Release Notes 1.2 - vmware-archive/lightwave GitHub Wiki

Lightwave Directory

• SD based entry level ACL support - fresh new deployment only.
• Automatic tombstone entries aging.
• Allow concurrent group membership addition/deletion from different domain controllers.
• Domain functional level management support.
• Addressed various out of order replication race condition bugs.

Lightwave Certificate Authority

• AIA extension added to the issued certificates and CRLs, This improves the root certificate discovery
• client side CSR validation for hostname and ip address for SSL certificates.
• New option to allow multiple SAN in SSL certificate, This allows certificate generation for servers behind LB and certificates for K8S masters.
• Logging improvements when the service runs in a container.
• [Preview, not enabled by default] REST endpoints for certificate authority.
• Build cleanup

Lightwave Domain Name Server

• Support for secure dynamic update using GSS-TSIG
• Conform to standard for how DNS names are handled
• Code refactoring for the DNS cache layer and better layering
• Scalability improvements
• LRU Cache
• Replication using change notification
• Better concurrency by fine grained locking model
• Performance improvements
• Reliability improvenents and fixes
• Forwarder timeout, so the DNS service does not if the external DNS server does not respond in time.
• Better error messages to vmdns-cli
• Build improvements

Lightwave Token Service

• Integrated OIDC Support for K8S cluster
• Runtime footprint and performance improvement by combining lightwave identity service and secure token service into one and merging various protocol heads into one single war
• Consolidate 3rd party dependencies to only the necessities