Sourced from github.com/docker/distribution's releases.

v2.8.2

What's Changed

• Revert registry/client: set Accept: identity header when getting layers by @​ndeloof in distribution/distribution#3783
• Parse http forbidden as denied by @​vvoland in distribution/distribution#3914
• Fix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by @​thaJeztah (#3650)
• Fix CVE-2023-2253 runaway allocation on /v2/_catalog by @​josegomezr 521ea3d9
• Fix panic in inmemory driver by @​wy65701436 in distribution/distribution#3815
• bump up golang version (alternative) by @​thaJeztah in distribution/distribution#3903
• Dockerfile: update xx to v1.2.1 by @​thaJeztah in distribution/distribution#3907
• update to go1.19.9 by @​thaJeztah in distribution/distribution#3908
• Add code to handle pagination of parts. Fixes max layer size of 10GB bug by @​DavidSpek in distribution/distribution#3893
• Dockerfile: fix filenames of artifacts by @​thaJeztah in distribution/distribution#3911

Full Changelog: distribution/distribution@v2.8.1...v2.8.2

v2.8.2-beta.2

What's Changed

• Fix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by @​thaJeztah (#3650)
• Fix CVE-2023-2253 runaway allocation on /v2/_catalog by @​josegomezr 521ea3d9
• Fix panic in inmemory driver by @​wy65701436 in distribution/distribution#3815
• bump up golang version (alternative) by @​thaJeztah in distribution/distribution#3903
• Dockerfile: update xx to v1.2.1 by @​thaJeztah in distribution/distribution#3907
• update to go1.19.9 by @​thaJeztah in distribution/distribution#3908
• Add code to handle pagination of parts. Fixes max layer size of 10GB bug by @​DavidSpek in distribution/distribution#3893
• Dockerfile: fix filenames of artifacts by @​thaJeztah in distribution/distribution#3911

Full Changelog: distribution/distribution@v2.8.1...v2.8.2-beta.2

v2.8.2-beta.1

NOTE: This is a pre-release that does not contain any artifacts!

What's Changed

• Fix runaway allocation on /v2/_catalog by @​josegomezr 521ea3d9
• Fix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by @​thaJeztah in distribution/distribution#3650
• Fix panic in inmemory driver by @​wy65701436 in distribution/distribution#3815
• bump up golang version (alternative) by @​thaJeztah in distribution/distribution#3903
• Dockerfile: update xx to v1.2.1 by @​thaJeztah in distribution/distribution#3907
• update to go1.19.9 by @​thaJeztah in distribution/distribution#3908
• Add code to handle pagination of parts. Fixes max layer size of 10GB bug by @​DavidSpek in distribution/distribution#3893

Full Changelog: distribution/distribution@v2.8.1...v2.8.2-beta.1

• 7c354a4 Merge pull request #3915 from distribution/2.8.2-release-notes
• a173a9c Add v2.8.2 release notes
• 4894d35 Merge pull request #3914 from vvoland/handle-forbidden-28
• f067f66 Merge pull request #3783 from ndeloof/accept-encoding-28
• 483ad69 registry/errors: Parse http forbidden as denied
• 2b0f84d Revert "registry/client: set Accept: identity header when getting layers"
• 320d6a1 Merge pull request #3912 from distribution/2.8.2-beta.2-release-notes
• 5f3ca1b Add release notes for 2.8.2-beta.2 release
• cb840f6 Merge pull request #3911 from thaJeztah/2.8_backport_fix_releaser_filenames
• e884644 Dockerfile: fix filenames of artifacts
• Additional commits viewable in compare view

Sourced from github.com/docker/docker's releases.

v24.0.9

24.0.9

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 24.0.9 milestone
• moby/moby, 24.0.9 milestone

Security

This release contains security fixes for the following CVEs affecting Docker Engine and its components.

CVE	Component	Fix version	Severity
CVE-2024-21626	runc	1.1.12	High, CVSS 8.6
CVE-2024-24557	Docker Engine	24.0.9	Medium, CVSS 6.9

Important ⚠️

Note that this release of Docker Engine doesn't include fixes for the following known vulnerabilities in BuildKit:

• CVE-2024-23651
• CVE-2024-23652
• CVE-2024-23653
• CVE-2024-23650

To address these vulnerabilities, upgrade to Docker Engine v25.0.2.

For more information about the security issues addressed in this release, and the unaddressed vulnerabilities in BuildKit, refer to the blog post. For details about each vulnerability, see the relevant security advisory:

• CVE-2024-21626
• CVE-2024-24557

Packaging updates

• Upgrade runc to v1.1.12. moby/moby#47269
• Upgrade containerd to v1.7.13 (static binaries only). moby/moby#47280

v24.0.8

24.0.8

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 24.0.8 milestone
• moby/moby, 24.0.8 milestone

Bug fixes and enhancements

• Live restore: Containers with auto remove (docker run --rm) are no longer forcibly removed on engine restart. moby/moby#46857

... (truncated)

• fca702d Merge pull request from GHSA-xw73-rw38-6vjc
• f78a772 Merge pull request #47281 from thaJeztah/24.0_backport_bump_containerd_binary...
• 61afffe Merge pull request #47270 from thaJeztah/24.0_backport_bump_runc_binary_1.1.12
• b38e74c Merge pull request #47276 from thaJeztah/24.0_backport_bump_runc_1.1.12
• dac5663 update containerd binary to v1.7.13
• 20e1af3 vendor: github.com/opencontainers/runc v1.1.12
• 858919d update runc binary to v1.1.12
• 141ad39 Merge pull request #47266 from vvoland/ci-fix-makeps1-templatefail-24
• db968c6 hack/make.ps1: Fix go list pattern
• 61c51fb Merge pull request #47221 from vvoland/pkg-pools-close-noop-24
• Additional commits viewable in compare view

• 434eadc language: reject excessively large Accept-Language strings
• 23407e7 go.mod: ignore cyclic dependency for tagging
• b18d3dd secure/precis: replace bytes.Compare with bytes.Equal
• 795e854 all: replace io/ioutil with io and os package
• b0ca10f internal/language: bump script types to uint16 and update registry
• ba9b0e1 go.mod: update x/tools to HEAD
• d03b418 A+C: delete AUTHORS and CONTRIBUTORS
• b4bca84 language/display: fix Tag method comment
• ea49e3e go.mod: update x/tools to HEAD
• 78819d0 go.mod: update to golang.org/x/text v0.1.10
• Additional commits viewable in compare view

Sourced from github.com/apache/thrift's releases.

Version 0.13.0

For release 0.13.0 head over to the official release download source: http://thrift.apache.org/download

The assets below are added by Github based on the release tag and they may therefore not match the checkums.

Sourced from github.com/apache/thrift's changelog.

0.13.0

New Languages

• (none)

Deprecated Languages

• THRIFT-4723 - CSharp and Netcore targets are deprecated and will be removed with the next release) - use NetStd instead.

Removed Languages

• THRIFT-4719 - Cocoa language was removed) - use swift instead.

Breaking Changes

• THRIFT-4743 - compiler: removed the plug-in mechanism
• THRIFT-4720 - cpp: C++03/C++98 support has been removed; also removed boost as a runtime dependency
• THRIFT-4730 - cpp: BoostThreadFactory, PosixThreadFactory, StdThreadFactory removed
• THRIFT-4732 - cpp: CMake build changed to use BUILD_SHARED_LIBS
• THRIFT-4735 - cpp: Removed Qt4 support
• THRIFT-4740 - cpp: Use std::chrono::duration for timeouts
• THRIFT-4762 - cpp: TTransport::getOrigin() is now const
• THRIFT-4702 - java: class org.apache.thrift.AutoExpandingBuffer is no longer public
• THRIFT-4709 - java: changes to UTF-8 handling require JDK 1.7 at a minimum
• THRIFT-4712 - java: class org.apache.thrift.ShortStack is no longer public
• THRIFT-4725 - java: change return type signature of 'process' methods
• THRIFT-4805 - java: replaced TSaslTransportException with TTransportException
• THRIFT-2530 - java: TIOStreamTransport's "isOpen" now returns false after "close" is called
• THRIFT-4675 - js: now uses node-int64 for 64 bit integer constants
• THRIFT-4841 - delphi: old THTTPTransport is now TMsxmlHTTPTransport
• THRIFT-4536 - rust: convert from try-from crate to rust stable (1.34+), re-export ordered-float

Known Issues (Blocker or Critical)

• THRIFT-3877 - C++: library don't work with HTTP (csharp server, cpp client; need cross test enhancement)

As3

• THRIFT-4784 - Thrift should throw when skipping over unexpected data

Build Process

• THRIFT-2333 - RPMBUILD: Abort build if user did not disable ruby but ruby build will fail later on
• THRIFT-4689 - Pull changes from 0.12.0 release branch into master
• THRIFT-4690 - Update dlang deimos for OpenSSL 1.1 (use 1.1.0h tagged release instead of master)
• THRIFT-4694 - Upgrade Java to Java 1.8
• THRIFT-4716 - Create a version alignment tool to make releases easier
• THRIFT-4760 - Install pkgconfig when using cmake
• THRIFT-4769 - Change NuGet package to use netstd artifact

... (truncated)

• cecee50 Version 0.13.0
• a899fe8 THRIFT-4973 Add deprecation messages for csharp and netcore
• ab89b8b THRIFT-2530: Fix TIOStreamTransport#isOpen
• 85d8162 Revert "THRIFT-4951: Remove senum from tests"
• 224b43e THRIFT-4874: Thrift 0.12.0 Source Distribution (.tar.gz) Contains Hardlinks -...
• a0c5f32 Update to Go 1.13.1 for CI
• df8ef4b THRIFT-4951: Remove senum from tests
• 904f561 THRIFT-4858: Add error message to TTransportException
• a152a0a THRIFT-4945: Fix non-standard log output
• 4fc4661 THRIFT-4967: Node.js tutorial server fails if the zip function is invoked
• Additional commits viewable in compare view

Sourced from github.com/go-git/go-git/v5's releases.

v5.11.0

What's Changed

• git: validate reference names (#929) by @​aymanbagabas in go-git/go-git#950
• git: stop iterating at oldest shallow when pulling. Fixes #305 by @​dhoizner in go-git/go-git#939
• plumbing: object, enable renames in getFileStatsFromFilePatches by @​djmoch in go-git/go-git#941
• storage: filesystem, Add option to set a specific FS for alternates by @​pjbgf in go-git/go-git#953
• Align worktree validation with upstream and remove build warnings by @​pjbgf in go-git/go-git#958

New Contributors

• @​dhoizner made their first contribution in go-git/go-git#939
• @​djmoch made their first contribution in go-git/go-git#941

Full Changelog: go-git/go-git@v5.10.1...v5.11.0

v5.10.1

What's Changed

• Worktree, ignore ModeSocket files by @​steiler in go-git/go-git#930
• git: add tracer package by @​aymanbagabas in go-git/go-git#916
• remote: Flip clause for fast-forward only check by @​adityasaky in go-git/go-git#875
• plumbing: transport/ssh, Fix nil pointer dereference caused when an unreachable proxy server is set. Fixes #900 by @​anandf in go-git/go-git#901
• plumbing: uppload-server-info, implement upload-server-info by @​aymanbagabas in go-git/go-git#896
• plumbing: optimise memory consumption for filesystem storage by @​pjbgf in go-git/go-git#799
• plumbing: format/packfile, Refactor patch delta by @​pjbgf in go-git/go-git#908
• plumbing: fix empty uploadpack request error by @​aymanbagabas in go-git/go-git#932
• plumbing: transport/git, Improve tests error message by @​pjbgf in go-git/go-git#752
• plumbing: format/pktline, Respect pktline error-line errors by @​aymanbagabas in go-git/go-git#936
• utils: remove ioutil.Pipe and use std library io.Pipe by @​aymanbagabas in go-git/go-git#922
• utils: move trace to utils by @​aymanbagabas in go-git/go-git#931
• cli: separate go module for cli by @​aymanbagabas in go-git/go-git#914
• build: bump github.com/google/go-cmp from 0.5.9 to 0.6.0 by @​dependabot in go-git/go-git#887
• build: bump actions/setup-go from 3 to 4 by @​dependabot in go-git/go-git#891
• build: bump github.com/skeema/knownhosts from 1.2.0 to 1.2.1 by @​dependabot in go-git/go-git#888
• build: bump actions/checkout from 3 to 4 by @​dependabot in go-git/go-git#890
• build: bump golang.org/x/sys from 0.13.0 to 0.14.0 by @​dependabot in go-git/go-git#907
• build: bump golang.org/x/text from 0.13.0 to 0.14.0 by @​dependabot in go-git/go-git#906
• build: bump golang.org/x/crypto from 0.14.0 to 0.15.0 by @​dependabot in go-git/go-git#917
• build: bump golang.org/x/net from 0.17.0 to 0.18.0 by @​dependabot in go-git/go-git#918

New Contributors

• @​anandf made their first contribution in go-git/go-git#901
• @​steiler made their first contribution in go-git/go-git#930

Full Changelog: go-git/go-git@v5.10.0...v5.10.1

v5.10.0

What's Changed

• PlainInitOptions.Bare and allow using InitOptions with PlainInitWithOptions by @​ThinkChaos in go-git/go-git#782

... (truncated)

• 5d08d3b Merge pull request #958 from pjbgf/workval
• 5bd1d8f build: Ensure checkout is the first operation
• b2c1982 git: worktree, Align validation with upstream rules
• cec7da6 Merge pull request #953 from pjbgf/alternates
• 8b47ceb storage: filesystem, Add option to set a specific FS for alternates
• 4f61489 Merge pull request #941 from djmoch/filestats-rename
• ae552ce Merge pull request #939 from dhoizner/fix-pull-after-shallow
• cc1895b Merge pull request #950 from aymanbagabas/validate-ref
• de1d5a5 git: validate reference names
• d87110b Merge pull request #948 from go-git/dependabot/go_modules/cli/go-git/github.c...
• Additional commits viewable in compare view

Sourced from github.com/hashicorp/go-retryablehttp's changelog.

0.7.7 (May 30, 2024)

BUG FIXES:

• client: avoid potentially leaking URL-embedded basic authentication credentials in logs (#158)

0.7.6 (May 9, 2024)

ENHANCEMENTS:

• client: support a RetryPrepare function for modifying the request before retrying (#216)
• client: support HTTP-date values for Retry-After header value (#138)
• client: avoid reading entire body when the body is a *bytes.Reader (#197)

BUG FIXES:

• client: fix a broken check for invalid server certificate in go 1.20+ (#210)

0.7.5 (Nov 8, 2023)

BUG FIXES:

• client: fixes an issue where the request body is not preserved on temporary redirects or re-established HTTP/2 connections (#207)

0.7.4 (Jun 6, 2023)

BUG FIXES:

• client: fixing an issue where the Content-Type header wouldn't be sent with an empty payload when using HTTP/2 (#194)

0.7.3 (May 15, 2023)

Initial release

• 1542b31 v0.7.7
• defb9f4 v0.7.7
• a99f07b Merge pull request #158 from dany74q/danny/redacted-url-in-logs
• 8a28c57 Merge branch 'main' into danny/redacted-url-in-logs
• 86e852d Merge pull request #227 from hashicorp/dependabot/github_actions/actions/chec...
• 47fe99e Bump actions/checkout from 4.1.5 to 4.1.6
• 490fc06 Merge pull request #226 from testwill/ioutil
• f3e9417 chore: remove refs to deprecated io/ioutil
• d969eaa Merge pull request #225 from hashicorp/manicminer-patch-2
• 2ad8ed4 v0.7.6
• Additional commits viewable in compare view

Sourced from github.com/opencontainers/image-spec's releases.

v1.0.2

This release was voted on by the maintainers and PASSED (+5 -0 #2), to mitigate the CVE-2021-41190 advisory.

This release is rebased directly on the prior tagged release (not including the commits that have occurred on main). Corresponding commits have been added to main, such that main is ready for a future next release.

• 67d2d56 version: release 1.0.2
• dcdcb7f specs-go: adding mediaType to the index and manifest structures
• 5f31485 *.md: bring mediaType out of reserved status
• See full diff in compare view

Sourced from github.com/prometheus/client_golang's releases.

1.11.1 / 2022-02-15

• [SECURITY FIX] promhttp: Check validity of method and code label values prometheus/client_golang#987 (Addressed CVE-2022-21698)

What's Changed

• promhttp: Check validity of method and code label values by @​bwplotka and @​kakkoyun in prometheus/client_golang#987

Full Changelog: prometheus/client_golang@v1.11.0...v1.11.1

v1.11.0 / 2021-06-07

• [CHANGE] Add new collectors package. #862
• [CHANGE] prometheus.NewExpvarCollector is deprecated, use collectors.NewExpvarCollector instead. #862
• [CHANGE] prometheus.NewGoCollector is deprecated, use collectors.NewGoCollector instead. #862
• [CHANGE] prometheus.NewBuildInfoCollector is deprecated, use collectors.NewBuildInfoCollector instead. #862
• [FEATURE] Add new collector for database/sql#DBStats. #866
• [FEATURE] API client: Add exemplars API support. #861
• [ENHANCEMENT] API client: Add newer fields to Rules API. #855
• [ENHANCEMENT] API client: Add missing fields to Targets API. #856

What's Changed

• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/client_golang#846
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/client_golang#849
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/client_golang#853
• Add newer fields to Rules API by @​gouthamve in prometheus/client_golang#855
• Add missing fields to targets API by @​yeya24 in prometheus/client_golang#856
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/client_golang#857
• Add exemplars API support by @​yeya24 in prometheus/client_golang#861
• Improve description of MaxAge in summary docs by @​Dean-Coakley in prometheus/client_golang#864
• Add new collectors package by @​johejo in prometheus/client_golang#862
• Add collector for database/sql#DBStats by @​johejo in prometheus/client_golang#866
• Make dbStatsCollector more DRY by @​beorn7 in prometheus/client_golang#867
• Change maintainers from @​beorn7 to @bwplotka/@​kakkoyun by @​beorn7 in prometheus/client_golang#873
• Document implications of negative observations by @​beorn7 in prometheus/client_golang#871
• Update Go modules by @​SuperQ in prometheus/client_golang#875

New Contributors

• @​gouthamve made their first contribution in prometheus/client_golang#855

Full Changelog: prometheus/client_golang@v1.10.0...v1.11.0

1.10.0 / 2021-03-18

• [CHANGE] Minimum required Go version is now 1.13.
• [CHANGE] API client: Add matchers to LabelNames and LabesValues. #828
• [FEATURE] API client: Add buildinfo call. #841
• [BUGFIX] Fix build on riscv64. #833

What's Changed

• Add SECURITY.md by @​roidelapluie in prometheus/client_golang#831
• Bump prometheus/procfs to 0.3.0 to fix building on riscv64 by @​zhsj in prometheus/client_golang#833
• Fix typo in comments in prometheus/client_golang#835

... (truncated)

Sourced from github.com/prometheus/client_golang's changelog.

Unreleased

1.19.0 / 2023-02-27

The module prometheus/common v0.48.0 introduced an incompatibility when used together with client_golang (See prometheus/client_golang#1448 for more details). If your project uses client_golang and you want to use prometheus/common v0.48.0 or higher, please update client_golang to v1.19.0.

• [CHANGE] Minimum required go version is now 1.20 (we also test client_golang against new 1.22 version). #1445 #1449
• [FEATURE] collectors: Add version collector. #1422 #1427

1.18.0 / 2023-12-22

• [FEATURE] promlint: Allow creation of custom metric validations. #1311
• [FEATURE] Go programs using client_golang can be built in wasip1 OS. #1350
• [BUGFIX] histograms: Add timer to reset ASAP after bucket limiting has happened. #1367
• [BUGFIX] testutil: Fix comparison of metrics with empty Help strings. #1378
• [ENHANCEMENT] Improved performance of MetricVec.WithLabelValues(...). #1360

1.17.0 / 2023-09-27

• [CHANGE] Minimum required go version is now 1.19 (we also test client_golang against new 1.21 version). #1325
• [FEATURE] Add support for Created Timestamps in Counters, Summaries and Historams. #1313
• [ENHANCEMENT] Enable detection of a native histogram without observations. #1314

1.16.0 / 2023-06-15

• [BUGFIX] api: Switch to POST for LabelNames, Series, and QueryExemplars. #1252
• [BUGFIX] api: Fix undefined execution order in return statements. #1260
• [BUGFIX] native histograms: Fix bug in bucket key calculation. #1279
• [ENHANCEMENT] Reduce constrainLabels allocations for all metrics. #1272
• [ENHANCEMENT] promhttp: Add process start time header for scrape efficiency. #1278
• [ENHANCEMENT] promlint: Improve metricUnits runtime. #1286

1.15.1 / 2023-05-3

• [BUGFIX] Fixed promhttp.Instrument* handlers wrongly trying to attach exemplar to unsupported metrics (e.g. summary),
  causing panics. #1253

1.15.0 / 2023-04-13

• [BUGFIX] Fix issue with atomic variables on ppc64le. #1171
• [BUGFIX] Support for multiple samples within same metric. #1181
• [BUGFIX] Bump golang.org/x/text to v0.3.8 to mitigate CVE-2022-32149. #1187
• [ENHANCEMENT] Add exemplars and middleware examples. #1173
• [ENHANCEMENT] Add more context to "duplicate label names" error to enable debugging. #1177
• [ENHANCEMENT] Add constrained labels and constrained variant for all MetricVecs. #1151
• [ENHANCEMENT] Moved away from deprecated github.com/golang/protobuf package. #1183
• [ENHANCEMENT] Add possibility to dynamically get label values for http instrumentation. #1066
• [ENHANCEMENT] Add ability to Pusher to add custom headers. #1218
• [ENHANCEMENT] api: Extend and improve efficiency of json-iterator usage. #1225
• [ENHANCEMENT] Added (official) support for go 1.20. #1234

... (truncated)

• 989baa3 promhttp: Check validity of method and code label values (#962) (#987)
• 8184d76 Cut v1.11.0 (#877)
• 2539062 Merge pull request #875 from prometheus/superq/update_mods
• 68cd1e9 Update Go modules
• f22935d Merge pull request #871 from prometheus/beorn7/doc
• 11aba26 Change maintainers from @​beorn7 to @bwplotka/@​kakkoyun (#873)
• f34145a Document implications of negative observations
• a7515ca Merge pull request #867 from prometheus/beorn7/collectors
• 81a9556 Make dbStatsCollector more DRY
• a66da1d Add collector for database/sql#DBStats (#866)
• Additional commits viewable in compare view

• See full diff in compare view

• See full diff in compare view

Sourced from google.golang.org/grpc's releases.

Release 1.56.3

Security

• server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)

  In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.

Release 1.56.2

• status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.56.1

• client: handle empty address lists correctly in addrConn.updateAddrs

Release 1.56.0

New Features

• client: support channel idleness using WithIdleTimeout dial option (#6263)
  • This feature is currently disabled by default, but will be enabled with a 30 minute default in the future.
• client: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (gRFC A62) (#6306)
• xds: Add support for Custom LB Policies (gRFC A52) (#6224)
• xds: support pick_first Custom LB policy (gRFC A62) (#6314) (#6317)
• client: add support for pickfirst address shuffling (gRFC A62) (#6311)
• xds: Add support for String Matcher Header Matcher in RDS (#6313)
• xds/outlierdetection: Add Channelz Logger to Outlier Detection LB (#6145)
  • Special Thanks: @​s-matyukevich
• xds: enable RLS in xDS by default (#6343)
• orca: add support for application_utilization field and missing range checks on several metrics setters
• balancer/weightedroundrobin: add new LB policy for balancing between backends based on their load reports (gRFC A58) (#6241)
• authz: add conversion of json to RBAC Audit Logging config (#6192)
• authz: add support for stdout logger (#6230 and #6298)
• authz: support customizable audit functionality for authorization policy (#6192 #6230 #6298 #6158 #6304 and #6225)

Bug Fixes

• orca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (#6245)
• xds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (#6361)
• xds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (#6361)

API Changes

• orca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (#6223)

Release 1.55.1

• status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.55.0

Behavior Changes

• xds: enable federation support by default (#6151)
• status: status.Code and status.FromError handle wrapped errors (#6031 and #6150)

... (truncated)

• 1055b48 Update version.go to 1.56.3 (#6713)
• 5efd7bd server: prohibit more than MaxConcurrentStreams handlers from running at once...
• bd1f038 Upgrade version.go to 1.56.3-dev (#6434)
• faab873 Update version.go to v1.56.2 (#6432)
• 6b0b291 status: fix panic when servers return a wrapped error with status OK (#6374) ...