v0.4.8

Changelog

✨ New Features

• 2333253: feat(helm): add subjects for cert-manager certificate (#346) (@oliverbaehler)

Thanks to all the contributors!

Full Changelog: v0.4.7...v0.4.8

Docker Images

• ghcr.io/projectcapsule/capsule-proxy:v0.4.8
• ghcr.io/projectcapsule/capsule-proxy:latest

v0.4.7

Changelog

🚀 Build process updates

• 9f65048: ci(deps): bump anchore/sbom-action from 0.14.3 to 0.15.0 (#343) (@dependabot[bot])
• 0a39014: ci(deps): bump anchore/sbom-action from 0.15.0 to 0.15.1 (#351) (@dependabot[bot])
• 8730f72: ci(deps): bump sigstore/cosign-installer from 3.1.2 to 3.2.0 (#341) (@dependabot[bot])
• 712598a: ci(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions (#340) (@dependabot[bot])
• 65aa784: ci(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions (#352) (@dependabot[bot])

📦 Other work

• d188f12: fix(internal/request): add missing impersonate groups for serviceaccounts (#350) (@maxgio92)

Thanks to all the contributors!

Full Changelog: v0.4.6...v0.4.7

Docker Images

• ghcr.io/projectcapsule/capsule-proxy:v0.4.7
• ghcr.io/projectcapsule/capsule-proxy:latest

v0.4.6

⚠️ This release addresses the GitHub Security Advisory "Authentication bypass using an empty token" identified with the CVE ID CVE-2023-48312 marked as Critical.

Changelog

🐛 Bug fixes

• 472404f: fix: fix authentication bypass for capsule-proxy (@slimm609)
• 1c829a4: fix: incorrect impersonation for user and groups (@MaxFedotov)

🚀 Build process updates

• 9990d8f: ci(deps): bump amannn/action-semantic-pull-request from 5.3.0 to 5.4.0 (@dependabot[bot])
• a4618ba: ci(deps): bump aquasecurity/trivy-action from 0.12.0 to 0.13.1 (@dependabot[bot])
• 079600f: ci(deps): bump aquasecurity/trivy-action from 0.13.1 to 0.14.0 (#339) (@dependabot[bot])
• 12f892e: ci(deps): bump ossf/scorecard-action from 2.3.0 to 2.3.1 (@dependabot[bot])
• ae9c793: ci(deps): bump wagoid/commitlint-github-action from 5.4.3 to 5.4.4 (@dependabot[bot])

Thanks to all the contributors!

Full Changelog: v0.4.5...v0.4.6

Docker Images

• ghcr.io/projectcapsule/capsule-proxy:v0.4.6
• ghcr.io/projectcapsule/capsule-proxy:latest

v0.4.5

⚠️ This patch release addresses the GHSA-6758-979h-249x Advisory: we strongly suggest you reading it and updated your capsule-proxy installation as soon as possible.

Changelog

✨ New Features

• dbb7d11: feat(all): establish new build process (@oliverbaehler)
• ab4e7e7: feat(helm): add annotations for certgen job and make ttlSecondsAfterFinished optional and variable (@adberger)

🐛 Bug fixes

• d2a51b9: fix(ci): image publish flow (@oliverbaehler)
• 34cc928: fix(helm): removing unused options.k8sControlPlaneUrl value (@prometherion)
• caf1836: fix: retrieving groups from header values (@prometherion)

📖 Documentation updates

• adc0d33: docs(repo): add security and contribution (@oliverbaehler)

📦 Other work

• 615202f: fix(rolebinding-reflector): namespaced name for serviceaccount users (@prometherion)
• e101a71: reorg: moving to neutral github organization (@prometherion)

Thanks to all the contributors!

Full Changelog: helm-v0.4.9...v0.4.5

Docker Images

• ghcr.io/projectcapsule/capsule-proxy:v0.4.5
• ghcr.io/projectcapsule/capsule-proxy:latest

v0.4.4

Hotfixes

• Unable to proxy resources for users, who are owners of multiple tenants #297 @MaxFedotov

Enhancements

• Client side rate limiters customisation #301 @abhinandanbaheti

v0.4.3

Enhancements

• Updating to Go 1.19 #290 @slimm609

Hotfix

• Missing start-up arguments error handling for non-existing CapsuleConfiguration reference #292 @prometherion @latchmihay
• Local installation through Makefile #286 @sagar-jadhav
• Helm Charts enhancements @kaotika

v0.4.2

Enhancements

• Allow specifying authPreferredTypes (Helm) #282 @JacekLakis-TomTom

Hotfixes

• Skipping TLS certificate auth strategy when handling plain HTTP requests #281 @JacekLakis-TomTom @prometherion

v0.4.1

Enhancements

• Local cache bypass using the --disable-cache CLI flag #266 @JacekLakis-TomTom @prometherion
• Disabling symbol tables #270 @logikone

Hotfixes

• Disable certificate validation if TLS authentication strategy is disabled #271 @logikone
• Avoid exposing service name to unauthenticated requests #269 @logikone
• Authentication strategies fallback support #273 @prometherion

v0.4.0

This release addresses compatibility with capsule v0.2.x and v0.3.x.

Enhancements

• RuntimeClass listing #260 @oliverbaehler @prometherion
• Aligning to Capsule v1beta2 API changes #246 @oliverbaehler @prometherion

Hotfixes

• API reader for brand new created Namespace resources using the capsule proxy #266 @JacekLakis-TomTom @prometherion
• Rancher integration #264 @maxgio92 @prometherion
• Certificate hostname validity using cert-manager #262 @maxgio92

v0.3.3

This release is not compatible with capsule v0.2.x, please, refer to the local milestone v0.4.0.

Enhancements

• Supporting any Kubernetes token #249 by @rct44 @prometherion
• Preferred authentication type ordering #258 by @logikone

Bugfixes

• Fixing node list as a tenant owner #254 by @sagar-jadhav
• Group Impersenation Handling #245 by @oliverbaehler
• Bumping up metrics-server Chart to v6.2.9 #256 by @prometherion

Thanks to all the people involved, it's great having such a flourish community contributing to open-source! <3