Cerbos v0.35.1

Highlights

This is a bug-fix release to handle a cache invalidation bug with lenient scope search and a common expression that should be simplified by the query planner.

This release also includes a new work-in-progress Admin API endpoint to inspect the policies in the policy repo and list their properties. Currently it supports listing the actions covered by each policy.

Changelog

Bug Fixes

  • P.attr.workspaces[R.id].role == "OWNER" must be simplified (#2059)

  • Skip compile cache if first candidate doesn’t exist (#2074)

Features

  • Add --client flag to cerbosctl version (#2013)

  • Inspect policies in the store (#2072)

Enhancements

  • Update Otel HTTP semantic conventions (#2018)

Documentation

  • Add fly.io deploy guide (#2039)

  • Add recipe for permission checks in the UI (#2038)

  • Change wording for prerelease caveat (#2029)

  • Embed tutorial videos (#2057)

  • Fix Go version in CONTRIBUTING.md (#2009)

  • Fix broken callout (#2014)

  • Fix leading space in include directive (#1995)

  • Remove policy version from .NET quickstart (#2065)

Chores

  • Add keywords to npm packages (#2046)

  • Add redirects for image URLs (#2035)

  • Add test cases for comments inside condition blocks (#1994)

  • Allow Renovate to update npm tests (#2081)

  • Bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible (#2062)

  • Bump github.com/docker/docker from 25.0.4+incompatible to 25.0.5+incompatible in /tools (#2063)

  • Bump github.com/lestrrat-go/jwx/v2 from 2.0.20 to 2.0.21 (#2040)

  • Bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3 in /tools (#2036)

  • Bump helm.sh/helm/v3 from 3.14.1 to 3.14.2 (#1997)

  • Bump version to 0.35.0

  • Distribute cerbos and cerbosctl via npm (#2011)

  • Fix Postgres data volume for E2E tests (#2061)

  • Fix disk space problem in Publish Dev Containers job (#2037)

  • Fix disk space problem on E2E tests (#2006)

  • Fix duplicate volume mount for postgres in E2E tests (#2077)

  • Generate cosign bundle for binaries (#1993)

  • Improve documentation accessibility (#2069)

  • InspectPolicies returns FQN instead of policy key (#2079)

  • Move version check below title (#2030)

  • Refactor Cerbos Hub configuration (#2047)

  • Skip flakey cerboshub audit backend test (#2010)

  • Unpin cosign version (#2060)

  • Update Node.js deps (#2082)

  • Update bufbuild/buf-lint-action action to v1.1.1 (#2075)

  • Update bufbuild/buf-setup-action action to v1.30.0 (#2042)

  • Update bufbuild/buf-setup-action action to v1.30.1 (#2085)

  • Update cloud-api usage (#2045)

  • Update dependency verdaccio to v5.30.3 (#2086)

  • Update deprecated brews.folder setting in GoReleaser config (#2084)

  • Update dorny/paths-filter action to v3 (#2001)

  • Update go deps (#2000)

  • Update go deps (#2007)

  • Update go deps (#2043)

  • Update go deps (#2053)

  • Update go deps (#2068)

  • Update go deps (#2076)

  • Update go deps to v1 (major) (#2002)

  • Update go deps to v2 (major) (#2003)

  • Update go deps to v2 (major) (#2008)

  • Update go deps to v2 (major) (#2054)

  • Update golangci/golangci-lint-action action to v4 (#2055)

  • Upgrade golang.org/x/net to 0.24 (#2080)

  • Upgrade protobuf to 1.33.0 (#2012)

  • Work around Renovate bug to enable Yarn updates (#2083)