Skip to content

v1.13.0

Choose a tag to compare

View all tags
@micahlee micahlee released this 29 Jul 18:54
· 1377 commits to master since this release
v1.13.0
This tag was signed with the committer’s verified signature.
micahlee Micah Lee
GPG key ID: 86DC546BB7F526B6
Verified
Learn about vigilant mode.
945da8e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Added

  • Added enforced claims support to JWT generic vendor configuration. ONYX-10520
  • Added claims mapping support to JWT generic vendor configuration. ONYX-10850
  • Added audience check to JWT generic vendor configuration. ONYX-10512

Security

  • Bump cyberark/ubi-ruby-fips from 1.0.3 to 1.0.4 to address CVE-2021-33910.
    cyberark/conjur#2333
  • Upgraded addressable in ./Gemfile.lock and ./docs/Gemfile.lock to 2.8.0 to resolve
    GHSA-jxhc-q857-3j6g cyberark/conjur#2311
  • Previously, OIDC authentication requests that included a user ID in the URL
    path would return a Conjur access token without requiring a valid OIDC token
    in the request. OIDC authentication requests that attempt to include a user ID
    in the URL path now return a 404 Not Found response.
    Security Bulletin
Assets 2
Loading