Releases: structured-world/structured-proxy
Releases · structured-world/structured-proxy
Release list
v2.2.2
Fixed
- (auth) pin self-contained rustls TLS for the JWKS client
Other
- (deps) bump reqwest to 0.13, refresh dependencies
- Merge branch 'main' into dependabot/cargo/redis-1.2
- Merge branch 'main' into dependabot/github_actions/actions/download-artifact-8
- Merge branch 'main' into dependabot/github_actions/softprops/action-gh-release-3
- Merge branch 'main' into dependabot/github_actions/actions/create-github-app-token-3
- Merge branch 'main' into dependabot/github_actions/actions/checkout-7
- (deps) bump actions/upload-artifact from 4 to 7
v2.2.1
Fixed
- (packaging) check out the released tag in package jobs
- (packaging) declare both published Fedora arches in manifest
- (packaging) do not mask config ownership failures in postinst
- (packaging) compile the redis feature into release binaries
Other
- (packaging) note sandbox-readable paths for configured files
- (packaging) add RPM/DEB packaging and release workflow
v2.2.0
Added
- (streaming) expose server-streaming RPCs as SSE
Fixed
- (streaming) make error frames terminal and rename SSE error event
- (config) reject zero SSE keep-alive interval
- (streaming) let hyper choose NDJSON body framing
- (streaming) parse all Accept headers and quality factors for SSE
Other
- (readme) trim streaming feature bullet to a headline
- (streaming) cover terminal error frames and SSE event name
- (streaming) add regression tests for Accept negotiation
v2.1.0
Added
- (auth) guard mutually-exclusive jwt backends at compile time
Other
- add cargo-deny advisories security job
- (security) ignore RUSTSEC-2023-0071 advisory
v2.0.1
Fixed
- (config) keep embedded-constructed structs constructible
Other
- (test) clarify forwarded_headers in the embedded test
v2.0.0
Added
- (authz) external authorization via Envoy ext_authz gRPC
- (auth) add forward-auth verification endpoint
- (transcode) propagate W3C trace-context and request deadlines
- (oidc) serve OpenID discovery document and JWKS endpoint
- (auth) enforce JWT validation with JWKS and route policies
- (shield) enforce rate limiting via pluggable store
Fixed
- (config) [breaking] mark config structs non_exhaustive
- (authz) default authz endpoint and preserve duplicate headers
- (transcode) accept future W3C traceparent versions
- (transcode) validate trace-context and bound deadline parsing
- (oidc) validate Ed25519 SPKI, always serve JWKS, set media type
- (auth) harden claim headers, alg mapping, JWKS fetch, 401 vs 403
- (shield) use rightmost untrusted X-Forwarded-For hop
- (shield) close identifier bypass, harden store and IP trust
Other
- center the Support the Project section
- Merge branch 'main' into docs/#39-donation-badge
- (transcode) remove per-request route allocations on the hot path
- drop unimplemented BFF session config
- (config) add regression test for disabled authz without endpoint
- (authz) log authz call failures and assert parsed authz config
- (auth) simplify forward-auth query strip and cover invalid token
- (transcode) add regression test for versioned traceparent
- (transcode) add regression tests for deadline and trace validation
- (oidc) add regression tests for SPKI validation and empty JWKS
- (auth) add regression tests for header spoof and 401/403
- (shield) add regression test for spoofable XFF first hop
- (shield) add regression test for identifier-limit bypass
v1.1.0
Added
- (transcode) complete google.api.http request/response mapping
Fixed
- (transcode) tighten query coercion and surface mapping errors
- correct CORS example and guard release job concurrency
Other
- (transcode) add regression test for unsigned 32-bit query coercion
- narrow trusted googleapis scope to release-please
- pin only third-party actions, encode the policy for reviewers
- pin actions to commit SHAs and scope app-token permissions
- migrate release automation from semantic-release to release-plz
- (readme) add crates.io badges and correct stale content