Release v0.17.0

Changelog

Added

• Added security.trusted_proxies server config to control which reverse proxies or load balancers are allowed to supply forwarded client IP headers.
• Added system.fallback_unknown_domains server config to optionally preserve legacy routing of unknown hostnames to the default domain.
• Added system.builder_auth_token server config for delegated container builds, using a shared bearer token between the main OpenRun install and builder node(s).
• Added security.allowed_mounts server config to allow administrators to approve host directories that apps may use as container bind-mount sources.

Changed

• req.RemoteIP now ignores X-Forwarded-For and X-Real-IP unless the direct peer is listed in security.trusted_proxies.
• Reverse proxied requests now strip inbound forwarding headers and rebuild a clean X-Forwarded-* / X-Real-IP set before sending the request upstream.
• Requests for unknown Host values no longer route to the default domain unless system.fallback_unknown_domains is explicitly enabled.
• Delegated builds now require a valid bearer token on /_openrun/delegate_build. Builder nodes should run with builder.mode = "delegate_server" and no longer require security.admin_over_tcp = true for delegated-build ingress. Existing delegated-build setups must set the same system.builder_auth_token value on the main install and every builder node before upgrading.
• CORS is disabled by default for apps. The default app_config.cors.allow_origin is now empty and app_config.cors.allow_credentials is now "false". Apps that need browser cross-origin access must opt in with an app config override such as cors.allow_origin="https://frontend.example.com" or cors.allow_origin="origin".
• The default server-level container.config(...) permission no longer allows access to all secrets. Containerized apps that pass secrets through params, build args or generated secret volumes now need an explicitly approved container.config permission with the required secrets=[...] allowlist, unless the server config is intentionally changed to allow those secrets globally.
• Container runtime options now only pass raw Docker/Podman flags from app metadata when the flag is explicitly listed in security.allowed_container_args. Built-in cpus and memory options continue to be parsed by OpenRun and do not require this raw flag allowlist.
• Container bind-mount sources are now restricted to the app source directory, the app runtime directory, or directories listed in security.allowed_mounts. Relative bind sources must stay inside the app source tree.

Commits

• 2ba842f: Add mounts to .gitignore (@akclace)
• 8106d6d: Add security.allowed_mounts configuration to restrict bind-mount sources (@akclace)
• 6ac0e79: Added CSRF for logout call (@akclace)
• d8e5c33: Added builder token for delegated builds (@akclace)
• 6be0676: Added max size for webhook body (@akclace)
• 67f3de8: Added validation for table name (@akclace)
• bc9e778: Bump github.com/go-git/go-git/v5 from 5.17.1 to 5.18.0 (#89) (@dependabot[bot])
• 14d739b: Bump github.com/jackc/pgx/v5 from 5.7.5 to 5.9.0 (#88) (@dependabot[bot])
• 8e8379d: Bump github.com/moby/spdystream from 0.5.0 to 0.5.1 (#87) (@dependabot[bot])
• ab223f4: Bump go.opentelemetry.io/otel/sdk from 1.41.0 to 1.43.0 (#86) (@dependabot[bot])
• a842656: Changed default CORS settings (@akclace)
• 6a30c5e: Changed default for secrets access permission (@akclace)
• 693e182: Disallow symlinks in source path (@akclace)
• 1241d5f: Fix IPv6 host name parsing (@akclace)
• 9898721: Fix auth header and session validation (@akclace)
• 2458326: Fix checks for path traversal (@akclace)
• babc00e: Fix client IP handling, add config for setting trusted proxies (@akclace)
• 810f30f: Fix file path checks (@akclace)
• 636a72e: Fix path traversal during external commands (@akclace)
• ae3d685: Fix quick start link in docs (@akclace)
• a793329: Fix test case (@akclace)
• 4c147d8: Harden github actions (@akclace)
• 4775648: Harden referrer path handling (@akclace)
• a73316b: Limit container options which can be specified (@akclace)
• bd4cc7f: Remove config file read in CLI parser and fix test (@akclace)
• 3a32d6b: Remove test API endpoint (@akclace)
• 4148c01: Requests for unknown Host no longer route to the default domain (@akclace)
• 148f1eb: Skip fetching tags during checkout (@akclace)
• 01e26bb: Update go version to 1.26.2 (@akclace)
• cfa6c36: Updated delegated build to add max size limit (@akclace)
• 8611215: Verify Host header during HTTPS redirect (@akclace)

Release v0.16.26

Changelog

• 2faab19: fix #84 : Added UserId, CustomPerms, and AppRBACEnabled to the request object available in Starlark handlers and HTML templates (@akclace)

Release v0.16.25

Changelog

Other

• edcd844: Add edit link (@akclace)
• 6692527: Added options to customize the list_apps app (@akclace)
• 22fcf71: Added security.auth_required config property to prevent inadvertent public access for apps (@akclace)
• 79a9037: Bump github.com/go-git/go-git/v5 from 5.16.5 to 5.17.1 (#82) (@dependabot[bot])
• a277267: Bump github.com/go-jose/go-jose/v4 from 4.0.5 to 4.1.4 (#83) (@dependabot[bot])
• 794e29c: Bump github.com/moby/buildkit from 0.18.1 to 0.28.1 (#81) (@dependabot[bot])
• b842d58: Fix type conversion issues (@akclace)
• 3cff07b: Remove docker dependency to fix scan failure (@akclace)
• 2b20bff: Update changelog tag (@akclace)
• ea083a7: Update hextra theme (@akclace)
• 4ca683a: Update links (@akclace)

Release v0.16.24

Changelog

Other

• edcd844: Add edit link (@akclace)
• 6692527: Added options to customize the list_apps app (@akclace)
• 22fcf71: Added security.auth_required config property to prevent inadvertent public access for apps (@akclace)
• 79a9037: Bump github.com/go-git/go-git/v5 from 5.16.5 to 5.17.1 (#82) (@dependabot[bot])
• a277267: Bump github.com/go-jose/go-jose/v4 from 4.0.5 to 4.1.4 (#83) (@dependabot[bot])
• 794e29c: Bump github.com/moby/buildkit from 0.18.1 to 0.28.1 (#81) (@dependabot[bot])
• b842d58: Fix type conversion issues (@akclace)
• 3cff07b: Remove docker dependency to fix scan failure (@akclace)
• 2b20bff: Update changelog tag (@akclace)
• ea083a7: Update hextra theme (@akclace)
• 4ca683a: Update links (@akclace)

Release v0.16.23

Changelog

Other

• d55c379: Fix test case (@akclace)
• c587032: Move config to system level (@akclace)
• 176e1e0: fix #80: Peformance improvements for load from disk for app files (@akclace)

Release v0.16.22

Changelog

Other

• ec55fd8: Add 'docs/' from commit '8f2630bec53274cb07c81497fbdb270a9e386f98' (@akclace)
• 65878e1: Add default git auth config docs (@akclace)
• a80ebe4: Add helm command (@akclace)
• 912ec3f: Add proxy plugin docs (@akclace)
• 990b5da: Add quick start content (@akclace)
• e320b64: Add slack info (@akclace)
• 279077d: Add sudo (@akclace)
• c63d898: Add tooltip (@akclace)
• b4a427f: Add workflow step for docs (@akclace)
• 391b531: Added AWS SSM secret provider doc (@akclace)
• f43e295: Added About page contents (@akclace)
• b92e86f: Added CNAME file for github pages (@akclace)
• 36f836b: Added CNCF link (@akclace)
• b8e87b7: Added CSRF protection docs (@akclace)
• f3959e7: Added FAQ (@akclace)
• dbf7b15: Added HN link (@akclace)
• 3b3b096: Added Kubernetes docs (@akclace)
• 1920f69: Added OAuth auth config details (@akclace)
• 7e5d95e: Added RBAC as doc feature (@akclace)
• 54f67e9: Added RBAC docs (@akclace)
• 24902e0: Added SAML docs (@akclace)
• 9b1f7f5: Added X-Openrun-Rbac-Enabled doc (@akclace)
• 8656bb9: Added ace.output doc (@akclace)
• bc9c348: Added action suggest and validate docs (@akclace)
• 9e8ba5d: Added actions docs (@akclace)
• 6d14ad6: Added actions file handling docs (@akclace)
• 67357f0: Added actions workflow for Github pages (@akclace)
• 1beceef: Added add create instructions (@akclace)
• 226c3ae: Added animated icon (@akclace)
• 056e65c: Added app audit step (@akclace)
• 5154cd7: Added app dev link (@akclace)
• afcd028: Added app docs (@akclace)
• 5d8d270: Added app documentation (@akclace)
• 32e41f1: Added app install (@akclace)
• d4b0bde: Added app overview page (@akclace)
• 6ef5de4: Added apply docs (@akclace)
• ba4d986: Added appserver blog post (@akclace)
• 3db2a5c: Added banner (@akclace)
• b910752: Added blog post about Starlark (@akclace)
• 310923d: Added blog post on go composition (@akclace)
• 658938d: Added blog template (@akclace)
• ab17fa6: Added breadcrumbs (@akclace)
• 6168c0f: Added brew install docs (@akclace)
• 38b9d86: Added caveats (@akclace)
• 3e11c08: Added client cert (mTLS) auth (@akclace)
• 9f20900: Added comment about Buildozer (@akclace)
• 7b8e2ba: Added comparison docs (@akclace)
• f936c36: Added config docs (@akclace)
• ca9939c: Added config info (@akclace)
• f0d3a39: Added container docs (@akclace)
• 118af5e: Added container plugin docs (@akclace)
• 029b087: Added container section (@akclace)
• 2a3820e: Added container, spec and param docs (@akclace)
• cd4513e: Added copyright text (@akclace)
• c26df32: Added d2 diagrams (@akclace)
• 75ef665: Added delegated build flow d2 (@akclace)
• ead52b1: Added demo link (@akclace)
• 80c3de8: Added demo recordings (@akclace)
• fbf2af9: Added demo recordings (@akclace)
• 449831f: Added demo video (@akclace)
• 606d802: Added details for plugin APIs (@akclace)
• a063ff1: Added details for plugin APIs (@akclace)
• 7f03f26: Added dev mode docs (@akclace)
• e309c85: Added discord and twitter links (@akclace)
• 7dec68b: Added doc for Actions hidden property (@akclace)
• 5b02b9b: Added doc for param value selector (@akclace)
• bd345f4: Added doc page using Hugo with the Congo theme (@akclace)
• 2bd20b4: Added docs for audit events (@akclace)
• aa371c2: Added email signup form (@akclace)
• 529f028: Added error handling blog post (@akclace)
• 8815611: Added family and friends use-case (@akclace)
• 5b65310: Added favicons (@akclace)
• 152a5b2: Added features page (@akclace)
• 968d4e0: Added files (@akclace)
• c0bc2bf: Added fs limit doc (@akclace)
• b2b6896: Added funding.json (@akclace)
• c810bce: Added git auth key doc (@akclace)
• 3812830: Added github PAT docs (@akclace)
• 59db9e9: Added gitlab group doc (@akclace)
• ba7f461: Added go spec (@akclace)
• 9d77b93: Added gradio docs (@akclace)
• eca876e: Added gtag (@akclace)
• d7ca429: Added gtag (@akclace)
• 3248506: Added https redirect docs (@akclace)
• c05b797: Added image (@akclace)
• a70f125: Added images (@akclace)
• 21dadbf: Added images (@akclace)
• c24d1a1: Added install script (@akclace)
• 10ea957: Added installation page (@akclace)
• 607359b: Added installation page (@akclace)
• ca1d070: Added intro (@akclace)
• dec8b88: Added intro blog post (@akclace)
• 7e77bd0: Added intro gif (@akclace)
• 090d0fe: Added intro gifs (@akclace)
• fdf2135: Added intro pdf (@akclace)
• b888dd1: Added k8s d2 diagram (@akclace)
• acfec09: Added link (@akclace)
• 77144bc: Added linkedin link (@akclace)
• 9c0cc55: Added links (@akclace)
• a9e3de0: Added links (@akclace)
• a290f8e: Added load_file api docs (@akclace)
• e0bdf2c: Added lobste.rs link (@akclace)
• 39cfa95: Added medium zoom library (@akclace)
• 2b721a1: Added meeting links (@akclace)
• 8f94a1c: Added mention of chi middleware (@akclace)
• b1536e9: Added new file (@akclace)
• 52cac73: Added note to wait for server startup (@akclace)
• c8474ac: Added padding (@akclace)
• 755ad65: Added pdf slides (@akclace)
• b6b64fa: Added plugin docs (@akclace)
• dbd4953: Added plugin level secrets config (@akclace)
• 1fcb654: Added progress bar (@akclace)
• f9d693f: Added quick start (@akclace)
• 21175ce: Added registry options (@akclace)
• 48df1a5: Added request proxying and API docs (@akclace)
• c41a3d3: Added robots.txt (@akclace)
• d61c6fe: Added routing docs (@akclace)
• 3b62914: Added rss feed icon (@akclace)
• 8f2630b: Added sample config (@akclace)
• d62c516: Added secret_from docs (@akclace)
• cb94f77: Added secrets management docs (@akclace)
• 699d4a7: Added short git (@akclace)
• 341d917: Added short git (@akclace)
• 95b1318: Added skip cert check docs (@akclace)
• 8b76731: Added smaller file (@akclace)
• a848e76: Added smaller image (@akclace)
• cc4a210: Added smaller image (@akclace)
• 3dc2847: Added smaller image (@akclace)
• 8a731af...

Release v0.16.21

Changelog

Other

• 41cf345: Add govulncheck.yml check (@akclace)
• f1bc45b: Add leader election, when running with postgres database (@akclace)
• c0ceea4: Add support for default permissions in server config (@akclace)
• 47ee799: Add unit tests (@akclace)
• 0d41847: Added tests for leader election code (@akclace)
• 51345b4: Bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 (#74) (@dependabot[bot])
• 56cce8e: Bump github.com/docker/cli (#75) (@dependabot[bot])
• 2378f1a: Bump github.com/russellhaering/gosaml2 from 0.10.0 to 0.11.0 (#76) (@dependabot[bot])
• ae96532: Bump github.com/russellhaering/goxmldsig from 1.5.0 to 1.6.0 (#77) (@dependabot[bot])
• 715f630: Fix approval check during reload (@akclace)
• 077ccad: Fix op and target setting for audit events (@akclace)
• a0ed1a9: Improve test coverage (@akclace)
• c1f62f1: Update changelog (@akclace)
• 9de407d: Update cron schedule (@akclace)
• 30b8078: Update go version (@akclace)
• 8134bd2: Update go-chi version (@akclace)
• 0b4ba15: Update version number (@akclace)

Release v0.16.20

Changelog

Other

• 31c4b0f: Fix test case (@akclace)

Release v0.16.19

Changelog

Other

• 2212e25: Add postgres support for store plugin (@akclace)
• 36e6b72: Add test for postgres store (@akclace)
• 519ec19: Added arch diagrams (@akclace)
• 387c658: Bump github.com/go-git/go-git/v5 from 5.13.1 to 5.16.5 (#73) (@dependabot[bot])
• 51126b3: Fix terraform sample (@akclace)
• a07c2b7: Run kubernetes test conditionally (@akclace)
• ce152bf: Update arch diagrams (@akclace)
• 158943c: Update changelog (@akclace)
• 4f6fe7f: Update go.mod (@akclace)
• 7b8fde9: Upgrade go version to 1.26.0 (@akclace)
• f0e6982: Upgrade lint version (@akclace)
• 859ad83: Upgrade lint version (@akclace)

Release v0.16.17

Changelog

Other

• 94508d8: Build to pick up appspecs changes (@akclace)
• 68266a6: Updated readme (@akclace)