Releases: octo-sts/app
Releases · octo-sts/app
v0.5.3
What's Changed
Fix
- Unauthenticated SSRF with HTTP Response Reflection in OIDC Flow (CVE-2025-52477): GHSA-h3qp-hwvr-9xcq
Full Changelog: v0.5.2...v0.5.3
v0.5.2
Contributors
mgreau
Assets 2
v0.5.1
Contributors
cpanato and egibs
Assets 2
v0.5.0
What's Changed
- add initial release cadence and permissions update by @cpanato in #484
- Support for custom audience by @pdeslaur in #508
- Update go to 1.23 and terraform to 1.9 by @cpanato in #535
- add new field to bq by @cpanato in #540
- add new field to bq (audience_pattern) by @cpanato in #541
- add new field to bq (audience) by @cpanato in #542
- Plumb through a deletion protection option. by @mattmoor in #544
- add github verify check mark by @cpanato in #572
- document current github permissions enabled by @cpanato in #582
- fix: wording for trust policy not found error by @luhring in #585
- Add exchange unit testing. by @wlynch in #588
- ignore sts policy validation if the file is removed by @cpanato in #589
- set require_squad to false by @cpanato in #607
- add require_squad and set to false by @cpanato in #616
- add new field to the bq schema by @cpanato in #703
- update list of active permissions by @cpanato in #717
- Leverage GRPC errors in CheckToken. by @mattmoor in #737
- bump dependencies and upgrade to go1.24 by @cpanato in #770
- Bump the all group across 1 directory with 4 updates by @cpanato in #788
- pin reviewdog/action-tflint github action to full-length commit SHA by @eslerm in #811
- update octo-sts permission list by @cpanato in #818
- remove
insecure.NewCredentialsby @imjasonh in #821 - Revert "remove
insecure.NewCredentials(#821)" by @imjasonh in #822 - app: remove insecure transport credentials by @wlynch in #823
- Revert "app: remove insecure transport credentials (#823)" by @wlynch in #824
- Dependencies update / ci clean up by @cpanato in #843
- Add best practices to README by @wlynch in #891
- update permissions doc page by @cpanato in #898
- handle and reply when accessing / by @cpanato in #745
pluse several dependabot updates
New Contributors
- @pdeslaur made their first contribution in #508
- @luhring made their first contribution in #585
- @eslerm made their first contribution in #811
Full Changelog: v0.4.2...v0.5.0
Contributors
imjasonh, pdeslaur, and 5 other contributors
Assets 2
v0.4.2
Contributors
wlynch
Assets 2
v0.4.1
What's Changed
Full Changelog: v0.4.0...v0.4.1
Contributors
wlynch
Assets 2
v0.4.0
What's Changed
- Ignore "Abnormal KMS Access" for GetIamPolicy by @imjasonh in #443
- Bump chainguard/tf-common-infra to 0.6.74 by @wlynch in #472
- feat: allow webhook to use env vars or cert files for github app secret by @karlhaworth in #470
- if we got a zerohash get the contents of the directory that we are interested by @cpanato in #309
- Add org filter to webhook. by @wlynch in #476
Full Changelog: v0.3.1...v0.4.0
Contributors
imjasonh, wlynch, and 2 other contributors
Assets 2
v0.3.1
What's Changed
- Bump chainguard-dev/common/infra from 0.6.19 to 0.6.60 in /iac/bootstrap in the all group across 1 directory by @dependabot in #425
- fix: environment variable app secret by @karlhaworth in #432
- Bump google.golang.org/api from 0.189.0 to 0.190.0 by @dependabot in #431
Full Changelog: v0.3.0...v0.3.1
Contributors
dependabot and karlhaworth
Assets 2
v0.3.0
What's Changed
- Pull the GCLB and DNS out of the app module by @mattmoor in #284
- Bump chainguard-dev/common/infra from 0.6.18 to 0.6.19 in /iac in the all group by @dependabot in #273
- Bump chainguard-dev/common/infra from 0.6.18 to 0.6.19 in /iac/bootstrap in the all group by @dependabot in #277
- Add a webhook to validate trust policies by @mattmoor in #285
- only run deploy if is the upstream repo by @cpanato in #295
- update go-github to v61 and github.com/bradleyfalzon/ghinstallation to align the versions by @cpanato in #294
- Add several fields to DTS schema by @mattmoor in #403
- Bump the all group across 1 directory with 6 updates by @dependabot in #404
- Bump chainguard-dev/common/infra from 0.6.18 to 0.6.52 in /modules/app in the all group across 1 directory by @dependabot in #402
- Bump chainguard-dev/common/infra from 0.6.18 to 0.6.52 in /iac in the all group across 1 directory by @dependabot in #401
- feat: allow flexible options for github app secret and metrics by @karlhaworth in #412
- Dependabot/go modules/all 373d5795f5 by @wlynch in #429
- Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 in the all group by @dependabot in #427
- Bump the all group across 1 directory with 2 updates by @dependabot in #430
- Bump chainguard-dev/common/infra from 0.6.52 to 0.6.60 in /iac in the all group across 1 directory by @dependabot in #421
New Contributors
- @karlhaworth made their first contribution in #412
- @wlynch made their first contribution in #429
Full Changelog: v0.2.0...v0.3.0
Contributors
wlynch, mattmoor, and 3 other contributors
Assets 2
v0.2.0
What's Changed
- Bump the all group across 1 directory with 4 updates by @dependabot in #257
- Bump chainguard-dev/common/infra from 0.6.1 to 0.6.15 in /iac in the all group across 1 directory by @dependabot in #258
- Bump golangci/golangci-lint-action from 4.0.0 to 6.0.1 by @dependabot in #260
- Bump chainguard-dev/common/infra from 0.6.0 to 0.6.15 in /iac/bootstrap in the all group across 1 directory by @dependabot in #255
- Bump chainguard-dev/common/infra from 0.6.15 to 0.6.18 in /iac in the all group across 1 directory by @dependabot in #265
- Fix a typo and copy/paste error by @mattmoor in #261
- Bump chainguard-dev/common/infra from 0.6.15 to 0.6.18 in /iac/bootstrap in the all group by @dependabot in #264
- Switch to using regional-service as a precursor to broader refactoring by @mattmoor in #266
- Split off a module for bootstrapping Octo STS by @mattmoor in #269
- Fix the moved directive by @mattmoor in #270
- extract email for abnormal access alert by @k4leung4 in #271
- Parameterize the domain the probers hit. by @mattmoor in #272
- add verify prod and refactor terraform check/deploy by @cpanato in #197
- Revert "add verify prod and refactor terraform check/deploy (#197)" by @mattmoor in #276
- Add nameservers as outputs by @mattmoor in #282
Full Changelog: v0.1.0...v0.2.0
Contributors
mattmoor, cpanato, and 2 other contributors