Releases: zalando/skipper
v0.24.61
Changes
Refactor: dependencies (#3942)
update go-jose because of
GHSA-78h2-9frx-2jm8
removed go-jose.v2
replaced github.com/ghodss/yaml by already imported sigs.k8s.io/yaml
Multiarch Docker image
Multiarch Docker image is available in GitHub's docker registry:
docker run -it ghcr.io/zalando/skipper:v0.24.61 skipper --help
Docker image
Docker image is available in Zalando's Open Source registry:
docker run -it registry.opensource.zalan.do/teapot/skipper:v0.24.61 skipper --help
v0.24.60
Changes
build(deps): bump oss-fuzz-base/base-builder-go from 35e834b to e2371d4 in /.clusterfuzzlite (#3941)
Bumps oss-fuzz-base/base-builder-go from 35e834b to e2371d4.
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits
that have been made to it@dependabot show <dependency name> ignore conditionswill show all
of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Multiarch Docker image
Multiarch Docker image is available in GitHub's docker registry:
docker run -it ghcr.io/zalando/skipper:v0.24.60 skipper --help
Docker image
Docker image is available in Zalando's Open Source registry:
docker run -it registry.opensource.zalan.do/teapot/skipper:v0.24.60 skipper --help
v0.24.59
Changes
Extend predicate OTelBaggage to match with value
Context
Currently the predicate OTelBaggage only matches based on key.
This needs to be extended to match based on value if the value is not
empty.
Tasks
- Update
baggagePredicatestruct to include optional value field - Modify
Create()to accept 1 or 2 arguments (key only or
key+value) - Update
Match()to check value when provided, key-only when not - Add test cases for value matching scenarios
- Run tests to verify working implementation
Multiarch Docker image
Multiarch Docker image is available in GitHub's docker registry:
docker run -it ghcr.io/zalando/skipper:v0.24.59 skipper --help
Docker image
Docker image is available in Zalando's Open Source registry:
docker run -it registry.opensource.zalan.do/teapot/skipper:v0.24.59 skipper --help
v0.24.58
Changes
Doc: nginx to skipper migration guide (#3936)
Doc: nginx to skipper migration guide
Multiarch Docker image
Multiarch Docker image is available in GitHub's docker registry:
docker run -it ghcr.io/zalando/skipper:v0.24.58 skipper --help
Docker image
Docker image is available in Zalando's Open Source registry:
docker run -it registry.opensource.zalan.do/teapot/skipper:v0.24.58 skipper --help
v0.24.57
Changes
Optimize/compression (#3937)
see commit message
Multiarch Docker image
Multiarch Docker image is available in GitHub's docker registry:
docker run -it ghcr.io/zalando/skipper:v0.24.57 skipper --help
Docker image
Docker image is available in Zalando's Open Source registry:
docker run -it registry.opensource.zalan.do/teapot/skipper:v0.24.57 skipper --help
v0.24.56
Changes
fix: valkey updater calculated wrong difference for update required detection (#3935)
fix: valkey updater calculated wrong difference for update required
detection
Problem showed up after a while when valkey instances were cycled and in
the unlucky ordering of valkey IPs we do not detect that we need to
update the instance list
Multiarch Docker image
Multiarch Docker image is available in GitHub's docker registry:
docker run -it ghcr.io/zalando/skipper:v0.24.56 skipper --help
Docker image
Docker image is available in Zalando's Open Source registry:
docker run -it registry.opensource.zalan.do/teapot/skipper:v0.24.56 skipper --help
v0.24.55
Changes
build(deps): bump the all-go-mod-patch-and-minor group with 4 updates (#3931)
Multiarch Docker image
Multiarch Docker image is available in GitHub's docker registry:
docker run -it ghcr.io/zalando/skipper:v0.24.55 skipper --help
Docker image
Docker image is available in Zalando's Open Source registry:
docker run -it registry.opensource.zalan.do/teapot/skipper:v0.24.55 skipper --help
v0.24.54
Changes
build(deps): bump google.golang.org/grpc from 1.79.2 to 1.79.3 (#3925)
Bumps google.golang.org/grpc from
1.79.2 to 1.79.3.
Release notes
Sourced from google.golang.org/grpc's releases.
Release 1.79.3
Security
- server: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like
grpc/authz. Any request with a non-canonical path is now immediately rejected with anUnimplementederror. (#8981)
Commits
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits
that have been made to it@dependabot show <dependency name> ignore conditionswill show all
of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
Security Alerts
page.
Multiarch Docker image
Multiarch Docker image is available in GitHub's docker registry:
docker run -it ghcr.io/zalando/skipper:v0.24.54 skipper --help
Docker image
Docker image is available in Zalando's Open Source registry:
docker run -it registry.opensource.zalan.do/teapot/skipper:v0.24.54 skipper --help
v0.24.53
Changes
feat: add jwtValidationKeys filter for JWT validation with direct JWKS URL (#3922)
Summary
- Add new
jwtValidationKeysfilter that verifies JWT Bearer tokens
using a JWKS URL directly, without requiring OIDC discovery via
.well-known/openid-configuration - Reuses existing
jwtValidationFilter— the new spec only provides an
alternative entry point that skips OIDC discovery - Claims validation delegated to
oidcClaimsQueryas per existing
convention - Registered alongside
jwtValidationin skipper.go
Motivation
The existing jwtValidation filter only supports JWKS discovery via
.well-known/openid-configuration. Services like Google Chat bots sign
webhook requests with JWTs but publish their public keys at non-standard
JWKS endpoints without OIDC discovery support, making it impossible to
verify these tokens with the current filter.
Usage
jwtValidationKeys("https://www.googleapis.com/service_accounts/v1/jwk/chat@system.gserviceaccount.com")
-> oidcClaimsQuery("/:@_:iss==\"chat@system.gserviceaccount.com\"")
-> oidcClaimsQuery("/:@_:aud==\"123456789\"")
Closes #3921
Test plan
- Spec validation (missing args, too many args, non-string args)
- Valid token, expired token, missing sub claim
- Missing/empty/malformed Bearer tokens
- Algorithm none rejected
- Existing jwtValidation tests still pass
Multiarch Docker image
Multiarch Docker image is available in GitHub's docker registry:
docker run -it ghcr.io/zalando/skipper:v0.24.53 skipper --help
Docker image
Docker image is available in Zalando's Open Source registry:
docker run -it registry.opensource.zalan.do/teapot/skipper:v0.24.53 skipper --help
v0.24.52
Changes
build(deps): bump the all-go-mod-patch-and-minor group with 5 updates (#3923)
Bumps the all-go-mod-patch-and-minor group with 5 updates:
| Package | From | To |
|---|
|
github.com/testcontainers/testcontainers-go
| 0.40.0 | 0.41.0 |
| golang.org/x/crypto | 0.48.0 |
0.49.0 |
| golang.org/x/net | 0.51.0 |
0.52.0 |
| golang.org/x/term | 0.40.0 |
0.41.0 |
| golang.org/x/text | 0.34.0 |
0.35.0 |
Updates github.com/testcontainers/testcontainers-go from 0.40.0 to
0.41.0
Release notes
Sourced from github.com/testcontainers/testcontainers-go's releases.
v0.41.0
What's Changed
🚀 Features
- feat: add TiDB module (#3575)
@iyiola-dev- feat: add Forgejo module (#3556)
@s04- feat: improve container conflict detection (#3574)
@Desuuuu- feat(azure): add lowkey vault container (#3542)
@nagyesta- feat(chroma): update to chroma 1.x (#3552)
@tazarov- feat(cassandra): add ssl option cassandra (#3151)
@MitulShah1🐛 Bug Fixes
- fix(redpanda): closing provider in test after use (#3539)
@mabrarov- fix: docker auth for docker.io images (#3482)
@LaurentGoderre- fix(solace): set ulimits for container (#3497)
@mdelapenya- fix(kafka): strip architecture suffix from Kafka image tags for semver parsing (#3276)
@asahasrabuddhe📖 Documentation
- docs(metrics): automate usage metrics collection and publish it in the docs site (#3495)
@mdelapenya🧹 Housekeeping
- chore(deps): bump actions/checkout from 6.0.1 to 6.0.2 (#3560) @dependabot[bot]
- chore(pulsar): bump base image to 4.x, replacing the wait for log strategy with wait for listening port (deterministic) (#3573)
@mdelapenya- chore(deps): bump github.com/modelcontextprotocol/go-sdk from 1.0.0 to 1.3.1 in /modules/dockermcpgateway (#3557) @dependabot[bot]
- chore: update usage metrics (2026-03-02) (#3565) @github-actions[bot]
- chore(deps): bump mkdocs-include-markdown-plugin from 7.2.0 to 7.2.1 (#3547) @dependabot[bot]
- chore(deps): bump tj-actions/changed-files from 47.0.0 to 47.0.1 (#3546) @dependabot[bot]
- chore(deps): bump actions/upload-artifact from 4.6.2 to 6.0.0 (#3545) @dependabot[bot]
- chore: update usage metrics (2026-02-02) (#3551) @github-actions[bot]
- chore(deps): bump pymdown-extensions from 10.8.1 to 10.16.1 (#3513) @dependabot[bot]
- chore: update usage metrics (2026-01-01) (#3515) @github-actions[bot]
- chore: update usage metrics (2025-12-01) (#3506) @github-actions[bot]
- chore(metrics): allow sending PRs from the workflow (#3503)
@mdelapenya- fix(metrics): use the right CSV file (#3502)
@mdelapenya- fix(metrics): use the right CSV file (#3501)
@mdelapenya- chore(metrics): even better rate limit strategy (#3500)
@mdelapenya- chore(metrics): properly detect rate limits (#3499)
@mdelapenya- fix(metrics): set GH _TOKEN in workflow (#3498)
@mdelapenya📦 Dependency updates
- fix: update compose-replace Makefile target to use compose/v5 (#3590)
@mdelapenya- chore(deps): bump atomicjar/testcontainers-cloud-setup-action from 1.3.0 to 1.4.0 (#3559) @dependabot[bot]
- chore(deps): bump golang.org/x/text from 0.14.0 to 0.34.0 in /modulegen (#3582) @dependabot[bot]
- chore(deps): bump mkdocs-codeinclude-plugin from 0.2.1 to 0.3.1 (#3579) @dependabot[bot]
- chore(deps): bump golang.org/x/mod from 0.16.0 to 0.33.0 in /modulegen (#3583) @dependabot[bot]
- chore(deps): bump github.com/aerospike/aerospike-client-go/v8 from 8.2.0 to 8.6.0 in /modules/aerospike (#3584) @dependabot[bot]
... (truncated)