- [CHANGE] Make images rootless. #86
- [FEATURE] Add ability to check for allowed request paths with new
--allow-pathsconfig option. #83
- [CHANGE] Use gcr.io/distroless/static as base image instead of alpine. #67
- [ENHANCEMENT] Add multi-arch container images for amd64, arm, arm64, ppc64le and s390x. #67
- [CHANGE] Move from glog to klog for logging. #57
- [FEATURE] Support token audience reviews. #56
- [FEATURE] Support custom upstream CAs. #34
- [ENHANCEMENT] Reload TLS certificates at runtime. #47
- [ENHANCEMENT] Add host in self-signed certs. #43
- [ENHANCEMENT] Use golang.org/x/net http2 server. #29
- [ENHANCEMENT] Update Kubernetes to 1.13.2 #28
- [ENHANCEMENT] Make multi-arch builds possible. #21
- [BUGFIX] Log when server isn't able to start. #27
- [BUGFIX] Set user specified TLS configuration when explicit TLS certificates are provided.
- [CHANGE] The config file flag has been renamed to
--config-file. - [CHANGE] There is a breaking change in the configuration. All configuration that was previously valid, is now nested in
.authorization.resourceAttributes. - [FEATURE] Add OIDC token authentication provider (note: this is not a client code flow for client authentication).
- [FEATURE] Add ability to rewrite SubjectAccessReviews based on request query parameters.
This release is unmodified code from v0.3.0, but built with latest golang.
- [BUGFIX] Fix
x509: cannot parse dnsNamein intermediate certificates.
- [FEATURE] Add HTTP/2 support.
- [ENHANCEMENT] Add ability to choose TLS cipher suites.
- [ENHANCEMENT] Add ability to choose minimum TLS version and default to TLS 1.2.
- [CHANGE]
--listen-addressflag renamed to--insecure-listen-address. - [FEATURE] Add TLS support.