Releases: projectcapsule/capsule-proxy
v0.7.0-rc.1
Changelog
✨ New Features
- 1383d01: feat(controller): add SkipImpersonationReview featuregate (#422) (@oliverbaehler)
- 303547a: feat(controller): add generic cluster scoped resources to proxysettings (#421) (@oliverbaehler)
🐛 Bug fixes
- 1250796: fix(controller): correct client overwrites (#434) (@oliverbaehler)
- 0b04e1b: fix(docs): change capsule helm repo url (#406) (@ppeereb1)
- 16deb06: fix: impresonation regression for service accounts (#405) (@rgruchalski-klarrio)
🛠 Dependency updates
- d09ff5f: feat(deps): bump github.com/gorilla/mux from 1.8.0 to 1.8.1 (#380) (@dependabot[bot])
🚀 Build process updates
- 736b317: ci(deps): bump actions/checkout from 4.1.1 to 4.1.3 (#430) (@dependabot[bot])
- 42aa1fc: ci(deps): bump actions/checkout from 4.1.3 to 4.1.4 (#437) (@dependabot[bot])
- 0b6b024: ci(deps): bump actions/upload-artifact from 4.3.1 to 4.3.3 (#429) (@dependabot[bot])
- 4e5b5ac: ci(deps): bump amannn/action-semantic-pull-request from 5.4.0 to 5.5.2 (#435) (@dependabot[bot])
- 88dcab9: ci(deps): bump anchore/sbom-action from 0.15.10 to 0.15.11 (#438) (@dependabot[bot])
- f62eb25: ci(deps): bump anchore/sbom-action from 0.15.8 to 0.15.9 (#409) (@dependabot[bot])
- 613f72e: ci(deps): bump anchore/sbom-action from 0.15.9 to 0.15.10 (#415) (@dependabot[bot])
- bb47ab7: ci(deps): bump aquasecurity/trivy-action from 0.17.0 to 0.18.0 (#408) (@dependabot[bot])
- bc9058e: ci(deps): bump aquasecurity/trivy-action from 0.18.0 to 0.19.0 (#417) (@dependabot[bot])
- cf22246: ci(deps): bump azure/setup-helm from 3.5 to 4 (#427) (@dependabot[bot])
- 4c7f85f: ci(deps): bump codecov/codecov-action from 4.0.2 to 4.1.0 (#407) (@dependabot[bot])
- ca6d257: ci(deps): bump codecov/codecov-action from 4.1.0 to 4.2.0 (#419) (@dependabot[bot])
- 7fa4dc4: ci(deps): bump codecov/codecov-action from 4.2.0 to 4.3.0 (#426) (@dependabot[bot])
- de634c1: ci(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.1.0 (#436) (@dependabot[bot])
- 4de4634: ci(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 (#423) (@dependabot[bot])
- e111269: ci(deps): bump slsa-framework/slsa-github-generator from 1.10.0 to 2.0.0 (#428) (@dependabot[bot])
- 0862eac: ci(deps): bump slsa-framework/slsa-github-generator from 1.9.0 to 1.10.0 (#414) (@dependabot[bot])
- 7edba59: ci(deps): bump wagoid/commitlint-github-action from 5.4.5 to 6.0.1 (#424) (@dependabot[bot])
- 5ea08c3: ci(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions (#425) (@dependabot[bot])
Thanks to all the contributors!
Full Changelog: v0.6.0...v0.7.0-rc.1
Docker Images
ghcr.io/projectcapsule/capsule-proxy:0.7.0-rc.1
ghcr.io/projectcapsule/capsule-proxy:latest
Helm Chart
View this release on Artifact Hub or use the OCI helm chart:
ghcr.io/projectcapsule/charts/capsule-proxy:0.7.0-rc.1
v0.6.0
Changelog
✨ New Features
- 49edaaf: feat(ci): align helm release with controller release (#403) (@oliverbaehler)
- 87d3128: feat: add scheduling values (#396) (@oliverbaehler)
🐛 Bug fixes
🚀 Build process updates
- 2210025: ci(deps): bump actions/setup-go from 4.0.0 to 5.0.0 (#376) (@dependabot[bot])
- c17230b: ci(deps): bump actions/upload-artifact from 4.2.0 to 4.3.1 (#387) (@dependabot[bot])
- c7e9458: ci(deps): bump anchore/sbom-action from 0.15.5 to 0.15.8 (#384) (@dependabot[bot])
- 58f7fd6: ci(deps): bump aquasecurity/trivy-action from 0.16.1 to 0.17.0 (#386) (@dependabot[bot])
- df36bba: ci(deps): bump codecov/codecov-action from 3.1.4 to 4.0.1 (#383) (@dependabot[bot])
- 078ef0c: ci(deps): bump codecov/codecov-action from 4.0.1 to 4.0.2 (#400) (@dependabot[bot])
- c300b06: ci(deps): bump fossas/fossa-action from 1.3.1 to 1.3.3 (#399) (@dependabot[bot])
- 4c44ccd: ci(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#398) (@dependabot[bot])
- 672e1f3: ci(deps): bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (#397) (@dependabot[bot])
Thanks to all the contributors!
Full Changelog: v0.6.0-rc0...v0.6.0
Docker Images
ghcr.io/projectcapsule/capsule-proxy:0.6.0
ghcr.io/projectcapsule/capsule-proxy:latest
Helm Chart
View this release on Artifact Hub or use the OCI helm chart:
ghcr.io/projectcapsule/charts/capsule-proxy:0.6.0
v0.6.0-rc0
Changelog
✨ New Features
- 951b53f: feat(controller): add impersonation group filter options (#375) (@oliverbaehler)
- 8bbce9a: feat: allow user to gets list of his tenants (@prometherion)
- 777cc57: feat: feature gate for ProxyAllNamespaced (#389) (@prometherion)
🛠 Dependency updates
- 25644b0: feat(deps): bump github.com/go-logr/logr from 1.2.0 to 1.4.1 (#361) (@dependabot[bot])
- 26a68b4: feat(deps): bump golang.org/x/net from 0.18.0 to 0.20.0 (#368) (@dependabot[bot])
🚀 Build process updates
- 9df32c2: ci(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0 (#359) (@dependabot[bot])
- a8a269b: ci(deps): bump actions/upload-artifact from 4.0.0 to 4.2.0 (#372) (@dependabot[bot])
- e1ec686: ci(deps): bump anchore/sbom-action from 0.15.1 to 0.15.3 (#367) (@dependabot[bot])
- dc9e482: ci(deps): bump anchore/sbom-action from 0.15.3 to 0.15.5 (#374) (@dependabot[bot])
- fcfa171: ci(deps): bump aquasecurity/trivy-action from 0.14.0 to 0.16.1 (#366) (@dependabot[bot])
- 4043297: ci(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (#354) (@dependabot[bot])
- 958472a: ci(deps): bump wagoid/commitlint-github-action from 5.4.4 to 5.4.5 (#370) (@dependabot[bot])
- 0e9b8ef: ci(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions (#358) (@dependabot[bot])
📦 Other work
- e5620a4: fix(golangci-lint): aligning to revive (@prometherion)
Thanks to all the contributors!
Full Changelog: helm-v0.5.3...v0.6.0-rc0
Docker Images
ghcr.io/projectcapsule/capsule-proxy:v0.6.0-rc0
ghcr.io/projectcapsule/capsule-proxy:latest
v0.5.0
Changelog
✨ New Features
- a00bfaf: feat(refactor): aligning to controller-runtime v0.16.3 (@prometherion)
- f0a18b8: feat(refactor): deprecating name label for kubernetes.io/metadata.name (@prometherion)
Thanks to all the contributors!
Full Changelog: v0.4.8...v0.5.0
Docker Images
ghcr.io/projectcapsule/capsule-proxy:v0.5.0
ghcr.io/projectcapsule/capsule-proxy:latest
v0.4.8
Changelog
✨ New Features
- 2333253: feat(helm): add subjects for cert-manager certificate (#346) (@oliverbaehler)
Thanks to all the contributors!
Full Changelog: v0.4.7...v0.4.8
Docker Images
ghcr.io/projectcapsule/capsule-proxy:v0.4.8
ghcr.io/projectcapsule/capsule-proxy:latest
v0.4.7
Changelog
🚀 Build process updates
- 9f65048: ci(deps): bump anchore/sbom-action from 0.14.3 to 0.15.0 (#343) (@dependabot[bot])
- 0a39014: ci(deps): bump anchore/sbom-action from 0.15.0 to 0.15.1 (#351) (@dependabot[bot])
- 8730f72: ci(deps): bump sigstore/cosign-installer from 3.1.2 to 3.2.0 (#341) (@dependabot[bot])
- 712598a: ci(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions (#340) (@dependabot[bot])
- 65aa784: ci(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions (#352) (@dependabot[bot])
📦 Other work
- d188f12: fix(internal/request): add missing impersonate groups for serviceaccounts (#350) (@maxgio92)
Thanks to all the contributors!
Full Changelog: v0.4.6...v0.4.7
Docker Images
ghcr.io/projectcapsule/capsule-proxy:v0.4.7
ghcr.io/projectcapsule/capsule-proxy:latest
v0.4.6
⚠️ This release addresses the GitHub Security Advisory "Authentication bypass using an empty token" identified with the CVE IDCVE-2023-48312
marked asCritical
.
Changelog
🐛 Bug fixes
- 472404f: fix: fix authentication bypass for capsule-proxy (@slimm609)
- 1c829a4: fix: incorrect impersonation for user and groups (@MaxFedotov)
🚀 Build process updates
- 9990d8f: ci(deps): bump amannn/action-semantic-pull-request from 5.3.0 to 5.4.0 (@dependabot[bot])
- a4618ba: ci(deps): bump aquasecurity/trivy-action from 0.12.0 to 0.13.1 (@dependabot[bot])
- 079600f: ci(deps): bump aquasecurity/trivy-action from 0.13.1 to 0.14.0 (#339) (@dependabot[bot])
- 12f892e: ci(deps): bump ossf/scorecard-action from 2.3.0 to 2.3.1 (@dependabot[bot])
- ae9c793: ci(deps): bump wagoid/commitlint-github-action from 5.4.3 to 5.4.4 (@dependabot[bot])
Thanks to all the contributors!
Full Changelog: v0.4.5...v0.4.6
Docker Images
ghcr.io/projectcapsule/capsule-proxy:v0.4.6
ghcr.io/projectcapsule/capsule-proxy:latest
v0.4.5
⚠️ This patch release addresses the GHSA-6758-979h-249x Advisory: we strongly suggest you reading it and updated yourcapsule-proxy
installation as soon as possible.
Changelog
✨ New Features
- dbb7d11: feat(all): establish new build process (@oliverbaehler)
- ab4e7e7: feat(helm): add annotations for certgen job and make ttlSecondsAfterFinished optional and variable (@adberger)
🐛 Bug fixes
- d2a51b9: fix(ci): image publish flow (@oliverbaehler)
- 34cc928: fix(helm): removing unused options.k8sControlPlaneUrl value (@prometherion)
- caf1836: fix: retrieving groups from header values (@prometherion)
📖 Documentation updates
- adc0d33: docs(repo): add security and contribution (@oliverbaehler)
📦 Other work
- 615202f: fix(rolebinding-reflector): namespaced name for serviceaccount users (@prometherion)
- e101a71: reorg: moving to neutral github organization (@prometherion)
Thanks to all the contributors!
Full Changelog: helm-v0.4.9...v0.4.5
Docker Images
ghcr.io/projectcapsule/capsule-proxy:v0.4.5
ghcr.io/projectcapsule/capsule-proxy:latest
v0.4.4
Hotfixes
- Unable to proxy resources for users, who are owners of multiple tenants #297 @MaxFedotov
Enhancements
- Client side rate limiters customisation #301 @abhinandanbaheti
v0.4.3
Enhancements
Hotfix
- Missing start-up arguments error handling for non-existing CapsuleConfiguration reference #292 @prometherion @latchmihay
- Local installation through Makefile #286 @sagar-jadhav
- Helm Charts enhancements @kaotika