v0.39.0

Granted v0.39.0 is the first release published under the fwdcloudsec organization. This release includes new features, bug fixes, and updates to the release infrastructure.

Release Infrastructure Changes

Starting with v0.39.0, Granted releases are published to new infrastructure under the granted.dev domain:

• Binary downloads are now hosted at releases.granted.dev
• Linux APT repository has moved to apt.releases.granted.dev — see the installation docs for updated setup instructions
• Homebrew (brew install fwdcloudsec/granted/granted) now builds from source via the fwdcloudsec/homebrew-granted tap. Prebuilt macOS binaries are not currently available — if you need them, please open a discussion
• GPG signing key has been updated (fwdcloudsec/granted-docs#4). The APT repository signing key has been updated too — see the installation docs for the new key

Previous releases remain available at releases.commonfate.io.

Features

• OAuth Authorization Code + PKCE flow for SSO login — adds a more secure SSO authentication method (#923) by @dgilmanuni
• Hierarchical RoleSessionName resolution — role session names are now resolved hierarchically when assuming roles (#884) by @FredPerr
• GRANTED_BROWSER_PROFILE env var — override the browser profile used for console sessions via an environment variable (#914) by @billyjbryant
• Zen browser support — native support for the Zen browser (#930) by @meyerjrr

Bug Fixes

• Fix --mfa-token flag being ignored in credential process mode (#908) by @dafujii
• Fix AWS profile being set incorrectly when role chaining (#841) by @raine-tingley
• Fix Nix install path detection for fish and tcsh shell aliases (#921) by @pyrex41
• Fix SSO browser stdout noise (#916) by @benjamin-pilgrim
• Fix TooManyRequests exception handling (#912) by @silvaalbert
• Fix AWS config directory permissions (#843) by @jescarri
• Fix ExportCredentialSuffix nil handling (#915) by @supergibbs
• Fix help message for browser set command (#909) by @LZong-tw
• Fix --ref flag when adding git profile registries (#864) by @chrnorm

Console Service Map

Added support for: AWS Control Tower, CloudFront, ElastiCache, SQS, Cognito, and Global Accelerator (#871, #877, #893)

Housekeeping

• Upgraded to Go 1.25 and renamed module to github.com/fwdcloudsec/granted (#913)
• Removed legacy Common Fate integrations and plugins (#855, #861)
• Cleaned up registry package (#805) by @EloyTolosaDev
• Dependency updates (#922) by @ericofusco

New Contributors

• @jescarri, @raine-tingley, @EloyTolosaDev, @FredPerr, @mikegray, @LZong-tw, @dafujii, @supergibbs, @ericofusco, @pyrex41, @benjamin-pilgrim, @silvaalbert, @billyjbryant, @dgilmanuni

Thank you to everyone who contributed to this release!

Full Changelog: v0.38.0...v0.39.0

v0.38.0

What's Changed

• Bump golang.org/x/crypto from 0.25.0 to 0.31.0 by @dependabot in #815
• Add gimme-aws-creds assumer by @jpts in #810
• Bump golang.org/x/net from 0.26.0 to 0.33.0 by @dependabot in #824
• Make leading/trailing spaces optional in templating by @agershman in #792
• Fix golangci-lint CI failure by @jpts in #832
• Update service_map.go by @wayne-folkes in #829
• Bump github.com/go-jose/go-jose/v4 from 4.0.2 to 4.0.5 by @dependabot in #831
• GHA: upgrade upload-artifact version by @chrnorm in #833

New Contributors

• @agershman made their first contribution in #792

Full Changelog: v0.37.0...v0.38.0

v0.37.0

Changelog

• 91e5e76 Josh/cf 3767 add cli flag to attach jira ticket in assume (#808)
• e047104 Service flag support for AWS Backup (#804)

Download this release by following our getting started guide.

v0.36.3

Changelog

• 8785167 Revert additional stream closed polling on proxy command (#802)
• 8547465 use sso role name from grant output for eks and rds access (#803)

Download this release by following our getting started guide.

v0.36.2

Changelog

• eeccfba Add Vivaldi browser support (#797)
• eeec10e Fix the proxy command not detecting that the stream had closed remotely (#799)
• 062ec34 Re authenticate with common fate during registry sync if token is expired (#798)
• b165600 Service flag support for AWS Organizations (#800)
• cc23acc fix: pass external_id for credential process and IAM (#790)

Download this release by following our getting started guide.

v0.36.1

Changelog

• fd86607 Switch out huh for survey with a custom renderer template (#794)

Download this release by following our getting started guide.

v0.36.0

What's Changed

• RDS Plugin: Allow server specified default port by @VigneshSelvaraj96 in #788
• Add Granted EKS Proxy command by @JoshuaWilkes in #787
• update handling for ports in proxy commands by @JoshuaWilkes in #789

Full Changelog: v0.35.2...v0.36.0

v0.35.2

What's Changed

• Changes waf shortcut to use v2 home page, rather than WAF classic home. by @CodyDunlap in #775
• Fix service map comma and formatting by @chrnorm in #776
• update asdf tool-versions golang to 1.22 by @chrnorm in #774
• tidy unused packages and variables by @chrnorm in #773
• RDS proxy command should be filterable by @JoshuaWilkes in #777
• feat: sort service map and add aws bedrock as a recognized service. by @felipewnp in #784

New Contributors

• @felipewnp made their first contribution in #784

Full Changelog: v0.35.1...v0.35.2

v0.35.1

This release includes bug fixes for the RDS plugin.

What's Changed

• Remove Grant is activated message, use new Grant Output API by @JoshuaWilkes in #769
• Improve how RDS proxy command handles grant expiry and proxy connection errors by @JoshuaWilkes in #770

Full Changelog: v0.35.0...v0.35.1

v0.35.0

AWS IAM Identity Center phishing protection

This release adds support for the new Granted browser extension for Chrome, which confirms the user code automatically when logging in to AWS IAM Identity Center. This makes authenticating faster and protects against being phished for your AWS credentials. Read more in our announcement blog post here..

Follow our install guide here to get set up with Granted.

What's Changed

• add fixes to setting custom browser by @meyerjrr in #760
• Fix the version output when running assume -v by @chrnorm in #762
• Added support for manual setting of PassDir to avoid pass password pollution in default location by @VigneshSelvaraj96 in #761
• Add apigw -> apigateway service shortcut by @alexjurkiewicz in #763
• Add AWS IAM Identity Center device code flow automation by @chrnorm in #765

New Contributors

• @VigneshSelvaraj96 made their first contribution in #761

Full Changelog: v0.34.2...v0.35.0