v0.17.16

0.17.16 (2026-06-02)

Bug Fixes

• Allow operators to disable unavoidable access logs (#3292) by @kvlunar (fa1f0b5)

Dependencies

• update module github.com/ccoveille/go-safecast/v2 to v2.0.1 (#3288) (aa7aab3)
• update module github.com/go-playground/validator/v10 to v10.30.3 (#3289) (5ddcc48)
• update module github.com/knadh/koanf/v2 to v2.3.5 (#3291) (d226445)
• update opentelemetry-go monorepo to v1.44.0 (#3286) (f00962c)
• update opentelemetry-go-contrib monorepo to v0.69.0 (#3287) (db77f85)

v0.17.15

0.17.15 (2026-05-26)

Bug Fixes

• Made HTTP Message Signatures auth type usable in endpoint configuration (#3280) (ef3baaa)

Dependencies

• update golang to v1.26.3 (#3242) (5710356)
• update google.golang.org/genproto/googleapis/rpc digest to 0a33c5d (#3279) (d46c903)
• update kubernetes monorepo to v0.36.1 (#3258) (e9f46e4)
• update module github.com/dadrus/httpsig to v0.9.0 (#3263) (b1c6ccc)
• update module github.com/fsnotify/fsnotify to v1.10.1 (#3239) (48d6eee)
• update module github.com/go-co-op/gocron/v2 to v2.21.2 (#3255) (b8d7ac1)
• update module github.com/google/cel-go to v0.28.1 (#3257) (088e94c)
• update module github.com/redis/rueidis to v1.0.75 (#3254) (71a7899)
• update module github.com/redis/rueidis/rueidisotel to v1.0.75 (#3254) (71a7899)
• update module github.com/rs/zerolog to v1.35.1 (#3216) (a7b7392)
• update module github.com/tidwall/gjson to v1.19.0 (#3245) (a306a33)
• update module google.golang.org/grpc to v1.81.1 (#3261) (09cb299)

v0.17.14

0.17.14 (2026-04-19)

In addition to updated dependencies and some bug fixes, this release addresses the following vulnerabilities recently discovered:

• Authorization bypass via path normalization mismatch (GHSA-3q34-rx83-r6mq). Fixed in #3209.
• Case-sensitive host matching may lead to policy bypass (GHSA-72h4-mxfc-jx37). Fixed in #3208.
• Case-sensitive handling of URL-encoded slashes may lead to inconsistent path interpretation (GHSA-43jv-5j4x-qv67). Fixed in #3207.

Please check whether you are affected and update immediately!

Bug Fixes

• Allow non-object JSON/YAML payloads in contextualizer and authorizer responses (#3202) by @Kakadus (f855bf1)
• Case-insensitive handling of URL-encoded slashes (#3207) (8b0de6a)
• Case-insensitive host matching (#3208) (3d05e56)
• Considering all Forwarded and X-Forwarded-For header values when extracting hop chain (#3206) (a6fd601)
• Request path normalized to avoid interpretation conflicts (#3209) (b5dfa48)

Dependencies

• update golang to v1.26.2 (#3181) (c23610b)
• update google.golang.org/genproto/googleapis/rpc digest to afd174a (#3193) (cbc3224)
• update kubernetes monorepo to v0.35.4 (#3198) (ac2f19a)
• update module github.com/dlclark/regexp2 to v1.12.0 (#3205) (bb65c19)
• update module github.com/go-co-op/gocron/v2 to v2.21.0 (#3194) (c0d0ab3)
• update module github.com/google/cel-go to v0.28.0 (#3182) (d5bbc2f)
• update module github.com/redis/rueidis to v1.0.74 (#3189) (3a607b5)
• update module github.com/redis/rueidis/rueidisotel to v1.0.74 (#3189) (3a607b5)
• update opentelemetry-go-contrib monorepo to v0.68.0 (#3178) (9466eeb)

v0.17.13

0.17.13 (2026-04-05)

Bug Fixes

• Reset child pointer in wildcard lookup to prevent false cross-host conflict (#3170) by @Kakadus (aff881c)
• Strict validation of log.level values (#3168) (f5dcf01)

Dependencies

• update google.golang.org/genproto/googleapis/rpc digest to 9d38bb4 (#3147) (b1eb03d)
• update module github.com/go-jose/go-jose/v4 to v4.1.4 (#3150) (d8c5f3f)
• update module github.com/go-playground/validator/v10 to v10.30.2 (#3148) (000bd81)
• update module github.com/rs/zerolog to v1.35.0 (#3145) (22ee7a2)
• update module github.com/wi2l/jsondiff to v0.7.1 (#3153) (afca2cc)
• update module go.opentelemetry.io/otel/bridge/opentracing to v1.43.0 (#3164) (4f00157)
• update module google.golang.org/grpc to v1.80.0 (#3151) (09fbd14)
• update opentelemetry-go monorepo to v1.43.0 (#3163) (1408cda)

v0.17.12

0.17.12 (2026-03-22)

Bug Fixes

• Proper extraction of client IP addresses from the request (#3134) (857cdfe)

Documentation

• Docker compose based examples updated to use the latest versions of traefik, nginx, opa, etc (#3130) (bed5259)

Dependencies

• update github.com/dadrus/httpsig digest to 3704855 (#3127) (411cea4)
• update golang to v1.26.1 (#3124) (87620de)
• update google.golang.org/genproto/googleapis/rpc digest to d00831a (#3126) (79f8858)
• update kubernetes monorepo to v0.35.3 (#3125) (7460353)
• update module github.com/knadh/koanf/v2 to v2.3.4 (#3129) (4aa8998)
• update module github.com/redis/rueidis to v1.0.73 (#3114) (add85c3)
• update module github.com/redis/rueidis/rueidisotel to v1.0.73 (#3114) (add85c3)
• update module google.golang.org/grpc to v1.79.3 (#3122) (69186e0)

v0.17.11

0.17.11 (2026-03-15)

Bug Fixes

• Split query from path in envoy gRPC based ExtAuth integration (#3106) by @Kakadus (50321b3)

Dependencies

• update google.golang.org/genproto/googleapis/rpc digest to 84a4fc4 (#3102) (9fc7e63)
• update module github.com/goccy/go-json to v0.10.6 (#3103) (7dd3c18)
• update module google.golang.org/grpc to v1.79.2 (#3094) (bdc835b)
• update module k8s.io/klog/v2 to v2.140.0 (#3097) (8b739f1)
• update opentelemetry-go monorepo to v1.42.0(#3098) (6a226f5)
• update opentelemetry-go-contrib monorepo to v0.67.0 (#3099) (0c9ea4a)

v0.17.10

0.17.10 (2026-03-05)

Although this is a regular monthly patch release, the switch to the Green Tea garbage collector, which became the default in Go v1.26.0, may result in noticeable performance improvements.

Dependencies

• update github.com/dadrus/httpsig digest to 921cc40 (#3084) (8fa74c9)
• update golang to v1.26.0 (#3042) (872e15b)
• update google.golang.org/genproto/googleapis/rpc digest to a57be14 (#3068) (da538d9)
• update kubernetes packages to v0.35.2 (#3069) (5e826c2)
• update module github.com/envoyproxy/go-control-plane/envoy to v1.37.0 (#3051) (e10e6c1)
• update module github.com/knadh/koanf/v2 to v2.3.3 (#3081) (c53463c)
• update module github.com/redis/rueidis to v1.0.72 (#3053) (cb73e0b)
• update module github.com/redis/rueidis/rueidisotel to v1.0.72 (#3053) (cb73e0b)
• update module gocloud.dev to v0.45.0 (#3071) (16ab9a5)
• update module google.golang.org/grpc to v1.79.1 (#3048) (20c8af3)
• update opentelemetry-go monorepo to v1.41.0 (#3074) (2d2a1ad)
• update opentelemetry-go-contrib monorepo to v0.66.0 (#3075) (ba23e4a)

v0.17.9

0.17.9 (2026-02-07)

Performance Improvements

• Access logger and regular logger handler implementations merged to reduce copying of data (#3018) (852c02c)
• Memory footprint for inbound requests reduced (#3014) (2cb327b)

Dependencies

• update github.com/dadrus/httpsig digest to 14f48b2 (#3009) (d74b825)
• update golang to v1.25.7 (#3029) (79067bf)
• update google.golang.org/genproto/googleapis/rpc digest to 546029d (#3028) (3125432)
• update module github.com/go-co-op/gocron/v2 to v2.19.1 (#3010) (d3eef4e)
• update module github.com/google/cel-go to v0.27.0 (#3015) (c2cc413)
• update module github.com/knadh/koanf/v2 to v2.3.2 (#3005) (072706c)
• update module github.com/redis/rueidis to v1.0.71 (#3013) (d9a262a)
• update module github.com/redis/rueidis/rueidisotel to v1.0.71 (#3013) (d9a262a)
• update module go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp to v0.65.0 (#3024) (958da8c)
• update opentelemetry-go monorepo to v1.40.0 (#3021) (5cb3e7c)
• update opentelemetry-go-contrib monorepo to v0.65.0 (#3022) (9f4cc35)

v0.17.8

0.17.8 (2026-01-22)

Performance Improvements

• Access Logger refactored to use less memory (#2982) (f659968)
• Memory footprint for capturing active requests metrics reduced (#2984) (b5c6f19)

Bug Fixes

• warn log level can be configured (#2996) (45ec803)
• Automatic rollout of replicas if there is a change in the ConfigMap (#2994) (40243a0)
• Request duration entry in access log is now positive (#2980) (c50cc8f)

Dependencies

• update github.com/dadrus/httpsig digest to 904502c (#2976) (4ce6561)
• update golang to v1.25.6 (#2989) (d9e7173)
• update google.golang.org/genproto/googleapis/rpc digest to b8f7ae3 (#2987) (1fe85a6)
• update module github.com/go-viper/mapstructure/v2 to v2.5.0 (#2972) (990f6f6)

v0.17.7

0.17.7 (2026-01-09)

Performance Improvements

• Reduction of CPU and memory footprint (#2955) (2278df6)

Bug Fixes

• Request duration metric resolution adjusted for sub-millisecond latencies (#2954) (a8e1cbc)

Documentation

• Kubernetes examples updated to include working observability stack and a Grafana dashboard (#2958) (6a6d4bb)

Dependencies

• update google.golang.org/genproto/googleapis/rpc digest to 0a764e5 (#2945) (9c213ab)
• update kubernetes packages to v0.35.0 (#2942) (7e0bc65)
• update module github.com/go-co-op/gocron/v2 to v2.19.0 (#2935) (34cadef)
• update module github.com/go-playground/validator/v10 to v10.30.1 (#2947) (298040c)
• update module github.com/redis/rueidis to v1.0.70 (#2950) (960f031)
• update module github.com/redis/rueidis/rueidisotel to v1.0.70 (#2951) (3df1f08)
• update module google.golang.org/grpc to v1.78.0 (#2946) (3bf3a82)
• update module google.golang.org/protobuf to v1.36.11 (#2933) (a5fe579)