Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pre release #546

Merged
merged 5 commits into from
May 27, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 35 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,40 @@
# Acra ChangeLog

## [0.92.0](https://github.com/cossacklabs/acra/releases/tag/0.92.0), March 01th 2021
## [0.93.0](https://github.com/cossacklabs/acra/releases/tag/0.93.0), May 27th 2021
This release brings type awareness which improves transparent encryption on AcraServer. Type awareness means that it's possible to tell AcraServer what are the original data types for fields. During decryption, AcraServer will convert decrypted fields to their original data types. No need to change client application code to work with "binary data".

It's also possible to choose a default value for each data field if its decryption failed. AcraServer can send a a default value like "<encrypted data>" instead of decryption errors, making developers' and users' life easier.

Lagovas marked this conversation as resolved.
Show resolved Hide resolved
_Core_:

- **AcraServer**:
- Added type awareness and ability to map binary data to a certain data type when sending decrypted data back to the application. Extended encryptor_config which allow configure mapping application data type to proper database's type. [#515](https://github.com/cossacklabs/acra/pull/515), [#517](https://github.com/cossacklabs/acra/pull/517), [#523](https://github.com/cossacklabs/acra/pull/523), [#519](https://github.com/cossacklabs/acra/pull/519), [#520](https://github.com/cossacklabs/acra/pull/520)
- Extended `encryptor_config` with new parameters:
- `data_type` - specify data type expected by application. Accept `str`, `bytes`, `int64`, `int32` values. [#515](https://github.com/cossacklabs/acra/pull/515), [#517](https://github.com/cossacklabs/acra/pull/517)
- `default_data_value` - specify a placeholder (default value) to replace data that couldn't be decrypted. [#515](https://github.com/cossacklabs/acra/pull/515), [#517](https://github.com/cossacklabs/acra/pull/517)
- `response_on_fail` - specify action on decryption failure. Accepts `ciphertext` (returns encrypted data as is), `default_value` (returns values from `default_data_value` parameter), `error` (returns error as DB error with message like `encoding error in column {column_name}`). [#521](https://github.com/cossacklabs/acra/pull/521), [#533](https://github.com/cossacklabs/acra/pull/533)
- Deprecated `tokenize` parameter in `encryptor_config` and changed focus on `token_type` parameter. Now is enough to specify `token_type` parameter without `tokenize: true` to turn on tokenization. [Read more](https://docs.cossacklabs.com/acra/configuring-maintaining/general-configuration/acra-server/encryptor-config/#tokenized-deprecated-since-0930) in the documentation. [#527](https://github.com/cossacklabs/acra/pull/527)
- Removed auto-generation poison record's keys but leaved for `acra-poisonrecordmaker`. It improves decryption due to omitting extra key generation and poison record recognition. [#516](https://github.com/cossacklabs/acra/pull/516)
- Improvements in handling error cases on DB protocol layer. [#511](https://github.com/cossacklabs/acra/pull/511), [#515](https://github.com/cossacklabs/acra/pull/515), [#517](https://github.com/cossacklabs/acra/pull/517), [#520](https://github.com/cossacklabs/acra/pull/520), [#528](https://github.com/cossacklabs/acra/pull/528), [#535](https://github.com/cossacklabs/acra/pull/535), [#537](https://github.com/cossacklabs/acra/pull/537)
- Improved sql parser and support of `set` command. [#534](https://github.com/cossacklabs/acra/pull/534)
- Ignored legacy keys on startup loading to cache. [#510](https://github.com/cossacklabs/acra/pull/510), [#522](https://github.com/cossacklabs/acra/pull/522)
- Improved PostgreSQL/MySQL protocol support. [#525](https://github.com/cossacklabs/acra/pull/525), [#526](https://github.com/cossacklabs/acra/pull/526), [#539](https://github.com/cossacklabs/acra/pull/539), [#540](https://github.com/cossacklabs/acra/pull/540), [#541](https://github.com/cossacklabs/acra/pull/541), [#542](https://github.com/cossacklabs/acra/pull/542), [#543](https://github.com/cossacklabs/acra/pull/543), [#544](https://github.com/cossacklabs/acra/pull/544)
- **AcraCensor**:
- Removed legacy `IsForbidden` field from acra-censor’s logs. [Read more here](https://docs.cossacklabs.com/acra/security-controls/sql-firewall/#logging-unique-queries) in notes. [#508](https://github.com/cossacklabs/acra/pull/508)
- **AcraKeys**:
- Removed duplicate entries in `list` command. [#530](https://github.com/cossacklabs/acra/pull/530)
- **Other**:
- Makefile target `install_dev_deps` install required golang's dependencies for development and code generation. [#531](https://github.com/cossacklabs/acra/pull/531)

_Documentation_:
- Improved description of AcraServer's [encryptor_config](https://docs.cossacklabs.com/acra/configuring-maintaining/general-configuration/acra-server/encryptor-config/), adding details and examples about data processing options: encryption, searchable encryption, masking, tokenization, type awareness, etc.
- Updated ["Debugging and troubleshooting"](https://docs.cossacklabs.com/acra/configuring-maintaining/debugging-and-troubleshooting/) section with more tips and tricks.

_Example projects and demos_:
- [Python examples](https://github.com/cossacklabs/acra/tree/0.93.0/examples/python): updated to show type masking feature. [#524](https://github.com/cossacklabs/acra/pull/524), [#529](https://github.com/cossacklabs/acra/pull/529)
- [acra-engineering-demo](https://github.com/cossacklabs/acra-engineering-demo/tree/0.93.0) updated to show data type masking support. [#46](https://github.com/cossacklabs/acra-engineering-demo/pull/46), [#47](https://github.com/cossacklabs/acra-engineering-demo/pull/47), [#48](https://github.com/cossacklabs/acra-engineering-demo/pull/48), [#49](https://github.com/cossacklabs/acra-engineering-demo/pull/49), [#50](https://github.com/cossacklabs/acra-engineering-demo/pull/50), [#51](https://github.com/cossacklabs/acra-engineering-demo/pull/51).

## [0.92.0](https://github.com/cossacklabs/acra/releases/tag/0.92.0), March 01th 2022

This release brings stability and performance fixes to AcraServer and AcraTranslator. It officially deprecates usage
of AcraConnector in favour of TLS everywhere. Some default configuration params are changed in favour of more secure &
Expand Down
2 changes: 1 addition & 1 deletion benchmarks/config/acra-server.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
version: 0.92.0
version: 0.93.0
encryptor_config_file: /config/encryptor_config.yaml
tls_ca: /ssl.ca/example.cossacklabs.com.crt
tls_cert: /ssl.server/acra-server.crt
Expand Down
2 changes: 1 addition & 1 deletion configs/acra-addzone.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
version: 0.92.0
version: 0.93.0
# path to config
config_file:

Expand Down
2 changes: 1 addition & 1 deletion configs/acra-backup.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
version: 0.92.0
version: 0.93.0
# import|export values are accepted
action:

Expand Down
2 changes: 1 addition & 1 deletion configs/acra-keymaker.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
version: 0.92.0
version: 0.93.0
# Client ID
client_id: client

Expand Down
2 changes: 1 addition & 1 deletion configs/acra-keys.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
version: 0.92.0
version: 0.93.0
# path to config
config_file:

Expand Down
2 changes: 1 addition & 1 deletion configs/acra-poisonrecordmaker.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
version: 0.92.0
version: 0.93.0
# path to config
config_file:

Expand Down
2 changes: 1 addition & 1 deletion configs/acra-rollback.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
version: 0.92.0
version: 0.93.0
# Client ID should be name of file with private key
client_id:

Expand Down
2 changes: 1 addition & 1 deletion configs/acra-rotate.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
version: 0.92.0
version: 0.93.0
# path to config
config_file:

Expand Down
2 changes: 1 addition & 1 deletion configs/acra-server.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
version: 0.92.0
version: 0.93.0
# Path to AcraCensor configuration file
acracensor_config_file:

Expand Down
2 changes: 1 addition & 1 deletion configs/acra-tokens.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
version: 0.92.0
version: 0.93.0
# path to config
config_file:

Expand Down
2 changes: 1 addition & 1 deletion configs/acra-translator.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
version: 0.92.0
version: 0.93.0
# Use clientID from TLS certificates or secure session handshake instead directly passed values in gRPC methods
acratranslator_client_id_from_connection_enable: false

Expand Down
2 changes: 1 addition & 1 deletion utils/version.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ import (
// VERSION is current Acra suite version
// store it as string instead initialized struct value to easy change/grep/sed/replace value via scripts or with
// -ldflags "-X github.com/cossacklabs/acra/utils.VERSION=X.X.X"
var VERSION = "0.92.0"
var VERSION = "0.93.0"

// Version store version info
type Version struct {
Expand Down