@dependabot[bot])
chore(deps): bump go.uber.org/zap from 1.16.0 to 1.17.0 #2254 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/google/go-cmp from 0.5.5 to 0.5.6 #2253 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/cenkalti/backoff/v4 from 4.1.0 to 4.1.1 #2252 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/mitchellh/hashstructure/v2 from 2.0.1 to 2.0.2 #2251 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/go-redis/redis/v8 from 8.8.3 to 8.9.0 #2249 (opens new window) (@dependabot[bot])
darwin: use x86 envoy build for arm64 #2246 (opens new window) (@calebdoxsey)
chore(deps): bump github.com/prometheus/common from 0.24.0 to 0.25.0 #2234 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.46.0 to 0.47.0 #2233 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/go-redis/redis/v8 from 8.8.2 to 8.8.3 #2232 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/grpc from 1.37.1 to 1.38.0 #2231 (opens new window) (@dependabot[bot])
dependency: update /x/net #2227 (opens new window) (@desimone)
chore(deps): bump github.com/lithammer/shortuuid/v3 from 3.0.6 to 3.0.7 #2211 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/prometheus/common from 0.23.0 to 0.24.0 #2210 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/rs/zerolog from 1.21.0 to 1.22.0 #2209 (opens new window) (@dependabot[bot])
chore(deps): bump gopkg.in/auth0.v5 from 5.16.0 to 5.17.0 #2208 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/grpc from 1.37.0 to 1.37.1 #2207 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/caddyserver/certmagic from 0.13.0 to 0.13.1 #2188 (opens new window) (@dependabot[bot])
chore(deps): bump gopkg.in/auth0.v5 from 5.15.0 to 5.16.0 #2187 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.45.0 to 0.46.0 #2186 (opens new window) (@dependabot[bot])

# Changed

redis: increase timeout on test #2425 (opens new window) (@calebdoxsey)
build: add envoy files to make clean #2411 (opens new window) (@travisgroth)
envoy: bump to 1.19 #2392 (opens new window) (@travisgroth)
ci: use github app for backport credentials #2369 (opens new window) (@travisgroth)
databroker: tests #2367 (opens new window) (@calebdoxsey)
storage/inmemory: add tests for close behavior #2336 (opens new window) (@calebdoxsey)
redis: refactor change signal test to be more deterministic #2335 (opens new window) (@calebdoxsey)
internal/envoy: add debugging information if envoy is no longer running #2320 (opens new window) (@travisgroth)
ci: add coveralls #2279 (opens new window) (@travisgroth)

# v0.14.7 (opens new window) (2021-06-24)

Full Changelog (opens new window)

# Fixed

directory/azure: add paging support to user group members call #2312 (opens new window) (@github-actions[bot])

# v0.14.6 (opens new window) (2021-06-16)

Full Changelog (opens new window)

# Fixed

authorize: only redirect for HTML pages (#2264) #2298 (opens new window) (@calebdoxsey)

# v0.14.5 (opens new window) (2021-06-07)

Full Changelog (opens new window)

# Fixed

envoy: fix usage of codec_type with alpn #2278 (opens new window) (@github-actions[bot])
authorize: round JWT claim timestamps #2260 (opens new window) (@wasaga)

# Documentation

docs: update helm values for chart v20.0.0 #2244 (opens new window) (@github-actions[bot])
docs: update _redirects #2238 (opens new window) (@github-actions[bot])

# v0.14.4 (opens new window) (2021-05-24)

Full Changelog (opens new window)

# Fixed

authorize: add rego functions to custom evaluator #2236 (opens new window) (@calebdoxsey)

# v0.14.3 (opens new window) (2021-05-21)

Full Changelog (opens new window)

# Fixed

authorize: fix custom rego panic #2226 (opens new window) (@calebdoxsey)

# Changed

envoy: add global response headers to local replies #2225 (opens new window) (@github-actions[bot])

# v0.14.2 (opens new window) (2021-05-17)

Full Changelog (opens new window)

# Fixed

Revert "authenticate,proxy: add same site lax to cookies" #2204 (opens new window) (@github-actions[bot])

# Documentation

Update programmatic-access.md #2205 (opens new window) (@github-actions[bot])

# v0.14.1 (opens new window) (2021-05-13)

Full Changelog (opens new window)

# Fixed

proxy / controplane: use old upstream cipher suite #2197 (opens new window) (@github-actions[bot])

# Security

deps: bump envoy to v1.17.3 #2199 (opens new window) (@github-actions[bot])

# Documentation

docs: update slack link to vanity url #2178 (opens new window) (@github-actions[bot])

# v0.14.0 (opens new window) (2021-05-04)

Full Changelog (opens new window)

# New

databroker: store issued at timestamp with session #2173 (opens new window) (@calebdoxsey)
config: add support for set_response_headers in a policy #2171 (opens new window) (@calebdoxsey)
authenticate,proxy: add same site lax to cookies #2159 (opens new window) (@calebdoxsey)
xds extended event #2158 (opens new window) (@wasaga)
config: add client_crl #2157 (opens new window) (@calebdoxsey)
config: add support for codec_type #2156 (opens new window) (@calebdoxsey)
controlplane: save configuration events to databroker #2153 (opens new window) (@calebdoxsey)
control plane: add request id to all error pages #2149 (opens new window) (@desimone)
let pass custom dial opts #2144 (opens new window) (@wasaga)
envoy: re-implement recommended defaults #2123 (opens new window) (@calebdoxsey)
Drop tun.cfg.dstHost from jwtCacheKey #2115 (opens new window) (@bl0m1)
config: remove validate side effects #2109 (opens new window) (@calebdoxsey)
log context #2107 (opens new window) (@wasaga)
databroker: add options for maximum capacity #2095 (opens new window) (@calebdoxsey)
envoyconfig: move most bootstrap config to shared package #2088 (opens new window) (@calebdoxsey)
envoy: refactor controlplane xds to new envoyconfig package #2086 (opens new window) (@calebdoxsey)
config: rename headers to set_response_headers #2081 (opens new window) (@calebdoxsey)
crypto: use actual bytes of shared secret, not the base64 encoded representation #2075 (opens new window) (@calebdoxsey)
cryptutil: use bytes for hmac #2067 (opens new window) (@calebdoxsey)
cryptutil: always use kek public id, add x509 support #2066 (opens new window) (@calebdoxsey)
authorize: additional tracing, add benchmark for encryptor #2059 (opens new window) (@calebdoxsey)
authorize: audit logging #2050 (opens new window) (@calebdoxsey)
support host:port in metrics_address #2042 (opens new window) (@wasaga)
databroker: return server version in Get #2039 (opens new window) (@wasaga)
authorize: add databroker server and record version to result, force sync via polling #2024 (opens new window) (@calebdoxsey)
protoutil: add generic transformer #2023 (opens new window) (@calebdoxsey)
cryptutil: add envelope encryption w/key encryption key and data encryption key #2020 (opens new window) (@calebdoxsey)
autocert: add metrics for renewal count, total and next expiration #2019 (opens new window) (@calebdoxsey)
telemetry: add installation id #2017 (opens new window) (@calebdoxsey)
config: use getters for certificates #2001 (opens new window) (@calebdoxsey)
config: use getters for authenticate, signout and forward auth urls #2000 (opens new window) (@calebdoxsey)
xds: use ALPN Auto config for upstream protocol when possible #1995 (opens new window) (@calebdoxsey)
envoy: upgrade to v1.17.1 #1993 (opens new window) (@calebdoxsey)
redis: add redis cluster support #1992 (opens new window) (@calebdoxsey)
redis: add support for redis-sentinel #1991 (opens new window) (@calebdoxsey)
authorize: set JWT to expire after 5 minutes #1980 (opens new window) (@calebdoxsey)
identity: infer email from mail claim #1977 (opens new window) (@calebdoxsey)
ping: identity and directory providers #1975 (opens new window) (@calebdoxsey)
config: add rewrite_response_headers to protobuf #1962 (opens new window) (@calebdoxsey)
config: add rewrite_response_headers option #1961 (opens new window) (@calebdoxsey)
assets: use embed instead of statik #1960 (opens new window) (@calebdoxsey)
config: log config source changes #1959 (opens new window) (@calebdoxsey)
config: multiple endpoints for authorize and databroker #1957 (opens new window) (@calebdoxsey)
telemetry: add process collector for envoy #1948 (opens new window) (@calebdoxsey)
use build_info as liveness gauge metric #1940 (opens new window) (@wasaga)
metrics: add TLS options #1939 (opens new window) (@calebdoxsey)
identity: record metric for last refresh #1936 (opens new window) (@calebdoxsey)
middleware: basic auth equalize lengths of input #1934 (opens new window) (@desimone)
autocert: remove non-determinism #1932 (opens new window) (@calebdoxsey)
config: add metrics_basic_auth option #1917 (opens new window) (@calebdoxsey)
envoy: validate binary checksum #1908 (opens new window) (@calebdoxsey)
config: support map of jwt claim headers #1906 (opens new window) (@calebdoxsey)
Remove internal/protoutil. #1893 (opens new window) (@yegle)
databroker: refactor databroker to sync all changes #1879 (opens new window) (@calebdoxsey)
config: add CertificateFiles to FileWatcherSource list #1878 (opens new window) (@travisgroth)
config: allow customization of envoy boostrap admin options #1872 (opens new window) (@calebdoxsey)
proxy: implement pass-through for authenticate backend #1870 (opens new window) (@calebdoxsey)
authorize: move headers and jwt signing to rego #1856 (opens new window) (@calebdoxsey)

# Fixed

deployment: update alpine debug image dependencies #2154 (opens new window) (@travisgroth)
authorize: refactor store locking #2151 (opens new window) (@calebdoxsey)
databroker: store server version in backend #2142 (opens new window) (@calebdoxsey)
authorize: audit log had duplicate "message" key #2141 (opens new window) (@desimone)
httputil: fix SPDY support with reverse proxy #2134 (opens new window) (@calebdoxsey)
envoyconfig: fix metrics ingress listener name #2124 (opens new window) (@calebdoxsey)
authorize: fix empty sub policy arrays #2119 (opens new window) (@calebdoxsey)
authorize: fix unsigned URL #2118 (opens new window) (@calebdoxsey)
authorize: support arbitrary jwt claims #2102 (opens new window) (@calebdoxsey)
authorize: support arbitrary jwt claims #2106 (opens new window) (@github-actions[bot])
xdsmgr: update resource versions on NACK #2093 (opens new window) (@calebdoxsey)
config: don't change address value on databroker or authorize #2092 (opens new window) (@travisgroth)
metrics_address should be optional parameter #2087 (opens new window) (@wasaga)
propagate changes back from encrypted backend #2079 (opens new window) (@wasaga)
config: use tls_custom_ca from policy when available #2077 (opens new window) (@calebdoxsey)
databroker: remove unused installation id, close streams when backend is closed #2062 (opens new window) (@calebdoxsey)
authenticate: fix default sign out url #2061 (opens new window) (@calebdoxsey)
change require_proxy_protocol to use_proxy_protocol #2043 (opens new window) (@contrun)
authorize: bypass data in rego for databroker data #2041 (opens new window) (@calebdoxsey)
proxy: add nil check for fix-misdirected #2040 (opens new window) (@calebdoxsey)
config: add headers to config proto #1996 (opens new window) (@calebdoxsey)
Fix process cpu usage metric #1979 (opens new window) (@wasaga)
cmd/pomerium: exit 0 for normal shutdown #1958 (opens new window) (@travisgroth)
proxy: redirect to dashboard for logout #1944 (opens new window) (@calebdoxsey)
config: fix redirect routes from protobuf #1930 (opens new window) (@travisgroth)
google: fix default provider URL #1928 (opens new window) (@calebdoxsey)
fix registry test #1911 (opens new window) (@wasaga)
ci: pin goreleaser version #1900 (opens new window) (@travisgroth)
onelogin: fix default scopes for v2 #1896 (opens new window) (@calebdoxsey)
xds: fix misdirected script #1895 (opens new window) (@calebdoxsey)
authenticate: validate origin of signout #1876 (opens new window) (@desimone)
redis: fix deletion versioning #1871 (opens new window) (@calebdoxsey)
options: header only applies to routes and authN #1862 (opens new window) (@desimone)
controlplane: add global headers to virtualhost #1861 (opens new window) (@desimone)
unique envoy cluster ids #1858 (opens new window) (@wasaga)

# Security

ci: remove codecov #2161 (opens new window) (@travisgroth)
internal/envoy: always extract envoy #2160 (opens new window) (@travisgroth)
deps: bump envoy to 1.17.2 #2113 (opens new window) (@travisgroth)
deps: bump envoy to 1.17.2 #2114 (opens new window) (@github-actions[bot])
proxy: restrict programmatic URLs to localhost #2049 (opens new window) (@travisgroth)
authenticate: validate signature on /.pomerium, /.pomerium/sign_in and /.pomerium/sign_out #2048 (opens new window) (@travisgroth)

# Documentation

docs: add inline instructions to generate signing-key #2164 (opens new window) (@desimone)
docs: add info note to set_response_headers #2162 (opens new window) (@calebdoxsey)
docs: mention alternative bearer token header format #2155 (opens new window) (@travisgroth)
docs: upgrade notes on allowed\_users by ID #2133 (opens new window) (@travisgroth)
docs: add threat model to security page #2097 (opens new window) (@desimone)
docs: update community slack link #2063 (opens new window) (@travisgroth)
Update local-oidc.md #1994 (opens new window) (@dharmendrakariya)
ping: add documentation #1976 (opens new window) (@calebdoxsey)
docs: add JWT Verification w/Envoy guide #1974 (opens new window) (@calebdoxsey)
Update data-storage.md #1941 (opens new window) (@TanguyPatte)
docs: fix query param name #1920 (opens new window) (@calebdoxsey)
docs: add breaking sa changes in v0.13 #1919 (opens new window) (@desimone)
docs: add v0.13 to docs site menu #1913 (opens new window) (@travisgroth)
docs: update changelog for v0.13.0 #1909 (opens new window) (@desimone)
docs: update security policy #1897 (opens new window) (@desimone)
docs: misc upgrade notes and changelog #1884 (opens new window) (@travisgroth)
docs: add load balancing weight documentation #1883 (opens new window) (@travisgroth)
docs: additional load balancing documentation #1875 (opens new window) (@travisgroth)

# Dependency

chore(deps): bump github.com/ory/dockertest/v3 from 3.6.3 to 3.6.5 #2168 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/prometheus/common from 0.21.0 to 0.23.0 #2167 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.6.0 to 0.6.1 #2166 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/open-policy-agent/opa from 0.27.1 to 0.28.0 #2165 (opens new window) (@dependabot[bot])
use cached envoy #2132 (opens new window) (@wasaga)
chore(deps): bump github.com/prometheus/common from 0.20.0 to 0.21.0 #2130 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.5.1 to 0.6.0 #2129 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.44.0 to 0.45.0 #2128 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/caddyserver/certmagic from 0.12.0 to 0.13.0 #2074 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/go-redis/redis/v8 from 8.8.0 to 8.8.2 #2099 (opens new window) (@dependabot[bot])
chore(deps): bump gopkg.in/auth0.v5 from 5.14.1 to 5.15.0 #2098 (opens new window) (@dependabot[bot])
do not require project be in GOPATH/src #2078 (opens new window) (@wasaga)
chore(deps): bump google.golang.org/api from 0.43.0 to 0.44.0 #2073 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/grpc from 1.36.1 to 1.37.0 #2072 (opens new window) (@dependabot[bot])
chore(deps): bump gopkg.in/auth0.v5 from 5.13.0 to 5.14.1 #2071 (opens new window) (@dependabot[bot])
deps: switch from renovate to dependabot #2069 (opens new window) (@travisgroth)
fix(deps): update module github.com/golang/protobuf to v1.5.2 #2057 (opens new window) (@renovate[bot])
fix(deps): update module github.com/envoyproxy/protoc-gen-validate to v0.5.1 #2056 (opens new window) (@renovate[bot])
fix(deps): update google.golang.org/genproto commit hash to 6c239bb #2054 (opens new window) (@renovate[bot])
fix(deps): update golang.org/x/oauth2 commit hash to 2e8d934 #2053 (opens new window) (@renovate[bot])
fix(deps): update golang.org/x/net commit hash to 0fccb6f #2052 (opens new window) (@renovate[bot])
skip REDIS cluster test if GOOS != linux #2045 (opens new window) (@wasaga)
fix(deps): update module gopkg.in/auth0.v5 to v5.13.0 #2037 (opens new window) (@renovate[bot])
fix(deps): update module google.golang.org/grpc to v1.36.1 #2036 (opens new window) (@renovate[bot])
fix(deps): update module google.golang.org/api to v0.43.0 #2035 (opens new window) (@renovate[bot])
fix(deps): update module github.com/rs/zerolog to v1.21.0 #2034 (opens new window) (@renovate[bot])
fix(deps): update module github.com/prometheus/common to v0.20.0 #2033 (opens new window) (@renovate[bot])
fix(deps): update module github.com/go-redis/redis/v8 to v8.8.0 #2032 (opens new window) (@renovate[bot])
chore(deps): update mikefarah/yq action to v4.6.3 #2031 (opens new window) (@renovate[bot])
fix(deps): update google.golang.org/genproto commit hash to 679c6ae #2030 (opens new window) (@renovate[bot])
fix(deps): update golang.org/x/oauth2 commit hash to 22b0ada #2029 (opens new window) (@renovate[bot])
fix(deps): update golang.org/x/net commit hash to 61e0566 #2028 (opens new window) (@renovate[bot])
fix(deps): update golang.org/x/crypto commit hash to 0c34fe9 #2027 (opens new window) (@renovate[bot])
deps: bundle all patch upgrades in a single group #2016 (opens new window) (@travisgroth)
fix(deps): update module google.golang.org/protobuf to v1.26.0 #2012 (opens new window) (@renovate[bot])
fix(deps): update module github.com/prometheus/client_golang to v1.10.0 #2011 (opens new window) (@renovate[bot])
fix(deps): update module github.com/google/btree to v1.0.1 #2010 (opens new window) (@renovate[bot])
fix(deps): update module github.com/golang/protobuf to v1.5.1 #2009 (opens new window) (@renovate[bot])
fix(deps): update module github.com/envoyproxy/protoc-gen-validate to v0.5.0 #2008 (opens new window) (@renovate[bot])
chore(deps): update mikefarah/yq action to v4.6.2 #2007 (opens new window) (@renovate[bot])
fix(deps): update google.golang.org/genproto commit hash to 5f0e893 #2006 (opens new window) (@renovate[bot])
fix(deps): update golang.org/x/net commit hash to d523dce #2005 (opens new window) (@renovate[bot])
fix(deps): update module google.golang.org/api to v0.42.0 #1989 (opens new window) (@renovate[bot])
fix(deps): update module github.com/open-policy-agent/opa to v0.27.1 #1988 (opens new window) (@renovate[bot])
fix(deps): update module github.com/hashicorp/go-multierror to v1.1.1 #1987 (opens new window) (@renovate[bot])
fix(deps): update module contrib.go.opencensus.io/exporter/prometheus to v0.3.0 #1986 (opens new window) (@renovate[bot])
chore(deps): update codecov/codecov-action action to v1.3.1 #1985 (opens new window) (@renovate[bot])
fix(deps): update google.golang.org/genproto commit hash to 8812039 #1984 (opens new window) (@renovate[bot])
fix(deps): update golang.org/x/oauth2 commit hash to cd4f82c #1983 (opens new window) (@renovate[bot])
fix(deps): update golang.org/x/crypto commit hash to 513c2a4 #1982 (opens new window) (@renovate[bot])
fix(deps): update module github.com/prometheus/procfs to v0.6.0 #1969 (opens new window) (@renovate[bot])
fix(deps): update module github.com/google/go-cmp to v0.5.5 #1968 (opens new window) (@renovate[bot])
fix(deps): update module github.com/go-redis/redis/v8 to v8.7.1 #1967 (opens new window) (@renovate[bot])
fix(deps): update google.golang.org/genproto commit hash to 9728d6b #1966 (opens new window) (@renovate[bot])
fix(deps): update github.com/nsf/jsondiff commit hash to 6ea3239 #1965 (opens new window) (@renovate[bot])
fix(deps): update module github.com/go-chi/chi to v5 #1956 (opens new window) (@renovate[bot])
fix(deps): update module google.golang.org/grpc to v1.36.0 #1955 (opens new window) (@renovate[bot])
fix(deps): update module go.opencensus.io to v0.23.0 #1954 (opens new window) (@renovate[bot])
fix(deps): update module github.com/lithammer/shortuuid/v3 to v3.0.6 #1953 (opens new window) (@renovate[bot])
chore(deps): update vuepress monorepo to v1.8.2 #1952 (opens new window) (@renovate[bot])
chore(deps): update mikefarah/yq action to v4.6.1 #1951 (opens new window) (@renovate[bot])
fix(deps): update google.golang.org/genproto commit hash to ab064af #1950 (opens new window) (@renovate[bot])
fix(deps): update golang.org/x/net commit hash to e18ecbb #1949 (opens new window) (@renovate[bot])
chore(deps): update yaml v2 to v3 #1927 (opens new window) (@desimone)
chore(deps): update vuepress monorepo to v1.8.1 #1891 (opens new window) (@renovate[bot])
chore(deps): update module spf13/cobra to v1.1.3 #1890 (opens new window) (@renovate[bot])
chore(deps): update module google.golang.org/api to v0.40.0 #1889 (opens new window) (@renovate[bot])
chore(deps): update mikefarah/yq action to v4.5.1 #1888 (opens new window) (@renovate[bot])
chore(deps): update google.golang.org/genproto commit hash to e7f2df4 #1887 (opens new window) (@renovate[bot])
chore(deps): update golang.org/x/oauth2 commit hash to 6667018 #1886 (opens new window) (@renovate[bot])
chore(deps): update module auth0 to v5 #1868 (opens new window) (@renovate[bot])
chore(deps): update module google.golang.org/api to v0.39.0 #1867 (opens new window) (@renovate[bot])
chore(deps): update module go-redis/redis/v8 to v8.5.0 #1866 (opens new window) (@renovate[bot])
chore(deps): update mikefarah/yq action to v4.5.0 #1865 (opens new window) (@renovate[bot])
chore(deps): update google.golang.org/genproto commit hash to bba0dbe #1864 (opens new window) (@renovate[bot])
chore(deps): update golang.org/x/oauth2 commit hash to 0101308 #1863 (opens new window) (@renovate[bot])

# Deployment

deployment: update get-envoy script and release hooks #2111 (opens new window) (@travisgroth)
deployment: Publish OS packages to cloudsmith #2105 (opens new window) (@travisgroth)
deployment: update get-envoy script and release hooks #2112 (opens new window) (@github-actions[bot])
deployment: Publish OS packages to cloudsmith #2108 (opens new window) (@github-actions[bot])
ci: cache build and test binaries #1938 (opens new window) (@desimone)
ci: go 1.16.x, cached tests #1937 (opens new window) (@desimone)

# Changed

authorize: remove log #2122 (opens new window) (@calebdoxsey)
config related metrics #2065 (opens new window) (@wasaga)
proxy: support re-proxying request through control plane for kubernetes #2051 (opens new window) (@calebdoxsey)
add default gitlab url #2044 (opens new window) (@contrun)
Updating Doc for Pomerium-Dex Exercise #2018 (opens new window) (@dharmendrakariya)
Add xff\_num\_trusted\_hops config option #2003 (opens new window) (@ntoofu)
envoy: restrict permissions on embedded envoy binary #1999 (opens new window) (@calebdoxsey)
ci: deploy master to integration environments #1973 (opens new window) (@travisgroth)
oidc: use groups claim from ID token if present #1970 (opens new window) (@bonifaido)
config: expose viper policy hooks #1947 (opens new window) (@calebdoxsey)
ci: deploy latest release to test environment #1916 (opens new window) (@travisgroth)
logs: strip query string #1894 (opens new window) (@calebdoxsey)
in-memory service registry #1892 (opens new window) (@wasaga)
controlplane: maybe fix flaky test #1873 (opens new window) (@calebdoxsey)
remove generated code from code coverage metrics #1857 (opens new window) (@travisgroth)

# v0.14.0-rc2 (opens new window) (2021-04-29)

Full Changelog (opens new window)

# New

controlplane: save configuration events to databroker #2153 (opens new window) (@calebdoxsey)
control plane: add request id to all error pages #2149 (opens new window) (@desimone)
let pass custom dial opts #2144 (opens new window) (@wasaga)
envoy: re-implement recommended defaults #2123 (opens new window) (@calebdoxsey)
Drop tun.cfg.dstHost from jwtCacheKey #2115 (opens new window) (@bl0m1)
config: remove validate side effects #2109 (opens new window) (@calebdoxsey)
log context #2107 (opens new window) (@wasaga)
databroker: add options for maximum capacity #2095 (opens new window) (@calebdoxsey)

# Fixed

deployment: update alpine debug image dependencies #2154 (opens new window) (@travisgroth)
authorize: refactor store locking #2151 (opens new window) (@calebdoxsey)
databroker: store server version in backend #2142 (opens new window) (@calebdoxsey)
authorize: audit log had duplicate "message" key #2141 (opens new window) (@desimone)
httputil: fix SPDY support with reverse proxy #2134 (opens new window) (@calebdoxsey)
envoyconfig: fix metrics ingress listener name #2124 (opens new window) (@calebdoxsey)
authorize: fix empty sub policy arrays #2119 (opens new window) (@calebdoxsey)
authorize: fix unsigned URL #2118 (opens new window) (@calebdoxsey)
authorize: support arbitrary jwt claims #2102 (opens new window) (@calebdoxsey)

# Security

deps: bump envoy to 1.17.2 #2113 (opens new window) (@travisgroth)

# Documentation

docs: mention alternative bearer token header format #2155 (opens new window) (@travisgroth)
docs: upgrade notes on allowed\_users by ID #2133 (opens new window) (@travisgroth)

# Dependency

use cached envoy #2132 (opens new window) (@wasaga)
chore(deps): bump github.com/prometheus/common from 0.20.0 to 0.21.0 #2130 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.5.1 to 0.6.0 #2129 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/api from 0.44.0 to 0.45.0 #2128 (opens new window) (@dependabot[bot])
chore(deps): bump github.com/caddyserver/certmagic from 0.12.0 to 0.13.0 #2074 (opens new window) (@dependabot[bot])

# Deployment

deployment: update get-envoy script and release hooks #2111 (opens new window) (@travisgroth)
deployment: Publish OS packages to cloudsmith #2105 (opens new window) (@travisgroth)

# Changed

authorize: remove log #2122 (opens new window) (@calebdoxsey)

# v0.14.0-rc1 (opens new window) (2021-04-22)

Full Changelog (opens new window)

# Breaking

directory: remove provider from user id #2068 (opens new window) (@calebdoxsey)

# New

envoyconfig: move most bootstrap config to shared package #2088 (opens new window) (@calebdoxsey)
envoy: refactor controlplane xds to new envoyconfig package #2086 (opens new window) (@calebdoxsey)
config: rename headers to set_response_headers #2081 (opens new window) (@calebdoxsey)
crypto: use actual bytes of shared secret, not the base64 encoded representation #2075 (opens new window) (@calebdoxsey)
cryptutil: use bytes for hmac #2067 (opens new window) (@calebdoxsey)
cryptutil: always use kek public id, add x509 support #2066 (opens new window) (@calebdoxsey)
authorize: additional tracing, add benchmark for encryptor #2059 (opens new window) (@calebdoxsey)
authorize: audit logging #2050 (opens new window) (@calebdoxsey)
support host:port in metrics_address #2042 (opens new window) (@wasaga)
databroker: return server version in Get #2039 (opens new window) (@wasaga)
authorize: add databroker server and record version to result, force sync via polling #2024 (opens new window) (@calebdoxsey)
protoutil: add generic transformer #2023 (opens new window) (@calebdoxsey)
cryptutil: add envelope encryption w/key encryption key and data encryption key #2020 (opens new window) (@calebdoxsey)
autocert: add metrics for renewal count, total and next expiration #2019 (opens new window) (@calebdoxsey)
telemetry: add installation id #2017 (opens new window) (@calebdoxsey)
config: use getters for certificates #2001 (opens new window) (@calebdoxsey)
config: use getters for authenticate, signout and forward auth urls #2000 (opens new window) (@calebdoxsey)
xds: use ALPN Auto config for upstream protocol when possible #1995 (opens new window) (@calebdoxsey)
envoy: upgrade to v1.17.1 #1993 (opens new window) (@calebdoxsey)
redis: add redis cluster support #1992 (opens new window) (@calebdoxsey)
redis: add support for redis-sentinel #1991 (opens new window) (@calebdoxsey)
authorize: set JWT to expire after 5 minutes #1980 (opens new window) (@calebdoxsey)
identity: infer email from mail claim #1977 (opens new window) (@calebdoxsey)
ping: identity and directory providers #1975 (opens new window) (@calebdoxsey)
config: add rewrite_response_headers to protobuf #1962 (opens new window) (@calebdoxsey)
config: add rewrite_response_headers option #1961 (opens new window) (@calebdoxsey)
assets: use embed instead of statik #1960 (opens new window) (@calebdoxsey)
config: log config source changes #1959 (opens new window) (@calebdoxsey)
config: multiple endpoints for authorize and databroker #1957 (opens new window) (@calebdoxsey)
telemetry: add process collector for envoy #1948 (opens new window) (@calebdoxsey)
use build_info as liveness gauge metric #1940 (opens new window) (@wasaga)
metrics: add TLS options #1939 (opens new window) (@calebdoxsey)
identity: record metric for last refresh #1936 (opens new window) (@calebdoxsey)
middleware: basic auth equalize lengths of input #1934 (opens new window) (@desimone)
autocert: remove non-determinism #1932 (opens new window) (@calebdoxsey)
config: add metrics_basic_auth option #1917 (opens new window) (@calebdoxsey)
envoy: validate binary checksum #1908 (opens new window) (@calebdoxsey)
config: support map of jwt claim headers #1906 (opens new window) (@calebdoxsey)
Remove internal/protoutil. #1893 (opens new window) (@yegle)
databroker: refactor databroker to sync all changes #1879 (opens new window) (@calebdoxsey)
config: add CertificateFiles to FileWatcherSource list #1878 (opens new window) (@travisgroth)
config: allow customization of envoy boostrap admin options #1872 (opens new window) (@calebdoxsey)
proxy: implement pass-through for authenticate backend #1870 (opens new window) (@calebdoxsey)
authorize: move headers and jwt signing to rego #1856 (opens new window) (@calebdoxsey)

# Fixed

authorize: support arbitrary jwt claims #2106 (opens new window) (@github-actions[bot])
xdsmgr: update resource versions on NACK #2093 (opens new window) (@calebdoxsey)
config: don't change address value on databroker or authorize #2092 (opens new window) (@travisgroth)
metrics_address should be optional parameter #2087 (opens new window) (@wasaga)
propagate changes back from encrypted backend #2079 (opens new window) (@wasaga)
config: use tls_custom_ca from policy when available #2077 (opens new window) (@calebdoxsey)
databroker: remove unused installation id, close streams when backend is closed #2062 (opens new window) (@calebdoxsey)
authenticate: fix default sign out url #2061 (opens new window) (@calebdoxsey)
change require_proxy_protocol to use_proxy_protocol #2043 (opens new window) (@contrun)
authorize: bypass data in rego for databroker data #2041 (opens new window) (@calebdoxsey)
proxy: add nil check for fix-misdirected #2040 (opens new window) (@calebdoxsey)
config: add headers to config proto #1996 (opens new window) (@calebdoxsey)
Fix process cpu usage metric #1979 (opens new window) (@wasaga)
cmd/pomerium: exit 0 for normal shutdown #1958 (opens new window) (@travisgroth)
proxy: redirect to dashboard for logout #1944 (opens new window) (@calebdoxsey)
config: fix redirect routes from protobuf #1930 (opens new window) (@travisgroth)
google: fix default provider URL #1928 (opens new window) (@calebdoxsey)
fix registry test #1911 (opens new window) (@wasaga)
ci: pin goreleaser version #1900 (opens new window) (@travisgroth)
onelogin: fix default scopes for v2 #1896 (opens new window) (@calebdoxsey)
xds: fix misdirected script #1895 (opens new window) (@calebdoxsey)
authenticate: validate origin of signout #1876 (opens new window) (@desimone)
redis: fix deletion versioning #1871 (opens new window) (@calebdoxsey)
options: header only applies to routes and authN #1862 (opens new window) (@desimone)
controlplane: add global headers to virtualhost #1861 (opens new window) (@desimone)
unique envoy cluster ids #1858 (opens new window) (@wasaga)

# Security

deps: bump envoy to 1.17.2 #2114 (opens new window) (@github-actions[bot])
proxy: restrict programmatic URLs to localhost #2049 (opens new window) (@travisgroth)
authenticate: validate signature on /.pomerium, /.pomerium/sign_in and /.pomerium/sign_out #2048 (opens new window) (@travisgroth)

# Documentation

docs: add threat model to security page #2097 (opens new window) (@desimone)
docs: update community slack link #2063 (opens new window) (@travisgroth)
Update local-oidc.md #1994 (opens new window) (@dharmendrakariya)
ping: add documentation #1976 (opens new window) (@calebdoxsey)
docs: add JWT Verification w/Envoy guide #1974 (opens new window) (@calebdoxsey)
Update data-storage.md #1941 (opens new window) (@TanguyPatte)
docs: fix query param name #1920 (opens new window) (@calebdoxsey)
docs: add breaking sa changes in v0.13 #1919 (opens new window) (@desimone)
docs: add v0.13 to docs site menu #1913 (opens new window) (@travisgroth)
docs: update changelog for v0.13.0 #1909 (opens new window) (@desimone)
docs: update security policy #1897 (opens new window) (@desimone)
docs: misc upgrade notes and changelog #1884 (opens new window) (@travisgroth)
docs: add load balancing weight documentation #1883 (opens new window) (@travisgroth)
docs: additional load balancing documentation #1875 (opens new window) (@travisgroth)

# Dependency

chore(deps): bump github.com/go-redis/redis/v8 from 8.8.0 to 8.8.2 #2099 (opens new window) (@dependabot[bot])
chore(deps): bump gopkg.in/auth0.v5 from 5.14.1 to 5.15.0 #2098 (opens new window) (@dependabot[bot])
do not require project be in GOPATH/src #2078 (opens new window) (@wasaga)
chore(deps): bump google.golang.org/api from 0.43.0 to 0.44.0 #2073 (opens new window) (@dependabot[bot])
chore(deps): bump google.golang.org/grpc from 1.36.1 to 1.37.0 #2072 (opens new window) (@dependabot[bot])
chore(deps): bump gopkg.in/auth0.v5 from 5.13.0 to 5.14.1 #2071 (opens new window) (@dependabot[bot])
deps: switch from renovate to dependabot #2069 (opens new window) (@travisgroth)
fix(deps): update module github.com/golang/protobuf to v1.5.2 #2057 (opens new window) (@renovate[bot])
fix(deps): update module github.com/envoyproxy/protoc-gen-validate to v0.5.1 #2056 (opens new window) (@renovate[bot])
fix(deps): update google.golang.org/genproto commit hash to 6c239bb #2054 (opens new window) (@renovate[bot])
fix(deps): update golang.org/x/oauth2 commit hash to 2e8d934 #2053 (opens new window) (@renovate[bot])
fix(deps): update golang.org/x/net commit hash to 0fccb6f #2052 (opens new window) (@renovate[bot])
skip REDIS cluster test if GOOS != linux #2045 (opens new window) (@wasaga)
fix(deps): update module gopkg.in/auth0.v5 to v5.13.0 #2037 (opens new window) (@renovate[bot])
fix(deps): update module google.golang.org/grpc to v1.36.1 #2036 (opens new window) (@renovate[bot])
fix(deps): update module google.golang.org/api to v0.43.0 #2035 (opens new window) (@renovate[bot])
fix(deps): update module github.com/rs/zerolog to v1.21.0 #2034 (opens new window) (@renovate[bot])
fix(deps): update module github.com/prometheus/common to v0.20.0 #2033 (opens new window) (@renovate[bot])
fix(deps): update module github.com/go-redis/redis/v8 to v8.8.0 #2032 (opens new window) (@renovate[bot])
chore(deps): update mikefarah/yq action to v4.6.3 #2031 (opens new window) (@renovate[bot])
fix(deps): update google.golang.org/genproto commit hash to 679c6ae #2030 (opens new window) (@renovate[bot])
fix(deps): update golang.org/x/oauth2 commit hash to 22b0ada #2029 (opens new window) (@renovate[bot])
fix(deps): update golang.org/x/net commit hash to 61e0566 #2028 (opens new window) (@renovate[bot])
fix(deps): update golang.org/x/crypto commit hash to 0c34fe9 #2027 (opens new window) (@renovate[bot])
deps: bundle all patch upgrades in a single group #2016 (opens new window) (@travisgroth)
fix(deps): update module google.golang.org/protobuf to v1.26.0 #2012 (opens new window) (@renovate[bot])
fix(deps): update module github.com/prometheus/client_golang to v1.10.0 #2011 (opens new window) (@renovate[bot])
fix(deps): update module github.com/google/btree to v1.0.1 #2010 (opens new window) (@renovate[bot])
fix(deps): update module github.com/golang/protobuf to v1.5.1 #2009 (opens new window) (@renovate[bot])
fix(deps): update module github.com/envoyproxy/protoc-gen-validate to v0.5.0 #2008 (opens new window) (@renovate[bot])
chore(deps): update mikefarah/yq action to v4.6.2 #2007 (opens new window) (@renovate[bot])
fix(deps): update google.golang.org/genproto commit hash to 5f0e893 #2006 (opens new window) (@renovate[bot])
fix(deps): update golang.org/x/net commit hash to d523dce #2005 (opens new window) (@renovate[bot])
fix(deps): update module google.golang.org/api to v0.42.0 #1989 (opens new window) (@renovate[bot])
fix(deps): update module github.com/open-policy-agent/opa to v0.27.1 #1988 (opens new window) (@renovate[bot])
fix(deps): update module github.com/hashicorp/go-multierror to v1.1.1 #1987 (opens new window) (@renovate[bot])
fix(deps): update module contrib.go.opencensus.io/exporter/prometheus to v0.3.0 #1986 (opens new window) (@renovate[bot])
chore(deps): update codecov/codecov-action action to v1.3.1 #1985 (opens new window) (@renovate[bot])
fix(deps): update google.golang.org/genproto commit hash to 8812039 #1984 (opens new window) (@renovate[bot])
fix(deps): update golang.org/x/oauth2 commit hash to cd4f82c #1983 (opens new window) (@renovate[bot])
fix(deps): update golang.org/x/crypto commit hash to 513c2a4 #1982 (opens new window) (@renovate[bot])
fix(deps): update module github.com/prometheus/procfs to v0.6.0 #1969 (opens new window) (@renovate[bot])
fix(deps): update module github.com/google/go-cmp to v0.5.5 #1968 (opens new window) (@renovate[bot])
fix(deps): update module github.com/go-redis/redis/v8 to v8.7.1 #1967 (opens new window) (@renovate[bot])
fix(deps): update google.golang.org/genproto commit hash to 9728d6b #1966 (opens new window) (@renovate[bot])
fix(deps): update github.com/nsf/jsondiff commit hash to 6ea3239 #1965 (opens new window) (@renovate[bot])
fix(deps): update module github.com/go-chi/chi to v5 #1956 (opens new window) (@renovate[bot])
fix(deps): update module google.golang.org/grpc to v1.36.0 #1955 (opens new window) (@renovate[bot])
fix(deps): update module go.opencensus.io to v0.23.0 #1954 (opens new window) (@renovate[bot])
fix(deps): update module github.com/lithammer/shortuuid/v3 to v3.0.6 #1953 (opens new window) (@renovate[bot])
chore(deps): update vuepress monorepo to v1.8.2 #1952 (opens new window) (@renovate[bot])
chore(deps): update mikefarah/yq action to v4.6.1 #1951 (opens new window) (@renovate[bot])
fix(deps): update google.golang.org/genproto commit hash to ab064af #1950 (opens new window) (@renovate[bot])
fix(deps): update golang.org/x/net commit hash to e18ecbb #1949 (opens new window) (@renovate[bot])
chore(deps): update yaml v2 to v3 #1927 (opens new window) (@desimone)
chore(deps): update vuepress monorepo to v1.8.1 #1891 (opens new window) (@renovate[bot])
chore(deps): update module spf13/cobra to v1.1.3 #1890 (opens new window) (@renovate[bot])
chore(deps): update module google.golang.org/api to v0.40.0 #1889 (opens new window) (@renovate[bot])
chore(deps): update mikefarah/yq action to v4.5.1 #1888 (opens new window) (@renovate[bot])
chore(deps): update google.golang.org/genproto commit hash to e7f2df4 #1887 (opens new window) (@renovate[bot])
chore(deps): update golang.org/x/oauth2 commit hash to 6667018 #1886 (opens new window) (@renovate[bot])
chore(deps): update module auth0 to v5 #1868 (opens new window) (@renovate[bot])
chore(deps): update module google.golang.org/api to v0.39.0 #1867 (opens new window) (@renovate[bot])
chore(deps): update module go-redis/redis/v8 to v8.5.0 #1866 (opens new window) (@renovate[bot])
chore(deps): update mikefarah/yq action to v4.5.0 #1865 (opens new window) (@renovate[bot])
chore(deps): update google.golang.org/genproto commit hash to bba0dbe #1864 (opens new window) (@renovate[bot])
chore(deps): update golang.org/x/oauth2 commit hash to 0101308 #1863 (opens new window) (@renovate[bot])

# Deployment

deployment: update get-envoy script and release hooks #2112 (opens new window) (@github-actions[bot])
deployment: Publish OS packages to cloudsmith #2108 (opens new window) (@github-actions[bot])
ci: cache build and test binaries #1938 (opens new window) (@desimone)
ci: go 1.16.x, cached tests #1937 (opens new window) (@desimone)

# Changed

config related metrics #2065 (opens new window) (@wasaga)
proxy: support re-proxying request through control plane for kubernetes #2051 (opens new window) (@calebdoxsey)
add default gitlab url #2044 (opens new window) (@contrun)
Updating Doc for Pomerium-Dex Exercise #2018 (opens new window) (@dharmendrakariya)
Add xff\_num\_trusted\_hops config option #2003 (opens new window) (@ntoofu)
envoy: restrict permissions on embedded envoy binary #1999 (opens new window) (@calebdoxsey)
ci: deploy master to integration environments #1973 (opens new window) (@travisgroth)
oidc: use groups claim from ID token if present #1970 (opens new window) (@bonifaido)
config: expose viper policy hooks #1947 (opens new window) (@calebdoxsey)
ci: deploy latest release to test environment #1916 (opens new window) (@travisgroth)
logs: strip query string #1894 (opens new window) (@calebdoxsey)
in-memory service registry #1892 (opens new window) (@wasaga)
controlplane: maybe fix flaky test #1873 (opens new window) (@calebdoxsey)
remove generated code from code coverage metrics #1857 (opens new window) (@travisgroth)

# v0.13.6 (opens new window) (2021-04-17)

Full Changelog (opens new window)

# Security

deps: upgrade envoy to 1.16.3 #2096 (opens new window) (@travisgroth)

# Documentation

docs: update community slack link #2064 (opens new window) (@github-actions[bot])

# v0.13.5 (opens new window) (2021-04-06)

Full Changelog (opens new window)

# Fixed

change require_proxy_protocol to use_proxy_protocol #2058 (opens new window) (@github-actions[bot])

# v0.13.4 (opens new window) (2021-03-31)

Full Changelog (opens new window)

# Security

proxy: restrict programmatic URLs to localhost #2047 (opens new window) (@travisgroth)
authenticate: validate signature on /.pomerium, /.pomerium/sign_in and /.pomerium/sign_out #2046 (opens new window) (@travisgroth)

# v0.13.3 (opens new window) (2021-03-12)

Full Changelog (opens new window)

# New

identity: infer email from mail claim #1978 (opens new window) (@github-actions[bot])

# v0.13.2 (opens new window) (2021-02-25)

Full Changelog (opens new window)

# Documentation

Update data-storage.md #1942 (opens new window) (@github-actions[bot])

# Changed

proxy: redirect to dashboard for logout #1945 (opens new window) (@github-actions[bot])

# v0.13.1 (opens new window) (2021-02-22)

Full Changelog (opens new window)

# Fixed

config: fix redirect routes from protobuf #1931 (opens new window) (@github-actions[bot])
google: fix default provider URL #1929 (opens new window) (@github-actions[bot])

# Documentation

docs: fix query param name #1923 (opens new window) (@github-actions[bot])
docs: add breaking sa changes in v0.13 #1921 (opens new window) (@github-actions[bot])
docs: add v0.13 to docs site menu #1914 (opens new window) (@github-actions[bot])

# Changed

ci: deploy releases to test environment (#1916) #1918 (opens new window) (@travisgroth)

* This Changelog was automatically generated by github_changelog_generator (opens new window)

# v0.13.0 (opens new window) (2021-02-17)

Full Changelog (opens new window)

# Breaking

authorize: remove admin #1833 (opens new window) (@calebdoxsey)
remove user impersonation and service account cli #1768 (opens new window) (@calebdoxsey)

# New

authorize: allow access by user id #1850 (opens new window) (@calebdoxsey)
authorize: remove DataBrokerData input #1847 (opens new window) (@calebdoxsey)
opa: format rego files #1845 (opens new window) (@calebdoxsey)
policy: add new certificate-authority option for downstream mTLS client certificates #1835 (opens new window) (@calebdoxsey)
metrics: human readable cluster name #1834 (opens new window) (@wasaga)
upstream endpoints load balancer weights #1830 (opens new window) (@wasaga)
controlplane: only add listener virtual domains for addresses matching the current TLS domain #1823 (opens new window) (@calebdoxsey)
authenticate: delay evaluation of OIDC provider #1802 (opens new window) (@calebdoxsey)
config: require shared key if using redis backed databroker #1801 (opens new window) (@travisgroth)
upstream health check config #1796 (opens new window) (@wasaga)
new skip_xff_append option #1788 (opens new window) (@wasaga)
policy: add outlier_detection #1786 (opens new window) (@calebdoxsey)
reduce memory usage by handling http/2 coalescing via a lua script #1779 (opens new window) (@calebdoxsey)
add support for proxy protocol on HTTP listener #1777 (opens new window) (@calebdoxsey)
config: support redirect actions #1776 (opens new window) (@calebdoxsey)
config: detect underlying file changes #1775 (opens new window) (@calebdoxsey)
authenticate: update user info screens #1774 (opens new window) (@desimone)
jws: remove issuer #1754 (opens new window) (@calebdoxsey)

# Fixed

redis: fix deletion versioning #1874 (opens new window) (@github-actions[bot])
rego: handle null #1853 (opens new window) (@calebdoxsey)
config: fix data race #1851 (opens new window) (@calebdoxsey)
deployment: set maintainer field in packages #1848 (opens new window) (@travisgroth)
xds: fix always requiring client certificates #1844 (opens new window) (@calebdoxsey)
fix go:generate for envoy config #1826 (opens new window) (@calebdoxsey)
controlplane: only enable STATIC dns when all adresses are IP addresses #1822 (opens new window) (@calebdoxsey)
config: fix databroker policies #1821 (opens new window) (@calebdoxsey)
config: fix hot-reloading #1820 (opens new window) (@calebdoxsey)
Revert "reduce memory usage by handling http/2 coalescing via a lua script" #1785 (opens new window) (@calebdoxsey)
google: fix nil name #1771 (opens new window) (@calebdoxsey)
autocert: improve logging #1767 (opens new window) (@travisgroth)

# Documentation

github: add tag suggestion to checklist #1819 (opens new window) (@desimone)
docs: add reference to the go-sdk #1800 (opens new window) (@desimone)
updated host rewrite docs #1799 (opens new window) (@vihardesu)
docs: update menu for v0.12 #1755 (opens new window) (@travisgroth)
Update GitLab provider docs #1591 (opens new window) (@bradjones1)
Fix command in Kubernetes Quick start docs #1582 (opens new window) (@wesleyw72)

# Dependency

chore(deps): update module go.opencensus.io to v0.22.6 #1842 (opens new window) (@renovate[bot])
chore(deps): update module go-redis/redis/v8 to v8.4.11 #1841 (opens new window) (@renovate[bot])
chore(deps): update google.golang.org/genproto commit hash to 44e461b #1840 (opens new window) (@renovate[bot])
chore(deps): update golang.org/x/oauth2 commit hash to f9ce19e #1839 (opens new window) (@renovate[bot])
chore(deps): update module stretchr/testify to v1.7.0 #1816 (opens new window) (@renovate[bot])
chore(deps): update module open-policy-agent/opa to v0.26.0 #1815 (opens new window) (@renovate[bot])
chore(deps): update module mitchellh/mapstructure to v1.4.1 #1814 (opens new window) (@renovate[bot])
chore(deps): update module google/uuid to v1.2.0 #1813 (opens new window) (@renovate[bot])
chore(deps): update module google.golang.org/grpc to v1.35.0 #1812 (opens new window) (@renovate[bot])
chore(deps): update module go-redis/redis/v8 to v8.4.10 #1811 (opens new window) (@renovate[bot])
chore(deps): update mikefarah/yq action to v4.4.1 #1810 (opens new window) (@renovate[bot])
chore(deps): update google.golang.org/genproto commit hash to 8081c04 #1809 (opens new window) (@renovate[bot])
chore(deps): update golang.org/x/oauth2 commit hash to d3ed898 #1808 (opens new window) (@renovate[bot])
chore(deps): update golang.org/x/net commit hash to 5f4716e #1807 (opens new window) (@renovate[bot])
chore(deps): update oidc to v3 #1783 (opens new window) (@desimone)
chore(deps): update vuepress monorepo to v1.8.0 #1761 (opens new window) (@renovate[bot])
chore(deps): update module go-redis/redis/v8 to v8.4.8 #1760 (opens new window) (@renovate[bot])
chore(deps): update mikefarah/yq action to v4.3.1 #1759 (opens new window) (@renovate[bot])
chore(deps): update codecov/codecov-action action to v1.2.1 #1758 (opens new window) (@renovate[bot])
chore(deps): update google.golang.org/genproto commit hash to c7d5778 #1757 (opens new window) (@renovate[bot])
chore(deps): update module google.golang.org/api to v0.38.0 #1656 (opens new window) (@renovate[bot])

# Deployment

ci: fix usage of env variable in latest tag #1791 (opens new window) (@travisgroth)
databroker: rename cache service #1790 (opens new window) (@calebdoxsey)
ci: fix deprecated command in latestTag step #1763 (opens new window) (@travisgroth)

# Changed

docs: additional load balancing documentation #1882 (opens new window) (@github-actions[bot])
authenticate: validate origin of signout #1881 (opens new window) (@github-actions[bot])
config: add CertificateFiles to FileWatcherSource list #1880 (opens new window) (@github-actions[bot])
ci: enable backporting from forks #1854 (opens new window) (@travisgroth)
ci: fix version metadata in non-releases #1836 (opens new window) (@travisgroth)
protobuf: upgrade protoc to 3.14 #1832 (opens new window) (@calebdoxsey)
Update codeowners #1831 (opens new window) (@travisgroth)
config: return errors on invalid URLs, fix linting #1829 (opens new window) (@calebdoxsey)
grpc: use custom resolver #1828 (opens new window) (@calebdoxsey)
controlplane: return errors in xds build methods #1827 (opens new window) (@calebdoxsey)
include envoy's proto specs into config.proto #1817 (opens new window) (@wasaga)
expose all envoy cluster options in policy #1804 (opens new window) (@wasaga)
autocert: store certificates separately from config certificates #1794 (opens new window) (@calebdoxsey)
move file change detection before autocert #1793 (opens new window) (@calebdoxsey)
config: support multiple destination addresses #1789 (opens new window) (@calebdoxsey)
ci: license check action #1773 (opens new window) (@travisgroth)
authorize: move impersonation into session/service account #1765 (opens new window) (@calebdoxsey)

# v0.12.2 (opens new window) (2021-02-02)

Full Changelog (opens new window)

# Fixed

[Backport 0-12-0] deployment: set maintainer field in packages #1849 (opens new window) (@github-actions[bot])

# Changed

[Backport 0-12-0] ci: fix usage of env variable in latest tag #1806 (opens new window) (@github-actions[bot])
[Backport 0-12-0] docs: add reference to the go-sdk #1803 (opens new window) (@github-actions[bot])

# v0.12.1 (opens new window) (2021-01-13)

Full Changelog (opens new window)

# Fixed

[Backport 0-12-0] google: fix nil name #1772 (opens new window) (@github-actions[bot])
[Backport 0-12-0] autocert: improve logging #1769 (opens new window) (@travisgroth)

# Documentation

[Backport 0-12-0] docs: update menu for v0.12 #1762 (opens new window) (@github-actions[bot])

# Deployment

[Backport 0-12-0] ci: fix deprecated command in latestTag step #1764 (opens new window) (@github-actions[bot])

# v0.12.0 (opens new window) (2021-01-07)

Full Changelog (opens new window)

# New

tcp: prevent idle stream timeouts for TCP and Websocket routes #1744 (opens new window) (@calebdoxsey)
telemetry: add support for datadog tracing #1743 (opens new window) (@calebdoxsey)
use incremental API for envoy xDS #1732 (opens new window) (@calebdoxsey)
cli: add version command #1726 (opens new window) (@desimone)
add TLS flags for TCP tunnel #1725 (opens new window) (@calebdoxsey)
k8s cmd: use authclient package #1722 (opens new window) (@calebdoxsey)
internal/controlplane: 0s default timeout for tcp routes #1716 (opens new window) (@travisgroth)
use impersonate groups if impersonate email is set #1701 (opens new window) (@calebdoxsey)
unimpersonate button #1700 (opens new window) (@calebdoxsey)
TCP client command #1696 (opens new window) (@calebdoxsey)
add support for TCP routes #1695 (opens new window) (@calebdoxsey)
internal/directory: use gitlab provider url option #1689 (opens new window) (@nghnam)
improve ca cert error message, use GetCertPool for databroker storage #1666 (opens new window) (@calebdoxsey)
implement new redis storage backend with go-redis package #1649 (opens new window) (@calebdoxsey)
authenticate: oidc frontchannel-logout endpoint #1586 (opens new window) (@pflipp)

# Fixed

remove :443 or :80 from proxy URLs in authclient #1733 (opens new window) (@calebdoxsey)
tcptunnel: handle invalid http response codes #1727 (opens new window) (@calebdoxsey)
update azure docs #1723 (opens new window) (@calebdoxsey)
config: fix ignored yaml fields #1698 (opens new window) (@travisgroth)
fix concurrency race #1675 (opens new window) (@calebdoxsey)
don't create users when updating sessions #1671 (opens new window) (@calebdoxsey)

# Documentation

update google docs #1738 (opens new window) (@calebdoxsey)
docs: add TCP guide #1714 (opens new window) (@travisgroth)
docs: tcp support #1712 (opens new window) (@travisgroth)
docs: replace httpbin with verify #1702 (opens new window) (@desimone)
docs: fix nginx config #1691 (opens new window) (@desimone)
remove "see policy" phrase in settings docs #1668 (opens new window) (@calebdoxsey)
docs: add allowed_idp_claims docs #1665 (opens new window) (@travisgroth)
docs: add v0.11 link to version menu #1663 (opens new window) (@travisgroth)

# Dependency

chore(deps): update module google/uuid to v1.1.4 #1729 (opens new window) (@renovate[bot])
dev: update linter #1728 (opens new window) (@desimone)
chore(deps): update codecov/codecov-action action to v1.1.1 #1720 (opens new window) (@renovate[bot])
chore(deps): update golang.org/x/net commit hash to 6772e93 #1719 (opens new window) (@renovate[bot])
chore(deps): update golang.org/x/crypto commit hash to eec23a3 #1718 (opens new window) (@renovate[bot])
chore(deps): update precommit hook pre-commit/pre-commit-hooks to v3.4.0 #1710 (opens new window) (@renovate[bot])
chore(deps): update module prometheus/client_golang to v1.9.0 #1709 (opens new window) (@renovate[bot])
chore(deps): update module ory/dockertest/v3 to v3.6.3 #1708 (opens new window) (@renovate[bot])
chore(deps): update module go-redis/redis/v8 to v8.4.4 #1707 (opens new window) (@renovate[bot])
chore(deps): update codecov/codecov-action action to v1.1.0 #1706 (opens new window) (@renovate[bot])
chore(deps): update google.golang.org/genproto commit hash to 8c77b98 #1705 (opens new window) (@renovate[bot])
chore(deps): update golang.org/x/net commit hash to 986b41b #1704 (opens new window) (@renovate[bot])
chore(deps): update golang.org/x/crypto commit hash to 9d13527 #1703 (opens new window) (@renovate[bot])
chore(deps): update module open-policy-agent/opa to v0.25.2 #1685 (opens new window) (@renovate[bot])
chore(deps): update module go-redis/redis/v8 to v8.4.2 #1684 (opens new window) (@renovate[bot])
chore(deps): update module envoyproxy/go-control-plane to v0.9.8 #1683 (opens new window) (@renovate[bot])
chore(deps): update google.golang.org/genproto commit hash to 40ec1c2 #1682 (opens new window) (@renovate[bot])
chore(deps): update golang.org/x/sync commit hash to 09787c9 #1681 (opens new window) (@renovate[bot])
chore(deps): update golang.org/x/oauth2 commit hash to 08078c5 #1680 (opens new window) (@renovate[bot])
chore(deps): update golang.org/x/net commit hash to ac852fb #1679 (opens new window) (@renovate[bot])
chore(deps): update golang.org/x/crypto commit hash to 5f87f34 #1678 (opens new window) (@renovate[bot])

# Deployment

ci: upgrade yq syntax for v4 #1745 (opens new window) (@travisgroth)
deployment: Fix docker and rpm workflows #1687 (opens new window) (@travisgroth)
ci: fix pomerium-cli rpm name #1661 (opens new window) (@travisgroth)

# Changed

ci: fix typo in yq image #1746 (opens new window) (@travisgroth)
fix coverage #1741 (opens new window) (@calebdoxsey)
fix error wrapping #1737 (opens new window) (@calebdoxsey)
Revert "set recommended defaults" #1735 (opens new window) (@calebdoxsey)
set recommended defaults #1734 (opens new window) (@calebdoxsey)
internal/telemetry/metrics: update redis metrics for go-redis #1694 (opens new window) (@travisgroth)

# v0.11.1 (opens new window) (2020-12-11)

Full Changelog (opens new window)

# Fixed

[Backport 0-11-0] fix concurrency race #1676 (opens new window) (@github-actions[bot])
[Backport 0-11-0] don't create users when updating sessions #1672 (opens new window) (@github-actions[bot])

# Documentation

[Backport 0-11-0] remove "see policy" phrase in settings docs #1669 (opens new window) (@github-actions[bot])
[Backport 0-11-0] docs: add allowed_idp_claims docs #1667 (opens new window) (@github-actions[bot])
[Backport 0-11-0] docs: add v0.11 link to version menu #1664 (opens new window) (@github-actions[bot])

# Deployment

[Backport 0-11-0] ci: fix pomerium-cli rpm name #1662 (opens new window) (@travisgroth)

# v0.11.0 (opens new window) (2020-12-04)

Full Changelog (opens new window)

# Breaking

remove deprecated cache_service_url config option #1614 (opens new window) (@calebdoxsey)
add flag to enable user impersonation #1514 (opens new window) (@calebdoxsey)

# New

microsoft: add support for common endpoint #1648