Releases: dadrus/heimdall
Releases · dadrus/heimdall
v0.16.8
0.16.8 (2025-08-06)
This is just a regular monthly patch release with updated dependencies.
Dependencies
- update github.com/dadrus/httpsig digest to f7ecd42 (#2611) (9f4de03)
- update google.golang.org/genproto/googleapis/rpc digest to a7a43d2 (#2632) (6bf40b4)
- update kubernetes packages to v0.33.3 (#2600) (0919fa5)
- update module github.com/go-co-op/gocron/v2 to v2.16.3 (#2627) (c9a0a46)
- update module github.com/go-jose/go-jose/v4 to v4.1.2 (#2630) (bfd8f3e)
- update module github.com/go-viper/mapstructure/v2 to v2.4.0 (#2596) (34bc499)
- update module github.com/google/cel-go to v0.26.0 (#2595) (5770ab4)
- update module github.com/prometheus/client_golang to v1.23.0 (#2628) (15a0f77)
- update module github.com/redis/rueidis to v1.0.64 (#2635) (b7579da)
- update module github.com/redis/rueidis/rueidisotel to v1.0.64 (#2635) (b7579da)
- update module github.com/spf13/pflag to v1.0.7 (#2604) (8a38675)
- update module go.opentelemetry.io/otel/exporters/prometheus to v0.59.1 (#2615) (84982d1)
- update module gocloud.dev to v0.43.0 (#2610) (d81a540)
- update module google.golang.org/grpc to v1.74.2 (#2619) (4b9053a)
v0.16.7
0.16.7 (2025-07-10)
Bug Fixes
- Correct evaluation of named path params in routes with trailing free wildcard (#2586) (b75be67)
- TLS errors during mechanism execution always result in pipeline failure (#2580) (adf1a83)
Documentation
- Added missing description for the
--insecure-skip-all-tls-enforcementflag (#2578) (0728154) - Clarifications that CORS related functionality is only supported if heimdall is operated as proxy (#2588) (d4fe70d)
Dependencies
- update github.com/dadrus/httpsig digest to 7390907 (#2566) (49fc4dc)
- update golang to v1.24.5 (#2584) (af14f7a)
- update google.golang.org/genproto/googleapis/rpc digest to 8d1bb00 (#2583) (d4a9298)
- update module github.com/go-playground/validator/v10 to v10.27.0 (#2574) (0d71576)
- update module github.com/knadh/koanf/providers/env to v2 (#2571) (2ad5e1c)
- update module github.com/knadh/koanf/v2 to v2.2.2 (#2587) (1cdc739)
- update module gocloud.dev to v0.42.0 (#2568) (7aa2365)
v0.16.6
0.16.6 (2025-06-28)
This release not only includes a bugfix and dependency updates, but also addresses GHSA-fv92-fjc5-jj9h, a vulnerability recently discovered in the used mapstructure library and fixed in #2540.
It’s important to note that this vulnerability is only triggered in scenarios where invalid rules are being loaded. In such cases, it might lead to the unintended logging of sensitive data included in the configuration of a rule. While the likelihood is very limited, it is still recommended to update to this version to eliminate the risk entirely.
Bug Fixes
Dependencies
- update github.com/dadrus/httpsig digest to 3934645 (#2536) (2542226)
- update kubernetes packages to v0.33.2 (#2549) (86e3c3f)
- update module github.com/go-jose/go-jose/v4 to v4.1.1 (#2554) (1b20fe5)
- update module github.com/go-viper/mapstructure/v2 to v2.3.0 (#2540) (11925fd)
- update module github.com/jellydator/ttlcache/v3 to v3.4.0 (#2546) (7ede4ab)
- update module github.com/knadh/koanf/parsers/yaml to v1.1.0 (#2555) (9d5b1a6)
- update module github.com/redis/rueidis to v1.0.62 (#2557) (63d0b04)
- update module github.com/redis/rueidis/rueidisotel to v1.0.62 (#2557) (63d0b04)
- update opentelemetry-go monorepo to v1.37.0 (#2552) (f8ba183)
- update opentelemetry-go-contrib monorepo to v0.62.0 (#2553) (c057f1b)
v0.16.5
0.16.5 (2025-06-10)
Bug Fixes
- Authenticator errors are now logged as warnings (#2525) (c005f92)
- RuleSet resource status shows correct activeIn values (#2524) (44d873e)
- Truncate RuleSet status condition messages exceeding max length (#2521) (b428b14)
Documentation
Dependencies
- update golang to v1.24.4 (#2517) (480f5f5)
- update google.golang.org/genproto/googleapis/rpc digest to 513f239 (#2511) (f475027)
- update module github.com/knadh/koanf/v2 to v2.2.1 (#2523) (56c12c9)
- update module github.com/redis/rueidis to v1.0.61 (#2519) (379af98)
- update module github.com/redis/rueidis/rueidisotel to v1.0.61 (#2519) (379af98)
- update module github.com/santhosh-tekuri/jsonschema/v6 to v6.0.2 (#2501) (66111e1)
- update module google.golang.org/grpc to v1.73.0 (#2520) (9961531)
v0.16.4
Contributors
FenTiger
Assets 27
v0.16.3
0.16.3 (2025-05-18)
Bug Fixes
Dependencies
- update google.golang.org/genproto/googleapis/rpc digest to 5a2f75b (#2458) (50de6f2)
- update kubernetes packages to v0.33.1 (#2465) (b530ac4)
- update module github.com/go-co-op/gocron/v2 to v2.16.2 (#2471) (1bfbce5)
- update module github.com/redis/rueidis to v1.0.60 (#2473) (286b4d3)
- update module github.com/redis/rueidis/rueidisotel to v1.0.60 (#2473) (286b4d3)
- update module go.uber.org/fx to v1.24.0 (#2459) (5e51028)
- update module google.golang.org/grpc to v1.72.1 (#2460) (1595276)
Huge thanks to @AndersSoee for the detailed analysis and support in tracking down and helping fixing the in-memory cache deadlock issue!
Contributors
AndersSoee
Assets 27
v0.16.2
v0.16.1
0.16.1 (2025-05-06)
This is just a regular monthly patch release with updated dependencies.
Dependencies
- update github.com/dadrus/httpsig digest to a798791 (#2418) (3d03143)
- update github.com/jellydator/ttlcache/v3 digest to 27a3fdd (#2414) (0d8f4a3)
- update google.golang.org/genproto/googleapis/rpc digest to f936aa4 (#2424) (e64f145)
- update kubernetes packages to v0.33.0 (#2407) (5233477)
- update module github.com/google/cel-go to v0.25.0 (#2404) (347b9ed)
- update module github.com/grpc-ecosystem/go-grpc-middleware/v2 to v2.3.2 (#2416) (6ec6836)
- update module github.com/knadh/koanf/parsers/yaml to v1 (#2395) (ac31375)
- update module github.com/knadh/koanf/providers/confmap to v1 (#2396) (fded14a)
- update module github.com/knadh/koanf/providers/env to v1.1.0 (#2393) (70b2332)
- update module github.com/knadh/koanf/providers/rawbytes to v1 (#2397) (08daf52)
- update module github.com/knadh/koanf/providers/structs to v1 (#2398) (dc9c623)
- update module github.com/knadh/koanf/v2 to v2.2.0 (#2394) (83349dd)
- update module github.com/redis/rueidis to v1.0.59 (#2412) (08544b3)
- update module github.com/redis/rueidis/rueidisotel to v1.0.59 (#2412) (08544b3)
- update module google.golang.org/grpc to v1.72.0 (#2400) (3b69c88)
v0.16.0
0.16.0 (2025-04-08)
⚠ BREAKING CHANGES
- Default main port set to 4456 (#2365)
- Configuration settings for services exposed by heimdall simplified (#2089)
Features
headerfinalizer supports multiple headers with same name (#2244) (0413eb9) by @aslafy-zjwtfinalizer extended to support templating viavaluesproperty (#2193) (bf833c4)- Configurable limits for in-memory cache (#2333) (c7a858a)
- Configuraiton options for endpoints resolved via the OAuth2/OIDC metadata endpoint (#2329) (c03bfae)
- Enforcement of secure configuration with Opt-Out (#1972) (4d89e58)
- Helm Chart as OCI image (#2327) (ad7558b)
- More convenient
Hostheader forwarding in proxy mode (#2265) (c3ece0f) - Simpler auth stage fallbacks (#2260) (87bf663)
- Support complex values in env vars during substitution (#2349) (a98dfc4)
- Support for SLSA L3 provenance (#2321) (1959531)
Code Refactorings
- Configuration settings for services exposed by heimdall simplified (#2089) (02d91d6)
- Default main port set to 4456 (#2365) (5e2c884)
Documentation
- Caddy integration guide and demo examples (#2191) (3ba8c7b)
- Extend installation section to include Heimdall installation via Nix package manager (#2257) (6e9cbc6) by @albertilagan
- Integration guide and examples for Istio service mesh (#1832) (35c2fe2)
Dependencies
- update golang to v1.24.2 (#2366) (ace3916)
- update golang.org/x/exp digest to 7e4ce0a (#2366) (ace3916)
- update google.golang.org/genproto/googleapis/rpc digest to ac9807e (#2366) (ace3916)
- update module github.com/fsnotify/fsnotify to v1.9.0 (#2366) (ace3916)
- update module github.com/go-jose/go-jose/v4 to v4.1.0 (#2366) (ace3916)
- update module github.com/go-playground/validator/v10 to v10.26.0 (#2366) (ace3916)
- update module github.com/knadh/koanf/maps to v0.1.2 (#2366) (ace3916)
- update module github.com/prometheus/client_golang to v1.22.0 (#2366) (ace3916)
- update module github.com/redis/rueidis to v1.0.57 (#2366) (ace3916)
- update module github.com/redis/rueidis/rueidisotel to v1.0.57 (#2366) (ace3916)
- update module gocloud.dev to v0.41.0 (#2366) (ace3916)
- update module google.golang.org/grpc to v1.71.1 (#2366) (ace3916)
In addition to the contributors mentioned above, many thanks to @emsearcy and @tuunit for spotting and fixing a bunch of grammar and clarity issues in the docs!
Contributors
emsearcy, aslafy-z, and 2 other contributors
Assets 27
v0.15.10
0.15.10 (2025-03-26)
This release includes updates to the primary dependencies as detailed in the release notes below. Additionally, it addresses a recently discovered vulnerability in a transitive dependency, identified as CVE-2025-30204. Updating to this release is advised to address security and stability improvements.
Dependencies
- update github.com/dadrus/httpsig digest to 9f6875a (#2297) (02dfd44)
- update google.golang.org/genproto/googleapis/rpc digest to b45e905 (#2319) (feca831)
- update kubernetes packages to v0.32.3 (#2287) (99777ba)
- update module github.com/go-co-op/gocron/v2 to v2.16.1 (#2294) (ece112b)
- update module github.com/redis/rueidis to v1.0.56 (#2301) (9c3dfb5)
- update module github.com/redis/rueidis/rueidisotel to v1.0.56 (#2301) (9c3dfb5)
- update module github.com/rs/zerolog to v1.34.0 (#2316) (b38a032)
- update module google.golang.org/protobuf to v1.36.6 (#2318) (c1304d6)
- update opentelemetry-go-contrib monorepo to v0.60.0 (#2280) (8017315)