v0.7.0-rc.1

Changelog

✨ New Features

• 1383d01: feat(controller): add SkipImpersonationReview featuregate (#422) (@oliverbaehler)
• 303547a: feat(controller): add generic cluster scoped resources to proxysettings (#421) (@oliverbaehler)

🐛 Bug fixes

• 1250796: fix(controller): correct client overwrites (#434) (@oliverbaehler)
• 0b04e1b: fix(docs): change capsule helm repo url (#406) (@ppeereb1)
• 16deb06: fix: impresonation regression for service accounts (#405) (@rgruchalski-klarrio)

🛠 Dependency updates

• d09ff5f: feat(deps): bump github.com/gorilla/mux from 1.8.0 to 1.8.1 (#380) (@dependabot[bot])

🚀 Build process updates

• 736b317: ci(deps): bump actions/checkout from 4.1.1 to 4.1.3 (#430) (@dependabot[bot])
• 42aa1fc: ci(deps): bump actions/checkout from 4.1.3 to 4.1.4 (#437) (@dependabot[bot])
• 0b6b024: ci(deps): bump actions/upload-artifact from 4.3.1 to 4.3.3 (#429) (@dependabot[bot])
• 4e5b5ac: ci(deps): bump amannn/action-semantic-pull-request from 5.4.0 to 5.5.2 (#435) (@dependabot[bot])
• 88dcab9: ci(deps): bump anchore/sbom-action from 0.15.10 to 0.15.11 (#438) (@dependabot[bot])
• f62eb25: ci(deps): bump anchore/sbom-action from 0.15.8 to 0.15.9 (#409) (@dependabot[bot])
• 613f72e: ci(deps): bump anchore/sbom-action from 0.15.9 to 0.15.10 (#415) (@dependabot[bot])
• bb47ab7: ci(deps): bump aquasecurity/trivy-action from 0.17.0 to 0.18.0 (#408) (@dependabot[bot])
• bc9058e: ci(deps): bump aquasecurity/trivy-action from 0.18.0 to 0.19.0 (#417) (@dependabot[bot])
• cf22246: ci(deps): bump azure/setup-helm from 3.5 to 4 (#427) (@dependabot[bot])
• 4c7f85f: ci(deps): bump codecov/codecov-action from 4.0.2 to 4.1.0 (#407) (@dependabot[bot])
• ca6d257: ci(deps): bump codecov/codecov-action from 4.1.0 to 4.2.0 (#419) (@dependabot[bot])
• 7fa4dc4: ci(deps): bump codecov/codecov-action from 4.2.0 to 4.3.0 (#426) (@dependabot[bot])
• de634c1: ci(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.1.0 (#436) (@dependabot[bot])
• 4de4634: ci(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 (#423) (@dependabot[bot])
• e111269: ci(deps): bump slsa-framework/slsa-github-generator from 1.10.0 to 2.0.0 (#428) (@dependabot[bot])
• 0862eac: ci(deps): bump slsa-framework/slsa-github-generator from 1.9.0 to 1.10.0 (#414) (@dependabot[bot])
• 7edba59: ci(deps): bump wagoid/commitlint-github-action from 5.4.5 to 6.0.1 (#424) (@dependabot[bot])
• 5ea08c3: ci(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions (#425) (@dependabot[bot])

Thanks to all the contributors!

Full Changelog: v0.6.0...v0.7.0-rc.1

Docker Images

• ghcr.io/projectcapsule/capsule-proxy:0.7.0-rc.1
• ghcr.io/projectcapsule/capsule-proxy:latest

Helm Chart
View this release on Artifact Hub or use the OCI helm chart:

• ghcr.io/projectcapsule/charts/capsule-proxy:0.7.0-rc.1

v0.6.0

Changelog

✨ New Features

• 49edaaf: feat(ci): align helm release with controller release (#403) (@oliverbaehler)
• 87d3128: feat: add scheduling values (#396) (@oliverbaehler)

🐛 Bug fixes

• 77b11ad: fix(helm): add support for extraargs (#402) (@bsctl)

🚀 Build process updates

• 2210025: ci(deps): bump actions/setup-go from 4.0.0 to 5.0.0 (#376) (@dependabot[bot])
• c17230b: ci(deps): bump actions/upload-artifact from 4.2.0 to 4.3.1 (#387) (@dependabot[bot])
• c7e9458: ci(deps): bump anchore/sbom-action from 0.15.5 to 0.15.8 (#384) (@dependabot[bot])
• 58f7fd6: ci(deps): bump aquasecurity/trivy-action from 0.16.1 to 0.17.0 (#386) (@dependabot[bot])
• df36bba: ci(deps): bump codecov/codecov-action from 3.1.4 to 4.0.1 (#383) (@dependabot[bot])
• 078ef0c: ci(deps): bump codecov/codecov-action from 4.0.1 to 4.0.2 (#400) (@dependabot[bot])
• c300b06: ci(deps): bump fossas/fossa-action from 1.3.1 to 1.3.3 (#399) (@dependabot[bot])
• 4c44ccd: ci(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#398) (@dependabot[bot])
• 672e1f3: ci(deps): bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (#397) (@dependabot[bot])

Thanks to all the contributors!

Full Changelog: v0.6.0-rc0...v0.6.0

Docker Images

• ghcr.io/projectcapsule/capsule-proxy:0.6.0
• ghcr.io/projectcapsule/capsule-proxy:latest

Helm Chart
View this release on Artifact Hub or use the OCI helm chart:

• ghcr.io/projectcapsule/charts/capsule-proxy:0.6.0

v0.6.0-rc0

Changelog

✨ New Features

• 951b53f: feat(controller): add impersonation group filter options (#375) (@oliverbaehler)
• 8bbce9a: feat: allow user to gets list of his tenants (@prometherion)
• 777cc57: feat: feature gate for ProxyAllNamespaced (#389) (@prometherion)

🛠 Dependency updates

• 25644b0: feat(deps): bump github.com/go-logr/logr from 1.2.0 to 1.4.1 (#361) (@dependabot[bot])
• 26a68b4: feat(deps): bump golang.org/x/net from 0.18.0 to 0.20.0 (#368) (@dependabot[bot])

🚀 Build process updates

• 9df32c2: ci(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0 (#359) (@dependabot[bot])
• a8a269b: ci(deps): bump actions/upload-artifact from 4.0.0 to 4.2.0 (#372) (@dependabot[bot])
• e1ec686: ci(deps): bump anchore/sbom-action from 0.15.1 to 0.15.3 (#367) (@dependabot[bot])
• dc9e482: ci(deps): bump anchore/sbom-action from 0.15.3 to 0.15.5 (#374) (@dependabot[bot])
• fcfa171: ci(deps): bump aquasecurity/trivy-action from 0.14.0 to 0.16.1 (#366) (@dependabot[bot])
• 4043297: ci(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (#354) (@dependabot[bot])
• 958472a: ci(deps): bump wagoid/commitlint-github-action from 5.4.4 to 5.4.5 (#370) (@dependabot[bot])
• 0e9b8ef: ci(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions (#358) (@dependabot[bot])

📦 Other work

• e5620a4: fix(golangci-lint): aligning to revive (@prometherion)

Thanks to all the contributors!

Full Changelog: helm-v0.5.3...v0.6.0-rc0

Docker Images

• ghcr.io/projectcapsule/capsule-proxy:v0.6.0-rc0
• ghcr.io/projectcapsule/capsule-proxy:latest

v0.5.0

Changelog

✨ New Features

• a00bfaf: feat(refactor): aligning to controller-runtime v0.16.3 (@prometherion)
• f0a18b8: feat(refactor): deprecating name label for kubernetes.io/metadata.name (@prometherion)

Thanks to all the contributors!

Full Changelog: v0.4.8...v0.5.0

Docker Images

• ghcr.io/projectcapsule/capsule-proxy:v0.5.0
• ghcr.io/projectcapsule/capsule-proxy:latest

v0.4.8

Changelog

✨ New Features

• 2333253: feat(helm): add subjects for cert-manager certificate (#346) (@oliverbaehler)

Thanks to all the contributors!

Full Changelog: v0.4.7...v0.4.8

Docker Images

• ghcr.io/projectcapsule/capsule-proxy:v0.4.8
• ghcr.io/projectcapsule/capsule-proxy:latest

v0.4.7

Changelog

🚀 Build process updates

• 9f65048: ci(deps): bump anchore/sbom-action from 0.14.3 to 0.15.0 (#343) (@dependabot[bot])
• 0a39014: ci(deps): bump anchore/sbom-action from 0.15.0 to 0.15.1 (#351) (@dependabot[bot])
• 8730f72: ci(deps): bump sigstore/cosign-installer from 3.1.2 to 3.2.0 (#341) (@dependabot[bot])
• 712598a: ci(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions (#340) (@dependabot[bot])
• 65aa784: ci(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions (#352) (@dependabot[bot])

📦 Other work

• d188f12: fix(internal/request): add missing impersonate groups for serviceaccounts (#350) (@maxgio92)

Thanks to all the contributors!

Full Changelog: v0.4.6...v0.4.7

Docker Images

• ghcr.io/projectcapsule/capsule-proxy:v0.4.7
• ghcr.io/projectcapsule/capsule-proxy:latest

v0.4.6

⚠️ This release addresses the GitHub Security Advisory "Authentication bypass using an empty token" identified with the CVE ID CVE-2023-48312 marked as Critical.

Changelog

🐛 Bug fixes

• 472404f: fix: fix authentication bypass for capsule-proxy (@slimm609)
• 1c829a4: fix: incorrect impersonation for user and groups (@MaxFedotov)

🚀 Build process updates

• 9990d8f: ci(deps): bump amannn/action-semantic-pull-request from 5.3.0 to 5.4.0 (@dependabot[bot])
• a4618ba: ci(deps): bump aquasecurity/trivy-action from 0.12.0 to 0.13.1 (@dependabot[bot])
• 079600f: ci(deps): bump aquasecurity/trivy-action from 0.13.1 to 0.14.0 (#339) (@dependabot[bot])
• 12f892e: ci(deps): bump ossf/scorecard-action from 2.3.0 to 2.3.1 (@dependabot[bot])
• ae9c793: ci(deps): bump wagoid/commitlint-github-action from 5.4.3 to 5.4.4 (@dependabot[bot])

Thanks to all the contributors!

Full Changelog: v0.4.5...v0.4.6

Docker Images

• ghcr.io/projectcapsule/capsule-proxy:v0.4.6
• ghcr.io/projectcapsule/capsule-proxy:latest

v0.4.5

⚠️ This patch release addresses the GHSA-6758-979h-249x Advisory: we strongly suggest you reading it and updated your capsule-proxy installation as soon as possible.

Changelog

✨ New Features

• dbb7d11: feat(all): establish new build process (@oliverbaehler)
• ab4e7e7: feat(helm): add annotations for certgen job and make ttlSecondsAfterFinished optional and variable (@adberger)

🐛 Bug fixes

• d2a51b9: fix(ci): image publish flow (@oliverbaehler)
• 34cc928: fix(helm): removing unused options.k8sControlPlaneUrl value (@prometherion)
• caf1836: fix: retrieving groups from header values (@prometherion)

📖 Documentation updates

• adc0d33: docs(repo): add security and contribution (@oliverbaehler)

📦 Other work

• 615202f: fix(rolebinding-reflector): namespaced name for serviceaccount users (@prometherion)
• e101a71: reorg: moving to neutral github organization (@prometherion)

Thanks to all the contributors!

Full Changelog: helm-v0.4.9...v0.4.5

Docker Images

• ghcr.io/projectcapsule/capsule-proxy:v0.4.5
• ghcr.io/projectcapsule/capsule-proxy:latest

v0.4.4

Hotfixes

• Unable to proxy resources for users, who are owners of multiple tenants #297 @MaxFedotov

Enhancements

• Client side rate limiters customisation #301 @abhinandanbaheti

v0.4.3

Enhancements

• Updating to Go 1.19 #290 @slimm609

Hotfix

• Missing start-up arguments error handling for non-existing CapsuleConfiguration reference #292 @prometherion @latchmihay
• Local installation through Makefile #286 @sagar-jadhav
• Helm Charts enhancements @kaotika