The v0.31 release of Cerbos is packed with new features such as flexible policy testing, support for derived roles inspection, TLS certificate rotation automation, and more.
We have been working closely with users of Cerbos such as Envoy, Blockchain.com, Utility Warehouse, 9fin, and Salesroom on this release. We can’t wait to hear more about what you would like to see in future releases - join our Slack community to join the conversation.
The new runtime.effectiveDerivedRoles variable allows policy authors to inspect activated derived roles within the current policy execution context. That means you can now craft sophisticated policy rules without the redundancy of redefining derived role logic. For more details on how to leverage this feature, dive into our updated documentation.
In our continuous effort to streamline security practices, Cerbos now offers automatic detection and reloading of TLS certificates. When your certificates are updated on disk, Cerbos will seamlessly reload them without the need for a service restart, facilitating automated certificate rotation and the use of short-lived certificates for enhanced security.
Policy test suites just got more flexible. You can now enable lenient scope search globally or on an individual test basis. This way, you have broader control and ease when writing and managing your policy tests.
We understand the necessity to support legacy systems; therefore, Cerbos v0.31 introduces configurations that allow the use of JWTs without kid or alg claims while maintaining default secure behavior against such potentially insecure tokens.
Following recent discoveries of vulnerabilities in all public HTTP/2 implementations, we've incorporated a configuration option to limit the number of concurrent streams per gRPC connection, with a default set to 1024. This addition provides an extra layer of protection while also giving you the option to revert to unlimited concurrent streams if required.
Book a free Policy Workshop to discuss your requirements and get your first policy written by the Cerbos team