Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Suite release v1.20.0+suite.1 #270

Closed
wants to merge 2 commits into from
Closed

Suite release v1.20.0+suite.1 #270

wants to merge 2 commits into from

Conversation

gl-johnson
Copy link
Contributor

@gl-johnson gl-johnson commented Oct 2, 2023
edited by jtuttle
Loading

Release Notes

All notable changes to this project will be documented in this file.

[v1.20.0+suite.1] - 2023-10-05

Table of Contents

Components

These are the components that combine to create this Conjur OSS Suite release and links
to their releases:

Conjur Server

Conjur SDK

Platform Integrations

DevOps Tools

Secretless Broker

Summon

Installation Instructions for the Suite Release Version of Conjur

Installing the Suite Release Version of Conjur requires setting the container image tag. Below are more specific instructions depending on environment.

  • Docker or docker-compose

    Set the container image tag to cyberark/conjur:1.20.0.
    For example, make the following update to the conjur service in the quickstart docker-compose.yml

    image: cyberark/conjur:1.20.0

  • Conjur Open Source Helm chart

    Update the image.tag value and use the appropriate release of the helm chart:

    helm install ... \
  --set image.tag="1.20.0" \
  ...
  https://github.com/cyberark/conjur-oss-helm-chart/releases/download/v2.0.7/conjur-oss-2.0.7.tgz

Upgrade Instructions

Upgrade instructions are available for the following components:

Changes

The following are changes to the constituent components since the last Conjur
OSS Suite release:

cyberark/conjur

v1.20.0 (2023-09-21)

  • Added
    • Support an optionalca-cert variable for providing custom certs/chains to verify
      OIDC providers or proxies when using the OIDC authenticator
      cyberark/conjur#2933
    • New flag to conjurctl server command called --no-migrate which allows for skipping
      the database migration step when starting the server.
      cyberark/conjur#2895
    • Telemetry support
      cyberark/conjur#2854
    • Introduces support for Policy Factory, which enables resource creation
      through a new factories API.
      cyberark/conjur#2855
    • Use base images with newer Ubuntu and UBI.
      Display FIPS Mode status in the UI (requires temporary fix for OpenSSL gem).
      cyberark/conjur#2874
  • Changed
    • The database thread pool max connection size is now based on the number of
      web worker threads per process, rather than an arbitrary fixed number. This
      mitigates the possibility of a web worker becoming starved while waiting for
      a connection to become available.
      cyberark/conjur#2875
    • Changed base-image tagging strategy
      cyberark/conjur#2926
  • Fixed
  • Security
    • Upgrade google/cloud-sdk in ci/test_suites/authenticators_k8s/dev/Dockerfile/test
      to use latest version (448.0.0)
      cyberark/conjur#2972
    • Support plural syntax for revoke and deny
      cyberark/conjur#2901
    • Previously, attempting to add and remove a privilege in the same policy load
      resulted in only the positive privilege (grant, permit) taking effect. Now we
      fail safe and the negative privilege statement (revoke, deny) is the final
      outcome
      cyberark/conjur#2907
    • Update puma to 6.3.1 to address CVE-2023-40175.
      cyberark/conjur#2925

cyberark/conjur-openapi-spec

v5.3.1 (2023-07-11)

cyberark/conjur-oss-helm-chart

v2.0.7 (2023-08-30)

cyberark/conjur-authn-k8s-client

v0.26.0 (2023-07-18)

  • Added
    • Log level is now configurable using the LOG_LEVEL environment variable or conjur.org/log-level annotation.
      The existing DEBUG environment variable and conjur.org/debug-logging annotation is deprecated and will be removed in a future update.
      cyberark/conjur-authn-k8s-client#522
  • Fixed
  • Security

cyberark/secrets-provider-for-k8s

v1.6.0 (2023-07-19)

cyberark/ansible-conjur-collection

v1.2.1 (2023-09-20)

v1.2.2 (2023-09-28)

cyberark/conjur-puppet

v3.1.1 (2023-08-23)

cyberark/secretless-broker

v1.7.19 (2023-11-02)

  • Added
    • Add support for caching_sha256_password to mysql connector

v1.7.18 (2023-08-22)

  • Added
    • Added support for SCRAM-SHA-256 to postgres connector
  • Changed
  • Security
    • Updated github.com/docker/docker to v24.0.5 (CONJSE-1798)

@gl-johnson gl-johnson marked this pull request as ready for review October 2, 2023 15:00
@gl-johnson gl-johnson requested a review from a team as a code owner October 2, 2023 15:00
@jtuttle
Copy link
Member

jtuttle commented Oct 5, 2023

What's New

This suite release aligned with Conjur Server version 1.20.0.

Conjur Improvements

Conjur has received a number of improvements. Please see the Conjur CHANGELOG for details.

Secretless Broker Security Improvements

The postgres and MySQL connectors of Secretless Broker have both been updated to support more secure authentication protocols.

Configurable Logging Levels

The logging level can now be configured in both the Conjur K8s Client and Secrets Provider for K8s by setting the LOG_LEVEL environment variable as described in the docs.

Updated Ansible Compatibility

The Conjur Ansible Collection has been tested and confirmed compatible with Ansible versions 6, 7, and 8.

Bug Fixes and Security Patches

Conjur and several other projects in the OSS Suite have been updated with bug fixes and security patches. See the release notes for details.

@niteshtaneja
Copy link

Regarding whats new, "Configurable logging levels" section is still pointing to the old documentation. I can work with @gcandiloro to make sure the changes we made go live before we release. Other than that, looks good.

@niteshtaneja
Copy link

Regarding RNs, couple of minor things-

  • Is there a reason we dont have a date next to conjur-api-go?
  • Need a space between optional and ca "Support an optionalca-cert variable"

@jtuttle
Copy link
Member

jtuttle commented Nov 27, 2023

This got merged in NG.

@jtuttle jtuttle closed this Nov 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@niteshtaneja niteshtaneja niteshtaneja approved these changes

@jtuttle jtuttle jtuttle approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gl-johnson @jtuttle @niteshtaneja