Release Notes

All notable changes to this project will be documented in this file.

[v1.19.2+suite.1] - 2023-03-03

Components
Installation Instructions for the Suite Release Version of Conjur
Upgrade Instructions
Changes

Components

These are the components that combine to create this Conjur OSS Suite release and links
to their releases:

Installation Instructions for the Suite Release Version of Conjur

Installing the Suite Release Version of Conjur requires setting the container image tag. Below are more specific instructions depending on environment.

Docker or docker-compose

Set the container image tag to cyberark/conjur:1.19.2.
For example, make the following update to the conjur service in the quickstart docker-compose.yml
```
image: cyberark/conjur:1.19.2
```

Conjur Open Source Helm chart

Update the image.tag value and use the appropriate release of the helm chart:

helm install ... \
  --set image.tag="1.19.2" \
  ...
  https://github.com/cyberark/conjur-oss-helm-chart/releases/download/v2.0.5/conjur-oss-2.0.5.tgz

Upgrade Instructions

Upgrade instructions are available for the following components:

Changes

The following are changes to the constituent components since the last Conjur
OSS Suite release:

cyberark/conjur
cyberark/conjur-cli-go
cyberark/conjur-api-go
cyberark/conjur-api-java
cyberark/conjur-api-python
cyberark/cloudfoundry-conjur-buildpack
cyberark/conjur-service-broker
cyberark/terraform-provider-conjur

cyberark/conjur

v1.19.1 (2022-12-08)

Added
- Provides support for PKCE in the OIDC Authenticator code redirect workflow.
  This is enabled by default. If needed, it can be disabled using the
  CONJUR_FEATURE_PKCE_SUPPORT_ENABLED feature flag.
  cyberark/conjur#2678
- OIDC Authenticator can now be configured to distribute access tokens with a
  custom time-to-live.
  cyberark/conjur#2683
- List members request (GET /roles/conjur/{kind}/{identifier}?members) now produce audit events.
  cyberark/conjur#2691
- Show resource request (GET /resources/:account/:kind/*identifier) now produce audit events.
  cyberark/conjur#2695
- List memberships request (GET /roles/:account/:kind/*identifier?memberships) now produce audit events.
  cyberark/conjur#2693
Fixed
- Previously, if an OIDC authenticator was configured with a Status webservice,
  the OIDC provider endpoint would include duplicate OIDC authenticators. This change resolves ONYX-25530.
  cyberark/conjur#2678
- Allows V2 OIDC authenticators to be checked through the authenticator status
  endpoint. This change resolves ONYX-25531.
  cyberark/conjur#2692
- Previously, if an OIDC provider endpoint was incorrect, the provider list endpoint
  would raise an exception. This change resolves ONYX-30387
  cyberark/conjur#2688
Security
- Update loofah to 2.19.1 for CVE-2022-23514, CVE-2022-23515 and CVE-2022-23516 (all Not Vulnerable)
  and rails-html-sanitizr to 1.4.4 for CVE-2022-23517, CVE-2022-23518, CVE-2022-23519, and CVE-2022-23520 (Not vulnerable)
  cyberark/conjur#2686
- Updated nokogiri in root and docs Gemfile.lock files to resolve GHSA-qv4q-mr5r-qprj
  cyberark/conjur#2684

v1.19.2 (2023-01-13)

Fixed
- Previously, including limit or offset parameters to a resource list request
  resulted in the returned list being unexpectedly sorted. Now, all resource list
  request results are sorted by resource ID.
  cyberark/conjur#2702
Security
- Upgraded Rails to 6.1.7.1 to resolve CVE-2023-22794 (not vulnerable)
  cyberark/conjur#2703

cyberark/conjur-cli-go

v8.0.4 (2023-03-03)

Fixed
- Allow hostfactory cidrs to specify a subnet
  cyberark/conjur-cli-go#113
- Update variable get to retrieve multiple variables
  cyberark/conjur-cli-go#114

cyberark/conjur-api-go

v0.11.0 (2023-02-28)

Added
- Added support for Conjur's LDAP authenticator
  cyberark/conjur-api-go#141
- Added support for Conjur's OIDC authenticator
  cyberark/conjur-api-go#144
- Added CONJUR_AUTHN_JWT_TOKEN to support authenticating via authn-jwt with the contents of a JSON Web Token (JWT) cyberark/conjur-api-go#143
- Added new API method CheckPermissionForRole
  cyberark/conjur-api-go#153
Changed
- Resource IDs can now be partially-qualified, adhering to the form
  [:]:.
  cyberark/conjur-api-go#153
- User and Host IDs passed to their respective API key rotation functions can
  now be fully-qualified, adhering to the form [[:]:].
  cyberark/conjur-api-go#166
- The Hostfactory id is no longer required to be a fully qualified id.
  cyberark/conjur-api-go#164
Removed
- Remove all usage of Conjur v4
  cyberark/conjur-api-go#139
Security
- Upgrade gopkg.in/yaml.v3 indirect dependencies to v3.0.1 and Dockerfile to golang:1.19.5
  cyberark/conjur-api-go#158

cyberark/conjur-api-java

v3.0.4 (2023-02-27)

Security
- Update Dockerfile base images, bump Apache cxf to 3.5.5
  cyberark/conjur-api-java#113

cyberark/conjur-api-python

v0.1.0 (2023-02-14)

Added
- Add support for Role Memberships endpoint
  conjur-api-python#30
- Add support for Check Privilege endpoint
  conjur-api-python#34
- Add support for Show Role endpoint
  conjur-api-python#30
- Add role_exists method
  conjur-api-python#35
- Add support for Show Resource endpoint
  conjur-api-python#31
- Add resource_exists method
  conjur-api-python#32
- Add support for LDAP authentication
  conjur-api-python#22
- Supplying api token manually is now supported
  conjur-api-python#19
- Add support for OIDC authentication
  conjur-api-python#19
- Add support for enabling and disabling of an authenticator
  conjur-api-python#19
- Add support for creating hosts using host factory with provided annotations
  conjur-api-python#19
- The get_server_info method is now available in SDK. It is only supported against Conjur enterprise server
  conjur-api-python#19
Changed
- Include system truststore certs even if cert_file config is present
  conjur-api-python#37
- Abstract authentication flow into new AuthenticationStrategyInterface
  conjur-api-python#20
- Store API key in CreditentialsData object
  conjur-api-python#23

cyberark/cloudfoundry-conjur-buildpack

v2.2.7 (2023-03-02)

Security
- Upgdate spring-boot and Golang dependencies. Upgrade test app to Ruby 3 and update ruby dependencies.
  cyberark/cloudfoundry-conjur-buildpack#164
- Upgrade sinatra to 2.2.3 in /tests/integration/apps/ruby to resolve CVE-2022-45442
  cyberark/cloudfoundry-conjur-buildpack#159

cyberark/conjur-service-broker

v1.2.8 (2023-03-02)

Changed
- Upgrade supported Ruby version to 3.1.x. Resolves CVE-2021-33621, CVE-2020-36327 and CVE-2021-43809
  cyberark/conjur-service-broker#306
Security
- Update activesupport in Gemfile.lock to 6.1.7.2 for CVE-2023-22796 (not vulnerable)
  cyberark/conjur-service-broker#312
- Update activesupport in tests/integration/test-app/Gemfile.lock to 7.0.4.1
  for CVE-2023-22796 (not vulnerable)
  cyberark/conjur-service-broker#307
- Update conjur-api-go to v0.10.2 to udpate indirect dependency gopkg.in/yaml.v2
  cyberark/conjur-service-broker#305
- Update loofah to 2.19.1 for CVE-2022-23514, CVE-2022-23515 and CVE-2022-23516 (all Not Vulnerable)
  and rails-html-sanitizr to 1.4.4 for CVE-2022-23517, CVE-2022-23518, CVE-2022-23519, and CVE-2022-23520 (Not vulnerable)
  cyberark/conjur-service-broker#304
- Upgrade nokogiri to 1.13.10 to resolve CVE-2022-23476
  cyberark/conjur-service-broker#302
- Upgrade sinatra to 2.2.3 in tests/integration/test-app
  cyberark/conjur-service-broker#301

cyberark/terraform-provider-conjur

v0.6.5 (2022-11-30)

Changed
- Added support for Conjur Cloud by appending appliance_url with /api cyberark/terraform-provider-conjur#115

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v1.19.2+suite.1