v1.20.0
[1.20.0] - 2023-09-21
Fixed
- Allow Factories with optional variables to save without error
cyberark/conjur#2956 - OIDC authenticators support
https_proxyandHTTPS_PROXYenvironment variables
cyberark/conjur#2902 - Support plural syntax for revoke and deny
cyberark/conjur#2901
Added
- Support an optional
ca-certvariable for providing custom certs/chains to verify
OIDC providers or proxies when using the OIDC authenticator
cyberark/conjur#2933 - New flag to
conjurctl servercommand called--no-migratewhich allows for skipping
the database migration step when starting the server.
cyberark/conjur#2895 - Telemetry support
cyberark/conjur#2854 - Introduces support for Policy Factory, which enables resource creation
through a newfactoriesAPI.
cyberark/conjur#2855 - Use base images with newer Ubuntu and UBI.
Display FIPS Mode status in the UI (requires temporary fix for OpenSSL gem).
cyberark/conjur#2874
Changed
- The database thread pool max connection size is now based on the number of
web worker threads per process, rather than an arbitrary fixed number. This
mitigates the possibility of a web worker becoming starved while waiting for
a connection to become available.
cyberark/conjur#2875 - Changed base-image tagging strategy
cyberark/conjur#2926
Fixed
- Support Authn-IAM regional requests when host value is missing from signed headers.
cyberark/conjur#2827
Security
- Support plural syntax for revoke and deny
cyberark/conjur#2901 - Previously, attempting to add and remove a privilege in the same policy load
resulted in only the positive privilege (grant, permit) taking effect. Now we
fail safe and the negative privilege statement (revoke, deny) is the final
outcome
cyberark/conjur#2907 - Update puma to 6.3.1 to address CVE-2023-40175.
cyberark/conjur#2925