Cerbos v0.34.0

Highlights

In this release, we have reworked the internals of Cerbos to significantly improve the syntax error messages with better descriptions, precise locations, and contextual information.Based on frequently asked support questions, the policy parser has been made smarter to detect common policy authoring mistakes and warn users about them as well. These usability enhancements are targeted at making the output of cerbos compile easier to understand and help you debug policy syntax issues quicker.

Thanks to Cerbos community member @psolarcz, all Cerbos release artifacts are now signed and can be verified using sigstore tools. Previously, only the container images were signed.

Changelog

Bug Fixes

  • Record HTTP remote address as peer address for HTTP requests (#1964)

Features

  • Better diagnostic error messages for policy issues (#1960)

Enhancements

  • Better compilation errors (#1968)

  • Detailed load errors in REPL (#1985)

  • Sign release artifacts (#1959)

  • Validate Helm chart in CI (#1957)

Documentation

  • Fix branch filter (#1958)

Chores

  • Add JSON test cases for parser (#1952)

  • Add ability to parse well-known types (#1972)

  • Add correct permissions to snapshot job (#1962)

  • Add cosign to snapshot build job (#1961)

  • Bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 (#1971)

  • Bump helm.sh/helm/v3 from 3.14.0 to 3.14.1 (#1986)

  • Bump version to 0.34.0

  • Copy metadata to runtime policies (#1981)

  • Fix workflow permissions (#1963)

  • Handle invalid YAML files containing unterminated strings (#1970)

  • Move compiled policies annotations to *PolicySet (#1988)

  • Readme update (#1965)

  • Readme update (#1966)

  • Reduce Docker healthcheck interval (#1978)

  • Remove start-period from Docker health check (#1979)

  • Switch workspace mode off for vulnerability check (#1953)

  • Update actions/cache action to v4 (#1955)

  • Update actions/setup-go action to v5 (#1990)

  • Update github actions deps (#1973)

  • Update github actions deps (#1983)

  • Update go deps (#1954)

  • Update go deps (#1974)

  • Update go deps (#1984)

  • Update go deps (#1989)

  • Update header to have tabs for PDP and Hub (#1975)

  • Update module github.com/goreleaser/goreleaser to v1.24.0 [security] (#1976)

  • Update test filtering logic (#1992)

  • Use Go 1.22 (#1982)

  • Use master version of govulncheck (#1967)