Release Notes
All notable changes to this project will be documented in this file.
[v1.19.5+suite.1] - 2023-06-29
Table of Contents
- Components
- Installation Instructions for the Suite Release Version of Conjur
- Upgrade Instructions
- Changes
Components
These are the components that combine to create this Conjur OSS Suite release and links
to their releases:
Conjur Server
- cyberark/conjur v1.19.5 (2023-06-29)
- cyberark/conjur-openapi-spec v5.3.0 (2021-12-22)
- cyberark/conjur-oss-helm-chart v2.0.6 (2023-03-09)
Conjur SDK
- cyberark/conjur-cli-go v8.0.10 (2023-06-29)
- cyberark/conjur-api-dotnet v2.1.1 (2022-03-14)
- cyberark/conjur-api-go v0.11.1 ()
- cyberark/conjur-api-java v3.0.5 (2023-06-08)
- cyberark/conjur-api-python v0.1.0 (2023-02-14)
- cyberark/conjur-api-ruby v5.4.1 (2023-06-14)
Platform Integrations
- cyberark/cloudfoundry-conjur-buildpack v2.2.8 (2023-06-21)
- cyberark/conjur-service-broker v1.2.10 (2023-06-21)
- cyberark/conjur-authn-k8s-client v0.25.1 (2023-06-12)
- cyberark/secrets-provider-for-k8s v1.5.1 (2023-05-26)
DevOps Tools
- cyberark/ansible-conjur-collection v1.2.0 (2020-09-01)
- cyberark/ansible-conjur-host-identity v0.3.2 (2020-12-29)
- cyberark/conjur-puppet v3.1.0 (2020-10-08)
- cyberark/terraform-provider-conjur v0.6.6 (2023-06-21)
Secretless Broker
- cyberark/secretless-broker v1.7.17 (2023-04-17)
Summon
- cyberark/summon v0.9.6 (2023-06-14)
- cyberark/summon-conjur v0.7.1 (2023-06-14)
Installation Instructions for the Suite Release Version of Conjur
Installing the Suite Release Version of Conjur requires setting the container image tag. Below are more specific instructions depending on environment.
-
Docker or docker-compose
Set the container image tag to
cyberark/conjur:1.19.5
.
For example, make the following update to the conjur service in the quickstart docker-compose.ymlimage: cyberark/conjur:1.19.5
-
Update the
image.tag
value and use the appropriate release of the helm chart:helm install ... \ --set image.tag="1.19.5" \ ... https://github.com/cyberark/conjur-oss-helm-chart/releases/download/v2.0.6/conjur-oss-2.0.6.tgz
Upgrade Instructions
Upgrade instructions are available for the following components:
Changes
The following are changes to the constituent components since the last Conjur
OSS Suite release:
- cyberark/conjur
- cyberark/conjur-cli-go
- cyberark/conjur-api-java
- cyberark/conjur-api-ruby
- cyberark/cloudfoundry-conjur-buildpack
- cyberark/conjur-service-broker
- cyberark/conjur-authn-k8s-client
- cyberark/secrets-provider-for-k8s
- cyberark/terraform-provider-conjur
- cyberark/summon
- cyberark/summon-conjur
cyberark/conjur
v1.19.5 (2023-06-29)
- Changed
- OIDC tokens will now have a default ttl of 60 mins
cyberark/conjur#2800
- OIDC tokens will now have a default ttl of 60 mins
- Fixed
- AuthnJWT now supports claims that include hyphens and inline namespaces.
cyberark/conjur#2792 - Authn-IAM now uses the host in the signed headers to determine which STS endpoint
(global or regional) to use for validation.
- AuthnJWT now supports claims that include hyphens and inline namespaces.
- Security
- Update bundler to 2.2.33 to remove CVE-2021-43809
cyberark/conjur#2804
- Update bundler to 2.2.33 to remove CVE-2021-43809
cyberark/conjur-cli-go
v8.0.10 (2023-06-29)
- Fixed
- Fixed missing example commands in help output
cyberark/conjur-cli-go#134
- Fixed missing example commands in help output
- Security
- Upgrade golang.org/x/net to v0.10.0
cyberark/conjur-cli-go#139 - Upgrade golang.org/x/net to v0.10.0, golang.org/x/crypto to v0.9.0,
golang.org/x/sys to v0.8.0, golang.org/x/text to v0.9.0, and Go to 1.20
cyberark/conjur-cli-go#138
- Upgrade golang.org/x/net to v0.10.0
cyberark/conjur-api-java
v3.0.5 (2023-06-08)
- Changed
- Migrate JAX-RS to latest Jakarta version
cyberark/conjur-api-java#119 - Avoid calling login for host
cyberark/conjur-api-java#117
- Migrate JAX-RS to latest Jakarta version
- Fixed
- Fix dependency information stripped from non-shaded jar
cyberark/conjur-api-java#119
- Fix dependency information stripped from non-shaded jar
- Security
- Update nginx to 1.24 in Dockerfile.nginx
cyberark/conjur-api-java#118
- Update nginx to 1.24 in Dockerfile.nginx
cyberark/conjur-api-ruby
v5.4.1 (2023-06-14)
- Added
- Added authenticate wrapper to access unparsed response object (including headers).
cyberark/conjur-api-ruby#213 - Support Ruby v3.1 and v3.2.
cyberark/conjur-api-ruby#220
- Added authenticate wrapper to access unparsed response object (including headers).
cyberark/cloudfoundry-conjur-buildpack
v2.2.8 (2023-06-21)
- Security
- Upgrade golang.org/x/net to v0.10.0, golang.org/x/text to v0.9.0, golang.org/x/sys to v0.8.0, rack to 3.0.1,
spring-boot to 3.0.6, and java to 17
cyberark/cloudfoundry-conjur-buildpack#172 - Update ruby in ci/parse-changelog.sh from 2.5 to 3.1
cyberark/cloudfoundry-conjur-buildpack#170
- Upgrade golang.org/x/net to v0.10.0, golang.org/x/text to v0.9.0, golang.org/x/sys to v0.8.0, rack to 3.0.1,
cyberark/conjur-service-broker
v1.2.10 (2023-06-21)
- Security
- Upgrade ruby to 3.2, Go image to 1.20-alpine, and golang.org/x/sys to v0.8.0
cyberark/conjur-service-broker#331 - Update nokogiri to 1.14.3 to address GHSA-pxvg-2qj5-37jq
cyberark/conjur-service-broker#326
- Upgrade ruby to 3.2, Go image to 1.20-alpine, and golang.org/x/sys to v0.8.0
cyberark/conjur-authn-k8s-client
v0.25.1 (2023-06-12)
- Security
- Upgrade Dockerfile base images to golang:1.20 and golang.org/x/sys dependency to 0.8.0
cyberark/conjur-authn-k8s-client#516 - Update ruby fom 2.5 to 3.1 in bin/parse-changelog.sh
cyberark/conjur-authn-k8s-client#514 - Upgrade container security settings
cyberark/conjur-authn-k8s-client#518
- Upgrade Dockerfile base images to golang:1.20 and golang.org/x/sys dependency to 0.8.0
cyberark/secrets-provider-for-k8s
v1.5.1 (2023-05-26)
- Security
- Forced github.com/emicklei/go-restful/v3 to use v3.10.2 to remove PRISMA-2022-0227 (found in Twistlock scan)
and updated versions of gotelemetry.io/otel (to 1.16.0), github.com/stretchr/testify (to 1.8.3), and
the k8s.io libraries (to 0.27.2)
cyberark/secrets-provider-for-k8s#526
- Forced github.com/emicklei/go-restful/v3 to use v3.10.2 to remove PRISMA-2022-0227 (found in Twistlock scan)
cyberark/terraform-provider-conjur
v0.6.6 (2023-06-21)
- Security
- Updated golang.org/x/sys to v0.8.0 and golang.org/x/text to v0.9.0
cyberark/terraform-provider-conjur#123 - Updated golang.org/x/net to v0.7.0 for CVE-2022-41721 and CVE-2022-41723, and
golang.org/x/text to v0.3.8 for CVE_2022-32149
cyberark/terraform-provider-conjur#117
- Updated golang.org/x/sys to v0.8.0 and golang.org/x/text to v0.9.0
cyberark/summon
v0.9.6 (2023-06-14)
- Security
- Upgrade golang.org/x/net to v0.10.0, golang.org/x/crypto to v0.9.0,
golang.org/x/sys to v0.8.0, and Go to 1.20
cyberark/summon#247 - Upgrade golang.org/x/net to v0.7.0 for CVE-2022-41721 and CVE-2022-41722 (not vulnerable)
cyberark/summon#245
- Upgrade golang.org/x/net to v0.10.0, golang.org/x/crypto to v0.9.0,
cyberark/summon-conjur
v0.7.1 (2023-06-14)
- Security
- Update golang.org/x/sys to v0.8.0, gopkg.in/yaml.v3 to v3.0.1, and Go to 1.20
in Dockerfile.text
cyberark/summon-conjur#112
- Update golang.org/x/sys to v0.8.0, gopkg.in/yaml.v3 to v3.0.1, and Go to 1.20