We have just released Pomerium v0.21 which includes a bunch of new features, quality of life changes, and bug fixes including:
TCP Gateway Support
Pomerium now acts as a public-facing gateway for TCP connections, ensuring internal information is not leaked to the public internet just to broker that connection. Traffic will go through Pomerium and be redirected to where it needs to go, ensuring malicious snoopers have no idea what’s in your network.
Automatic TLS for Internal Services
With no additional configurations necessary, you can be assured that all the communications between Pomerium’s internal services are encrypted, authenticated, and confidential.
Forward Authentication is Deprecated
Forward auth was introduced in early versions of Pomerium to provide a gradual migration path for users of other reverse proxies to Pomerium.
Since then, Pomerium has come a long way — it is now based around first class reverse proxy core (Envoy) and has been battle tested for many years. Unfortunately, supporting forward authentication mode provides a subpar experience in security (cookies cannot be stripped from upstream requests) and configuration (misconfiguration issues are common and hard to troubleshoot); it’s also not compatible with many of Pomerium’s newer features and deployment scenarios.
If there’s any feature you were previously able to leverage using forward auth and a third-party proxy, let us know. We are committed to feature parity with all major proxies in the ecosystem.
This release also includes other new features, general improvements, and bug fixes. A complete list can be found in the announcement post.
Big thank you to all our users, and to everyone who contributed to this release!