We value your privacy

This website or its third-party tools process personal data. You can opt out of the sale of your personal information by clicking on the “Do Not Sell or Share My Personal Information” link.

Cerbos v0.47.0

Highlights

Running Cerbos on AWS Lambda environments is now easier and more streamlined. Two specially-built binaries with lifecycle event handlers allow Cerbos to be deployed as a standalone function or as an extension to your own function (similar to a sidecar). See Lambda deployment documentation for more information.

Compiler error messages for missing schema references are now more detailed to help with debugging.

The cerbosctl commands for working with Cerbos Hub stores are now git-aware. The commands to upload files to Cerbos Hub can detect git repositories and automatically set the commit details if none are provided by the user. A new command to upload files changed in a git commit range has been added as well.

Changelog

Features and enhancements

  • Add upload-git command and git change details option to replace-files command (#2695)

  • Add AWS Lambda support (#2661)

  • Allow specififying service.trafficDistribution (#2693)

  • More detailed schema errors (#2663)

Documentation

  • Add AI policy to contribution guidelines (#2710)

  • Add AWS Lambda docs (#2740)

  • Fix broken link in README.md (#2658)

Other

  • Added messaging about Hub to PDP logs (#2743)

  • Allow overriding TLS settings for cerbosctl hub commands (#2724)

  • Batch dependents and deflake CI suites (#2677)

  • Better node dedup in query planner (#2735)

  • Bump github.com/docker/docker from 27.2.0+incompatible to 28.0.0+incompatible (#2666)

  • Bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 (#2673)

  • Bump github.com/quic-go/quic-go from 0.54.0 to 0.54.1 in /tools (#2731)

  • Bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 in /tools (#2678)

  • Bump version to 0.47.0

  • Clean up .goreleaser.yml (#2670)

  • Clean up deployment to AWS SAR (#2723)

  • Clear disk space quicker (#2692)

  • Config option to disable bootstrapping (#2691)

  • Decouple rule table (#2653)

  • Don’t set registry-url to avoid introducing a spurious NODE_AUTH_TOKEN (#2736)

  • Exclude machineid lib from JS builds (#2662)

  • Fix e2e blob test by guaranteeing policy existence (#2672)

  • Fix e2e overlay test (#2671)

  • Fix flaky remote source tests (#2696)

  • Implement io.Closer for Lambda function handler (#2689)

  • Increase blob e2e sleep period (#2684)

  • Increase E2E blob store update interval (#2720)

  • Increase e2e blob store sleep for minio startup (#2699)

  • Move all Minio images to bitnamilegacy (#2722)

  • Poll for policy existence in blob e2e tests (#2706)

  • Publish AWS Lambda extension to SAR (#2719)

  • Publish lambda handler to AWS SAR (#2707)

  • Remove disableSSL and add protocol to the endpoint query param (#2715)

  • Remove superfluous compile manager subscription mechanism (#2686)

  • Rename lambda release directories for consistency (#2725)

  • Set minimum age for Renovate dependencies (#2708)

  • Support Hub config in Lambda (#2729)

  • Test publishing to SAR (#2713)

  • Update Buf dependencies (#2737)

  • Update GitHub Actions deps to v5 (major) (#2712)

  • Update Go deps (#2711)

  • Update Go deps (#2717)

  • Update Go deps (#2727)

  • Update Go deps (#2732)

  • Update Go deps (#2739)

  • Update Go deps (#2744)

  • Update Node.js deps (#2718)

  • Update Node.js deps (#2733)

  • Update Node.js deps (#2738)

  • Update Node.js deps (#2745)

  • Update actions/setup-go action to v6 (#2701)

  • Update amannn/action-semantic-pull-request action to v6 (#2681)

  • Update dawidd6/action-download-artifact action to v11 (#2682)

  • Update dependency helmfile/helmfile to v1.1.6 (#2687)

  • Update github actions deps (#2665)

  • Update github actions deps (#2669)

  • Update github actions deps (#2675)

  • Update github actions deps (#2697)

  • Update github actions deps to v3 (major) (#2683)

  • Update github actions deps to v5 (major) (#2702)

  • Update go deps (#2659)

  • Update go deps (#2664)

  • Update go deps (#2668)

  • Update go deps (#2674)

  • Update go deps (#2688)

  • Update go deps (#2698)

  • Update golangci/golangci-lint-action action to v8 (#2703)

  • Update helm.sh/helm/v3 to 3.18.5 (#2667)

  • Update module github.com/google/go-licenses to v2 (#2704)

  • Update node.js deps (#2660)

  • Update node.js deps (#2680)

  • Update node.js deps (#2700)

  • Use CollectT in EventuallyWithT (#2685)

  • Use OIDC to authenticate to publish npm packages (#2734)

  • Use default config if one not provided for Lambda (#2728)

  • Use faster disk space reclaim action (#2694)

  • Use legacy Bitnami registry (#2721)

  • update go deps (#2679)

  • update go deps (#2705)