Releases: cyberark/conjur-oss-suite-release
Releases · cyberark/conjur-oss-suite-release
v1.19.5+suite.1
v1.19.5+suite.1
This tag was signed with the committer’s verified signature.
gl-johnson
Glen Johnson
Release Notes
All notable changes to this project will be documented in this file.
[v1.19.5+suite.1] - 2023-06-29
Table of Contents
- Components
- Installation Instructions for the Suite Release Version of Conjur
- Upgrade Instructions
- Changes
Components
These are the components that combine to create this Conjur OSS Suite release and links
to their releases:
Conjur Server
- cyberark/conjur v1.19.5 (2023-06-29)
- cyberark/conjur-openapi-spec v5.3.0 (2021-12-22)
- cyberark/conjur-oss-helm-chart v2.0.6 (2023-03-09)
Conjur SDK
- cyberark/conjur-cli-go v8.0.10 (2023-06-29)
- cyberark/conjur-api-dotnet v2.1.1 (2022-03-14)
- cyberark/conjur-api-go v0.11.1 ()
- cyberark/conjur-api-java v3.0.5 (2023-06-08)
- cyberark/conjur-api-python v0.1.0 (2023-02-14)
- cyberark/conjur-api-ruby v5.4.1 (2023-06-14)
Platform Integrations
- cyberark/cloudfoundry-conjur-buildpack v2.2.8 (2023-06-21)
- cyberark/conjur-service-broker v1.2.10 (2023-06-21)
- cyberark/conjur-authn-k8s-client v0.25.1 (2023-06-12)
- cyberark/secrets-provider-for-k8s v1.5.1 (2023-05-26)
DevOps Tools
- cyberark/ansible-conjur-collection v1.2.0 (2020-09-01)
- cyberark/ansible-conjur-host-identity v0.3.2 (2020-12-29)
- cyberark/conjur-puppet v3.1.0 (2020-10-08)
- cyberark/terraform-provider-conjur v0.6.6 (2023-06-21)
Secretless Broker
- cyberark/secretless-broker v1.7.17 (2023-04-17)
Summon
- cyberark/summon v0.9.6 (2023-06-14)
- cyberark/summon-conjur v0.7.1 (2023-06-14)
Installation Instructions for the Suite Release Version of Conjur
Installing the Suite Release Version of Conjur requires setting the container image tag. Below are more specific instructions depending on environment.
-
Docker or docker-compose
Set the container image tag to
cyberark/conjur:1.19.5.
For example, make the following update to the conjur service in the quickstart docker-compose.ymlimage: cyberark/conjur:1.19.5 -
Update the
image.tagvalue and use the appropriate release of the helm chart:helm install ... \ --set image.tag="1.19.5" \ ... https://github.com/cyberark/conjur-oss-helm-chart/releases/download/v2.0.6/conjur-oss-2.0.6.tgz
Upgrade Instructions
Upgrade instructions are available for the following components:
Changes
The following are changes to the constituent components since the last Conjur
OSS Suite release:
- cyberark/conjur
- cyberark/conjur-cli-go
- cyberark/conjur-api-java
- cyberark/conjur-api-ruby
- cyberark/cloudfoundry-conjur-buildpack
- cyberark/conjur-service-broker
- cyberark/conjur-authn-k8s-client
- cyberark/secrets-provider-for-k8s
- cyberark/terraform-provider-conjur
- cyberark/summon
- cyberark/summon-conjur
cyberark/conjur
v1.19.5 (2023-06-29)
- Changed
- OIDC tokens will now have a default ttl of 60 mins
cyberark/conjur#2800
- OIDC tokens will now have a default ttl of 60 mins
- Fixed
- AuthnJWT now supports claims that include hyphens and inline namespaces.
cyberark/conjur#2792 - Authn-IAM now uses the host in the signed headers to determine which STS endpoint
(global or regional) to use for validation.
- AuthnJWT now supports claims that include hyphens and inline namespaces.
- Security
- Update bundler to 2.2.33 to remove CVE-2021-43809
cyberark/conjur#2804
- Update bundler to 2.2.33 to remove CVE-2021-43809
cyberark/conjur-cli-go
v8.0.10 (2023-06-29)
- Fixed
- Fixed missing example commands in help output
cyberark/conjur-cli-go#134
- Fixed missing example commands in help output
- Security
- Upgrade golang.org/x/net to v0.10.0
cyberark/conjur-cli-go#139 - Upgrade golang.org/x/net to v0.10.0, golang.org/x/crypto to v0.9.0,
golang.org/x/sys to v0.8.0, golang.org/x/text to v0.9.0, and Go to 1.20
cyberark/conjur-cli-go#138
- Upgrade golang.org/x/net to v0.10.0
cyberark/conjur-api-java
v3.0.5 (2023-06-08)
- Changed
- Migrate JAX-RS to latest Jakarta version
cyberark/conjur-api-java#119 - Avoid calling login for host
cyberark/conjur-api-java#117
- Migrate JAX-RS to latest Jakarta version
- Fixed
- Fix dependency information stripped from non-shaded jar
cyberark/conjur-api-java#119
- Fix dependency information stripped from non-shaded jar
- Security
- Update nginx to 1.24 in Dockerfile.nginx
cyberark/conjur-api-java#118
- Update nginx to 1.24 in Dockerfile.nginx
cyberark/conjur-api-ruby
v5.4.1 (2023-06-14)
- Added
- Added authenticate wrapper to access unparsed response object (including headers).
cyberark/conjur-api-ruby#213 - Support Ruby v3.1 and v3.2.
cyberark/conjur-api-ruby#220
- Added authenticate wrapper to access unparsed response object (including headers).
cyberark/cloudfoundry-conjur-buildpack
v2.2.8 (2023-06-21)
- Security
- Upgrade golang.org/x/net to v0.10.0, golang.org/x/text to v0.9.0, golang.org/x/sys to v0.8.0, rack to 3.0.1,
spring-boot to 3.0.6, and java to 17
cyberark/cloudfoundry-conjur-buildpack#172 - Update ruby in ci/parse-changelog.sh from 2.5 to 3.1
cyberark/cloudfoundry-conjur-buildpack#170
- Upgrade golang.org/x/net to v0.10.0, golang.org/x/text to v0.9.0, golang.org/x/sys to v0.8.0, rack to 3.0.1,
cyberark/conjur-service-broker
v1.2.10 (2023-06-21)
- Security
- Upgrade ruby to 3.2, Go image to 1.20-alpine, and golang.org/x/sys to v0.8.0
cyberark/conjur-service-broker#331 - Update nokogiri to 1.14.3 to address GHSA-pxvg-2qj5-37jq
cyberark/conjur-service-broker#326
- Upgrade ruby to 3.2, Go image to 1.20-alpine, and golang.org/x/sys to v0.8.0
cyberark/conjur-authn-k8s-client
v0.25.1 (2023-06-12)
- Security
- Upgrade Dockerfile base images to golang:1.20 and golang.org/x/sys dependency to 0.8.0
cyberark/conjur-authn-k8s-client#516 - Update ruby fom 2.5 to 3.1 in bin/parse-changelog.sh
cyberark/conjur-authn-k8s-client#514 - Upgrade container security settings
cyberark/conjur-authn-k8s-client#518
- Upgrade Dockerfile base images to golang:1.20 and golang.org/x/sys dependency to 0.8.0
cyberark/secrets-provider-for-k8s
v1.5.1 (2023-05-26)
- Security
- Forced github.com/emicklei/go-restful/v3 to use v3.10.2 to remove PRISMA-2022-0227 (found in Twistlock scan)
and updated versions of gotelemetry.io/otel (to 1.16.0), github.com/stretchr/testify (to 1.8.3), ...
- Forced github.com/emicklei/go-restful/v3 to use v3.10.2 to remove PRISMA-2022-0227 (found in Twistlock scan)
v1.19.3+suite.1
Release Notes
All notable changes to this project will be documented in this file.
[v1.19.3+suite.1] - 2023-04-21
Table of Contents
- Components
- Installation Instructions for the Suite Release Version of Conjur
- Upgrade Instructions
- Changes
Components
These are the components that combine to create this Conjur OSS Suite release and links
to their releases:
Conjur Server
- cyberark/conjur v1.19.3 (2023-04-17)
- cyberark/conjur-openapi-spec v5.3.0 (2021-12-22)
- cyberark/conjur-oss-helm-chart v2.0.6 (2023-03-09)
Conjur SDK
- cyberark/conjur-cli-go v8.0.9 (2023-04-21)
- cyberark/conjur-api-dotnet v2.1.1 (2022-03-14)
- cyberark/conjur-api-go v0.11.0 (2023-02-28)
- cyberark/conjur-api-java v3.0.4 (2023-02-27)
- cyberark/conjur-api-python v0.1.0 (2023-02-14)
- cyberark/conjur-api-ruby v5.4.0 (2022-08-16)
Platform Integrations
- cyberark/cloudfoundry-conjur-buildpack v2.2.7 (2023-03-02)
- cyberark/conjur-service-broker v1.2.9 (2023-04-10)
- cyberark/conjur-authn-k8s-client v0.25.0 (2023-03-17)
- cyberark/secrets-provider-for-k8s v1.5.0 (2023-04-12)
DevOps Tools
- cyberark/ansible-conjur-collection v1.2.0 (2020-09-01)
- cyberark/ansible-conjur-host-identity v0.3.2 (2020-12-29)
- cyberark/conjur-puppet v3.1.0 (2020-10-08)
- cyberark/terraform-provider-conjur v0.6.5 (2022-11-30)
Secretless Broker
- cyberark/secretless-broker v1.7.17 (2023-04-17)
Summon
- cyberark/summon v0.9.5 (2022-09-28)
- cyberark/summon-conjur v0.7.0 (2023-03-10)
Installation Instructions for the Suite Release Version of Conjur
Installing the Suite Release Version of Conjur requires setting the container image tag. Below are more specific instructions depending on environment.
-
Docker or docker-compose
Set the container image tag to
cyberark/conjur:1.19.3.
For example, make the following update to the conjur service in the quickstart docker-compose.ymlimage: cyberark/conjur:1.19.3 -
Update the
image.tagvalue and use the appropriate release of the helm chart:helm install ... \ --set image.tag="1.19.3" \ ... https://github.com/cyberark/conjur-oss-helm-chart/releases/download/v2.0.6/conjur-oss-2.0.6.tgz
Upgrade Instructions
Upgrade instructions are available for the following components:
Changes
The following are changes to the constituent components since the last Conjur
OSS Suite release:
- cyberark/conjur
- cyberark/conjur-oss-helm-chart
- cyberark/conjur-cli-go
- cyberark/conjur-service-broker
- cyberark/conjur-authn-k8s-client
- cyberark/secrets-provider-for-k8s
- cyberark/secretless-broker
- cyberark/summon-conjur
cyberark/conjur
v1.19.3 (2023-04-17)
- Added
- Conjur now logs when it detects that the Conjur configuration file
(conjur.yml) or directory permissions prevent the Conjur server from
successfully reading it. Conjur also now logs at the DEBUG level when it
detects that either the directory or file do not exist.
cyberark/conjur#2715 - Account admin roles now have a corresponding resource. This ensures that
access controls work as expected for this role to access itself.
cyberark/conjur#2757
- Conjur now logs when it detects that the Conjur configuration file
- Changed
- Removes support for disabling the CONJUR_FEATURE_PKCE_SUPPORT_ENABLED flag.
cyberark/conjur#2713 - Routes on the /roles/ API endpoints now correctly verify the existing of
a Role and return 404 when it doesn't exist or the caller has insufficient
privilege.
cyberark/conjur#2755
- Removes support for disabling the CONJUR_FEATURE_PKCE_SUPPORT_ENABLED flag.
- Fixed
- Fixed a thread-safety bug in secret retrieval when multiple threads attempt
to decrypt a secret value with Slosilo/OpenSSL.
cyberark/slosilo#31
cyberark/conjur#2718 - Incomplete HTTP proxy support in the Kubernetes Authenticator is fixed. This
allows for an HTTP proxy between Conjur and the Kubernetes API.
cyberark/conjur#2766
- Fixed a thread-safety bug in secret retrieval when multiple threads attempt
- Security
- Updated github-pages version in docs/Gemfile to allow upgrading activesupport
to v7.0.4.2 to resolve CVE-2022-22796
cyberark/conjur#2729 - Upgraded rack to v2.2.6.3 to resolve CVE-2023-27530
cyberark/conjur#2739 - Upgraded rack to v2.2.6.4 to resolve CVE-2023-27539
cyberark/conjur#2750 - Updated nokogiri to 1.14.3 for CVE-2023-29469 and CVE-2023-28484 and rails to
6.1.7.3 for CVE-2023-28120 in Gemfile.lock, nokogiri to 1.1.4.3 for CVE-2023-29469
and commonmarker to 0.23.9 for CVE-2023-24824 and CVE-2023-26485 in docs/Gemfile.lock
(all Medium severity issues flagged by Dependabot)
cyberark/conjur#2776
- Updated github-pages version in docs/Gemfile to allow upgrading activesupport
cyberark/conjur-oss-helm-chart
v2.0.6 (2023-03-09)
- Changed
- Updated notices to use Conjur CLI v8.0.
cyberark/conjur-oss-helm-chart#179
- Updated notices to use Conjur CLI v8.0.
cyberark/conjur-cli-go
v8.0.5 (2023-03-24)
- Changed
- OIDC login now supports a custom redirect URL port
cyberark/conjur-cli-go#117
- OIDC login now supports a custom redirect URL port
- Fixed
- Reject OIDC login if configured port is in use
cyberark/conjur-cli-go#117
- Reject OIDC login if configured port is in use
v8.0.6 (2023-04-17)
- Fixed
- Improved error message when using self-signed certificates
cyberark/conjur-cli-go#119 - Fix double prompt in Windows
cyberark/conjur-cli-go#120
- Improved error message when using self-signed certificates
v8.0.7 (2023-04-18)
- Fixed
- Fixed not using hosts file on Windows
cyberark/conjur-cli-go#121
- Fixed not using hosts file on Windows
v8.0.8 (2023-04-19)
- Fixed
- Fixed piping input to conjur init confirmation prompts
cyberark/conjur-cli-go#127 - Made command help text more consistent
cyberark/conjur-cli-go#123
- Fixed piping input to conjur init confirmation prompts
v8.0.9 (2023-04-21)
- Security
- Redact credentials dumped to logs with --debug flag
cyberark/conjur-cli-go#130
- Redact credentials dumped to logs with --debug flag
cyberark/conjur-service-broker
v1.2.9 (2023-04-10)
- Security
- Update rack in Gemfile.lock and tests/integration/test-app/Gemfile.lock to 2.2.6.4 to address CVE-2023-27539,
and activesupport in Gemfile.lock and tests/integration/test-app/Gemfile.lock to 6.1.7.3 for CVE-2023-28120 (not vulnerable)
cyberark/conjur-service-broker#323 - Update rack in Gemfile.lock and tests/integration/test-app/Gemfile.lock to 2.2.6...
- Update rack in Gemfile.lock and tests/integration/test-app/Gemfile.lock to 2.2.6.4 to address CVE-2023-27539,
v1.19.2+suite.1
v1.19.2+suite.1
This tag was signed with the committer’s verified signature.
john-odonnell
John O'Donnell
Release Notes
All notable changes to this project will be documented in this file.
[v1.19.2+suite.1] - 2023-03-03
Table of Contents
- Components
- Installation Instructions for the Suite Release Version of Conjur
- Upgrade Instructions
- Changes
Components
These are the components that combine to create this Conjur OSS Suite release and links
to their releases:
Conjur Server
- cyberark/conjur v1.19.2 (2023-01-13)
- cyberark/conjur-openapi-spec v5.3.0 (2021-12-22)
- cyberark/conjur-oss-helm-chart v2.0.5 (2022-08-17)
Conjur SDK
- cyberark/conjur-cli-go v8.0.4 (2023-03-03)
- cyberark/conjur-api-dotnet v2.1.1 (2022-03-14)
- cyberark/conjur-api-go v0.11.0 (2023-02-28)
- cyberark/conjur-api-java v3.0.4 (2023-02-27)
- cyberark/conjur-api-python v0.1.0 (2023-02-14)
- cyberark/conjur-api-ruby v5.4.0 (2022-08-16)
Platform Integrations
- cyberark/cloudfoundry-conjur-buildpack v2.2.7 (2023-03-02)
- cyberark/conjur-service-broker v1.2.8 (2023-03-02)
- cyberark/conjur-authn-k8s-client v0.24.0 (2022-11-23)
- cyberark/secrets-provider-for-k8s v1.4.5 (2022-09-26)
DevOps Tools
- cyberark/ansible-conjur-collection v1.2.0 (2022-09-01)
- cyberark/ansible-conjur-host-identity v0.3.2 (2020-12-29)
- cyberark/conjur-puppet v3.1.0 (2020-10-08)
- cyberark/terraform-provider-conjur v0.6.5 (2022-11-30)
Secretless Broker
- cyberark/secretless-broker v1.7.14 (2022-08-17)
Summon
- cyberark/summon v0.9.5 (2022-09-28)
- cyberark/summon-conjur v0.6.4 (2022-07-06)
Installation Instructions for the Suite Release Version of Conjur
Installing the Suite Release Version of Conjur requires setting the container image tag. Below are more specific instructions depending on environment.
-
Docker or docker-compose
Set the container image tag to
cyberark/conjur:1.19.2.
For example, make the following update to the conjur service in the quickstart docker-compose.ymlimage: cyberark/conjur:1.19.2 -
Update the
image.tagvalue and use the appropriate release of the helm chart:helm install ... \ --set image.tag="1.19.2" \ ... https://github.com/cyberark/conjur-oss-helm-chart/releases/download/v2.0.5/conjur-oss-2.0.5.tgz
Upgrade Instructions
Upgrade instructions are available for the following components:
Changes
The following are changes to the constituent components since the last Conjur
OSS Suite release:
- cyberark/conjur
- cyberark/conjur-cli-go
- cyberark/conjur-api-go
- cyberark/conjur-api-java
- cyberark/conjur-api-python
- cyberark/cloudfoundry-conjur-buildpack
- cyberark/conjur-service-broker
- cyberark/terraform-provider-conjur
cyberark/conjur
v1.19.1 (2022-12-08)
- Added
- Provides support for PKCE in the OIDC Authenticator code redirect workflow.
This is enabled by default. If needed, it can be disabled using the
CONJUR_FEATURE_PKCE_SUPPORT_ENABLED feature flag.
cyberark/conjur#2678 - OIDC Authenticator can now be configured to distribute access tokens with a
custom time-to-live.
cyberark/conjur#2683 - List members request (GET /roles/conjur/{kind}/{identifier}?members) now produce audit events.
cyberark/conjur#2691 - Show resource request (GET /resources/:account/:kind/*identifier) now produce audit events.
cyberark/conjur#2695 - List memberships request (GET /roles/:account/:kind/*identifier?memberships) now produce audit events.
cyberark/conjur#2693
- Provides support for PKCE in the OIDC Authenticator code redirect workflow.
- Fixed
- Previously, if an OIDC authenticator was configured with a Status webservice,
the OIDC provider endpoint would include duplicate OIDC authenticators. This change resolves ONYX-25530.
cyberark/conjur#2678 - Allows V2 OIDC authenticators to be checked through the authenticator status
endpoint. This change resolves ONYX-25531.
cyberark/conjur#2692 - Previously, if an OIDC provider endpoint was incorrect, the provider list endpoint
would raise an exception. This change resolves ONYX-30387
cyberark/conjur#2688
- Previously, if an OIDC authenticator was configured with a Status webservice,
- Security
- Update loofah to 2.19.1 for CVE-2022-23514, CVE-2022-23515 and CVE-2022-23516 (all Not Vulnerable)
and rails-html-sanitizr to 1.4.4 for CVE-2022-23517, CVE-2022-23518, CVE-2022-23519, and CVE-2022-23520 (Not vulnerable)
cyberark/conjur#2686 - Updated nokogiri in root and docs Gemfile.lock files to resolve GHSA-qv4q-mr5r-qprj
cyberark/conjur#2684
- Update loofah to 2.19.1 for CVE-2022-23514, CVE-2022-23515 and CVE-2022-23516 (all Not Vulnerable)
v1.19.2 (2023-01-13)
- Fixed
- Previously, including limit or offset parameters to a resource list request
resulted in the returned list being unexpectedly sorted. Now, all resource list
request results are sorted by resource ID.
cyberark/conjur#2702
- Previously, including limit or offset parameters to a resource list request
- Security
- Upgraded Rails to 6.1.7.1 to resolve CVE-2023-22794 (not vulnerable)
cyberark/conjur#2703
- Upgraded Rails to 6.1.7.1 to resolve CVE-2023-22794 (not vulnerable)
cyberark/conjur-cli-go
v8.0.4 (2023-03-03)
- Fixed
- Allow hostfactory cidrs to specify a subnet
cyberark/conjur-cli-go#113 - Update variable get to retrieve multiple variables
cyberark/conjur-cli-go#114
- Allow hostfactory cidrs to specify a subnet
cyberark/conjur-api-go
v0.11.0 (2023-02-28)
- Added
- Added support for Conjur's LDAP authenticator
cyberark/conjur-api-go#141 - Added support for Conjur's OIDC authenticator
cyberark/conjur-api-go#144 - Added CONJUR_AUTHN_JWT_TOKEN to support authenticating via authn-jwt with the contents of a JSON Web Token (JWT) cyberark/conjur-api-go#143
- Added new API method CheckPermissionForRole
cyberark/conjur-api-go#153
- Added support for Conjur's LDAP authenticator
- Changed
- Resource IDs can now be partially-qualified, adhering to the form
[:]:.
cyberark/conjur-api-go#153 - User and Host IDs passed to their respective API key rotation functions can
now be fully-qualified, adhering to the form [[:]:].
cyberark/conjur-api-go#166 - The Hostfactory id is no longer required to be a fully qualified id.
cyberark/conjur-api-go#164
- Resource IDs can now be partially-qualified, adhering to the form
- Removed
- Remove all usage of Conjur v4
cyberark/conjur-api-go#139
- Remove all usage of Conjur v4
- Security
- Upgrade gopkg.in/yaml.v3 indirect dependencies to v3.0.1 and Dockerfile to golang:1.19.5
cyberark/conjur-api-go#158
- Upgrade gopkg.in/yaml.v3 indirect dependencies to v3.0.1 and Dockerfile to golang:1.19.5
cyberark/conjur-api-java
[v3.0.4](https://github.com/cyberark/conjur-a...
v1.19.0+suite.1
v1.19.0+suite.1
This tag was signed with the committer’s verified signature.
gl-johnson
Glen Johnson
Release Notes
All notable changes to this project will be documented in this file.
[v1.19.0+suite.1] - 2022-11-30
Table of Contents
- Components
- Installation Instructions for the Suite Release Version of Conjur
- Upgrade Instructions
- Changes
Components
These are the components that combine to create this Conjur OSS Suite release and links
to their releases:
Conjur Server
- cyberark/conjur v1.19.0 (2022-11-29)
- cyberark/conjur-openapi-spec v5.3.0 (2021-12-22)
- cyberark/conjur-oss-helm-chart v2.0.5 (2022-08-17)
Conjur SDK
- cyberark/conjur-cli v6.2.8 (2022-08-16)
- cyberark/conjur-api-dotnet v2.1.1 (2022-03-14)
- cyberark/conjur-api-go v0.10.2 (2022-11-14)
- cyberark/conjur-api-java v3.0.3 (2022-05-31)
- cyberark/conjur-api-python3 v7.1.0 (2021-12-22)
- cyberark/conjur-api-ruby v5.4.0 (2022-08-16)
Platform Integrations
- cyberark/cloudfoundry-conjur-buildpack v2.2.6 (2022-11-23)
- cyberark/conjur-service-broker v1.2.7 (2022-11-27)
- cyberark/conjur-authn-k8s-client v0.24.0 (2022-11-23)
- cyberark/secrets-provider-for-k8s v1.4.5 (2022-09-26)
DevOps Tools
- cyberark/ansible-conjur-collection v1.2.0 (2020-09-01)
- cyberark/ansible-conjur-host-identity v0.3.2 (2020-12-29)
- cyberark/conjur-puppet v3.1.0 (2020-10-08)
- cyberark/terraform-provider-conjur v0.6.4 (2022-11-14)
Secretless Broker
- cyberark/secretless-broker v1.7.14 (2022-08-17)
Summon
- cyberark/summon v0.9.5 (2022-09-28)
- cyberark/summon-conjur v0.6.4 (2022-07-06)
Installation Instructions for the Suite Release Version of Conjur
Installing the Suite Release Version of Conjur requires setting the container image tag. Below are more specific instructions depending on environment.
-
Docker or docker-compose
Set the container image tag to
cyberark/conjur:1.19.0.
For example, make the following update to the conjur service in the quickstart docker-compose.ymlimage: cyberark/conjur:1.19.0 -
Update the
image.tagvalue and use the appropriate release of the helm chart:helm install ... \ --set image.tag="1.19.0" \ ... https://github.com/cyberark/conjur-oss-helm-chart/releases/download/v2.0.5/conjur-oss-2.0.5.tgz
Upgrade Instructions
Upgrade instructions are available for the following components:
Changes
The following are changes to the constituent components since the last Conjur
OSS Suite release:
- cyberark/conjur
- cyberark/conjur-api-go
- cyberark/cloudfoundry-conjur-buildpack
- cyberark/conjur-service-broker
- cyberark/conjur-authn-k8s-client
- cyberark/secrets-provider-for-k8s
- cyberark/terraform-provider-conjur
- cyberark/summon
cyberark/conjur
v1.19.0 (2022-11-29)
- Added
- Conjur policy loads can now emit callbacks to extensions on policy
load lifecycle events (e.g. before/after policy load). This is disabled
by default, but is available under the
CONJUR_FEATURE_POLICY_LOAD_EXTENSIONS feature flag.
cyberark/conjur#2671 - Conjur roles API can now emit callbacks to extensions on member add and
remove events (e.g. before/after add member). This is disabled by default,
but is available under the CONJUR_FEATURE_ROLES_API_EXTENSIONS feature flag.
cyberark/conjur#2671
- Conjur policy loads can now emit callbacks to extensions on policy
- Security
- Updated nokogiri in root and docs Gemfile.lock files to resolve GHSA-2qc6-mcvw-92cw
cyberark/conjur#2670
- Updated nokogiri in root and docs Gemfile.lock files to resolve GHSA-2qc6-mcvw-92cw
cyberark/conjur-api-go
v0.10.2 (2022-11-14)
- Fixed
- Fixed bug with CONJUR_AUTHN_JWT_HOST_ID environment variable not being read
cyberark/conjur-api-go#136
- Fixed bug with CONJUR_AUTHN_JWT_HOST_ID environment variable not being read
cyberark/cloudfoundry-conjur-buildpack
v2.2.6 (2022-11-23)
- Changed
- Added replace statement to prune gopkg.in/yaml.v2 v2.2.2 in favor of v2.2.8
cyberark/cloudfoundry-conjur-buildpack#153 - Added replace statement to prune gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c from
dependency tree in favor of v3.0.1 cyberark/cloudfoundry-conjur-buildpack#152
- Added replace statement to prune gopkg.in/yaml.v2 v2.2.2 in favor of v2.2.8
- Security
- Updated Summon, golang.org/x/net, and golang.org/x/text dependencies
cyberark/cloudfoundry-conjur-buildpack#156 - Updated tests/integration/apps/java to use Spring Framework 2.7.5
cyberark/cloudfoundry-conjur-buildpack#155
- Updated Summon, golang.org/x/net, and golang.org/x/text dependencies
cyberark/conjur-service-broker
v1.2.7 (2022-11-27)
- Security
- Upgrade nokogiri to v1.3.9 to resolve GHSA-2qc6-mcvw-92cw
cyberark/conjur-service-broker#296 - Upgrade cucumber (2.99.0 -> 7.1.0) and aruba (1.1.2 -> 2.0.0)
to resolve medium severity security issue on Snyk
cyberark/conjur-service-broker#294
- Upgrade nokogiri to v1.3.9 to resolve GHSA-2qc6-mcvw-92cw
cyberark/conjur-authn-k8s-client
v0.24.0 (2022-11-23)
- Changed
- Add service account secret to Conjur Config Cluster Prep chart
cyberark/conjur-authn-k8s-client#486
- Add service account secret to Conjur Config Cluster Prep chart
cyberark/secrets-provider-for-k8s
v1.4.5 (2022-09-26)
- Changed
- Updated Go to 1.19
cyberark/secrets-provider-for-k8s#484 - Updated go.opentelmetry.io/otel to 1.10.0 and k8s.io/api, k8s.io/apimachinery,
and k8s.io/client-go to latest versions
cyberark/secrets-provider-for-k8s#484
- Updated Go to 1.19
- Security
- More replace statements for golang.org/x/crypto, gopkg.in/yaml.v2, and golang.org/x/net
cyberark/secrets-provider-for-k8s#486 - Updated replace statements in go.mod to remove vulnerable versions of golang.org/x/net
cyberark/secrets-provider-for-k8s#484
cyberark/secrets-provider-for-k8s#485 - Updated replace statements in go.mod to remove vulnerable versions of golang.org/x/text
cyberark/secrets-provider-for-k8s#484
- More replace statements for golang.org/x/crypto, gopkg.in/yaml.v2, and golang.org/x/net
cyberark/terraform-provider-conjur
v0.6.4 (2022-11-14)
- Security
- Added replaces for 2 versions of golang.org/x/crypto brought in by the terraform sdk to resolve CVE-2021-43565
cyberark/terraform-provider-conjur#111 - Upgraded to Go 1.19 cyberark/terraform-provider-conjur#110
- Forced golang.org/x/net to use v0.0.0-20220923203811-8be639271d50 to resolve CVE-2022-27664
[cyberark/te...
- Added replaces for 2 versions of golang.org/x/crypto brought in by the terraform sdk to resolve CVE-2021-43565
v1.18.4+suite.1
v1.18.4+suite.1
This tag was signed with the committer’s verified signature.
jtuttle
John Tuttle
Release Notes
All notable changes to this project will be documented in this file.
[v1.18.4+suite.1] - 2022-10-03
Table of Contents
- Components
- Installation Instructions for the Suite Release Version of Conjur
- Upgrade Instructions
- Changes
Components
These are the components that combine to create this Conjur OSS Suite release and links
to their releases:
Conjur Server
- cyberark/conjur v1.18.4 (2022-09-11)
- cyberark/conjur-openapi-spec v5.3.0 (2021-12-22)
- cyberark/conjur-oss-helm-chart v2.0.5 (2022-08-17)
Conjur SDK
- cyberark/conjur-cli v6.2.8 (2022-08-16)
- cyberark/conjur-api-dotnet v2.1.1 (2022-03-14)
- cyberark/conjur-api-go v0.10.1 (2022-06-14)
- cyberark/conjur-api-java v3.0.3 (2022-05-31)
- cyberark/conjur-api-python3 v7.1.0 (2021-12-22)
- cyberark/conjur-api-ruby v5.4.0 (2022-08-16)
Platform Integrations
- cyberark/cloudfoundry-conjur-buildpack v2.2.5 ()
- cyberark/conjur-service-broker v1.2.6 (2022-08-16)
- cyberark/conjur-authn-k8s-client v0.23.8 (2022-08-31)
- cyberark/secrets-provider-for-k8s v1.4.4 (2022-07-12)
DevOps Tools
- cyberark/ansible-conjur-collection v1.2.0 (2020-09-01)
- cyberark/ansible-conjur-host-identity v0.3.2 (2020-12-29)
- cyberark/conjur-puppet v3.1.0 (2020-10-08)
- cyberark/terraform-provider-conjur v0.6.3 (2022-08-17)
Secretless Broker
- cyberark/secretless-broker v1.7.14 (2022-08-17)
Summon
- cyberark/summon v0.9.4 (2022-08-18)
- cyberark/summon-conjur v0.6.4 (2022-07-06)
Installation Instructions for the Suite Release Version of Conjur
Installing the Suite Release Version of Conjur requires setting the container image tag. Below are more specific instructions depending on environment.
-
Docker or docker-compose
Set the container image tag to
cyberark/conjur:1.18.4.
For example, make the following update to the conjur service in the quickstart docker-compose.ymlimage: cyberark/conjur:1.18.4 -
Update the
image.tagvalue and use the appropriate release of the helm chart:helm install ... \ --set image.tag="1.18.4" \ ... https://github.com/cyberark/conjur-oss-helm-chart/releases/download/v2.0.5/conjur-oss-2.0.5.tgz
Upgrade Instructions
Upgrade instructions are available for the following components:
Changes
The following are changes to the constituent components since the last Conjur
OSS Suite release:
cyberark/conjur
v1.18.1 (2022-08-01)
- Changed
- Migrates OIDC Provider list to be accessable via an unauthentated
endpoint. This is not a concern as logins using this endpoint already
display the redirect endpoint on the login page.
cyberark/conjur#2625
- Migrates OIDC Provider list to be accessable via an unauthentated
v1.18.2 (2022-09-01)
- Changed
- Reduces debug log verbosity.
cyberark/conjur#2639
- Reduces debug log verbosity.
v1.18.3 (2022-09-07)
- Security
- Remove code and state from the debug logs
conjurinc/conjur-ui#2644
- Remove code and state from the debug logs
v1.18.4 (2022-09-11)
- Added
- Adds support for authorization token in header in OIDC authenticator.
cyberark/conjur#2637
- Adds support for authorization token in header in OIDC authenticator.
cyberark/conjur-authn-k8s-client
v0.23.8 (2022-08-31)
- Changed
- Update Cluster Prep Helm chart to support namespace label-based authentication.
cyberark/conjur-authn-k8s-client#482
- Update Cluster Prep Helm chart to support namespace label-based authentication.
cyberark/ansible-conjur-collection
v1.2.0 (2020-09-01)
- Added
- Add state variable to Conjur Ansible role, which can be used to cleanup
configuration and identity artifacts created on managed nodes.
cyberark/ansible-conjur-collection#176
- Add state variable to Conjur Ansible role, which can be used to cleanup
- Changed
- Lookup plugin now retries variable retrieval 5 times before accepting a
failure response.
cyberark/ansible-conjur-collection#60
- Lookup plugin now retries variable retrieval 5 times before accepting a
- Removed
- End support for Python 2.
cyberark/ansible-conjur-collection#69
- End support for Python 2.
v1.18.0+suite.1
Release Notes
All notable changes to this project will be documented in this file.
[v1.18.0+suite.1] - 2022-08-24
Table of Contents
- Components
- Installation Instructions for the Suite Release Version of Conjur
- Upgrade Instructions
- Changes
Components
These are the components that combine to create this Conjur OSS Suite release and links
to their releases:
Conjur Server
- cyberark/conjur v1.18.0 (2022-08-01)
- cyberark/conjur-openapi-spec v5.3.0 (2021-12-22)
- cyberark/conjur-oss-helm-chart v2.0.5 (2022-08-17)
Conjur SDK
- cyberark/conjur-cli v6.2.8 (2022-08-16)
- cyberark/conjur-api-dotnet v2.1.1 (2022-03-14)
- cyberark/conjur-api-go v0.10.1 (2022-06-14)
- cyberark/conjur-api-java v3.0.3 (2022-05-31)
- cyberark/conjur-api-python3 v7.1.0 (2021-12-22)
- cyberark/conjur-api-ruby v5.4.0 (2022-08-16)
Platform Integrations
- cyberark/cloudfoundry-conjur-buildpack v2.2.4 (2022-06-16)
- cyberark/conjur-service-broker v1.2.6 (2022-08-16)
- cyberark/conjur-authn-k8s-client v0.23.7 (2022-07-12)
- cyberark/secrets-provider-for-k8s v1.4.4 (2022-07-12)
DevOps Tools
- cyberark/ansible-conjur-collection v1.1.0 (2020-12-29)
- cyberark/ansible-conjur-host-identity v0.3.2 (2020-12-29)
- cyberark/conjur-puppet v3.1.0 (2020-10-08)
- cyberark/terraform-provider-conjur v0.6.3 (2022-08-17)
Secretless Broker
- cyberark/secretless-broker v1.7.14 (2022-08-17)
Summon
- cyberark/summon v0.9.4 (2022-08-18)
- cyberark/summon-conjur v0.6.4 (2022-07-06)
Installation Instructions for the Suite Release Version of Conjur
Installing the Suite Release Version of Conjur requires setting the container image tag. Below are more specific instructions depending on environment.
-
Docker or docker-compose
Set the container image tag to
cyberark/conjur:1.18.0.
For example, make the following update to the conjur service in the quickstart docker-compose.ymlimage: cyberark/conjur:1.18.0 -
Update the
image.tagvalue and use the appropriate release of the helm chart:helm install ... \ --set image.tag="1.18.0" \ ... https://github.com/cyberark/conjur-oss-helm-chart/releases/download/v2.0.5/conjur-oss-2.0.5.tgz
Upgrade Instructions
Upgrade instructions are available for the following components:
Changes
The following are changes to the constituent components since the last Conjur
OSS Suite release:
- cyberark/conjur
- cyberark/conjur-oss-helm-chart
- cyberark/conjur-cli
- cyberark/conjur-api-ruby
- cyberark/conjur-service-broker
- cyberark/conjur-authn-k8s-client
- cyberark/secrets-provider-for-k8s
- cyberark/terraform-provider-conjur
- cyberark/secretless-broker
- cyberark/summon
cyberark/conjur
v1.17.7 (2022-06-29)
- Changed
- Made simplecov a dev/test dependency
cyberark/conjur#2564 - Added configuration for token TTL
cyberark/conjur#2510 - Added configuration for default value for maximum number of results return to /resources request
cyberark/conjur#2510
- Made simplecov a dev/test dependency
- Fixed
- Previously, the temporary schemas used to modify Conjur policy
caused the Postgres database catalog cache to leak memory over time,
leading to an eventual crash. Now, we recycle the database
connection after modifying policy to free this cache and prevent
the memory leak from occurring.
cyberark/conjur#2584
- Previously, the temporary schemas used to modify Conjur policy
- Security
- Update rack to 2.2.3.1 to resolve CVE-2022-3023
cyberark/conjur#2564 - Update nokogiri to 1.13.6 to resolve un-numbered libxml CVEs (both in main
Gemfile.lock and in docs/Gemfile.lock)
cyberark/conjur#2558
- Update rack to 2.2.3.1 to resolve CVE-2022-3023
v1.18.0 (2022-08-01)
- Added
- Adds support for namespace label based identity scope for the Kubernetes Authenticator
cyberark/conjur#2613
- Adds support for namespace label based identity scope for the Kubernetes Authenticator
- Changed
- Adds support for authentication using OIDC's code authorization flow
cyberark/conjur#2595
- Adds support for authentication using OIDC's code authorization flow
- Security
- Updated tzinfo to 1.2.10 to address CVE-2022-31163
cyberark/conjur#2610
- Updated tzinfo to 1.2.10 to address CVE-2022-31163
cyberark/conjur-oss-helm-chart
v2.0.5 (2022-08-17)
- Added
- Support for authn-jwt flow. cyberark/conjur-oss-helm-chart#169
cyberark/conjur-cli
v6.2.6 (2022-01-31)
- Changed
- Allow activesupport >=6 as a dependency for ruby-3.0.2.
cyberark/conjur-cli#339 - Add Ruby 3 tests in CI.
- Set Ruby 3 as default.
cyberark/conjur-cli#344 - Bump conjur-api-ruby gem.
- Bump rake gem.
- Allow activesupport >=6 as a dependency for ruby-3.0.2.
v6.2.7 (2022-05-09)
- Changed
- Remove support for Ruby versions 2.5 and 2.6 cyberark/cyberark-conjur-cli-docker-based#351
v6.2.8 (2022-08-16)
- Fixed
- Fixed rubygems delivery cyberark/cyberark-conjur-cli-docker-based#354
cyberark/conjur-api-ruby
v5.4.0 (2022-08-16)
- Added
- Added support for OIDC V2 authentication endpoint.
cyberark/cojnur-api-ruby#207 - Added support for OIDC authenticator providers endpoint.
cyberark/cojnur-api-ruby#207
- Added support for OIDC V2 authentication endpoint.
- Changed
- Remove support for Ruby versions <2.7 which are end of life.
cyberark/conjur-api-ruby#206 - Adding operation call to fetch authentication providers
cyberark/conjur-api-ruby#206
- Remove support for Ruby versions <2.7 which are end of life.
cyberark/conjur-service-broker
v1.2.6 (2022-08-16)
- Security
- Updated tzinfo to 1.2.10 in Gemfile.lock and test/integration/test-app/Gemfile.lock to
resolve CVE-2022-31163
cyberark/conjur-service-broker#289 - Updated rails-html-sanitizer to 1.4.3 to resolve CVE-2022-32209
cyberark/conjur-service-broker#288
- Updated tzinfo to 1.2.10 in Gemfile.lock and test/integration/test-app/Gemfile.lock to
cyberark/conjur-authn-k8s-client
v0.23.7 (2022-07-12)
- Changed
- Updated dev/Dockerfile.debug and removed bin/test-workflow/test-app-summon/Dockerfile.builder
and bin/test-workflow/test-app-summon/Dockerfile.oc
cyberark/conjur-authn-k8s-client#480
- Updated dev/Dockerfile.debug and removed bin/test-workflow/test-app-summon/Dockerfile.builder
cyberark/secrets-provider-for-k8s
##...
v1.17.6+suite.1
v1.17.6+suite.1
This tag was signed with the committer’s verified signature.
jtuttle
John Tuttle
Release Notes
All notable changes to this project will be documented in this file.
[v1.17.6+suite.1] - 2022-07-12
Table of Contents
- Components
- Installation Instructions for the Suite Release Version of Conjur
- Upgrade Instructions
- Changes
Components
These are the components that combine to create this Conjur OSS Suite release and links
to their releases:
Conjur Server
- cyberark/conjur v1.17.6 (2022-04-07)
- cyberark/conjur-openapi-spec v5.3.0 (2021-12-22)
- cyberark/conjur-oss-helm-chart v2.0.4 (2021-04-12)
Conjur SDK
- cyberark/conjur-cli v6.2.5 (2021-09-29)
- cyberark/conjur-api-dotnet v2.1.1 (2022-03-14)
- cyberark/conjur-api-go v0.10.1 (2022-06-14)
- cyberark/conjur-api-java v3.0.3 (2022-05-31)
- cyberark/conjur-api-python3 v7.1.0 (2021-12-22)
- cyberark/conjur-api-ruby v5.3.7 (2021-12-28)
Platform Integrations
- cyberark/cloudfoundry-conjur-buildpack v2.2.4 (2022-06-16)
- cyberark/conjur-service-broker v1.2.5 (2022-06-16)
- cyberark/conjur-authn-k8s-client v0.23.6 (2022-06-16)
- cyberark/secrets-provider-for-k8s v1.4.3 (2022-07-07)
DevOps Tools
- cyberark/ansible-conjur-collection v1.1.0 (2020-12-29)
- cyberark/ansible-conjur-host-identity v0.3.2 (2020-12-29)
- cyberark/conjur-puppet v3.1.0 (2020-10-08)
- cyberark/terraform-provider-conjur v0.6.2 (2021-09-02)
Secretless Broker
- cyberark/secretless-broker v1.7.13 (2022-07-07)
Summon
- cyberark/summon v0.9.3 (2022-06-15)
- cyberark/summon-conjur v0.6.4 (2022-07-06)
Installation Instructions for the Suite Release Version of Conjur
Installing the Suite Release Version of Conjur requires setting the container image tag. Below are more specific instructions depending on environment.
-
Docker or docker-compose
Set the container image tag to
cyberark/conjur:1.17.6.
For example, make the following update to the conjur service in the quickstart docker-compose.ymlimage: cyberark/conjur:1.17.6 -
Update the
image.tagvalue and use the appropriate release of the helm chart:helm install ... \ --set image.tag="1.17.6" \ ... https://github.com/cyberark/conjur-oss-helm-chart/releases/download/v2.0.4/conjur-oss-2.0.4.tgz
Upgrade Instructions
Upgrade instructions are available for the following components:
Changes
The following are changes to the constituent components since the last Conjur
OSS Suite release:
- cyberark/conjur
- cyberark/conjur-openapi-spec
- cyberark/conjur-api-dotnet
- cyberark/conjur-api-go
- cyberark/conjur-api-java
- cyberark/conjur-api-ruby
- cyberark/cloudfoundry-conjur-buildpack
- cyberark/conjur-service-broker
- cyberark/conjur-authn-k8s-client
- cyberark/secrets-provider-for-k8s
- cyberark/secretless-broker
- cyberark/summon
- cyberark/summon-conjur
cyberark/conjur
v1.17.3 (2022-04-04)
- Added
- Added the ability to fetch signing keys from JWKS endpoints that use a self-signed
certificate or a certificate signed by a third-party CA for JWT generic vendor
configuration
(#2462
#2461
#2456
#2455
#2457
#2452
#2437) - Added the ability for JWT generic vendor configuration to receive signing keys
for JWT token verification from a variable. Variable name is public-keys
(#2463
#2461
#2456
#2455
#2454
#2450
#2447
#2437) - Added support for SNI certificates when talking to the Kubernetes API
server through the web socket client.
#2482 - Added support for http(s)_proxy for Kubernetes client in Kubernetes
authenticator
#2432
- Added the ability to fetch signing keys from JWKS endpoints that use a self-signed
- Changed
- Fixed issue where an invalid content type sent by our .NET SDK was causing
Conjur to error - but this wasn't the case before the Ruby 3 upgrade
#2525 - Verify non user or host resources do not have credentials.
- Update to automated release process
- Proper error message appears when JWT Authenticator gets HTTP code error
while trying to fetch JWKS data from jwks-uri #2474 - Upgrade to Ruby 3. #2444
- Fixed issue where an invalid content type sent by our .NET SDK was causing
- Fixed
- IAM Authn bug fix - Take rexml gem to production configuration #2493
- Previously, a stale puma pid file would prevent the Conjur server from starting
successfully. Conjur now removes a stale pid file at startup, if it exists.
#2498 - Use entirety of configured Kubernetes endpoint URL in Kubernetes authenticator's
web socket client, instead of only host and port
#2479
- Security
- Updated rails to 6.1.4.7 to resolve CVE-2022-21831 (not vulnerable)
cyberark/conjur#2513 - Updated nokogiri to 1.13.3 to resolve CVE-2022-23308 and CVE-2021-30560
cyberark/conjur#2504 - Updated Rails to 6.1.4.4 to resolve CVE-2021-44528 (Medium, Not Vulnerable)
cyberark/conjur#2486 - Updated Rails to 6.1.4.6 to resolve CVE-2022-23633
- Updated Puma to 5.6.2 to resolve CVE-2022-23634
cyberark/conjur#2492 - Updated Puma to 5.6.4 to resolve CVE-2022-24790
cyberark/conjur#2534 - Updated KubeClient to 4.9.3 to resolve CVE-2022-0759
cyberark/conjur#2527
- Updated rails to 6.1.4.7 to resolve CVE-2022-21831 (not vulnerable)
v1.17.6 (2022-04-07)
- Changed
- Adds CONJUR_USERS_IN_ROOT_POLICY_ONLY environment variable to prevent users from being created outside the root policy.
- Fixed promotion behavior
- Security
- Upgrade Rails to 6.12.5.1 to close CVE-2022-22577 and CVE-2022-27777
cyberark/conjur#2553 - Updated nokogiri to 1.13.4 to resolve CVE-2022-24836
cyberark/conjur#2534
- Upgrade Rails to 6.12.5.1 to close CVE-2022-22577 and CVE-2022-27777
cyberark/conjur-openapi-spec
v5.3.0 (2021-12-22)
- Added
- Add new route for enabling authenticator with default service
cyberark/conjur-openapi-spec#215
- Add new route for enabling authenticator with default service
cyberark/conjur-api-dotnet
v2.1.1 (2022-03-14)
- Fixed
- Fix mime type "te...
v1.15.0+suite.1
v1.15.0+suite.1
This tag was signed with the committer’s verified signature.
jtuttle
John Tuttle
Release Notes
All notable changes to this project will be documented in this file.
[v1.15.0+suite.1] - 2022-01-24
Table of Contents
- Components
- Installation Instructions for the Suite Release Version of Conjur
- Upgrade Instructions
- Changes
Components
These are the components that combine to create this Conjur OSS Suite release and links
to their releases:
Conjur Server
- cyberark/conjur v1.15.0 (2021-12-21)
- cyberark/conjur-openapi-spec v5.2.0 (2021-09-08)
- cyberark/conjur-oss-helm-chart v2.0.4 (2021-04-12)
Conjur SDK
- cyberark/conjur-cli v6.2.5 (2021-09-29)
- cyberark/conjur-api-dotnet v2.1.0 (2021-09-08)
- cyberark/conjur-api-go v0.8.0 (2021-09-10)
- cyberark/conjur-api-java v3.0.2 (2020-10-28)
- cyberark/conjur-api-python3 v7.1.0 (2021-12-22)
- cyberark/conjur-api-ruby v5.3.5 (2021-05-04)
Platform Integrations
- cyberark/cloudfoundry-conjur-buildpack v2.2.1 (2020-06-24)
- cyberark/conjur-service-broker v1.2.3 (2021-12-31)
- cyberark/conjur-authn-k8s-client v0.22.0 (2021-09-17)
- cyberark/secrets-provider-for-k8s v1.3.0 (2022-01-03)
DevOps Tools
- cyberark/ansible-conjur-collection v1.1.0 (2020-12-29)
- cyberark/ansible-conjur-host-identity v0.3.2 (2020-12-29)
- cyberark/conjur-puppet v3.1.0 (2020-10-08)
- cyberark/terraform-provider-conjur v0.6.2 (2021-09-02)
Secretless Broker
- cyberark/secretless-broker v1.7.8 (2021-11-09)
Summon
- cyberark/summon v0.9.0 (2021-07-19)
- cyberark/summon-conjur v0.6.0 (2021-08-11)
Installation Instructions for the Suite Release Version of Conjur
Installing the Suite Release Version of Conjur requires setting the container image tag. Below are more specific instructions depending on environment.
-
Docker or docker-compose
Set the container image tag to
cyberark/conjur:1.15.0.
For example, make the following update to the conjur service in the quickstart docker-compose.ymlimage: cyberark/conjur:1.15.0 -
Update the
image.tagvalue and use the appropriate release of the helm chart:helm install ... \ --set image.tag="1.15.0" \ ... https://github.com/cyberark/conjur-oss-helm-chart/releases/download/v2.0.4/conjur-oss-2.0.4.tgz
Upgrade Instructions
Upgrade instructions are available for the following components:
Changes
The following are changes to the constituent components since the last Conjur
OSS Suite release:
- cyberark/conjur
- cyberark/conjur-api-python3
- cyberark/conjur-service-broker
- cyberark/secrets-provider-for-k8s
cyberark/conjur
v1.14.2 (2021-12-13)
- Changed
- Fixed
- Security
- Bump gems related to openid_connect stack for improving the certificate
validation procedure during the OIDC keys discovery process
#2441
- Bump gems related to openid_connect stack for improving the certificate
v1.15.0 (2021-12-21)
- Added
- Added API endpoint to enable and disable GCP authenticator
#2448
- Added API endpoint to enable and disable GCP authenticator
- Fixed
- Check to stop hosts from setting passwords fixed for admin user
#2440
- Check to stop hosts from setting passwords fixed for admin user
cyberark/conjur-api-python3
v7.1.0 (2021-12-22)
- Added
- Init command is now strict to run in one of three modes described in SslVerificationMode enum
- For CLI Init flow, Additional certificate validation steps where added. for --self-signed and --ca-cert flows
- Support http domains if working in insecure mode
- The hostfactory method create token is now available in CLI and SDK to create a hostfactory token to manage hosts
and permissions in a dynamic way
cyberark/conjur-api-python3#339 - Stop supporting Client initialization from disk.
- The list options --members-of, --permitted-roles, and --privilege are now available in the Conjur CLI
- Fixed
- Fixed Load policy "hides" the error message
cyberark/conjur-service-broker
v1.2.2 (2021-11-03)
- Security
- Updated Nokogiri to 1.12.5-x86_64-darwin to resolve
CVE-2021-41098
cyberark/conjur-service-broker#257
- Updated Nokogiri to 1.12.5-x86_64-darwin to resolve
v1.2.3 (2021-12-31)
- Changed
- Updated to go 1.17 and conjur-api-go 0.8.1
cyberark/conjur-service-broker#263
- Updated to go 1.17 and conjur-api-go 0.8.1
cyberark/secrets-provider-for-k8s
v1.2.0 (2021-11-30)
- Added
- Adds validation for output filepaths and names in Push-to-File, requiring
valid Linux filenames that are unique across all secret groups.
cyberark/secrets-provider-for-k8s#386 - Adds support for Push-to-File annotation conjur.org/conjur-secrets-policy-path.{secret-group}.
cyberark/secrets-provider-for-k8s#392
- Adds validation for output filepaths and names in Push-to-File, requiring
- Changed
- Push-to-File supports more intuitive output filepaths. Filepaths are
no longer required to contain the hard-coded mount path /conjur/secrets, and
can specify intermediate directories.
cyberark/secrets-provider-for-k8s#381
- Push-to-File supports more intuitive output filepaths. Filepaths are
v1.3.0 (2022-01-03)
- Added
- Push-to-File supports default filepaths for templates. cyberark/secrets-provider-for-k8s#411
- Push-to-File supports custom file permissions for secret files. cyberark/secrets-provider-for-k8s#408
- Adds support for tracing with OpenTelemetry. cyberark/secrets-provider-for-k8s#398
- Adds support for Base64 encode/decode functions in custom templates. cyberark/secrets-provider-for-k8s#409
- Secrets Provider run in Push-to-File mode can use secret file templates
defined in a volume-mounted ConfigMap.
cyberark/secrets-provider-for-k8s#393
- Changed
- Secrets Provider run in Push-to-File mode using a custom secret file template
requires annotation conjur.org/secret-file-format.{secret-group} to be set
to template. This is a breaking change.
cyberark/secrets-provider-for-k8s#393
- Secrets Provider run in Push-to-File mode using a custom secret file template
- Fixed
- If the Secrets Provider is run in Push-to-File mode, it no longer errors out
if it finds any pre-existing secret files. This is helpful wh...
- If the Secrets Provider is run in Push-to-File mode, it no longer errors out
v1.14.1+suite.1
v1.14.1+suite.1
This tag was signed with the committer’s verified signature.
jtuttle
John Tuttle
Release Notes
All notable changes to this project will be documented in this file.
[v1.14.1+suite.1] - 2021-11-15
Table of Contents
- Components
- Installation Instructions for the Suite Release Version of Conjur
- Upgrade Instructions
- Changes
Components
These are the components that combine to create this Conjur OSS Suite release and links
to their releases:
Conjur Server
- cyberark/conjur v1.14.1 (2021-11-05)
- cyberark/conjur-openapi-spec v5.2.0 (2021-09-08)
- cyberark/conjur-oss-helm-chart v2.0.4 (2021-04-12)
Conjur SDK
- cyberark/conjur-cli v6.2.5 (2021-09-29)
- cyberark/conjur-api-dotnet v2.1.0 (2021-09-08)
- cyberark/conjur-api-go v0.8.0 (2021-09-10)
- cyberark/conjur-api-java v3.0.2 (2020-10-28)
- cyberark/conjur-api-python3 v7.0.1 (2020-04-12)
- cyberark/conjur-api-ruby v5.3.5 (2021-05-04)
Platform Integrations
- cyberark/cloudfoundry-conjur-buildpack v2.2.1 (2020-06-24)
- cyberark/conjur-service-broker v1.2.1 (2021-08-02)
- cyberark/conjur-authn-k8s-client v0.22.0 (2021-09-17)
- cyberark/secrets-provider-for-k8s v1.1.6 (2021-10-29)
DevOps Tools
- cyberark/ansible-conjur-collection v1.1.0 (2020-12-29)
- cyberark/ansible-conjur-host-identity v0.3.2 (2020-12-29)
- cyberark/conjur-puppet v3.1.0 (2020-10-08)
- cyberark/terraform-provider-conjur v0.6.2 (2021-09-02)
Secretless Broker
- cyberark/secretless-broker v1.7.8 (2021-11-09)
Summon
- cyberark/summon v0.9.0 (2021-07-19)
- cyberark/summon-conjur v0.6.0 (2021-08-11)
Installation Instructions for the Suite Release Version of Conjur
Installing the Suite Release Version of Conjur requires setting the container image tag. Below are more specific instructions depending on environment.
-
Docker or docker-compose
Set the container image tag to
cyberark/conjur:1.14.1.
For example, make the following update to the conjur service in the quickstart docker-compose.ymlimage: cyberark/conjur:1.14.1 -
Update the
image.tagvalue and use the appropriate release of the helm chart:helm install ... \ --set image.tag="1.14.1" \ ... https://github.com/cyberark/conjur-oss-helm-chart/releases/download/v2.0.4/conjur-oss-2.0.4.tgz
Upgrade Instructions
Upgrade instructions are available for the following components:
Changes
The following are changes to the constituent components since the last Conjur
OSS Suite release:
cyberark/conjur
v1.13.2 (2021-10-13)
- Security
- Updated puma to 5.5.1 to close
GHSA-48w2-rm65-62xx.
We were not vulnerable to this issue. cyberark/conjur#2385 - GCP Authenticator: When defining the host using the instance-name annotation,
you now need to define at least one additional annotation.
cyberark/ONYX-9442 - Updated nokogiri to 1.12.5 in both Gemfile.lock and docs/Gemfile.lock to resolve
CVE-2021-41098
cyberark/conjur#2376
cyberark/conjur#2377
- Updated puma to 5.5.1 to close
v1.14.1 (2021-11-05)
- Fixed
- Version bump to resolve build error on tagged master. #2416
cyberark/conjur-cli
v6.2.5 (2021-09-29)
- Fixed
- Upgraded highline dependency to fix deprecation warning.
cyberark/conjur-cli#330
- Upgraded highline dependency to fix deprecation warning.
cyberark/secrets-provider-for-k8s
v1.1.6 (2021-10-29)
- Added
- Adds support for Secrets Provider M1 Push-to-File feature, Community release.
cyberark/secrets-provider-for-k8s#358
cyberark/secrets-provider-for-k8s#359
cyberark/secrets-provider-for-k8s#362
cyberark/secrets-provider-for-k8s#363
cyberark/secrets-provider-for-k8s#364
cyberark/secrets-provider-for-k8s#366
cyberark/secrets-provider-for-k8s#367
cyberark/secrets-provider-for-k8s#368
cyberark/secrets-provider-for-k8s#376
cyberark/secrets-provider-for-k8s#377
cyberark/secrets-provider-for-k8s#378 - Support for OpenShift 4.8 has been added.
cyberark/secrets-provider-for-k8s#360
- Adds support for Secrets Provider M1 Push-to-File feature, Community release.
cyberark/secretless-broker
v1.7.8 (2021-11-09)
- Fixed
- Version bump to resolve flakey test on tagged master.
cyberark/secretless-broker#1438
- Version bump to resolve flakey test on tagged master.
v1.13.1+suite.1
v1.13.1+suite.1
This tag was signed with the committer’s verified signature.
jtuttle
John Tuttle
Release Notes
All notable changes to this project will be documented in this file.
[v1.13.1+suite.1] - 2021-09-20
Table of Contents
- Components
- Installation Instructions for the Suite Release Version of Conjur
- Upgrade Instructions
- Changes
Components
These are the components that combine to create this Conjur OSS Suite release and links
to their releases:
Conjur Server
- cyberark/conjur v1.13.1 (2021-09-13)
- cyberark/conjur-openapi-spec v5.2.0 (2021-09-08)
- cyberark/conjur-oss-helm-chart v2.0.4 (2021-04-12)
Conjur SDK
- cyberark/conjur-cli v6.2.4 (2021-07-01)
- cyberark/conjur-api-dotnet v2.1.0 (2021-09-08)
- cyberark/conjur-api-go v0.8.0 (2021-09-10)
- cyberark/conjur-api-java v3.0.2 (2020-10-28)
- cyberark/conjur-api-python3 v7.0.1 (2020-04-12)
- cyberark/conjur-api-ruby v5.3.5 (2021-05-04)
Platform Integrations
- cyberark/cloudfoundry-conjur-buildpack v2.2.1 (2020-06-24)
- cyberark/conjur-service-broker v1.2.1 (2021-08-02)
- cyberark/conjur-authn-k8s-client v0.22.0 (2021-09-17)
- cyberark/secrets-provider-for-k8s v1.1.5 (2021-08-13)
DevOps Tools
- cyberark/ansible-conjur-collection v1.1.0 (2020-12-29)
- cyberark/ansible-conjur-host-identity v0.3.2 (2020-12-29)
- cyberark/conjur-puppet v3.1.0 (2020-10-08)
- cyberark/terraform-provider-conjur v0.6.2 ()
Secretless Broker
- cyberark/secretless-broker v1.7.6 (2021-09-10)
Summon
- cyberark/summon v0.9.0 (2021-07-19)
- cyberark/summon-conjur v0.6.0 (2021-08-11)
Installation Instructions for the Suite Release Version of Conjur
Installing the Suite Release Version of Conjur requires setting the container image tag. Below are more specific instructions depending on environment.
-
Docker or docker-compose
Set the container image tag to
cyberark/conjur:1.13.1.
For example, make the following update to the conjur service in the quickstart docker-compose.ymlimage: cyberark/conjur:1.13.1 -
Update the
image.tagvalue and use the appropriate release of the helm chart:helm install ... \ --set image.tag="1.13.1" \ ... https://github.com/cyberark/conjur-oss-helm-chart/releases/download/v2.0.4/conjur-oss-2.0.4.tgz
Upgrade Instructions
Upgrade instructions are available for the following components:
Changes
The following are changes to the constituent components since the last Conjur
OSS Suite release:
- cyberark/conjur
- cyberark/conjur-openapi-spec
- cyberark/conjur-api-dotnet
- cyberark/conjur-api-go
- cyberark/conjur-authn-k8s-client
- cyberark/secrets-provider-for-k8s
- cyberark/terraform-provider-conjur
- cyberark/secretless-broker
cyberark/conjur
v1.13.1 (2021-09-13)
- Changed
- OIDC based authenticators no longer return Bad Gateway and Gateway Timeout http error codes.
Unauthorised is returned instead.
cyberark/conjur#2360
- OIDC based authenticators no longer return Bad Gateway and Gateway Timeout http error codes.
- Fixed
- Fix bug of cache not working in authn jwt. cyberark/conjur#2353
- Fix bug authn-jwt now appears in installed authenticators list of authenticators endpoint output. cyberark/conjur#2365
cyberark/conjur-openapi-spec
v5.2.0 (2021-09-08)
- Added
- New JWT authenticator endpoints have been added to the spec.
cyberark/conjur-openapi-spec#193
- New JWT authenticator endpoints have been added to the spec.
- Changed
- Consolidate bin/integration_test and bin/test_enterprise into bin/test_integration.
Renamed bin/api_test to bin/test_api_contract and bin/start to bin/dev to maintain
repository- and company-wide script convention.
cyberark/conjur-openapi-spec#166 - Remove Bad Gateway error code from authn-oidc error codes following cyberark/conjur#2360
cyberark/conjur-openapi-spec#204
- Consolidate bin/integration_test and bin/test_enterprise into bin/test_integration.
- Fixed
- Request body details for secret creation so all clients can properly set secrets. This changes
the MIME type of the request body to application/octet-stream in place of text plain,
allowing for proper binary secrets in clients (format: binary is broken in some clients).
cyberark/conjur-openapi-spec#187 - Authentication methods not requiring any API authentication (conjurAuth, basicAuth, etc) now
specify an empty list as the security field ensuring utilities dont assume all authentication
types are valid.
cyberark/conjur-openapi-spec#196
- Request body details for secret creation so all clients can properly set secrets. This changes
cyberark/conjur-api-dotnet
v2.1.0 (2021-09-08)
- Added
- Add parameter to the function Policy::LoadPolicy() to allow a different load method other than POST. POST being the default value. Currently Conjur supports POST, PUT and PATCH
cyberark/conjur-api-go
v0.8.0 (2021-09-10)
- Added
- New check in RetrieveBatchSecretSafe method which will return an error if the Content-Type header
is not set in the response (this indicates Conjur is out of date with the client).
cyberark/conjur-api-go#104
- New check in RetrieveBatchSecretSafe method which will return an error if the Content-Type header
- Changed
- RetrieveBatchSecretsSafe method is updated to use the Accept-Encoding header
instead of Accept, consistent with recent updates on the Conjur server.
cyberark/conjur-api-go#99
- RetrieveBatchSecretsSafe method is updated to use the Accept-Encoding header
cyberark/conjur-authn-k8s-client
v0.22.0 (2021-09-17)
- Added
- Introduces the conjur-config-cluster-prep.yaml and conjur-config-namespace-prep.yaml raw Kubernetes manifests generated from their corresponding Helm charts. These manifests provide an alternative method of configuring a Kubernetes cluster for the deployment of Conjur-authenticated applications for users unable to use Helm in their environment.
cyberark/conjur-authn-k8s-client#338 - Added user-configurable Helm values for the names of resources created by the conjur-config-namespace-prep Helm chart
cyberark/conjur-authn-k8s-client#383
- Introduces the conjur-config-cluster-prep.yaml and conjur-config-namespace-prep.yaml raw Kubernetes manifests generated from their corresponding Helm charts. These manifests provide an alternative method of configuring a Kubernetes cluster for the deployment of Conjur-authenticated applications for users unable to use Helm in their environment.
- Security
- Upgrades Openssl in Alpine to resolve CVE-2021-3711.
cyberark/conjur-authn-k8s-client#392 - Upgrades Alpine to v3.14 to resolve CVE-2021-36159.
cyberark/conjur-authn-k8s-client#374
- Upgrades Openssl in Alpine to resolve CVE-2021-3711.
cyberark/secrets-provider-for-k8s
v1.1.5 (2021-08-13)
- Added
- Adds Helm chart option to use an independently installed Conjur Connect
ConfigMap instead of configuring Conjur connection parameters via environment
variables.
cyberark/secrets-provider-for-k8s#349 - Adds Helm chart option to explicitly set the Secrets Provider Job name.
[cyberark/secrets-provide...
- Adds Helm chart option to use an independently installed Conjur Connect