deployment: prepare 0.9.0 (#798)

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

docs/docs/CHANGELOG.md

@@ -1,5 +1,73 @@
 # Changelog
 
+## v0.9.0
+
+### New
+
+- proxy: envoy is now used to handle proxying
+- authenticate: add jwks and .well-known endpoint @desimone [GH-745]
+- authorize: add client mTLS support @calebdoxsey [GH-751]
+
+### Fixed
+
+- cache: fix closing too early @calebdoxsey [GH-791]
+- authenticate: fix insecure gRPC connection string default port @calebdoxsey [GH-795]
+- authenticate: fix user-info call for AWS cognito @calebdoxsey [GH-792]
+- authenticate: clear session if ctx fails @desimone [GH-806]
+- telemetry: fix autocache labels @travisgroth [GH-805]
+- telemetry: fix missing/incorrect grpc labels @travisgroth [GH-804]
+- authorize: fix authorization panic caused by logging a nil reference @desimone [[GH-704]]
+
+### Changes
+
+- authenticate: remove authorize url validate check @calebdoxsey [GH-790]
+- authorize: reduce log noise for empty jwt @calebdoxsey [GH-793]
+- authorize: refactor and add additional unit tests @calebdoxsey [GH-757]
+- envoy: add GRPC stats handler to control plane service @travisgroth [GH-744]
+- envoy: enable zipkin tracing @travisgroth [GH-737]
+- envoy: improvements to logging @calebdoxsey [GH-742]
+- envoy: remove 'accept-encoding' header from proxied metric requests @travisgroth [GH-750]
+- envoy: support ports in hosts for routing @calebdoxsey [GH-748]
+- forward-auth: support x-forwarded-uri @calebdoxsey [GH-780]
+- proxy/forward-auth: block expired request prior to 302 @desimone [GH-773]
+- sessions/state: add nickname claim @BenoitKnecht [GH-755]
+- state: infer user (`user`) from subject (`sub`) @desimone [GH-772]
+- telemetry: refactor GRPC Server Handler @travisgroth [GH-756]
+- telemetry: service label updates @travisgroth [GH-802]
+- xds: add catch-all for pomerium routes @calebdoxsey [GH-789]
+- xds: disable cluster validation to handle out-of-order updates @calebdoxsey [GH-783]
+
+### Documentation
+
+- docs: add mTLS recipe @calebdoxsey [GH-807]
+- docs: add argo recipe @calebdoxsey [GH-803]
+- docs: update dockerfiles for v0.9.0 @calebdoxsey [GH-801]
+- docs: typo on configuration doc @kintoandar [GH-800]
+- docs: docs regarding claim headers @strideynet [GH-782]
+- docs: update traefik example and add note about forwarded headers @calebdoxsey [GH-784]
+- docs: add note about unsupported platforms @calebdoxsey [GH-799]
+- docs: expose config parameters in sidebar @travisgroth [GH-797]
+- docs: update examples @travisgroth [GH-796]
+
+## v0.8.3
+
+### Changes
+
+- state: infer user (`user`) from subject (`sub`) @desimone GH-772
+- proxy/forward-auth: block expired request prior to 302 @desimone GH-773
+
+## v0.8.2
+
+### Security
+
+This release includes a fix for a bug that, under certain circumstances, could allow a user with a valid but expired session to resend a request to an upstream application. The repeated request would not return a response, but could reach the upstream application. Thank you to @selaux for reporting this issue! [GH-762]
+
+## v0.8.1
+
+### Fixed
+
+- authorize: fix authorization panic caused by logging a nil reference @desimone [GH-704]
+
 ## v0.8.0
 
 To see a complete list of changes [see the diff](https://github.com/pomerium/pomerium/compare/v0.7.0...v0.8.0).

docs/docs/releases.md

@@ -9,12 +9,13 @@ Official binaries for OSX, Windows, and Linux can be found on our [Github Releas
 Pomerium is also distributed as a [minimal](https://github.com/GoogleContainerTools/distroless) [docker container](https://www.docker.com/resources/what-container). You can find Pomerium's images on [dockerhub](https://hub.docker.com/r/pomerium/pomerium). Pomerium can be pulled in several flavors and architectures.
 
 - `:vX.Y.Z`: which will pull the a [specific tagged release](https://github.com/pomerium/pomerium/tags).
+
   ```bash
   $ docker run pomerium/pomerium:v0.1.0 --version
   v0.1.0+53bfa4e
   ```
 
-* `:latest`: which will pull the [most recent tagged release](https://github.com/pomerium/pomerium/releases).
+- `:latest`: which will pull the [most recent tagged release](https://github.com/pomerium/pomerium/releases).
 
   ```bash
   $ docker pull pomerium/pomerium:latest && docker run pomerium/pomerium:latest --version
@@ -55,6 +56,8 @@ To see difference between releases, please refer to the changelog and upgrading
 For convenience, we maintain hosted documentation for each tagged release. The format for which is `https://{MAJOR}-{MINOR}-{PATCH}.docs.pomerium.io`. For example:
 
 - [github@master](https://master.docs.pomerium.io/)
+- [v0.9.0](https://0-9-0.docs.pomerium.io/)
+- [v0.8.0](https://0-8-0.docs.pomerium.io/)
 - [v0.7.0](https://0-7-0.docs.pomerium.io/)
 - [v0.6.0](https://0-6-0.docs.pomerium.io/)
 - [v0.5.0](https://0-5-0.docs.pomerium.io/)

docs/docs/upgrading.md

@@ -15,20 +15,18 @@ description: >-
 
 ### Observability
 
-- The `service` label on metrics and tracing no longer reflects the `Services` configuration option directly.  `pomerium` will be used for all-in-one mode, and `pomerium-[service]` will
-  be used for distributed services
+- The `service` label on metrics and tracing no longer reflects the `Services` configuration option directly. `pomerium` will be used for all-in-one mode, and `pomerium-[service]` will be used for distributed services
 
 #### Tracing
 
-- Jaeger tracing support is no longer end-to-end in the proxy service. We recommend updating to the Zipkin provider for proper tracing support.  Jaeger will continue to work but will not have coverage in the data plane.
+- Jaeger tracing support is no longer end-to-end in the proxy service. We recommend updating to the Zipkin provider for proper tracing support. Jaeger will continue to work but will not have coverage in the data plane.
 - Option `tracing_debug` is no longer supported. Use `tracing_sampling_rate` instead. [Details](https://www.pomerium.io/configuration/#shared-tracing-settings).
 
 #### Metrics
 
-With this release we now use an embedded [envoy](https://www.envoyproxy.io/) binary as our proxy server.  
+With this release we now use an embedded [envoy](https://www.envoyproxy.io/) binary as our proxy server.
 
-- Due to this change, data plane metric names and labels have changed to 
-  adopt envoy's internal data model.  [Details](https://www.pomerium.io/configuration/#envoy-proxy-metrics)
+- Due to this change, data plane metric names and labels have changed to adopt envoy's internal data model. [Details](https://www.pomerium.io/configuration/#envoy-proxy-metrics)
 
 # Since 0.7.0