Releases · cerbos/cerbos

Cerbos 0.43.0

View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.43.0.html

Changelog

Bug fixes

ff7c199 fix: Maintain derived role mappings during policy updates (#2536)
03982ea fix: Purge rule table on index build failure (#2538)

Chores

dba785d chore(ci): Make Coveralls upload optional (#2541)
c1238e0 chore(deps): Update go deps (#2534)
b0c542e chore(deps): Update go deps (#2540)
b074c8f chore(deps): update node.js deps (#2535)
170a7e8 chore(release): Add 0.43.0 release notes (#2542)
69f4f15 chore(release): Prepare release 0.43.0
c56621c chore(version): Bump version to 0.43.0
4ae6dac chore: Change logger keys based on bundle version (#2533)

Cerbos 0.42.0

View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.42.0.html

Changelog

Features

e3aef93 feat: SPIFFE functions (#2524)

Enhancements

36c7625 enhancement: Stop logging attribute values as JSON-encoded strings in decision logs (#2516)

Bug fixes

8cbeca7 fix: Ensure derived role updates purge rule table caches (#2523)
4449609 fix: Evaluate condition blocks correctly in REPL (#2513)
f1fc31d fix: Purge schema cache on store reload (#2522)
e4da017 fix: Tidy up rule table trace outputs (#2531)

Documentation

970f7fd docs: Remove symlink to SQL Server schema (#2505)

Chores

b7fa780 chore(deps): Bump github.com/containerd/containerd from 1.7.25 to 1.7.27 in /tools (#2520)
2658904 chore(deps): Bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 in /tools (#2527)
ed471a3 chore(deps): Bump github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 in /tools (#2526)
92b5da4 chore(deps): Bump github.com/redis/go-redis/v9 from 9.7.0 to 9.7.3 (#2525)
b89d3c4 chore(deps): Bump golang.org/x/net from 0.35.0 to 0.36.0 in /api/genpb (#2514)
9bff439 chore(deps): Bump golang.org/x/net from 0.35.0 to 0.36.0 in /tools (#2509)
fc62644 chore(deps): Update go deps (#2507)
5c2b5bd chore(deps): Update golangci/golangci-lint-action action to v6.5.1 (#2517)
e682aeb chore(deps): Update golangci/golangci-lint-action action to v6.5.2 (#2528)
0276262 chore(deps): Update node.js deps (#2508)
25b8f18 chore(deps): Update pnpm to v10.6.3 (#2518)
ed90ba0 chore(deps): Update pnpm to v10.6.5 (#2529)
5d3167a chore(planner): Switch from CEL protobuf to native types (#2492)
4e6d19b chore(release): Add 0.42.0 release notes (#2532)
1a5b7c2 chore(release): Prepare release 0.42.0
bd70cea chore(version): Bump version to 0.42.0
fa4ac36 chore: Add gopls's modernizer to linters (#2515)
ba15837 chore: Handle empty policies in the parser (#2530)
8247248 chore: Handle kind ROLE in trace printer (#2511)

Cerbos 0.41.0

View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.41.0.html

Changelog

Features

bfef008 feat(plan): Use scope value in the query plan (#2485)
9bec734 feat: Replace labels with deployments in bundle API v2 (#2483)

Enhancements

71682d6 enhancement!: Switch to ContextEval to evaluate CEL expressions (#2495)
538ab24 enhancement: Correctly set GOMAXPROCS on ECS (#2459)
41787ba enhancement: Fail tests with unreachable output expectations (#2418)
c2f16ff enhancement: Lazy rule table (#2460)
131bf5f enhancement: Rule table engine (#2442)
ecf08cc enhancement: Support bundlev2 (#2395)

Bug fixes

038719b fix: Add missing policy required for mutable e2e tests (#2502)
bd3222d fix: Correctly handle defaultPolicyVersion engine config (#2449)
8983b99 fix: Correctly handle partial rule table and event subscription (#2455)
a676fd1 fix: Fall back to default policy version sooner in query planner (#2450)
0b80bcb fix: Reload rule table when store contents change (#2452)
f611ff2 fix: Return validation errors and effective policies in query planner responses (#2447)
a12fd5c fix: Rule table reload should only purge (#2467)
3596a31 fix: Use correct filterDebug type in e2e query planner test (#2448)

Documentation

73b40e4 docs: Correct examples for math functions (#2445)
9096ecb docs: Scope permissions (#2487)
1fd792d docs: Update 03_calling-cerbos.adoc of tutorial to use the updated /api/check/resources endpoint (#2429)
4eb7b26 docs: Update what-is-cerbos.adoc tenant ->tenet (#2406)

Chores

282fe32 chore!: REQUIRE_PARENTAL_CONSENT refinements for resource and principal policies (#2484)
31e635e chore!: Role policy deny rows (#2475)
24551ba chore(deps): Bump filippo.io/age from 1.2.0 to 1.2.1 (#2423)
7a81126 chore(deps): Bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 in /tools (#2491)
39242a6 chore(deps): Bump github.com/quic-go/quic-go from 0.48.1 to 0.48.2 in /tools (#2405)
3792699 chore(deps): Bump golang.org/x/crypto from 0.29.0 to 0.31.0 in /tools (#2414)
c03afd6 chore(deps): Remove SQL Server dependencies (#2394)
09806c6 chore(deps): Update alecthomas/kong to v1.5.1 (#2404)
e11f815 chore(deps): Update dawidd6/action-download-artifact action to v7 (#2417)
5571a2c chore(deps): Update dependency node to v22.13.0 (#2444)
4eda1c7 chore(deps): Update github actions deps (#2427)
55dc0c8 chore(deps): Update github actions deps (#2464)
d6818fa chore(deps): Update github.com/bufbuild/protovalidate-go to 0.8.0 (#2428)
d0c26dd chore(deps): Update github.com/go-git/go-git/v5 (#2437)
aa9a573 chore(deps): Update go deps (#2397)
915609b chore(deps): Update go deps (#2407)
8b6d25e chore(deps): Update go deps (#2415)
2660e5e chore(deps): Update go deps (#2431)
fcd4205 chore(deps): Update go deps 8000 (#2435)
1845d25 chore(deps): Update go deps (#2443)
2e22713 chore(deps): Update go deps (#2453)
2abd268 chore(deps): Update go deps (#2457)
2746b91 chore(deps): Update go deps (#2463)
f7b4751 chore(deps): Update go deps (#2472)
f8fb0c7 chore(deps): Update go deps (#2478)
dbc40a4 chore(deps): Update go deps (#2488)
064898a chore(deps): Update go deps (#2498)
e0cdddf chore(deps): Update golang.org/x/crypto to 0.35.0 (#2494)
07ac82f chore(deps): Update golang.org/x/net to 0.33.0 (#2425)
dc1adae chore(deps): Update golangci/golangci-lint-action action to v6.5.0 (#2479)
2d4d253 chore(deps): Update module golang.org/x/crypto to v0.31.0 [security] (#2413)
3c5adb2 chore(deps): Update module golang.org/x/net to v0.33.0 [security] (#2424)
0f287f4 chore(deps): Update node.js deps (#2398)
5902915 chore(deps): Update node.js deps (#2408)
87594c8 chore(deps): Update node.js deps (#2416)
14b12c9 chore(deps): Update node.js deps (#2426)
a0a6e82 chore(deps): Update node.js deps (#2430)
b39b49f chore(deps): Update node.js deps (#2499)
55e8fab chore(deps): Update pnpm to v9.15.3 (#2436)
3da5156 chore(deps): Update pnpm to v9.15.4 (#2454)
f5715d6 chore(deps): Update sigstore/cosign-installer action to v3.8.1 (#2489)
5559df2 chore(deps): Upgrade CEL (#2412)
5dee8b3 chore(deps): update dawidd6/action-download-artifact action to v8 (#2474)
9159807 chore(deps): update github actions deps (#2473)
83a1191 chore(deps): update node.js deps (#2458)
4887bbc chore(deps): update node.js deps (#2490)
77e092c chore(deps): update npm to v11 (#2471)
d8ef175 chore(deps): update pnpm to v10.2.1 (#2470)
1ad0c79 chore(docs): Remove map of relations section from the best practises page (#2399)
4f995f7 chore(docs): Update Prisma guide to use v2.0 (#2501)
56d30ae chore(release): Add 0.41.0 release notes (#2503)
5d0095e chore(release): Prepare release 0.41.0
f67dfed chore(version): Bump version to 0.41.0
3306922 chore: Add read function to private package (#2433)
ba523cd chore: Add tests for resource policy with REQUIRE_PARENTAL_CONSENT_FOR_ALLOWS (#2466)
287227e chore: Decouple role policies from scope permissions (#2496)
0a81962 chore: Downgrade protovalidate to 0.9.1 (#2486)
be36b43 chore: Implicit denies are now attributed to role policies instead of scoped resources (#2500)
2b79350 chore: Initialise protovalidate lazily (#2482)
d0c6daa chore: Make ephemeral engine configurable (#2446)
d740986 chore: Protect against non leaf REQUIRE_PARENTAL_CONSENT scopes (#2493)
7123040 chore: Remove SQL Server driver (#2393)
937c19b chore: Replace golang.org/x/exp/maps with stdlib maps (#2504)
9068103 chore: Small optimisation in rule table lazy load (#2461)
7d9e861 chore: Specify service when checking health via HTTP (#2468)
5926145 chore: Temporarily disable fail-on-error behaviour for Coveralls unit test coverable uploads in GitHub workflow (#2476)
0151ee3 chore: Test against npm v11 and pnpm v10 (#2439)
a16bbe9 chore: Update copyright header (#2434)
9e9b7c3 chore: Upgrade to Go 1.24 (#2480)
6b2fdcf chore: Upgrade to go-yaml 1.15.6 (#2403)
dc0b149 chore: Use global protovalidate Validator (#2497)

Cerbos 0.40.0

View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.40.0.html

Changelog

Features

18f8e37 feat(plan): Add support for role policies (#2341)
9ff41a4 feat: Allow default policy version to be configured in tests (#2352)
0ead3be feat: Define constants for use in condition expressions (#2364)
2856d7d feat: Multiple principals and/or resources in a test case (#2338)
fcc3e75 feat: Support constants in cerbosctl (#2365)
ee13be0 feat: Use groups of principals and/or resources in test cases (#2340)

Enhancements

b2e1f04 enhancement!: Report an error if a test exercised time-based policy conditions without specifying now (#2354)
a5b7f8e enhancement(plan): Query plan scope permissions support for resource and principal policies (#2361)
886248a enhancement: Add user-agent to default allowed headers for CORS (#2345)
debdefc enhancement: Introduce policy scope FALL_THROUGH_ON_ALLOW strategy (#2325)
018340b enhancement: Make --verbose less noisy in combination with --run (#2351)
c1d16b9 enhancement: Make now fully deterministic (#2353)
d3a3448 enhancement: Make scopePermissions a required field on role policies (#2333)
2fb5853 enhancement: Role policies parent roles field (#2349)
8d92d97 enhancement: Validate fixtures files with JSON schemas to improve error messages (#2346)

Bug fixes

ba1ebf0 fix(helm): Remove whitespace chomp for priorityClassName so valid yaml is rendered (#2337)
b7e5c77 fix(plan): A policy with only conditional DENY rule must produce ALWAYS_DENIED (#2369)
6093dac fix: Command execution fails with cerbos run since v0.39 (#2358)
5c2d31e fix: Inspect policy output expressions (#2392)
9851460 fix: Populate path field of validation errors (#2363)

Documentation

f8b0a47 docs: Remove extraneous space that breaks rendering (#2347)
02141da docs: Update gRPC API section (#2387)

Chores

c95133d chore(ci): Increase E2E test timeout (#2359)
591d25d chore(deps): Bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 in /tools (#2378)
0a49f42 chore(deps): Revert to upstream go-yaml (#2383)
40ca449 chore(deps): Update bufbuild/buf-setup-action action to v1.45.0 (#2334)
c0fa72b chore(deps): Update bufbuild/buf-setup-action action to v1.47.2 (#2382)
91ca366 chore(deps): Update dependency node to v22 (#2377)
d6203ed chore(deps): Update dependency verdaccio to v6 (#2357)
254d95a chore(deps): Update github actions deps (#2332)
3cc8070 chore(deps): Update github actions deps (#2375)
555e227 chore(deps): Update go deps (#2331)
6e20018 chore(deps): Update go deps (#2335)
04d11c5 chore(deps): Update go deps (#2355)
f3539fe chore(deps): Update go deps (#2360)
576637c chore(deps): Update go deps (#2367)
3e47658 chore(deps): Update go deps (#2376)
d9ca1ed chore(deps): Update go deps (#2381)
e862e9a chore(deps): Update go deps (#2385)
33e4b34 chore(deps): Update node.js deps (#2356)
efa3ff0 chore(deps): Update node.js deps (#2386)
76750db chore(deps): Update pnpm to v9.12.3 (#2368)
a1bc577 chore(deps): Use latest cloud-api and protobufs (#2388)
5ccb3d7 chore(docs): Add RAG use case (#2374)
4f84379 chore(docs): Update AWS Helm docs (#2372)
944bc2a chore(release): Add 0.40.0 release notes (#2391)
5141b77 chore(release): Prepare release 0.40.0
c0dbdbf chore(release): Update generated API module version before tagging (#2350)
a8bf26e chore(test): Skip SQL Server tests when container fails (#2339)
fa76952 chore(version): Bump version to 0.40.0
a6d9b8d chore: Add SQL Server deprecation notice (#2390)
d489ac0 chore: Replace deprecated snapshot.name_template field in GoReleaser config (#2370)
17b95be chore: Update required Go version (#2371)

Cerbos 0.39.0

View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.39.0.html

Changelog

Features

2dcf619 feat: Add Role policies (#2192) (#2260)
7bd0a2d feat: Add public API for running a PDP in-process (#2297)

Enhancements

8bcd411 enhancement: Add more trace spans to engine (#2324)
e2da55c enhancement: Atomic refreshes for blob storage (#2263)
7add5fe enhancement: Change how blob storage creates work directories and add metric for the last store refresh (#2284)
1f532ca enhancement: Display attributes in the cerbosctl inspect policies command (#2301)
f4afc44 enhancement: Get/put cerbosctl role policy support (#2274)
259eeb0 enhancement: Improvements to atomic refreshes for blob storage (#2283)
4a9830c enhancement: Keep cached files under base64 encoded directory for blob storage (#2292)
25bd4c2 enhancement: Remove eager log initialisation from schema validation (#2287)

Bug fixes

3ac50c4 fix(docs): Update Helm doc (#2278)
670b3fe fix(helm): Allow overriding listen addresses (#2289)
86cf020 fix(helm): Fix schema definition of initContainers (#2305)
955a0c4 fix(schema): Support TLS with reverse proxy (#2300)
f901abd fix: Move runtime role policy proto scope level (#2321)

Documentation

bfbef28 docs: Add role policies sections (#2253) (#2261)
05917f2 docs: Document the Cerbos Nix flake (#2309)
28902c6 docs: Fix missing default value for storage.hub.remote.disableAutoUpdate (#2298)
335a8f2 docs: Spell Datadog properly (#2270)

Chores

494db09 chore(ci): Clear disk space for cache workflow (#2268)
4291df1 chore(ci): Clear disk space for upload workflow (#2269)
943078e chore(ci): Clear disk space for vulnerability check (#2271)
95a39cb chore(ci): Clear disk space on PR run (#2266)
07d83f6 chore(ci): Set SQL Server image pull policy for E2E tests (#2304)
607d08c chore(ci): Trust SQL Server certificate (#2307)
6fb7cf8 chore(deps): Bump github.com/docker/docker from 27.1.0+incompatible to 6D40 27.1.1+incompatible in /tools (#2277)
cdd71fe chore(deps): Bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 (#2306)
7bdbbe7 chore(deps): Update bufbuild/buf-setup-action action to v1.37.0 (#2286)
fd8f19f chore(deps): Update bufbuild/buf-setup-action action to v1.38.0 (#2296)
07fec41 chore(deps): Update bufbuild/buf-setup-action action to v1.39.0 (#2302)
bc56290 chore(deps): Update bufbuild/buf-setup-action action to v1.41.0 (#2311)
9b307d2 chore(deps): Update bufbuild/buf-setup-action action to v1.42.0 (#2320)
6c10a02 chore(deps): Update github actions deps (#2275)
21c5bc6 chore(deps): Update go deps (#2276)
5508335 chore(deps): Update go deps (#2285)
ba7bad9 chore(deps): Update go deps (#2295)
2481b79 chore(deps): Update go deps (#2303)
0b79e26 chore(deps): Update go deps (#2310)
a1f40a7 chore(deps): Update go deps (#2319)
ffb98d9 chore(deps): Update go deps (#2326)
0befa6e chore(deps): Update module github.com/alecthomas/kong to v1 (#2313)
0c00caa chore(deps): Update node.js deps (#2312)
4d86423 chore(deps): Update pnpm to v9.11.0 (#2327)
be6f9e2 chore(docs): Add AWS Marketplace (#2267)
3c78ef8 chore(docs): Reference payment via AWS Marketplace (#2322)
ba23e1d chore(docs): Update sqlite3 example to use proper in-memory DSN (#2317)
b5a56f8 chore(release): Add 0.39.0 release notes (#2328)
c5eb751 chore(release): Prepare release 0.39.0
855768e chore(tooling): Fix confdocs not being able to parse examples consisting of an array (#2308)
109f23d chore(version): Bump version to 0.39.0
def2b5a chore: Remove Otel Host metrics (#2264)
58a1556 chore: Remove deprecated linters and fix linter errors (#2290)
6c37940 chore: Upgrade to Go 1.23 (#2288)

Cerbos 0.38.1

View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.38.1.html

Changelog

Chores

3284851 chore(ci): Remove AWS dev and latest container tags (#2256)
87cda73 chore(release): Add 0.38.1 release notes (#2257)
a56ff6b chore(release): Prepare release 0.38.1
d124b93 chore(version): Bump version to 0.39.0

Cerbos 0.37.0

View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.37.0.html

Changelog

Features

f2ad52f feat(repl): Autocomplete for REPL directives, and a small fix for filenames (#2169)
89e6ee9 feat: Add filtering by policy IDs to InspectPolicies RPC (#2160)
2efb5e5 feat: List local and imported variables in the policy with InspectPolicies (#2141)

Enhancements

7de21d8 enhancement(helm): Allow deploying as a DaemonSet (#1658)
57cf574 enhancement: Add policy id parameter to inspect command (#2174)
9a6450e enhancement: Context for YAML syntax errors (#2151)
b6f9a61 enhancement: Ensure git protocol matches the URL (#2163)
3ea1ea0 enhancement: Formatting options for cerbosctl inspect command (#2179)
04f0373 enhancement: InspectPolicies lists derived roles in the policy (#2186)
90bae03 enhancement: Revise API limits (#2161)

Bug fixes

df62cb6 fix(docs): Wildcard action wording (#2178)
f69dfc0 fix: Detect incorrectly indented YAML (#2153)
c8edda5 fix: Work around gRPC-Gateway bug in X-Forwarded-For handling (#2152)

Chores

7cd8ffd chore(ci): Clear disk space for npm build (#2149)
5ec9716 chore(ci): Clear disk space for release workflow (#2145)
27df29e chore(ci): Increase timeout for npm build stage (#2150)
342e93b chore(ci): Upgrade to GoReleaser v2 (#2184)
af7a526 chore(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.5.1 to 1.6.0 in /tools (#2185)
c7e7860 chore(deps): Bump github.com/goreleaser/goreleaser from 1.26.0 to 1.26.1 in /tools (#2154)
f567f6e chore(deps): Update bufbuild/buf-setup-action action to v1.32.1 (#2164)
c1c49f7 chore(deps): Update bufbuild/buf-setup-action action to v1.32.2 (#2170)
bea6ccc chore(deps): Update bufbuild/buf-setup-action action to v1.33.0 (#2188)
b6d97dd chore(deps): Update go deps (#2147)
99c09ef chore(deps): Update go deps (#2165)
d38b920 chore(deps): Update go deps (#2171)
a059dd3 chore(deps): Update go deps (#2181)
85c4161 chore(deps): Update go deps (#2187)
2b69f59 chore(deps): Update go deps to v2 (major) (#2167)
f55a92e chore(deps): Update golangci/golangci-lint-action action to v6 (#2173)
cc94282 chore(deps): Update node.js deps (#2148)
be936f2 chore(deps): Update node.js deps (#2166)
c5dc261 chore(deps): Update node.js deps (#2172)
32e6336 chore(deps): Update node.js deps (#2182)
10b0f0c chore(docs): Redirect old versions with correct status code (#2168)
ae7cfca chore(release): Add 0.37.0 release notes (#2189)
bf41e87 chore(release): Prepare release 0.37.0
c1c4049 chore(version): Bump version to 0.37.0
a1a7010 chore: Migrate to Buf configuration v2 (#2180)
7fdc055 chore: Remove workaround for fixed gRPC-Gateway bug in X-Forwarded-For handling (#2157)
1a25664 chore: Update error message for invalid expression (#2156)

Cerbos 0.36.0

View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.36.0.html

Changelog

Features

e98d5f1 feat: Add cerbosctl hub epdp list-candidates command (#2078)
7ba383d feat: Add cerbosctl inspect policies command (#2101)

Enhancements

cdf2589 enhancement: Add audit log filtering to Hub backend (#2073)
b11597e enhancement: Apply perf patch to YAML parser (#2132)
2e335d5 enhancement: Write audit logs asynchronously (#2104)

Bug fixes

4929745 fix: Eagerly establish gRPC connection to avoid initial delay (#2105)
ea039c4 fix: Handle folded strings and indented newlines in YAML correctly (#2128)
8aac976 fix: Ignore context cancellation when writing audit log entries (#2113)
a88733f fix: Include implicit EFFECT_DENY in test failure details (#2117)
68fcdfa fix: Kafka TLS using system CA (#2120)
61addb0 fix: Mark tests with missing expectations as errored (#2116)
0c755f2 fix: Stop blocking Kafka audit publishing when an outage occurs (#2122)

Documentation

b022d25 docs: Add documentation for Dagger Cerbos module (#2106)
31897e0 docs: Document Hub features (#2133)
1a04715 docs: Document how to verify cosign signatures (#2094)

Chores

36d3681 chore(ci): Check results of npm package tests (#2098)
82f774d chore(ci): Fix E2E tests combining the host address with extra colon (#2114)
55b6826 chore(ci): Remove unmaintained Netlify action (#2093)
c95f50f chore(ci): Update storage type for Jaeger chart (#2096)
2001128 chore(deps): Bump github.com/docker/docker from 26.0.0+incompatible to 26.0.2+incompatible in /tools (#2108)
f74f372 chore(deps): Bump github.com/sigstore/cosign/v2 from 2.2.1 to 2.2.4 in /tools (#2097)
e2b73f0 chore(deps): Bump golang.org/x/net from 0.21.0 to 0.23.0 in /api/genpb (#2110)
5ac1c32 chore(deps): Update github actions deps (#2125)
e7d828a chore(deps): Update go deps (#2099)
5f96e64 chore(deps): Update go deps (#2111)
a40093a chore(deps): Update go deps (#2124)
38c0f24 chore(deps): Update go deps (#2135)
236ab29 chore(deps): Update go deps (#2139)
56a29ba chore(deps): Update go deps to v2 (major) (#2138)
394cfa0 chore(deps): Update golangci/golangci-lint-action action to v5 (#2127)
70db704 chore(deps): Update golangci/golangci-lint-action action to v5.3.0 (#2136)
c862740 chore(deps): Update node.js deps (#2100)
cd4894a chore(deps): Update node.js deps (#2126)
4e40af6 chore(deps): Update node.js deps (#2137)
603d0ef chore(deps): Update pnpm to v9.0.5 (#2112)
8f7af37 chore(deps): Update to go1.22.3 (#2143)
a5d835b chore(deps): Use latest Cerbos SDK (#2140)
d797ebb chore(docs): Update cloud-platforms.adoc (#2109)
531e896 chore(release): Add 0.35.1 release notes (#2090)
80e10c1 chore(release): Add 0.36.0 release notes (#2144)
c91df82 chore(release): Prepare release 0.36.0
b3109b3 chore(test): Test npm packages against pnpm v9 (#2102)
b9fe96e chore(version): Bump version to 0.36.0
cb3c68d chore: Handle panics during parsing (#2129)
ef65065 chore: Remove deprecated audit log fields from filter (#2121)
0140870 chore: Remove usage of deprecated MySQL native authentication plugin (#2131)
eb6029c chore: Rename bundle driver to hub (#2130)
5dbef14 chore: Use new hub configuration for env var override (#2142)

Cerbos 0.35.1

View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.35.1.html

Changelog

Chores

e5b322b chore(ci): Output signature from cosign (#2089)
0dfd432 chore(release): Prepare release 0.35.1
4c9c159 chore(version): Bump version to 0.36.0

Cerbos 0.34.0

View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.34.0.html

Changelog

Features

42e8442 feat: Better diagnostic error messages for policy issues (#1960)

Enhancements

36b0e6d enhancement(ci): Sign release artifacts (#1959)
5db9ab0 enhancement(ci): Validate Helm chart in CI (#1957)
90f198a enhancement: Better compilation errors (#1968)
707278f enhancement: Detailed load errors in REPL (#1985)

Bug fixes

4f90a5c fix: Record HTTP remote address as peer address for HTTP requests (#1964)

Documentation

4afdc2f docs: Fix branch filter (#1958)

Chores

05ef26b chore(ci): Add correct permissions to snapshot job (#1962)
f24bec2 chore(ci): Add cosign to snapshot build job (#1961)
8db9898 chore(ci): Fix workflow permissions (#1963)
cfed07f chore(ci): Use master version of govulncheck (#1967)
b89c2c7 chore(deps): Bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 (#1971)
7918e5e chore(deps): Bump helm.sh/helm/v3 from 3.14.0 to 3.14.1 (#1986)
5cf243a chore(deps): Update actions/cache action to v4 (#1955)
dc8cf7f chore(deps): Update actions/setup-go action to v5 (#1990)
5574e85 chore(deps): Update github actions deps (#1973)
e510788 chore(deps): Update github actions deps (#1983)
58a915c chore(deps): Update go deps (#1954)
e683b1d chore(deps): Update go deps (#1974)
9bc3226 chore(deps): Update go deps (#1984)
f151096 chore(deps): Update go deps (#1989)
0c095fc chore(deps): Update module github.com/goreleaser/goreleaser to v1.24.0 [security] (#1976)
9cf901b chore(docs): Readme update (#1965)
aad2e98 chore(docs): Readme update (#1966)
e5c7bef chore(docs): Update header to have tabs for PDP and Hub (#1975)
c9d468d chore(release): Add 0.34.0 release notes (#1991)
8534c79 chore(release): Prepare release 0.34.0
563bec1 chore(version): Bump version to 0.34.0
e4ebc88 chore: Add JSON test cases for parser (#1952)
0dd8dad chore: Add ability to parse well-known types (#1972)
c253d87 chore: Copy metadata to runtime policies (#1981)
bc84737 chore: Handle invalid YAML files containing unterminated strings (#1970)
b10b139 chore: Move compiled policies annotations to *PolicySet (#1988)
4798453 chore: Reduce Docker healthcheck interval (#1978)
03f95ec chore: Remove start-period from Docker health check (#1979)
353aa08 chore: Switch workspace mode off for vulnerability check (#1953)
199ae8d chore: Update test filtering logic (#1992)
d022db1 chore: Use Go 1.22 (#1982)

Releases: cerbos/cerbos

v0.43.0

Cerbos 0.43.0

Changelog

Bug fixes

Chores

Uh oh!

v0.42.0

Cerbos 0.42.0

Changelog

Features

Enhancements

Bug fixes

Documentation

Chores

Uh oh!

v0.41.0

Cerbos 0.41.0

Changelog

Features

Enhancements

Bug fixes

Documentation

Chores

Uh oh!

v0.40.0

Cerbos 0.40.0

Changelog

Features

Enhancements

Bug fixes

Documentation

Chores

Uh oh!

v0.39.0

Cerbos 0.39.0

Changelog

Features

Enhancements

Bug fixes

Documentation

Chores

Uh oh!

v0.38.1

Cerbos 0.38.1

Changelog

Chores

Uh oh!

v0.37.0

Cerbos 0.37.0

Changelog

Features

Enhancements

Bug fixes

Chores

Uh oh!

v0.36.0

Cerbos 0.36.0

Changelog

Features

Enhancements

Bug fixes

Documentation

Chores

Uh oh!

v0.35.1

Cerbos 0.35.1

Changelog

Chores

Uh oh!

v0.34.0

Cerbos 0.34.0

Changelog

Features

Enhancements

Bug fixes

Documentation

Chores

Uh oh!