v1.7.2

Changelog

Fixed

• The Conjur version is now printed on server startup, after running conjurctl server (#1590)
• Raise proper error of an authn request with a non-existing user to the authn authenticator (#1591)

v1.7.1

Change log

Added

• Print version on server startup (cyberark/conjur#1531)

Fixed

• rake policy:load fails when loading policy (cyberark/conjur#1581)

v1.7.0

Change log

Fixed

• The k8s authenticator correctly authenticates an app using the host ID to specify
  the k8s resource constraints and an annotation to specify the authenticator
  container name using the "authn-k8s" prefix (cyberark/conjur#1535, conjurinc/dap-support#79) - PR.
• Fixed exception in conjurctl when loading policy (conjurinc/dap-support#80) - PR.

Changed

• Updated the title of status page to Conjur Status from Conjur (conjurinc/dap-support) - PR.
• Policy load API endpoints now default to the application/x-yaml content-type if no content type is provided in the request (conjurinc/dap-support#74) - PR.
• ActiveSupport uses SHA1 instead of MD5 (cyberark/conjur#1418).
• Authentication audit events now use separate operations for authenticate,
  login, and validate-status workflows
  (cyberark/conjur#1054).
• Authentication workflow checks origin before credentials to insure a request can authenticate before authenticating (cyberark/conjur#1568).

Added

• The Kubernetes authentication /inject-client-cert endpoint now generates
  an authentication audit event with the k8s-inject-client-cert operation
  (cyberark/conjur#1538).
• Adds a CertMissingCNEntry error to improve visibility of Kubernetes authenticator failures (cyberark/conjur#1278).
• Logs the authenticator used when the authentication-container-name annotation is missing (conjurinc/dap-support#69) - PR.

Removed

• Images are no longer published to Quay.io.

Security

• Upgraded Rails to v5.2.4.3 to resolve CVE-2020-8164.

v1.6.0

Changelog

Changed

• Use Ubuntu 18.04 LTS as the base image for Conjur to continue using Ruby 2.5
  (cyberark/conjur#1456).
• Conjur image now performs a dist-upgrade as the first image build step to
  ensure the image includes all available vulnerability fixes in the base OS.
• Upgrade from Rails 4 to Rails 5

v1.5.1

Change log

Fixed

• Status page details section now displays the Conjur version number #1438.

v1.5.0

Change log

Added

• Hosts can authenticate from Azure VMs using an Azure access token. See
  design for details
  (conjurinc/appliance#927).

Changed

• Lock rotators to prevent multiple rotations from incurring simultaneously.

Fixed

• Fix support for using deployment as K8s authentication resource type for Kubernetes >= 1.16
  (#1440)

v1.4.7

Change log

Changed

• Improved flows and rules around user creation (#1272)
• Kubernetes authenticator now returns 403 on unpermitted hosts instead of a 401 (#1283)
• Conjur hosts can authenticate with authn-k8s from anywhere in the policy branch (#1189)

Fixed

• Updated broken links on server status page (#1341)

v1.4.6

Changed

• K8s hosts' application identity is extracted from annotations or id. If it is
  defined in annotations it will taken from there and if not, it will be taken
  from the id.

v1.4.4

v1.4.4

v1.4.3 -> v1.4.4

Added

• Early validation of account existence during OIDC authentication
• Code coverage reporting and collection

Changed

• Bumped puma from 3.12.0 to 3.12.2
• Bumped rack from 1.6.11 to 1.6.12
• Bumped excon from 0.62.0 to 0.71.0

Fixed

• Fixed password rotation of blank password
• Fixed bug with multi-cert CA chains in Kubernetes service accounts
• Fixed build issues with creating namespaces with multiple values

Removed

• Removed follower env configuration

v1.3.6

Changed

• Reduced IAM authentication logging
• Refactored authentication strategies

Removed

• Removed OIDC APIs public access