Releases: projectcapsule/capsule-proxy
Releases · projectcapsule/capsule-proxy
v0.4.6
v0.4.6
This tag was signed with the committer’s verified signature.
The key has expired.
prometherion
Dario Tranchitella
⚠️ This release addresses the GitHub Security Advisory "Authentication bypass using an empty token" identified with the CVE IDCVE-2023-48312marked asCritical.
Changelog
🐛 Bug fixes
- 472404f: fix: fix authentication bypass for capsule-proxy (@slimm609)
- 1c829a4: fix: incorrect impersonation for user and groups (@MaxFedotov)
🚀 Build process updates
- 9990d8f: ci(deps): bump amannn/action-semantic-pull-request from 5.3.0 to 5.4.0 (@dependabot[bot])
- a4618ba: ci(deps): bump aquasecurity/trivy-action from 0.12.0 to 0.13.1 (@dependabot[bot])
- 079600f: ci(deps): bump aquasecurity/trivy-action from 0.13.1 to 0.14.0 (#339) (@dependabot[bot])
- 12f892e: ci(deps): bump ossf/scorecard-action from 2.3.0 to 2.3.1 (@dependabot[bot])
- ae9c793: ci(deps): bump wagoid/commitlint-github-action from 5.4.3 to 5.4.4 (@dependabot[bot])
Thanks to all the contributors!
Full Changelog: v0.4.5...v0.4.6
Docker Images
ghcr.io/projectcapsule/capsule-proxy:v0.4.6ghcr.io/projectcapsule/capsule-proxy:latest
Contributors
slimm609, MaxFedotov, and dependabot
Assets 12
v0.4.5
⚠️ This patch release addresses the GHSA-6758-979h-249x Advisory: we strongly suggest you reading it and updated yourcapsule-proxyinstallation as soon as possible.
Changelog
✨ New Features
- dbb7d11: feat(all): establish new build process (@oliverbaehler)
- ab4e7e7: feat(helm): add annotations for certgen job and make ttlSecondsAfterFinished optional and variable (@adberger)
🐛 Bug fixes
- d2a51b9: fix(ci): image publish flow (@oliverbaehler)
- 34cc928: fix(helm): removing unused options.k8sControlPlaneUrl value (@prometherion)
- caf1836: fix: retrieving groups from header values (@prometherion)
📖 Documentation updates
- adc0d33: docs(repo): add security and contribution (@oliverbaehler)
📦 Other work
- 615202f: fix(rolebinding-reflector): namespaced name for serviceaccount users (@prometherion)
- e101a71: reorg: moving to neutral github organization (@prometherion)
Thanks to all the contributors!
Full Changelog: helm-v0.4.9...v0.4.5
Docker Images
ghcr.io/projectcapsule/capsule-proxy:v0.4.5ghcr.io/projectcapsule/capsule-proxy:latest
Contributors
prometherion, oliverbaehler, and adberger
Assets 12
v0.4.4
Hotfixes
- Unable to proxy resources for users, who are owners of multiple tenants #297 @MaxFedotov
Enhancements
- Client side rate limiters customisation #301 @abhinandanbaheti
Contributors
MaxFedotov and abhinandanbaheti
Assets 2
v0.4.3
Enhancements
Hotfix
- Missing start-up arguments error handling for non-existing CapsuleConfiguration reference #292 @prometherion @latchmihay
- Local installation through Makefile #286 @sagar-jadhav
- Helm Charts enhancements @kaotika
Contributors
kaotika, slimm609, and 3 other contributors
Assets 2
v0.4.2
Enhancements
- Allow specifying authPreferredTypes (Helm) #282 @JacekLakis-TomTom
Hotfixes
- Skipping TLS certificate auth strategy when handling plain HTTP requests #281 @JacekLakis-TomTom @prometherion
Contributors
prometherion and JacekLakis-TomTom
Assets 2
v0.4.1
Enhancements
- Local cache bypass using the
--disable-cacheCLI flag #266 @JacekLakis-TomTom @prometherion - Disabling symbol tables #270 @logikone
Hotfixes
Contributors
logikone, prometherion, and JacekLakis-TomTom
Assets 2
v0.4.0
This release addresses compatibility with capsule v0.2.x and v0.3.x.
Enhancements
- RuntimeClass listing #260 @oliverbaehler @prometherion
- Aligning to Capsule v1beta2 API changes #246 @oliverbaehler @prometherion
Hotfixes
- API reader for brand new created Namespace resources using the capsule proxy #266 @JacekLakis-TomTom @prometherion
- Rancher integration #264 @maxgio92 @prometherion
- Certificate hostname validity using cert-manager #262 @maxgio92
Contributors
maxgio92, prometherion, and 2 other contributors
Assets 2
v0.3.3
This release is not compatible with capsule v0.2.x, please, refer to the local milestone v0.4.0.
Enhancements
- Supporting any Kubernetes token #249 by @rct44 @prometherion
- Preferred authentication type ordering #258 by @logikone
Bugfixes
- Fixing node list as a tenant owner #254 by @sagar-jadhav
- Group Impersenation Handling #245 by @oliverbaehler
- Bumping up metrics-server Chart to v6.2.9 #256 by @prometherion
Thanks to all the people involved, it's great having such a flourish community contributing to open-source! <3
Contributors
logikone, sagar-jadhav, and 3 other contributors
Assets 2
v0.3.2
Enhancements
- Chart Linting (Dry Install) & Repo Housekeeping #229 (@oliverbaehler)
- Support IngressClass name in the Helm chart #237 (@carpenterm)
Hotfixes
- Incorrect handling of trailing slashes in LIST requests #238 (@MaxFedotov )
- User or group with LIST permission is able to create object #242 (@MaxFedotov )
Contributors
carpenterm, MaxFedotov, and oliverbaehler
Assets 2
v0.3.1
Hotfixes
- Unable to consume JWTs from service principal due to missing required claim attribute #232
- Regex for bearer token not valid for GCP access token #231
- Exec/port-forward/logs command not working with capsule-proxy #224
- Support for OIDC roles > group mapping configuration #233
Thanks
To all the people that reported the said issues: @nvanrymenant, @RoFz, @mathuvenkat, and @viveksyngh!
Contributors
viveksyngh, nvanrymenant, and 2 other contributors