Skip to content

Releases: cyberark/conjur

v1.21.0.1

18 Sep 15:07
@conjur-jenkins conjur-jenkins
v1.21.0.1
157deee
This commit was signed with the committer’s verified signature.
szh Shlomo Zalman Heigh
GPG key ID: F3830420E22740F7
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.21.0.1 Pre-release
Pre-release

[1.21.0.1] - 2024-06-11

Added

  • Adds support for optionally prefixing user role_id with "user/" during API key authentication.
    CNJR-5214

Fixed

  • Fixed orphaned roles when deleting policy resources.
    CONJSE-1875

Security

Assets 12
Loading

v1.21.1

18 Sep 21:14
@conjur-jenkins conjur-jenkins
v1.21.1
a579909
This commit was signed with the committer’s verified signature.
szh Shlomo Zalman Heigh
GPG key ID: F3830420E22740F7
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.21.1 Latest
Latest

[1.21.1] - 2024-06-03

Added

  • Added two options to the conjurctl server command to start the Conjur
    service: --no-rotation to disable the internal secret rotation process and
    --no-authn-local to disable the internal local authentication socket server.
    CNJR-3503
  • Adds support for optionally prefixing user role_id with "user/" during API key authentication.
    CNJR-5214
  • Added endpoint for getting effective policy
    CNJR-2040
  • Ensure logging of all HTTP status codes during authentication.
    CNJR-232

Fixed

  • Dedicated user identifier resolver allowing the user identifiers work like any other resource id. The Conjur internal
    representation of user identification should not be used with policies. Supports relative and absolute addressing in
    case of nested policies.
    CNJR-4394
  • Fixed orphaned roles when deleting policy resources.
    CONJSE-1875

Security

Assets 2
Loading

v1.20.1

17 Aug 19:56
@conjur-jenkins conjur-jenkins
v1.20.1-4405
40401f4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.20.1 Pre-release
Pre-release

[1.20.1] - 2023-10-13

Fixed

  • OIDC Authenticator now writes custom certs to a non-default directory instead
    of the system default certificate store.
    cyberark/conjur#2988

Added

  • Support for the no_proxy & NO_PROXY environment variables for the k8s authenticator.
    CNJR-2759

Security

  • Upgrade google/cloud-sdk in ci/test_suites/authenticators_k8s/dev/Dockerfile/test
    to use latest version (448.0.0)
    cyberark/conjur#2972
Assets 7
Loading

v1.20.0

04 Aug 21:07
@conjur-jenkins conjur-jenkins
v1.20.0
7044dbc
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.20.0

[1.20.0] - 2023-09-21

Fixed

Added

  • Support an optionalca-cert variable for providing custom certs/chains to verify
    OIDC providers or proxies when using the OIDC authenticator
    cyberark/conjur#2933
  • New flag to conjurctl server command called --no-migrate which allows for skipping
    the database migration step when starting the server.
    cyberark/conjur#2895
  • Telemetry support
    cyberark/conjur#2854
  • Introduces support for Policy Factory, which enables resource creation
    through a new factories API.
    cyberark/conjur#2855
  • Use base images with newer Ubuntu and UBI.
    Display FIPS Mode status in the UI (requires temporary fix for OpenSSL gem).
    cyberark/conjur#2874

Changed

  • The database thread pool max connection size is now based on the number of
    web worker threads per process, rather than an arbitrary fixed number. This
    mitigates the possibility of a web worker becoming starved while waiting for
    a connection to become available.
    cyberark/conjur#2875
  • Changed base-image tagging strategy
    cyberark/conjur#2926

Fixed

  • Support Authn-IAM regional requests when host value is missing from signed headers.
    cyberark/conjur#2827

Security

  • Support plural syntax for revoke and deny
    cyberark/conjur#2901
  • Previously, attempting to add and remove a privilege in the same policy load
    resulted in only the positive privilege (grant, permit) taking effect. Now we
    fail safe and the negative privilege statement (revoke, deny) is the final
    outcome
    cyberark/conjur#2907
  • Update puma to 6.3.1 to address CVE-2023-40175.
    cyberark/conjur#2925
Assets 7
Loading

v1.19.6

06 Jul 17:35
@conjur-jenkins conjur-jenkins
v1.19.6-4066
322861b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.19.6 Pre-release
Pre-release

[1.19.6] - 2023-07-05

Fixed

  • Support Authn-IAM regional requests when host value is missing from signed headers.
    cyberark/conjur#2827
Assets 7
Loading

v0.0.5

18 Jul 12:47
@conjur-jenkins conjur-jenkins
v0.0.5-13
fdcafb2
Compare
Choose a tag to compare
v0.0.5 Pre-release
Pre-release

[0.0.5] - 2023-07-17

Security

Assets 7
Loading

v1.19.3.1

13 Jul 23:25
@conjur-jenkins conjur-jenkins
v1.19.3.1-6
502a18a
This commit was signed with the committer’s verified signature.
andytinkham Andy Tinkham
GPG key ID: E466320BD772D51C
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.19.3.1 Pre-release
Pre-release

[1.19.3.1] - 2023-07-12

Security

Assets 7
Loading

v1.19.5

17 May 19:48
@conjur-jenkins conjur-jenkins
v1.19.5
1377763
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.19.5

[1.19.5] - 2023-06-29

Security

Fixed

  • AuthnJWT now supports claims that include hyphens and inline namespaces.
    cyberark/conjur#2792
  • Authn-IAM now uses the host in the signed headers to determine which STS endpoint
    (global or regional) to use for validation.

Changed

Assets 7
Loading

v1.19.3

26 Jan 20:38
@conjur-jenkins conjur-jenkins
v1.19.3
05aa1aa
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.19.3

[1.19.3] - 2023-04-17

Added

  • Conjur now logs when it detects that the Conjur configuration file
    (conjur.yml) or directory permissions prevent the Conjur server from
    successfully reading it. Conjur also now logs at the DEBUG level when it
    detects that either the directory or file do not exist.
    cyberark/conjur#2715
  • Account admin roles now have a corresponding resource. This ensures that
    access controls work as expected for this role to access itself.
    cyberark/conjur#2757

Changed

  • Removes support for disabling the CONJUR_FEATURE_PKCE_SUPPORT_ENABLED flag.
    cyberark/conjur#2713
  • Routes on the /roles/ API endpoints now correctly verify the existing of
    a Role and return 404 when it doesn't exist or the caller has insufficient
    privilege.
    cyberark/conjur#2755

Fixed

  • Fixed a thread-safety bug in secret retrieval when multiple threads attempt
    to decrypt a secret value with Slosilo/OpenSSL.
    cyberark/slosilo#31
    cyberark/conjur#2718
  • Incomplete HTTP proxy support in the Kubernetes Authenticator is fixed. This
    allows for an HTTP proxy between Conjur and the Kubernetes API.
    cyberark/conjur#2766

Security

Assets 7
Loading

v1.19.2

18 Jan 15:57
@conjur-jenkins conjur-jenkins
v1.19.2
0ca7cf4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.19.2

[1.19.2] - 2022-01-13

Fixed

  • Previously, including limit or offset parameters to a resource list request
    resulted in the returned list being unexpectedly sorted. Now, all resource list
    request results are sorted by resource ID.
    cyberark/conjur#2702

Security

Assets 7
Loading