Announcing Pomerium v0.26

Pomerium v0.26 is here! This update focuses on bug fixes, performance, and stability improvements as well as policy builder enhancements for working with client certificates in Pomerium Enterprise. 

Downloads are immediately available on Github, CloudSmith, and Docker Hub for all supported platforms.

Pomerium Enterprise 

This update brings expanded functionality to Pomerium's policy builder. Specifically,

• Enhancements to client certificate support: policies can now be based on a client certificate's Subject Alternative Name (DNS name, URI, or email address). External data sources can now be keyed based on client certificate fingerprint, and client certificates can be required only on specific routes.

• Pomerium policy language now supports numerical comparison operators (<, <=, =, >=, and >) for use with external data sources. 

• To help write custom Rego policies, we’ve added print() support. Python programmers will feel right at home. 

Our external data sources feature provides teams the ability to integrate any institutionally relevant data source into policy building for near-unlimited granular control. We're constantly improving it to ensure teams have the flexibility they need when building policies with Pomerium. 

Pomerium Core

Some notable changes include: 

• Routes can now be configured to return a static HTTP response.

• It is now possible to chain TCP connections over multiple proxy hops. 

• Host header rewriting is now more consistent and predictable.  

• We’ve updated the way Pomerium refreshes OAuth access tokens in order to improve reliability.

For more information on potentially breaking changes, please refer to our Upgrade guide.

If you run into any problems, please submit an issue on the Pomerium GitHub issue tracker or start a thread on our Discuss forum. We can't wait to hear back on how these new changes help your access control, and will be monitoring all feedback channels to understand where we can improve from here.

Before You Upgrade

We always recommend testing in a separate environment as well as backing up your database before fully implementing new releases.

Signed Up for Pomerium Zero Yet?

Some changes in this release are related to the launch of Pomerium Zero, which will provide the happiest path for Pomerium users going forward. If you haven't signed up for beta access, you can still sign up here!

Secure All Your Web Applications With Pomerium

Pomerium is purpose-built for companies moving from perimeter to zero-trust and identity-based access. We are proud to support these companies with features and capabilities built specifically for their needs. To learn how Pomerium can support your organization’s needs, check out our comparison pages, documentation, or reach out to us directly.