Skip to content

Release history

cerbos releases

Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.

Back to tool Latest release

All releases

3 shown

v0.53.0 Bug fix

Fix planner bug where OVERRIDE_PARENT was ignored for parent DENY rules.

Full changelog

Cerbos 0.53.0

View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.53.0.html

Changelog

  • 93a75a6b6279b64ca944db732e66a19978947eba Add Helm release workflow and bump chart version to 0.52.1 (#3133)
  • 218ea228ca2c4f85f36ac95f5bbbe228f2fc3d87 Add v0.53.0 release notes (#3143)
  • 81ab26ea4ed75d2079dd5ccc6595ec4bef2ecde2 Fix rendering of wildcard characters (#3140)
  • 77974a7f11e9895a0b64273f2fd4751cb0959c84 Migrate to cerbos/actions (#3120)
  • 2e8e054b0c4852ca1c95aa3d94a1aec7cd4a5486 Move Helm release to its own workflow (#3135)
  • 7cd3152b94baf2476a1eebddbbcef6e41c0f4b0e Move path functions documentation to correct place (#3139)
  • d72ef61a7496f5999cea6ed63b097817a528eee2 Remove JWT verification cache (#3138)
  • 5028a6fc2206df6db45928f78ca3e139fbf18d35 Remove voxmedia/github-action-slack-notify-build (#3129)
  • ccc98e9d4cdb1df6761363543768a9cc4901fe79 Remove incorrect default tag value from Helm chart (#3131)
  • ea252b9eee4398e59f2c9134368c2245bc7deb03 Set Content-Type to application/x-ndjson on streaming responses (#3130)
  • cc293e263537004f039613864834e3be1e4d1757 Update GitHub Actions deps (#3124)
  • 2261983bf013febb1915907b0845eb592dfa13c9 Update cerbos/actions to bb55708 (#3142)
  • 51ab84367911dd1c668510c38d4b3d55f33a83b9 Update to github.com/ory/dockertest/v4 (#3136)
  • 78d494cab93cf3e3723da18d5390bf9222593560 chore(release): Prepare release 0.53.0
  • 47b23a4471c76534183e7104ca08365801a889f2 chore(version): Bump version to 0.53.0
  • c1d70c946227cf63cd56d605f5f1b1fd6742d42b fix planner ignoring OVERRIDE_PARENT for parent DENYs (#3137)
View release on GitHub
v0.52.0 Breaking risk
Breaking changes
  • Breaking changes to OpenTelemetry support
  • Removal of default auxData.jwt.disableVerification configuration value
Notable features
  • Permissions advisor workflow
  • Path functions added to Cerbos CEL library
  • TraceBatch format for compact trace representation
Full changelog

Cerbos 0.52.0

View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.52.0.html

Changelog

  • 2812325c18db5365932a12f3b480096af8485660 Add 0.52.0 release notes (#3127)
  • 3f8cfc35b17e91d249f5c6671533519d0ed6f478 Add TraceBatch format for compact trace representation (#2945)
  • 9a8ceb5a3055098aa45a948309d13d9c06547429 Add ability to save Hub credentials (#3067)
  • 78fec1dfdb1e72955dd25468ff1ff1e3f7a18cd5 Add build constraints (#2979)
  • 6e74c625b86f9e1c7027907a7119931a58156f2f Add changelog entry for breaking OpenTelemetry changes (#2954)
  • d7eefbee8a0e9ee2e8aa30f53242790dd93c80b7 Add pages/recipes for common questions (#3106)
  • 9fb62a22a767db533cf84d95a2ccb3200289198d Add path functions to Cerbos CEL library (#3039)
  • f3f464b6244f3b53b67043976ea7febd2d1068e5 Add permissions advisor workflow (#3007)
  • ad8d242efa3a70e28cd8bd01a236e627cd4cfa5d Add siteline to docs (#3093)
  • b9dc7e1ba668efbfec148e64d1dedde33cd5fc7a Add tracer.TracesToBatch (#2958)
  • de243ba883cc2a7d5e380a1c03f5d1052ea8a58a Add verify.BundleStream (#2944)
  • f8a102074c9b7780be20214a617d814018890009 Additional repository statistics (#3025)
  • 681bcf862124b7480ef768768c8d64b99ed11e76 Avoid compiling constant expressions at runtime (#3005)
  • cbfb1b31ba164a64fc1a977c21af3e4292c45ac5 Avoid round-tripping attributes to JSON for schema validation (#3000)
  • f0e0df785d99142b7aaddd9ef51dfa12f46aa60a Bump brace-expansion from 2.0.2 to 2.0.3 in /npm/test/registry (#3062)
  • 74fa896481b1a48a4b72fff75df817472d610d0d Bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 (#2975)
  • a3f8d30fe96ceb1e9eadff49f6fe6c3744c5165b Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.96.4 to 1.97.3 in /tools (#3083)
  • a02dfd0077a985bd9f600f33a565b19f2895f1a7 Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.97.1 to 1.97.3 (#3082)
  • dce46324d425a3d3976c08995ac505cae05be110 Bump github.com/buger/jsonparser from 1.1.1 to 1.1.2 in /tools (#3054)
  • 489656f26f5d782dc60b2736635b9cb11c7e0858 Bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 (#2980)
  • bf6e74a62fd2e6c45e44db679447fddc5896b7f9 Bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 in /hack/tools/changelog (#2981)
  • 96b53c00b9f7af82bdbb273383f404e38cd773bc Bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 in /tools (#2987)
  • 04960ce3fa2b05e78bd6f622a2fa09d59f6f811f Bump github.com/docker/cli from 27.4.1+incompatible to 29.2.0+incompatible (#3004)
  • a78b47a8f9e310155e531f9d2c8b62b6408ae332 Bump github.com/go-git/go-git/v5 from 5.17.0 to 5.17.1 in /hack/tools/changelog (#3070)
  • 8d29a2fc68be8e19e2e517a658a7cc19191fb21b Bump github.com/go-git/go-git/v5 from 5.17.1 to 5.18.0 in /tools (#3109)
  • 10d8886ed2064e582c4547addf584094f763a487 Bump github.com/go-git/go-git/v6 from 6.0.0-alpha.1 to 6.0.0-alpha.2 in /hack/tools/changelog (#3113)
  • f1706ddf94c89806e0f571716c797c210d6a2ce8 Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 (#3072)
  • 9d61b19af03da9c59de561dd41008c73a0108b51 Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in /hack/loadtest (#3073)
  • e9bbc5e19f0b78433934cc7b40e3ef41bac882d9 Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in /tools (#3074)
  • 35fd059df1b80f385c6110f1856a81df90bf02d0 Bump github.com/jackc/pgx/v5 from 5.9.1 to 5.9.2 (#3118)
  • d4cd21c5e7d88f1338fa4e1fe265bbd39cb5384b Bump github.com/sigstore/timestamp-authority/v2 from 2.0.3 to 2.0.6 in /tools (#3104)
  • 6febdf3221f7990ad44a747472c11412c27a605d Bump go.opentelemetry.io/otel from 1.40.0 to 1.41.0 in /api/genpb (#3121)
  • ebe00a5b24e50c19c99b35e03a51692e8979e825 Bump go.opentelemetry.io/otel from 1.40.0 to 1.41.0 in /hack/loadtest (#3126)
  • 6071f594e0fee25d5b26cc4618fd329e5f6e09b8 Bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 in /tools (#2986)
  • 73c754d9aebb733bf0f4d4c79b5bc88a2ba5d721 Bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 in /tools (#3097)
  • 52a9526ba6aba4d9fc1adcf83fa15d5a3fe670f2 Bump golang.org/x/net to 0.51.0 (#2985)
  • d99d182309287fc72684fac0fe828688d03f9024 Bump google.golang.org/grpc from 1.78.0 to 1.79.3 in /hack/loadtest (#3043)
  • d435c7d8b5442041676219b4a53fb2aa5c8c7964 Bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /tools (#3045)
  • 079bd8fbbedb53eacd78acbb96a338496d9d90f8 Bump google.golang.org/grpc from 1.79.2 to 1.79.3 in /api/genpb (#3044)
  • fdad5977692669a35d746d746e2a0108ddea0989 Bump helm.sh/helm/v3 from 3.20.0 to 3.20.2 in /tools (#3096)
  • 615ac4a439e93dd6a9832b9dfd814b709f098acc Bump lodash and verdaccio in /npm/test/registry (#3077)
  • 6040d04af8b98468012dffb9ffe7002e9ab5e5a6 Bump path-to-regexp from 0.1.12 to 0.1.13 in /npm/test/registry (#3066)
  • b751856cc396562b0c552d91679f1a25657734bb Custom bitmap (#3071)
  • a72c2c3a505e677232bf5f2c257cb8f626f70f19 Dependency pruning (#3027)
  • 56b7ae5feeaeb12d7158096dae4119db53af8411 Don't re-run E2E failed tests (#3037)
  • 024e80776852c1cdf6f513cc1d2726807587aa2b Downgrade go-git to v5.16.5 (#3022)
  • abdcd1eab32b030629a175c3917b1aff0ec78342 Downgrade go-git to v5.16.5 (#3035)
  • ef3093eb72d44ef7171c2c92450c813a1459f700 Downgrade go-git to v5.16.5 (#3055)
  • 8df25a2de39f36ba924e6a49d3ccd5f172a02b7a Embedded mode awareness (#2964)
  • 8dce85f99994882bde4de88c73536ab6ea74784c Fix Seaweedfs Helm chart version to 4.0.413 (#3017)
  • 1ce5020697e5214c3c9d854b9810f89a79decced Fix change detection in PR workflow (#3014)
  • f39311c6f0312d79817a3301fdac14eca8765110 Fix git cloning issue (#3116)
  • 0b1e79833d2523fd7209ae64c9d0f5da68ce891a Fix issues with the directory watch system (#3061)
  • ceb3058d98b22b4f750fe258909d8ebb41770852 Fix return keys in ListKeys (#2965)
  • 1b3961bab872a8407f9bad90c39e18a0d8667416 Fix test case indentation (#3024)
  • 34670e0faa48804fae413611a30134b022683afa GitHub Actions hardening (#3002)
  • 2b2f914ebf544b60bcc28fe6fafe16070af62eed Import protobuf annotations conditionally (#3084)
  • 2f61f8cf943221cb4739bfc8f631ae108a9457c3 Index parent role ancestors in backends (#2974)
  • 66560899caa15d06c212b2001b9bc5cbe5eb6775 Integrate Synapse docs (#3056)
  • 85e7f0505866cc4948c245ade1c7eae27c20c3a7 Lay groundwork for lazily-evaluated variables (#3038)
  • becde8d5ce1c86ce5e3f6cb50ddc9b1837295f6d Loadtest switch to ghz (#2982)
  • b11ffb30dc22284d0b548d1394d5bf823621d40a Lock file maintenance (#2995)
  • fb2c67cb005b5167e065f4ecd79b4f579ad9a187 Lock file maintenance Node.js deps (#2961)
  • 48fd135bf8442784e663fcaa8e90a664b3bc87f7 Make context optional for Authzen batch requests (#3115)
  • 7392ddeeca196348a666417df70c4ca09be4a819 Move synapse docs to own repo (#3059)
  • 9150c2655c286399f13491a7a54c1b63b2a0bd58 Move variable identifier check (#2983)
  • dc0e29b0b1b4ac855f8bff38ede265ef0b2904ed Omit index serialization functions from EPDP builds (#3114)
  • 49f8bbf48be275121de7cbcdf7d5d2df974f293d Optimize repository statistics (#3029)
  • 143bfe0e4e61de020c214fd4d58f0b185b06b7b6 Pin dependencies (#3064)
  • 3de054a3838129951741ed4df2d7e3a1a6ed452d Pin ghcr.io/cerbos/cerbos Docker tag to 8d35a64 (#3075)
  • 98c3b50e39227168c20055a4d467ebad5fa67e05 Policy stats for Hub (#2998)
  • 6ff21cfc888579c9666593bcde332e88b063e875 Pool bitmaps (#3057)
  • d47194d91c39babb4e9fc6dde40f4b42884ba36e Record store version information such as commit hash or bundle ID in audit log entries (#3094)
  • f63e56ca333530aa56b7cbab73e7feb97ae1b483 Reduce timestamp precision in test case (#3026)
  • 5c99432eb9781a3e2dfd08e7d254233f37362904 Refine ruletable index types (#2959)
  • ddae41bdeabe999075914bf72719b9a677c49059 Remove protovalidate dependency from engine (#3006)
  • af89e7eeb9461733ccf09391d60d09692fa04ed6 Remove bitmap stats logging (#3086)
  • 08eddd2b363a31e47b7836d9025d0c74936450a0 Remove deployment ID from Hub telemetry (#3003)
  • 2b01c492f519861c1fd47c6c4170542545fb26de Remove module github.com/google/go-licenses (#2951)
  • 438342bde3dca48bfd3c72878dd812df7ddc659b Remove the default auxData.jwt.disableVerification configuration value (#3036)
  • 599305d067e18757e189ed4dfa8b55c6f25bfe34 Remove unused protobuf imports (#3010)
  • 198c8260d816c95ddba84c8abe4ce61abe2c9009 Replace MinIO with SeaweedFS (#2976)
  • dad0699f77d8f1f32dc105e736d2617ab07c2852 Restrict permissions of workflows (#3013)
  • 33eac710bd1a4ef6f31f8de31491e2c9f5221024 Revert "Avoid compiling constant expressions at runtime" (#3009)
  • 0494bff810b0df3d2e966c4aa33d5509150edcf1 Revert api/genpb to Go 1.25 (#2999)
  • 43ddff3433621439d5e303107c2226e34c32ffae Revert to Go 1.25 (#3001)
  • 144aed988dc437812d1eac67fe18e9cc91316105 Roaring bitmaps (#3041)
  • eec060f22e27385c11e558f56ac90953ace53028 Ruletable bundles support for local source (#3028)
  • 457a2a5196bac5f58df44e032dc6bc6eedf9805a Serializable bitmap index (#3095)
  • b413925ac697c6a86d3fa79049f946f45ac2c7d1 Traces to TraceBatch benchmark clean-up (#2949)
  • edb57a7089b761a0e335e8f72205739131471327 Update E2E workflow to run selected tests (#3011)
  • 660dfc7a32b285787514e43a6bb601197338492b Update GitHub Actions deps (#2947)
  • 9e24f892abdb4796662076adc906f5972fc7fdfe Update GitHub Actions deps (#2977)
  • ee57194261d1f20eb82d203fd751ae5b29cc67d8 Update GitHub Actions deps (#2989)
  • c898be67d2de311917d66104aa138581cf60b7ba Update GitHub Actions deps (#3015)
  • ece7d5274d0506d7fc88a39fc4a97302e9bb8a6c Update GitHub Actions deps (#3031)
  • 53df0dafbce2013bf2f46051b34775be248532fb Update GitHub Actions deps (#3047)
  • 43fdbe1857b24f436454bb8cec6e2ddd37b6a850 Update GitHub Actions deps (#3065)
  • 47cb447604eda031f726a72866168d2e20cd9249 Update GitHub Actions deps (#3099)
  • 6b93e503aba018b605c70cf33ebc76212ced7dc2 Update GitHub Actions deps (#3111)
  • 39d2b6986d6974c0bbda9642aabae88d49484c38 Update GitHub Actions deps to v4 (major) (#3020)
  • f4a5c49a5545c1d4744d1e7a3700564280742599 Update GitHub Actions deps to v4 (major) (#3052)
  • 9e613617ae1f515518cdbbe4332ea9b2d0b26475 Update GitHub Actions deps to v7 (major) (#3021)
  • decefeab272dedca0dead54f3c756756da942fed Update Go deps (#2939)
  • c477f194b47c1a4dea2c8712d2a92b0a2963ccd2 Update Go deps (#2952)
  • 57e2aef83ed85321d2bfdf1106020b016f76a76f Update Go deps (#2970)
  • 5aa3bf6b71ce1de6348de0855fa146caac4438f9 Update Go deps (#2978)
  • ad2e43d7bbfc532ed5f07de055c14ca0f321eaa5 Update Go deps (#2988)
  • 5389866c90586662ae4658578b80018d1542f36f Update Go deps (#2994)
  • b2546f3140d824456d89b0a4c5e28c123221d7a4 Update Go deps (#3012)
  • e1de91ed7591202813096696b1385811feff81df Update Go deps (#3016)
  • ba4b41ac441cf8dd8eaf1b79045c20793a9e5e8a Update Go deps (#3032)
  • 08ea4c392c2fa8a9f56adb443515cc6f17f9141e Update Go deps (#3048)
  • 01c71a188a5bab7e42f109a9d42a105143c65f48 Update Go deps (#3100)
  • a2b197023f60c294a19f2e498d1180f5406e9a7a Update Go deps (#3112)
  • d238a0195180096f704a9d2be52f74f432150320 Update Go deps (#3122)
  • 81ca129ffe40d97771187abea60c9a92361c11f6 Update Helm release seaweedfs to v4.16.0 (#3034)
  • 97918e6b353b2dbeda92f845d15920baf4b6d6c0 Update Helm release seaweedfs to v4.17.0 (#3050)
  • 006766bd368f4e4e4e6aaa7d2c6e420cb1ad8e4b Update Helm release seaweedfs to v4.21.0 (#3125)
  • 01d4e38675e11b7b0d4b19b43bf247a8e83acc75 Update Node.js deps (#2971)
  • 767e0236f3083d94f210d790f7269dd1571cf476 Update Node.js deps (#2990)
  • d13c8b872c525fd1fec463eb6e806a8004078ad2 Update Node.js deps (#3018)
  • 420a9ab8c4a8014ec809fb179a51ab58633e65a0 Update Node.js deps (#3033)
  • d950e89088c2a6b267191d01dae2b5483b868485 Update Node.js deps (#3049)
  • 4ddd76f167d7976332623fb95decefc3cd5aee10 Update Node.js deps (#3076)
  • cb5625d9d8eb780be9c440acaf13a7a43d313029 Update Node.js deps (#3123)
  • 558d393b3050b6bff8476dca890b17583de21278 Update actions/download-artifact action to v8 (#2991)
  • f122b270e77917eddc5ccb3bf70c1fd105bc197a Update aws-actions/configure-aws-credentials action to v6 (#2960)
  • 8a581892b90ec037d8c75ccf7d07a88b8a991163 Update buf to v1.65.0 and fix protobuf errors (#2946)
  • 86589a120ad400a69cf2e4f08bf5c77bceacc2e4 Update dawidd6/action-download-artifact action to v13 (#2948)
  • 3d86c2724fc93f8f9520daf38d376ce53dfd2949 Update dawidd6/action-download-artifact action to v14 (#2950)
  • aef6dc18d787cf979aaf7507aae21dfbe1127dba Update dawidd6/action-download-artifact action to v15 (#2993)
  • 37abb110f482567cd5395d045663fc561fa555b7 Update dawidd6/action-download-artifact action to v16 (#3019)
  • e4397df20e2d2b4f6a89a0fc604ae5453c2d442a Update dawidd6/action-download-artifact action to v19 (#3051)
  • 5334a18c658b8a5c8ccf0e6e677b996bd1db133c Update dependency go to 1.26.x (#2972)
  • dd6a0f03dd7b0ebda3a7d95ea1b8bc121140f3ca Update github.com/cerbos/cerbos/api/genpb digest to 767e023 (#2992)
  • dd43f4eb3c480a082188a754eaae2a8e325b43a7 Update github/codeql-action action to v4.32.2 (#2969)
  • 2c265953a8328ad1215f032c5eba52cdf07e7677 Update go-git to v6.0.0-alpha.1 (#3078)
  • 8287989750deede0db51402e5739cf0ae4d5e454 Update module github.com/go-git/go-git/v5 to v5.16.5 [SECURITY] (#2957)
  • 7cd559731483f8ce71405deb7535fa6f61fe0ecb Update module github.com/go-git/go-git/v5 to v5.17.1 [SECURITY] (#3069)
  • 29366a1adc6cd84af3907efb364c88db8d593604 Update module go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp to v1.43.0 [SECURITY] (#3089)
  • 531210e105e2fab51f8e6ed8d11272de82965515 Update module go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp to v1.43.0 [SECURITY] (#3090)
  • 73b06dbad61b7882cd024a2796336e17dddde25e Update module helm.sh/helm/v3 to v3.20.2 [SECURITY] (#3098)
  • f48a7ee1033bc1d3a893ee61e1f97d6f3c60c5ab Update tablewriter and migrate (#2967)
  • 2c76ee88888720c89219a5e078ed8f424d251914 Update to [email protected] (#3107)
  • 5b346b5d9d66763529d92e6fd9aea7649f515305 Use TraceBatch in test results (#2968)
  • 6f896ceb808e02b01e15d5a4aaf3b194193db149 Use a better link for OpenTelemetry changelog (#2962)
  • 63fd0ef022cea77393d5561ac9bdaab422cefe79 add QueryMulti with optional role-policy deny synthesis (#3117)
  • 9ea380befd74b22252c9c60dcc2fe6daba04e894 build(deps): bump github.com/go-git/go-git/v5 from 5.16.4 to 5.16.5 in /tools (#2966)
  • 687446ba01d4cf70c264ddcf9e93120b6789832b chore(release): Prepare release 0.52.0
  • 881253636f8f376311794a2f1def79d31141389e chore(version): Bump version to 0.52.0
  • e2c49f02a753defdd20ad618da9c1f0ee0e3253a docs: Add Synapse header link (#3060)
  • 6f6abbfc07d1640fa24ecc15f690432d773d78f7 docs: Add agent skill link to policies nav (#3105)
  • e28107f8d907624a454aaca6ba618fc446bcdeca docs: Add clarifying note about decision precendence between roles (#2997)
  • f166a6dd503b6a7b0908fd0a9cf3adc6de68b970 docs: Remove Rudderstack reference from telemetry docs (#3042)
  • b9fcf227f40e71ddc8328306f37b8d5cc0180e33 docs: Update siteline edge function (#3103)
  • 2eaa60af7cbc718232f25c9830fbbe6ceb364eea docs: clarify role policies require resource policies (#3085)
View release on GitHub
v0.51.0 New feature
Breaking changes
  • Removed cerbos.runtime.v1.Expr.checked_v2 field
  • DeletePolicy RPC method changed from DELETE to DisablePolicy
Notable features
  • Contextual information attachment to requests
  • Test filter to run selected tests
  • Worker count configuration for Verify call
View release on GitHub

Beta — feedback welcome: [email protected]