v0.5.2

• Dependencies were upgraded to fix RUSTSEC-2020-0071 and RUSTSEC-2020-0159. The impact of these issues on the broker itself is unknown, so upgrading is recommended out of caution.
• Lettre, the dependency we use for SMTP and Sendmail, was upgraded from 0.9 to 0.10. We discovered no issues with this upgrade, but if either of these mail transports suddenly become a problem with this version, please let us know by reporting an issue.
• Release builds now have integer overflow checks enabled. This is a trade-off, and could mean a small degradation in performance.
• When using Redis storage, the broker no longer logs the full URL, because it may contain credentials. Only the server address is logged.

v0.5.1

• Fixed a broken timer in the automatic key rotation that prevented the broker from rotating keys at all, except on startup.
• Fixed handling of JWTs that contained iat or exp claims with decimals. (Affects custom IdPs using certain JWT implementations. Known to be an issue for PHP package lcobucci/jwt as of v4.)

v0.5.0

Breaking changes:

• The --import-key CLI option has been replaced with --import-keys. Otherwise, the same input is accepted for this option.

Other changes:

• Portier now has a logo! For now, this has only been added to our own landing page at portier.io, and as a favicon in the broker. Content of the broker pages has not changed. Thanks @feluxe for the design and @onli for the SVG work!
• It is now possible to export & import the private keys that were generated by the broker when using automatic key management. See docs/key-management.md for details.
• Cache headers for keys.json have been improved to use Expires instead of max-age, to better match client/proxy caching with our key rotation.
• Fixed parsing of trusted_proxies, which was ignored completely in previous versions.

v0.4.2

New features:

• This release implements additional OAuth2 response modes outside the Portier spec, for compatibility with existing OpenID Connect clients. For examples of specific tools that have been tested, see the new document on integrations.
• All JSON responses sent by the broker are now pretty formatted.

Fixes:

• Per OpenID Connect Core, the scope parameter now only requires the value openid, and unrecognised scopes are ignored.

v0.4.1

New features:

• A new GET /metrics endpoint with a basic set of metrics in Prometheus text format.

v0.4.0

This release contains a small change in behavior in email domain validation, but no configuration changes are required.

Previously, we validated email domains against a built-in list of top-level domains, with the intention of expanding on this using other lists. In practice, this turned out not work well, because the sources for these lists (IANA, public suffix list) change very frequently. It’d either make our releases obsolete quickly, or put a burden on administrators. So this functionality has been removed, and the new verify_with_resolver described below was added to replace it.

New features:

• allowed_domains and blocked_domains options were added to explicitly allow or block specific email domains. The new option allowed_domains_only can be used to further limit access and create a ‘private’ broker.
• verify_with_resolver was added to have the broker perform an additional DNS check on the email domain before allowing authentication. The new option verify_public_ip can be used to further limit access to domains that must have a public IP listed for accepting mail.
• The options allowed_origins, allowed_domains, and blocked_domains now accept paths prefixed with @. These files contain one value per line, are loaded at startup, and can be useful to keep long lists outside of the main config file.
• We now publish releases for more platforms. The full list is:
  • Linux (also on Docker Hub): Intel (32-bit & 64-bit), ARMv8 (64-bit)
  • macOS: Intel 64-bit and Apple Silicon (Universal binary)
  • Windows: Intel (32-bit & 64-bit)
• When building Docker images from source, --build-arg data_url='https://' can now be used to build an image with custom templates and translations. (Thanks @jimdigriz!)
• For building from source, the minimum Rust version is now 1.46.

For more detail on how to use new configuration options, see config.toml.dist.

v0.3.5

• New versions of dependencies have increased the minimum Rust compiler version to 1.44. This only affects you if you'd like to build from source.

• Fixed an issue with the Redis store crashing because of a parse error.

v0.3.4

Issues reported for this version: #234

• Upgraded various dependencies (@dstaley, @stephank)

  • The Redis store now supports authentication, which is new since Redis version 6.

v0.3.3

• To build Portier, the minimum required Rust version is now 1.42.

• Added more flexibility for rate-limiting. The limit_per_email setting has been deprecated in favour of the new limits setting.

• Added support for X-Forwarded-For via the new trusted_proxies setting. (Specifically used in the new rate-limiting capabilities.)

• Added support for sending email using Mailgun, by @dstaley.

• Improvements to the automated end-to-end tests, by @dstaley.

• More detailed error reporting when JWS validation or email parsing fails.

• Updated dependencies.

v0.3.2

• This version improves how sending mail is handled. Notably, additional SMTP response checks were added, and it is now possible to send mail using sendmail or the Postmark API. (See config.toml.dist for details.)

• This version adds additional validation to input email addresses by checking the top-level domain is valid. (Valid means present in the IANA listing.)

• Starting with this version, we will support and test a specific minimum version of the Rust compiler, instead of just 'latest stable'. This version supports Rust 1.41 and up.

• Outgoing HTTP requests now contain a User-Agent header containing: portier.io/0.3.2