v1.13.1+suite.1
v1.13.1+suite.1
jtuttle
John Tuttle
This tag was signed with the committer’s verified signature.
jtuttle
John Tuttle
Release Notes
All notable changes to this project will be documented in this file.
[v1.13.1+suite.1] - 2021-09-20
Table of Contents
- Components
- Installation Instructions for the Suite Release Version of Conjur
- Upgrade Instructions
- Changes
Components
These are the components that combine to create this Conjur OSS Suite release and links
to their releases:
Conjur Server
- cyberark/conjur v1.13.1 (2021-09-13)
- cyberark/conjur-openapi-spec v5.2.0 (2021-09-08)
- cyberark/conjur-oss-helm-chart v2.0.4 (2021-04-12)
Conjur SDK
- cyberark/conjur-cli v6.2.4 (2021-07-01)
- cyberark/conjur-api-dotnet v2.1.0 (2021-09-08)
- cyberark/conjur-api-go v0.8.0 (2021-09-10)
- cyberark/conjur-api-java v3.0.2 (2020-10-28)
- cyberark/conjur-api-python3 v7.0.1 (2020-04-12)
- cyberark/conjur-api-ruby v5.3.5 (2021-05-04)
Platform Integrations
- cyberark/cloudfoundry-conjur-buildpack v2.2.1 (2020-06-24)
- cyberark/conjur-service-broker v1.2.1 (2021-08-02)
- cyberark/conjur-authn-k8s-client v0.22.0 (2021-09-17)
- cyberark/secrets-provider-for-k8s v1.1.5 (2021-08-13)
DevOps Tools
- cyberark/ansible-conjur-collection v1.1.0 (2020-12-29)
- cyberark/ansible-conjur-host-identity v0.3.2 (2020-12-29)
- cyberark/conjur-puppet v3.1.0 (2020-10-08)
- cyberark/terraform-provider-conjur v0.6.2 ()
Secretless Broker
- cyberark/secretless-broker v1.7.6 (2021-09-10)
Summon
- cyberark/summon v0.9.0 (2021-07-19)
- cyberark/summon-conjur v0.6.0 (2021-08-11)
Installation Instructions for the Suite Release Version of Conjur
Installing the Suite Release Version of Conjur requires setting the container image tag. Below are more specific instructions depending on environment.
-
Docker or docker-compose
Set the container image tag to
cyberark/conjur:1.13.1.
For example, make the following update to the conjur service in the quickstart docker-compose.ymlimage: cyberark/conjur:1.13.1 -
Update the
image.tagvalue and use the appropriate release of the helm chart:helm install ... \ --set image.tag="1.13.1" \ ... https://github.com/cyberark/conjur-oss-helm-chart/releases/download/v2.0.4/conjur-oss-2.0.4.tgz
Upgrade Instructions
Upgrade instructions are available for the following components:
Changes
The following are changes to the constituent components since the last Conjur
OSS Suite release:
- cyberark/conjur
- cyberark/conjur-openapi-spec
- cyberark/conjur-api-dotnet
- cyberark/conjur-api-go
- cyberark/conjur-authn-k8s-client
- cyberark/secrets-provider-for-k8s
- cyberark/terraform-provider-conjur
- cyberark/secretless-broker
cyberark/conjur
v1.13.1 (2021-09-13)
- Changed
- OIDC based authenticators no longer return Bad Gateway and Gateway Timeout http error codes.
Unauthorised is returned instead.
cyberark/conjur#2360
- OIDC based authenticators no longer return Bad Gateway and Gateway Timeout http error codes.
- Fixed
- Fix bug of cache not working in authn jwt. cyberark/conjur#2353
- Fix bug authn-jwt now appears in installed authenticators list of authenticators endpoint output. cyberark/conjur#2365
cyberark/conjur-openapi-spec
v5.2.0 (2021-09-08)
- Added
- New JWT authenticator endpoints have been added to the spec.
cyberark/conjur-openapi-spec#193
- New JWT authenticator endpoints have been added to the spec.
- Changed
- Consolidate bin/integration_test and bin/test_enterprise into bin/test_integration.
Renamed bin/api_test to bin/test_api_contract and bin/start to bin/dev to maintain
repository- and company-wide script convention.
cyberark/conjur-openapi-spec#166 - Remove Bad Gateway error code from authn-oidc error codes following cyberark/conjur#2360
cyberark/conjur-openapi-spec#204
- Consolidate bin/integration_test and bin/test_enterprise into bin/test_integration.
- Fixed
- Request body details for secret creation so all clients can properly set secrets. This changes
the MIME type of the request body to application/octet-stream in place of text plain,
allowing for proper binary secrets in clients (format: binary is broken in some clients).
cyberark/conjur-openapi-spec#187 - Authentication methods not requiring any API authentication (conjurAuth, basicAuth, etc) now
specify an empty list as the security field ensuring utilities dont assume all authentication
types are valid.
cyberark/conjur-openapi-spec#196
- Request body details for secret creation so all clients can properly set secrets. This changes
cyberark/conjur-api-dotnet
v2.1.0 (2021-09-08)
- Added
- Add parameter to the function Policy::LoadPolicy() to allow a different load method other than POST. POST being the default value. Currently Conjur supports POST, PUT and PATCH
cyberark/conjur-api-go
v0.8.0 (2021-09-10)
- Added
- New check in RetrieveBatchSecretSafe method which will return an error if the Content-Type header
is not set in the response (this indicates Conjur is out of date with the client).
cyberark/conjur-api-go#104
- New check in RetrieveBatchSecretSafe method which will return an error if the Content-Type header
- Changed
- RetrieveBatchSecretsSafe method is updated to use the Accept-Encoding header
instead of Accept, consistent with recent updates on the Conjur server.
cyberark/conjur-api-go#99
- RetrieveBatchSecretsSafe method is updated to use the Accept-Encoding header
cyberark/conjur-authn-k8s-client
v0.22.0 (2021-09-17)
- Added
- Introduces the conjur-config-cluster-prep.yaml and conjur-config-namespace-prep.yaml raw Kubernetes manifests generated from their corresponding Helm charts. These manifests provide an alternative method of configuring a Kubernetes cluster for the deployment of Conjur-authenticated applications for users unable to use Helm in their environment.
cyberark/conjur-authn-k8s-client#338 - Added user-configurable Helm values for the names of resources created by the conjur-config-namespace-prep Helm chart
cyberark/conjur-authn-k8s-client#383
- Introduces the conjur-config-cluster-prep.yaml and conjur-config-namespace-prep.yaml raw Kubernetes manifests generated from their corresponding Helm charts. These manifests provide an alternative method of configuring a Kubernetes cluster for the deployment of Conjur-authenticated applications for users unable to use Helm in their environment.
- Security
- Upgrades Openssl in Alpine to resolve CVE-2021-3711.
cyberark/conjur-authn-k8s-client#392 - Upgrades Alpine to v3.14 to resolve CVE-2021-36159.
cyberark/conjur-authn-k8s-client#374
- Upgrades Openssl in Alpine to resolve CVE-2021-3711.
cyberark/secrets-provider-for-k8s
v1.1.5 (2021-08-13)
- Added
- Adds Helm chart option to use an independently installed Conjur Connect
ConfigMap instead of configuring Conjur connection parameters via environment
variables.
cyberark/secrets-provider-for-k8s#349 - Adds Helm chart option to explicitly set the Secrets Provider Job name.
cyberark/secrets-provider-for-k8s#352
- Adds Helm chart option to use an independently installed Conjur Connect
- Security
- Upgrades base Alpine image used for Secrets Provider container image to
v3.14 to resolve CVE-2021-36159.
cyberark/secrets-provider-for-k8s#354
- Upgrades base Alpine image used for Secrets Provider container image to
cyberark/terraform-provider-conjur
v0.6.1 (2021-09-02)
- Changed
- Archive format changed to support publishing to registry.terraform.io
cyberark/secretless-broker
v1.7.6 (2021-09-10)
- Added
- Secretless and secretless-redhat containers now use Alpine 3.14 as their base
image. PR cyberark/secretless-broker#1423
- Secretless and secretless-redhat containers now use Alpine 3.14 as their base