Unreleased Changes - cyberark/conjur-oss-suite-release GitHub Wiki
Unreleased Changes
This file documents all changes that have not been released yet
Generated 2023-12-17
Table of Contents
Unreleased Components
These are the component versions that have yet not been included in the Conjur OSS Suite:
Conjur Server
- cyberark/conjur v1.20.0 (2023-09-21)
- cyberark/conjur @HEAD
- cyberark/conjur-openapi-spec v5.3.1 (2023-07-11)
- cyberark/conjur-openapi-spec @HEAD
- cyberark/conjur-oss-helm-chart v2.0.7 (2023-08-30)
Conjur SDK
- cyberark/conjur-cli-go v8.0.11 (2023-08-25)
- cyberark/conjur-cli-go v8.0.12 (2023-10-17)
- cyberark/conjur-api-dotnet @HEAD
- cyberark/conjur-api-go @HEAD
- cyberark/conjur-api-java @HEAD
- cyberark/conjur-api-python @HEAD
- cyberark/conjur-api-ruby @HEAD
Platform Integrations
- cyberark/cloudfoundry-conjur-buildpack v2.3.0 (2023-10-06)
- cyberark/conjur-service-broker @HEAD
- cyberark/conjur-authn-k8s-client v0.26.0 (2023-07-18)
- cyberark/conjur-authn-k8s-client @HEAD
- cyberark/secrets-provider-for-k8s v1.6.0 (2023-07-19)
- cyberark/secrets-provider-for-k8s v1.6.1 (2023-07-27)
DevOps Tools
- cyberark/ansible-conjur-collection v1.2.1 (2023-09-20)
- cyberark/ansible-conjur-collection v1.2.2 (2023-09-28)
- cyberark/ansible-conjur-collection @HEAD
- cyberark/ansible-conjur-host-identity @HEAD
- cyberark/conjur-puppet v3.1.1 (2023-08-23)
- cyberark/terraform-provider-conjur @HEAD
Secretless Broker
Summon
Unreleased Changes
The following are changes that have been released in components but not yet released as part of the OSS Suite:
cyberark/conjur v1.20.0 (2023-09-21)
Added
- Support an optionalca-cert variable for providing custom certs/chains to verify OIDC providers or proxies when using the OIDC authenticator cyberark/conjur#2933
- New flag to conjurctl server command called --no-migrate which allows for skipping the database migration step when starting the server. cyberark/conjur#2895
- Telemetry support cyberark/conjur#2854
- Introduces support for Policy Factory, which enables resource creation through a new factories API. cyberark/conjur#2855
- Use base images with newer Ubuntu and UBI. Display FIPS Mode status in the UI (requires temporary fix for OpenSSL gem). cyberark/conjur#2874
Changed
- The database thread pool max connection size is now based on the number of web worker threads per process, rather than an arbitrary fixed number. This mitigates the possibility of a web worker becoming starved while waiting for a connection to become available. cyberark/conjur#2875
- Changed base-image tagging strategy cyberark/conjur#2926
Fixed
- Allow Factories with optional variables to save without error cyberark/conjur#2956
- OIDC authenticators support https_proxy and HTTPS_PROXY environment variables cyberark/conjur#2902
- Support plural syntax for revoke and deny cyberark/conjur#2901
- Support Authn-IAM regional requests when host value is missing from signed headers. cyberark/conjur#2827
Security
- Support plural syntax for revoke and deny cyberark/conjur#2901
- Previously, attempting to add and remove a privilege in the same policy load resulted in only the positive privilege (grant, permit) taking effect. Now we fail safe and the negative privilege statement (revoke, deny) is the final outcome cyberark/conjur#2907
- Update puma to 6.3.1 to address CVE-2023-40175. cyberark/conjur#2925
cyberark/conjur-openapi-spec v5.3.1 (2023-07-11)
Removed
- Removed possible 403 response code from Roles API endpoints. As of Conjur v1.19.3, requests to the Roles API return 404 when the caller has insufficient privilege - see cyberark/conjur#2755. cyberark/conjur-openapi-spec#225
cyberark/conjur-oss-helm-chart v2.0.7 (2023-08-30)
Changed
- The default Postgres server version is incremented to 15.4 from 10.16. cyberark/conjur-oss-helm-chart#185
cyberark/conjur-cli-go v8.0.11 (2023-08-25)
Fixed
- Handle trailing slash on appliance URL cyberark/conjur-cli-go#142
- Allow API key rotation for logged-in host cyberark/conjur-cli-go#143
- Make amd64 binary FIPS compliant on FIPS-enabled systems cyberark/conjur-cli-go#145
cyberark/conjur-cli-go v8.0.12 (2023-10-17)
Fixed
- Update busybox container image to 1.36.1 cyberark/conjur-cli-go#147
cyberark/cloudfoundry-conjur-buildpack v2.3.0 (2023-10-06)
Added
- Support for TAS 4.0 and 5.0, and associated cflinuxfs4 stack. cyberark/cloudfoundry-conjur-buildpack#178
Changed
- Project Go version bumped to 1.20, and support for deprecated Go version 1.17 removed. cyberark/cloudfoundry-conjur-buildpack#178
cyberark/conjur-authn-k8s-client v0.26.0 (2023-07-18)
Added
- Log level is now configurable using the LOG_LEVEL environment variable or conjur.org/log-level annotation. The existing DEBUG environment variable and conjur.org/debug-logging annotation is deprecated and will be removed in a future update. cyberark/conjur-authn-k8s-client#522
Fixed
- Update RH base image to ubi9/ubi to match the libc version of the authenticator-client-builder image. cyberark/conjur-authn-k8s-client#520
Security
- Update YAML files to include extra security layers to reduce Snyk vulnerabilities cyberark/conjur-authn-k8s-client#523
cyberark/secrets-provider-for-k8s v1.6.0 (2023-07-19)
Added
- Log level is now configurable using the LOG_LEVEL environment variable or conjur.org/log-level annotation. The existing DEBUG environment variable and conjur.org/debug-logging annotation is deprecated and will be removed in a future update. cyberark/secrets-provider-for-k8s#534
Security
- Upgrade google/cloud-sdk to v437.0.0-slim cyberark/secrets-provider-for-k8s#533
- Upgrade google/cloud-sdk to v435.0.1 and google.golang.org/protobuf to v1.29.1 cyberark/secrets-provider-for-k8s#531
cyberark/secrets-provider-for-k8s v1.6.1 (2023-07-27)
Security
- Updated go to 1.20, alpine to latest, and redhat UBI to ubi9 in main Dockerfile cyberark/secrets-provider-for-k8s#541
cyberark/ansible-conjur-collection v1.2.1 (2023-09-20)
Added
- Tests against Ansible versions 6, 7 and 8. cyberark/ansible-conjur-collection#195
Fixed
- Restore custom error messages for missing required variables. cyberark/ansible-conjur-collection#197
Security
- Upgrade dev/test nginx base images to 1.24.0, ubuntu base image to 22.04. cyberark/ansible-conjur-collection#189
- Clean up unused Python imports. cyberark/ansible-conjur-collection#194
cyberark/ansible-conjur-collection v1.2.2 (2023-09-28)
Changed
- Bump required Ansible version to >= 2.13 cyberark/ansible-conjur-collection#198
- Ignore dev folder when building the collection cyberark/ansible-conjur-collection#198
cyberark/conjur-puppet v3.1.1 (2023-08-23)
Security
- Upgrade Ruby base image version to 3.3-rc-slim cyberark/conjur-puppet#259
- Upgrade PDK and Ruby base image version to 3.2.2 cyberark/conjur-puppet#256
- Upgrade PDK and Ruby base image version cyberark/conjur-puppet#253
cyberark/secretless-broker v1.7.18 (2023-08-22)
Added
- Added support for SCRAM-SHA-256 to postgres connector (CONJSE-1801)
Changed
- Update CRD test script. cyberark/secretless-broker#1499
Security
- Updated github.com/docker/docker to v24.0.5 (CONJSE-1798)
cyberark/secretless-broker v1.7.19 (2023-11-02)
Added
- Add support for caching_sha256_password to mysql connector (CONJSE-1801)