Skip to content

v1.20.0

Compare
Choose a tag to compare
@conjur-jenkins conjur-jenkins released this 04 Aug 21:07
7044dbc

[1.20.0] - 2023-09-21

Fixed

Added

  • Support an optionalca-cert variable for providing custom certs/chains to verify
    OIDC providers or proxies when using the OIDC authenticator
    cyberark/conjur#2933
  • New flag to conjurctl server command called --no-migrate which allows for skipping
    the database migration step when starting the server.
    cyberark/conjur#2895
  • Telemetry support
    cyberark/conjur#2854
  • Introduces support for Policy Factory, which enables resource creation
    through a new factories API.
    cyberark/conjur#2855
  • Use base images with newer Ubuntu and UBI.
    Display FIPS Mode status in the UI (requires temporary fix for OpenSSL gem).
    cyberark/conjur#2874

Changed

  • The database thread pool max connection size is now based on the number of
    web worker threads per process, rather than an arbitrary fixed number. This
    mitigates the possibility of a web worker becoming starved while waiting for
    a connection to become available.
    cyberark/conjur#2875
  • Changed base-image tagging strategy
    cyberark/conjur#2926

Fixed

  • Support Authn-IAM regional requests when host value is missing from signed headers.
    cyberark/conjur#2827

Security

  • Support plural syntax for revoke and deny
    cyberark/conjur#2901
  • Previously, attempting to add and remove a privilege in the same policy load
    resulted in only the positive privilege (grant, permit) taking effect. Now we
    fail safe and the negative privilege statement (revoke, deny) is the final
    outcome
    cyberark/conjur#2907
  • Update puma to 6.3.1 to address CVE-2023-40175.
    cyberark/conjur#2925