Skip to content

Releases: zalando/skipper

v0.24.76

20 Apr 12:07
703e5a8

Choose a tag to compare

Changes

build(deps): bump the all-go-mod-patch-and-minor group with 2 updates (#3977)

Bumps the all-go-mod-patch-and-minor group with 2 updates:
github.com/docker/go-connections
and
github.com/pires/go-proxyproto.

Updates github.com/docker/go-connections from 0.6.0 to 0.7.0

Commits
  • 7997b0f Merge pull request #156 from thaJeztah/bump_go_winio
  • 329724a chore(deps): bump github.com/Microsoft/go-winio v0.6.2
  • 161dc9b Merge pull request #155 from thaJeztah/pin_actions
  • b115e42 Merge pull request #154 from thaJeztah/fix_non_linux_tests
  • 4c35b2a ci: pin actions to sha
  • b4454a6 tlsconfig: make root pool tests deterministic across platforms
  • 0819711 tlsconfig: certPool: pass options as argument
  • 0329635 tlsconfig: rename some vars that shadowed
  • 894d811 Merge pull request #150 from thaJeztah/deprecate_SystemCertPool
  • 0a1293a Merge pull request #153 from thaJeztah/chachacha
  • Additional commits viewable in compare view

Updates github.com/pires/go-proxyproto from 0.11.0 to 0.12.0

Release notes

Sourced from github.com/pires/go-proxyproto's releases.

v0.12.0

What's Changed

New Contributors

Full Changelog: pires/go-proxyproto@v0.11.0...v0.12.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits
    that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all
    of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this
    group update PR and stop Dependabot creating any more for the specific
    dependency's major version (unless you unignore this specific
    dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this
    group update PR and stop Dependabot creating any more for the specific
    dependency's minor version (unless you unignore this specific
    dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR
    and stop Dependabot creating any more for the specific dependency
    (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore
    conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will
    remove the ignore condition of the specified dependency and ignore
    conditions

Multiarch Docker image

Multiarch Docker image is available in GitHub's docker registry:

docker run -it ghcr.io/zalando/skipper:v0.24.76 skipper --help

Docker image

Docker image is available in Zalando's Open Source registry:

docker run -it registry.opensource.zalan.do/teapot/skipper:v0.24.76 skipper --help

v0.24.75

20 Apr 11:45
20b922a

Choose a tag to compare

Changes

build(deps): bump oss-fuzz-base/base-builder-go from d510f86 to 98937db in /.clusterfuzzlite (#3976)

Bumps oss-fuzz-base/base-builder-go from d510f86 to 98937db.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits
    that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all
    of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop
    Dependabot creating any more for this major version (unless you reopen
    the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop
    Dependabot creating any more for this minor version (unless you reopen
    the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop
    Dependabot creating any more for this dependency (unless you reopen the
    PR or upgrade to it yourself)

Multiarch Docker image

Multiarch Docker image is available in GitHub's docker registry:

docker run -it ghcr.io/zalando/skipper:v0.24.75 skipper --help

Docker image

Docker image is available in Zalando's Open Source registry:

docker run -it registry.opensource.zalan.do/teapot/skipper:v0.24.75 skipper --help

v0.24.74

17 Apr 20:55
537f311

Choose a tag to compare

Changes

fix: proxy filter panics did not run applyFiltersOnError (#3969)

Multiarch Docker image

Multiarch Docker image is available in GitHub's docker registry:

docker run -it ghcr.io/zalando/skipper:v0.24.74 skipper --help

Docker image

Docker image is available in Zalando's Open Source registry:

docker run -it registry.opensource.zalan.do/teapot/skipper:v0.24.74 skipper --help

v0.24.73

17 Apr 19:04
776a704

Choose a tag to compare

Changes

valkey: fix update shards (#3972)

UpdateShards iterate through maps, which have nondeterministic
iteration. And will assign instances to same shard.

Multiarch Docker image

Multiarch Docker image is available in GitHub's docker registry:

docker run -it ghcr.io/zalando/skipper:v0.24.73 skipper --help

Docker image

Docker image is available in Zalando's Open Source registry:

docker run -it registry.opensource.zalan.do/teapot/skipper:v0.24.73 skipper --help

v0.24.72

17 Apr 09:04
9473cfe

Choose a tag to compare

Changes

fix: flakytest TestValkeyClient/With_metrics_and_AddrUpdater (#3970)

Multiarch Docker image

Multiarch Docker image is available in GitHub's docker registry:

docker run -it ghcr.io/zalando/skipper:v0.24.72 skipper --help

Docker image

Docker image is available in Zalando's Open Source registry:

docker run -it registry.opensource.zalan.do/teapot/skipper:v0.24.72 skipper --help

v0.24.71

16 Apr 14:09
78e71cf

Choose a tag to compare

Changes

refactor: remove leftover splitseq (#3964)

Use standard strings.SplitSeq

Multiarch Docker image

Multiarch Docker image is available in GitHub's docker registry:

docker run -it ghcr.io/zalando/skipper:v0.24.71 skipper --help

Docker image

Docker image is available in Zalando's Open Source registry:

docker run -it registry.opensource.zalan.do/teapot/skipper:v0.24.71 skipper --help

v0.24.70

13 Apr 17:55
c64ed02

Choose a tag to compare

Changes

update: Go to 1.26.2 in go.mod (#3963)

Fix all of these below:

make osv-scanner
osv-scanner -r ./
Scanning dir ./
Scanning /home/runner/work/skipper/skipper/ at commit dd457320b4be15d29641eb4d0daed2d188653e80
Scanned /home/runner/work/skipper/skipper/go.mod file and found 321 packages
+------------------------------+------+-----------+---------+---------+--------+
| OSV URL                      | CVSS | ECOSYSTEM | PACKAGE | VERSION | SOURCE |
+------------------------------+------+-----------+---------+---------+--------+
| https://osv.dev/GO-2026-4865 |      | Go        | stdlib  | 1.26.1  | go.mod |
| https://osv.dev/GO-2026-4866 |      | Go        | stdlib  | 1.26.1  | go.mod |
| https://osv.dev/GO-2026-4869 |      | Go        | stdlib  | 1.26.1  | go.mod |
| https://osv.dev/GO-2026-4870 |      | Go        | stdlib  | 1.26.1  | go.mod |
| https://osv.dev/GO-2026-4946 |      | Go        | stdlib  | 1.26.1  | go.mod |
| https://osv.dev/GO-2026-4947 |      | Go        | stdlib  | 1.26.1  | go.mod |
+------------------------------+------+-----------+---------+---------+--------+
| Uncalled vulnerabilities     |      |           |         |         |        |
+------------------------------+------+-----------+---------+---------+--------+
| https://osv.dev/GO-2026-4864 |      | Go        | stdlib  | 1.26.1  | go.mod |
+------------------------------+------+-----------+---------+---------+--------+

Multiarch Docker image

Multiarch Docker image is available in GitHub's docker registry:

docker run -it ghcr.io/zalando/skipper:v0.24.70 skipper --help

Docker image

Docker image is available in Zalando's Open Source registry:

docker run -it registry.opensource.zalan.do/teapot/skipper:v0.24.70 skipper --help

v0.24.69

13 Apr 16:27
dd45732

Choose a tag to compare

Changes

build(deps): bump the all-go-mod-patch-and-minor group across 1 directory with 11 updates (#3962)

Bumps the all-go-mod-patch-and-minor group with 9 updates in the /
directory:

Package From To
github.com/coreos/go-oidc/v3
3.17.0 3.18.0

|
github.com/testcontainers/testcontainers-go
| 0.41.1-0.20260403163240-359d0dec648b | 0.42.0 |
|
github.com/valkey-io/valkey-go
| 1.0.73 | 1.0.74 |
|
github.com/valkey-io/valkey-go/valkeyhook
| 1.0.73 | 1.0.74 |
|
github.com/valkey-io/valkey-go/valkeyotel
| 1.0.73 | 1.0.74 |
|
go.opentelemetry.io/contrib/exporters/autoexport
| 0.67.0 | 0.68.0 |
|
go.opentelemetry.io/contrib/propagators/autoprop
| 0.67.0 | 0.68.0 |
| golang.org/x/crypto | 0.49.0 |
0.50.0 |
| golang.org/x/net | 0.52.0 |
0.53.0 |

Updates github.com/coreos/go-oidc/v3 from 3.17.0 to 3.18.0

Release notes

Sourced from github.com/coreos/go-oidc/v3's releases.

v3.18.0

What's Changed

Full Changelog: coreos/go-oidc@v3.17.0...v3.18.0

Commits
  • da6b3bf build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4
  • 7f80694 build(deps): bump golang.org/x/oauth2 from 0.28.0 to 0.36.0
  • 7271de5 .github: update go versions in CI
  • 3ccf20f .github: configure dependabot
  • See full diff in compare view

Updates github.com/testcontainers/testcontainers-go from
0.41.1-0.20260403163240-359d0dec648b to 0.42.0

Release notes

Sourced from github.com/testcontainers/testcontainers-go's releases.

v0.42.0

What's Changed

⚠️ Breaking Changes

🔒 Security

🐛 Bug Fixes

  • fix: return an error when docker host cannot be retrieved (#3613) @​ash2k

🧹 Housekeeping

📦 Dependency updates

  • chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.28.0 to 1.43.0 in /modules/grafana-lgtm (#3639) @dependabot[bot]
  • chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.42.0 to 1.43.0 in /modules/compose (#3641) @dependabot[bot]
  • chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.42.0 to 1.43.0 in /modules/compose (#3645) @dependabot[bot]
  • chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2 (#3626) @dependabot[bot]
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.2 to 1.97.3 in /modules/localstack (#3638) @dependabot[bot]
  • chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.41.0 to 1.43.0 in /modules/grafana-lgtm (#3643) @dependabot[bot]
  • chore(deps): bump go.opentelemetry.io/otel/sdk from 1.41.0 to 1.43.0 in /modules/milvus (#3644) @dependabot[bot]
  • chore: update to Go 1.25.9, 1.26.9 (#3647) @​thaJeztah
  • chore(deps): bump bump github.com/klauspost/compress v1.18.5, github.com/docker/compose v5.1.2 (#3646) @​thaJeztah
  • chore(deps): bump moby/client v0.4.0, moby/api v1.54.1 (#3634) @​thaJeztah
  • chore(deps): bump golang.org/x/sys from 0.41.0 to 0.42.0 (#3629) @dependabot[bot]
  • chore(deps): bump github.com/moby/patternmatcher from 0.6.0 to 0.6.1 (#3628) @dependabot[bot]
  • chore(deps): bump github.com/shirou/gopsutil/v4 from 4.26.2 to 4.26.3 (#3627) @dependabot[bot]
  • fix(localstack): accept community-archive as a valid tag (#3601) @​johnduhart
  • chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in /modules/gcloud (#3632) @dependabot[bot]
  • chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (
Read more

v0.24.68

13 Apr 15:39
f675bf6

Choose a tag to compare

Changes

build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp from 0.18.0 to 0.19.0 (#3955)

Bumps
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp
from 0.18.0 to 0.19.0.

Release notes

Sourced from go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp's releases.

Release v0.19.0

Added

  • Added Marshaler config option to otlphttp to enable otlp over json or protobufs. (#1586)
  • A ForceFlush method to the "go.opentelemetry.io/otel/sdk/trace".TracerProvider to flush all registered SpanProcessors. (#1608)
  • Added WithSampler and WithSpanLimits to tracer provider. (#1633, #1702)
  • "go.opentelemetry.io/otel/trace".SpanContext now has a remote property, and IsRemote() predicate, that is true when the SpanContext has been extracted from remote context data. (#1701)
  • A Valid method to the "go.opentelemetry.io/otel/attribute".KeyValue type. (#1703)

Changed

  • trace.SpanContext is now immutable and has no exported fields. (#1573)
    • trace.NewSpanContext() can be used in conjunction with the trace.SpanContextConfig struct to initialize a new SpanContext where all values are known.
  • Update the ForceFlush method signature to the "go.opentelemetry.io/otel/sdk/trace".SpanProcessor to accept a context.Context and return an error. (#1608)
  • Update the Shutdown method to the "go.opentelemetry.io/otel/sdk/trace".TracerProvider return an error on shutdown failure. (#1608)
  • The SimpleSpanProcessor will now shut down the enclosed SpanExporter and gracefully ignore subsequent calls to OnEnd after Shutdown is called. (#1612)
  • "go.opentelemetry.io/sdk/metric/controller.basic".WithPusher is replaced with WithExporter to provide consistent naming across project. (#1656)
  • Added non-empty string check for trace Attribute keys. (#1659)
  • Add description to SpanStatus only when StatusCode is set to error. (#1662)
  • Jaeger exporter falls back to resource.Default's service.name if the exported Span does not have one. (#1673)
  • Jaeger exporter populates Jaeger's Span Process from Resource. (#1673)
  • Renamed the LabelSet method of "go.opentelemetry.io/otel/sdk/resource".Resource to Set. (#1692)
  • Changed WithSDK to WithSDKOptions to accept variadic arguments of TracerProviderOption type in go.opentelemetry.io/otel/exporters/trace/jaeger package. (#1693)
  • Changed WithSDK to WithSDKOptions to accept variadic arguments of TracerProviderOption type in go.opentelemetry.io/otel/exporters/trace/zipkin package. (#1693)
  • "go.opentelemetry.io/otel/sdk/resource".NewWithAttributes will now drop any invalid attributes passed. (#1703)
  • "go.opentelemetry.io/otel/sdk/resource".StringDetector will now error if the produced attribute is invalid. (#1703)

Removed

  • Removed serviceName parameter from Zipkin exporter and uses resource instead. (#1549)
  • Removed WithConfig from tracer provider to avoid overriding configuration. (#1633)
  • Removed the exported SimpleSpanProcessor and BatchSpanProcessor structs. These are now returned as a SpanProcessor interface from their respective constructors. (#1638)
  • Removed WithRecord() from trace.SpanOption when creating a span. (#1660)
  • Removed setting status to Error while recording an error as a span event in RecordError. (#1663)
  • Removed jaeger.WithProcess configuration option. (#1673)
  • Removed ApplyConfig method from "go.opentelemetry.io/otel/sdk/trace".TracerProvider and the now unneeded Config struct. (#1693)

Fixed

  • Jaeger Exporter: Ensure mapping between OTEL and Jaeger span data complies with the specification. (#1626)
  • SamplingResult.TraceState is correctly propagated to a newly created span's SpanContext. (#1655)
  • The otel-collector example now correctly flushes metric events prior to shutting down the exporter. (#1678)
  • Do not set span status message in SpanStatusFromHTTPStatusCode if it can be inferred from http.status_code. (#1681)
  • Synchronization issues in global trace delegate implementation. (#1686)
  • Reduced excess memory usage by global TracerProvider. (#1687)

Raw changes made between v0.18.0 and v0.19.0

... (truncated)

Changelog

Sourced from go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp's changelog.

[1.43.0/0.65.0/0.19.0] 2026-04-02

Added

  • Add IsRandom and WithRandom on TraceFlags, and IsRandom on SpanContext in go.opentelemetry.io/otel/trace for W3C Trace Context Level 2 Random Trace ID Flag support. (#8012)
  • Add service detection with WithService in go.opentelemetry.io/otel/sdk/resource. (#7642)
  • Add DefaultWithContext and EnvironmentWithContext in go.opentelemetry.io/otel/sdk/resource to support plumbing context.Context through default and environment detectors. (#8051)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in
Read more

v0.24.67

13 Apr 12:11
5fffa73

Choose a tag to compare

Changes

fix: improve bearerinjector logging for missing credentials (#3957)

Summary

When the bearerinjector filter can't find a secret, the error message
now mentions the -credentials-paths flag. Previously it just said
"Secret not found" with no hint about what to configure.

Also updates the bearerinjector docs to link to the egress reference and
note the -credentials-paths requirement.

Changes

  • filters/auth/bearer.go: Improved error message at line 56 to mention
    -credentials-paths.
  • docs/reference/filters.md: Added note about -credentials-paths and
    link to the egress reference with a complete configuration example.

Testing

  • go build ./filters/auth/... passes

Fixes #3507

This contribution was developed with AI assistance (Claude Code).

Multiarch Docker image

Multiarch Docker image is available in GitHub's docker registry:

docker run -it ghcr.io/zalando/skipper:v0.24.67 skipper --help

Docker image

Docker image is available in Zalando's Open Source registry:

docker run -it registry.opensource.zalan.do/teapot/skipper:v0.24.67 skipper --help