- Devices: It is now possible to manage, enroll, approve, and write authorization policy for device identity.
- Signing keys can now be dynamically pulled from the Authenticate service's JWKS endpoint.
- Added the ability to write PPL policy for HTTP method and path contexts.
- Policies can now incorporate device identity and approval status.
- Routes certificate UI now shows the matching TLS certificate used.
- Routes now has Kubernetes service account token field
- Metric addresses are now shown in the runtime info dashboard.
- Envoy was upgraded to 1.20.1.
- The code editor now supports dark mode.
- Various UI style improvements and fixes.
--tls-insecure-skip-verify was not applied to databroker connections.
- Fixed a bug in the host rewrite code (thank you @rankinc for reporting).
- Fixed a bug in the way timeout fields were being displayed.
- Fixed a bug in the way route header fields were being ordered.
- A regression in the
Deployments page loading has been corrected.
- Tracing settings now persist correctly.
- Support configuring multiple audiences for the console.
- Improved configuration validation.
- Various UI style improvements.
- Telemetry - View real time metrics and status from Pomerium components inside the Enterprise Console.
- More expressive policy syntax: Pomerium's new extended policy language allows more complex policies to be configured, along with non-identity based conditions for access.
- Support for Google Cloud Serverless configuration on routes.
- Support for SPDY configuration on routes.
- More consistent filtering and sorting across resource listing pages.
- Certificate Management - Certificates with overlapping SAN names are no longer permitted.
- Policies - New editing screen supports Wizard based, Text based or Rego based policy.
- Policies - Only global administrators may manage Rego based policies.
- Policies - Support time based criteria.
- Service Accounts - Simplified UI.
- Service Accounts - Support token expiration time.
- Service Accounts - Namespace support.
- Impersonation - Impersonation is now done on an individual session basis.
- Various other bug fixes and improvements.