Skip to content

Releases: ory/oathkeeper

v0.40.7

29 Feb 16:17
Compare
Choose a tag to compare

This release includes new features and many improvements to the tracing instrumentations.

Code Generation

  • Pin v0.40.7 release commit (8fc9b7a):

    Bumps from v0.40.7-pre.0

Changelog

  • 8fc9b7a autogen: pin v0.40.7 release commit

Artifacts can be verified with cosign using this public key.

v0.40.7-pre.0

29 Feb 15:15
Compare
Choose a tag to compare
v0.40.7-pre.0 Pre-release
Pre-release

autogen: pin v0.40.7-pre.0 release commit

Bug Fixes

Code Generation

  • Pin v0.40.7-pre.0 release commit (82282ce)

Features

  • Add headers option for remote_json authorizer (#1140) (1ee445d)

  • Preserve_host feature for oauth2_introspect, better tracing, introspection prefixes (#1131) (b5d4d88):

    This patch additionally allows selecting between the two authenticators based on a prefix to the token.

Changelog

  • 25959b1 autogen(docs): generate and bump docs
  • 4d61221 autogen(docs): regenerate and update changelog
  • cae2824 autogen(docs): regenerate and update changelog
  • 0260960 autogen(docs): regenerate and update changelog
  • c064f20 autogen(docs): regenerate and update changelog
  • 1329413 autogen(docs): regenerate and update changelog
  • d1e74fa autogen(docs): regenerate and update changelog
  • db2da0a autogen: add v0.40.6 to version.schema.json
  • 82282ce autogen: pin v0.40.7-pre.0 release commit
  • 93939a0 chore: bump golangci-lint (#1150)
  • 98e8e5c chore: bump ory/herodot
  • 461f088 chore: update repository templates to ory/meta@ac80097
  • 557f512 chore: update repository templates to ory/meta@af28aff
  • 1ee445d feat: add headers option for remote_json authorizer (#1140)
  • b5d4d88 feat: preserve_host feature for oauth2_introspect, better tracing, introspection prefixes (#1131)
  • 58690ae fix: ignore version.schema.json (prettier)
  • 5bf9b70 fix: update alpine version (#1128)

Artifacts can be verified with cosign using this public key.

v0.40.6

18 Jul 10:23
75eb682
Compare
Choose a tag to compare

Resolves an issue in how X-Forwarded headers were set.

Bug Fixes

  • Properly copy x-forwarded headers from upstream (#1121) (7088682)

Code Generation

  • Pin v0.40.6 release commit (75eb682)

Changelog

  • ee605eb autogen(docs): generate and bump docs
  • 8fc3473 autogen: add v0.40.5 to version.schema.json
  • 75eb682 autogen: pin v0.40.6 release commit
  • 7088682 fix: properly copy x-forwarded headers from upstream (#1121)

Artifacts can be verified with cosign using this public key.

v0.40.5

17 Jul 14:14
ba1f90a
Compare
Choose a tag to compare

Ory Oathkeeper v0.44.4 uses the new Rewrite feature of Golang's reverse proxy. This will strip any X-Forwarded headers from upstream requests. This however is not always desirable which is why a new config flag serve.proxy.trust_forwarded_headers was introduced to optionally enable the forwarding of X-Forwarded headers.

Code Generation

  • Pin v0.40.5 release commit (ba1f90a)

Features

  • Flag to disable hop-by-hop defenses (#1120) (fffe8ef):

    Ory Oathkeeper v0.44.4 uses the new Rewrite feature of Golang's reverse proxy. This will strip any X-Forwarded headers from upstream requests. This however is not always desirable which is why a new config flag serve.proxy.trust_forwarded_headers was introduced to optionally enable the forwarding of X-Forwarded headers.

Changelog

  • 7a94b54 autogen(docs): generate and bump docs
  • 07c1e3c autogen: add v0.40.4 to version.schema.json
  • ba1f90a autogen: pin v0.40.5 release commit
  • fffe8ef feat: flag to disable hop-by-hop defenses (#1120)

Artifacts can be verified with cosign using this public key.

v0.40.4

13 Jul 09:44
70d63f3
Compare
Choose a tag to compare

Added distroless image, fixed some bugs, and added support for JWKs key rotation in the ID token mutator.

Bug Fixes

Code Generation

  • Pin v0.40.4 release commit (70d63f3)

Features

  • Add distroless images (#1114) (8ac1dac)

  • Sqa metrics v2 (#1110) (baeecc6)

  • Support token rotation in ID token mutator (#1119) (5dd4571):

    Previously, only one JWK may be returned by the JWKS URL. This made token rotation impossible. This patch allows for multiple keys to be returned by the JWKS URL and the first key found will be used for signing.

Tests

Changelog

  • 48c90c1 autogen(docs): generate and bump docs
  • 47e3d19 autogen(docs): regenerate and update changelog
  • b7c57ca autogen(docs): regenerate and update changelog
  • 6761be1 autogen(docs): regenerate and update changelog
  • 64aed38 autogen(docs): regenerate and update changelog
  • ccdf1e4 autogen(docs): regenerate and update changelog
  • 9275dcd autogen(docs): regenerate and update changelog
  • 1c333b9 autogen(docs): regenerate and update changelog
  • 4f08af7 autogen(docs): regenerate and update changelog
  • 3276408 autogen(openapi): regenerate swagger spec and internal client
  • 97e9660 autogen(openapi): regenerate swagger spec and internal client
  • 12d0aea autogen: add v0.40.3 to version.schema.json
  • 70d63f3 autogen: pin v0.40.4 release commit
  • c85d0a9 autogen: pin v0.40.4 release commit
  • 596ad11 chore(deps): bump github.com/knadh/koanf to v2.0.1 (#1111)
  • 0a767e7 chore(deps): update ory/x to v0.0.565 (#1113)
  • 56779c4 chore: support in README (#1117)
  • 91ae714 chore: update gRPC to v1.56.1 (#1118)
  • 1857ba3 chore: update security scanners (#1107)
  • 8ac1dac feat: add distroless images (#1114)
  • baeecc6 feat: sqa metrics v2 (#1110)
  • 5dd4571 feat: support token rotation in ID token mutator (#1119)
  • 08b2bfb fix: apk install issue
  • d9b0965 fix: ensure logger uses config (#1104)
  • 3a716f2 fix: noop mutator don't overwrite session headers (#1091)
  • c520e50 fix: use Query.Get when fetching QueryParameter (#1106)
  • af5ce29 test: use reliable upstream server (#1099)

Artifacts can be verified with cosign using this public key.

v0.40.3

26 Apr 17:01
v0.40.3
2ab7687
Compare
Choose a tag to compare

This release fixes a low-severity security vulnerability.

Bug Fixes

Code Generation

  • Pin v0.40.3 release commit (2ab7687)

Features

Changelog

  • d15dfa2 autogen(docs): generate and bump docs
  • 4768d05 autogen(docs): regenerate and update changelog
  • 2fd6a84 autogen(docs): regenerate and update changelog
  • 271a666 autogen(docs): regenerate and update changelog
  • b8c6261 autogen(docs): regenerate and update changelog
  • 629247b autogen(openapi): regenerate swagger spec and internal client
  • f3ec24a autogen: add v0.40.2 to version.schema.json
  • 2ab7687 autogen: pin v0.40.3 release commit
  • 310aa5f chore(deps): bump @nestjs/core and @openapitools/openapi-generator-cli (#1097)
  • a615f7b chore(deps): bump github.com/docker/docker
  • 37e2df8 chore(deps): bump github.com/opencontainers/runc from 1.1.4 to 1.1.5 (#1084)
  • c60e4ac feat: tracing for gRPC middleware (#1086)
  • 360a03e fix: report 499, 502, or 504 (#1090)
  • 9374d2f fix: sqa config values unified across projects (#1094)
  • c5cc7f7 fix: switch to httputil.ReverseProxy.Rewrite (#1098)

Artifacts can be verified with cosign using this public key.

v0.40.2

15 Mar 16:29
0f42d7c
Compare
Choose a tag to compare

Resolves tracing and health monitoring issues.

Bug Fixes

  • Add handlers in correct order to handle CORS requests properly (#1055) (0b5f6e6), closes ory/oathkeeper#1054

  • Release pipeline (#1053) (878089d)

  • Render complete config schema in CI and update tracing config (#1063) (e5e9d17)

  • Rule readiness check should require at least one rule to be loaded (#1061) (daa2994):

    With this change, Oathkeeper now reports as "not ready" on the health check if not at least one valid rule is loaded.

Code Generation

  • Pin v0.40.2 release commit (0f42d7c)

Documentation

Features

Changelog

  • 4e8f06e autogen(docs): generate and bump docs
  • 9572b59 autogen(docs): regenerate and update changelog
  • 46689fa autogen(docs): regenerate and update changelog
  • f40b3f1 autogen(docs): regenerate and update changelog
  • e29a26a autogen(docs): regenerate and update changelog
  • 29c09de autogen(docs): regenerate and update changelog
  • 12bdbe6 autogen(docs): regenerate and update changelog
  • b342931 autogen(docs): regenerate and update changelog
  • 34d1217 autogen(docs): regenerate and update changelog
  • 5233025 autogen(docs): regenerate and update changelog
  • 98da1a3 autogen(docs): regenerate and update changelog
  • 3cd0550 autogen(docs): regenerate and update changelog
  • 0f42d7c autogen: pin v0.40.2 release commit
  • 2b13ac1 chore(deps): bump JWT deps (#1052)
  • cd35bf8 chore(deps): bump golang.org/x/net from 0.5.0 to 0.7.0 (#1069)
  • 0e3c249 chore: update alpine version (#1070)
  • d305381 chore: use watcherx to watch access rule files (#1059)
  • bba14ba docs: update security email (#1077)
  • e7fb605 feat: add cache to Koanf.validatePipelineConfig (#1042)
  • e1357f8 feat: expose health checks in middleware (#1058)
  • f3c4386 feat: forward config options in middleware (#1062)
  • b3aa0c3 feat: improved tracing for authorizers (#1079)
  • 7e7d45e feat: tracing for authz remote (#1056)
  • 0b5f6e6 fix: add handlers in correct order to handle CORS requests properly (#1055)
  • 878089d fix: release pipeline (#1053)
  • e5e9d17 fix: render complete config schema in CI and update tracing config (#1063)
  • daa2994 fix: rule readiness check should require at least one rule to be loaded (#1061)

Artifacts can be verified with cosign using this public key.

v0.40.1

17 Jan 13:50
431f415
Compare
Choose a tag to compare

This release resolves tracing issues and fixes a bug.

Bug Fixes

  • Align proxy mode log level with decision mode log level for access request granted log (#1029) (b9365a6)
  • Allow otel tracing provider in config (#1039) (2661190)
  • Decouple cloud storage tests (c1ed811)
  • Do not leak sensitive data from gRPC middleware (32aa172)
  • Ignore query string when using X-Forwarded-Uri (#1025) (6fa3978)
  • Init registry in middleware (1daecb6)

Code Generation

  • Pin v0.40.1 release commit (431f415)

Documentation

Features

Tests

  • Fix flaky tests (099bcf0)
  • Remove t.Parallel() from tests that use the same cache and key (7017fdf)

Changelog

Artifacts can be verified with cosign using this public key.

v0.40.0

14 Sep 10:51
f2cd421
Compare
Choose a tag to compare

This release introduces the new Koanf-based configuration system, resolves several issues, and introduced an experimental gRPC middleware.

Bug Fixes

  • Adds tracing to cookie_session and bearer_token authenticators (#995) (6504c0a)
  • Do not load from env in middleware (b42261e)
  • Make metric name consistent with rest of ory ecosystem (#1010) (c3c5854)
  • Move .schema to spec (8ab6f85)
  • Remove packr (7f32bc2)

Code Generation

  • Pin v0.40.0 release commit (f2cd421)

Code Refactoring

Features

  • Add Oathkeeper gRPC middleware (210aa5e):

    This adds a gRPC middleware that encapuslates the
    Oathkeeper logic.

    Matching on gRPC traffic now happens in its own rule.
    To match against gRPC traffic, you can use Authority
    and FullMethod instead of URL and Methods.

Tests

Changelog

  • 54c40f2 autogen(docs): generate and bump docs
  • 7e52903 autogen(docs): regenerate and update changelog
  • b045906 autogen(docs): regenerate and update changelog
  • 708ad9d autogen(docs): regenerate and update changelog
  • becfc76 autogen(openapi): regenerate swagger spec and internal client
  • 0fafa73 autogen(openapi): regenerate swagger spec and internal client
  • 6e4ce40 autogen(openapi): regenerate swagger spec and internal client
  • 686efbe autogen(openapi): regenerate swagger spec and internal client
  • f2cd421 autogen: pin v0.40.0 release commit
  • 562cabe chore: format
  • 20fbb8e chore: move to go 1.19
  • 1738e61 chore: sort package.json (#1002)
  • 210aa5e feat: add Oathkeeper gRPC middleware
  • 6504c0a fix: adds tracing to cookie_session and bearer_token authenticators (#995)
  • b42261e fix: do not load from env in middleware
  • c3c5854 fix: make metric name consistent with rest of ory ecosystem (#1010)
  • 8ab6f85 fix: move .schema to spec
  • 7f32bc2 fix: remove packr
  • 6bac536 refactor: use koanf configuration system (#999)
  • dc8c361 test: add gRPC matcher tests

Artifacts can be verified with cosign using this public key.

v0.39.4

31 Aug 12:51
699cf65
Compare
Choose a tag to compare

Introduces a new config option to reducde cardinality in the metrics.

Code Generation

  • Pin v0.39.4 release commit (699cf65)

Unclassified

Changelog

  • 80a4031 autogen(docs): regenerate and update changelog
  • 057fdd6 autogen(docs): regenerate and update changelog
  • 916355d autogen(openapi): regenerate swagger spec and internal client
  • 43960d2 autogen(openapi): regenerate swagger spec and internal client
  • 699cf65 autogen: pin v0.39.4 release commit
  • 19b6eaf chore: add tests
  • 972f37f chore: fix comment
  • ef211e3 chore: hide request paths from metric
  • 166c781 chore: update defaults
  • 42a986d u
  • 8439776 u
  • b5f7c4e u

Artifacts can be verified with cosign using this public key.