Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update suite.yml for v1.17.6+suite.1 release #247

Merged
merged 2 commits into from
Jul 12, 2022
Merged

Conversation

john-odonnell
Copy link
Contributor

@john-odonnell john-odonnell commented May 16, 2022

Release Notes

All notable changes to this project will be documented in this file.

[1.17.6-suite.1] - 2022-07-08

Table of Contents

Components

These are the components that combine to create this Conjur OSS Suite release and links
to their releases:

Conjur Server

Conjur SDK

Platform Integrations

DevOps Tools

Secretless Broker

Summon

Installation Instructions for the Suite Release Version of Conjur

Installing the Suite Release Version of Conjur requires setting the container image tag. Below are more specific instructions depending on environment.

  • Docker or docker-compose

    Set the container image tag to cyberark/conjur:1.17.6.
    For example, make the following update to the conjur service in the quickstart docker-compose.yml

    image: cyberark/conjur:1.17.6
    
  • Conjur Open Source Helm chart

    Update the image.tag value and use the appropriate release of the helm chart:

    helm install ... \
      --set image.tag="1.17.6" \
      ...
      https://github.com/cyberark/conjur-oss-helm-chart/releases/download/v2.0.4/conjur-oss-2.0.4.tgz
    

Upgrade Instructions

Upgrade instructions are available for the following components:

Changes

The following are changes to the constituent components since the last Conjur
OSS Suite release:

cyberark/conjur

v1.17.3 (2022-04-04)

  • Changed
    • Fixed issue where an invalid content type sent by our .NET SDK was causing
      Conjur to error - but this wasn't the case before the Ruby 3 upgrade
      #2525
    • Verify non user or host resources do not have credentials.
    • Update to automated release process
    • Proper error message appears when JWT Authenticator gets HTTP code error while trying to fetch JWKS data from jwks-uri #2474
    • Upgrade to Ruby 3. #2444
  • Added
    • Added the ability to fetch signing keys from JWKS endpoints that use a self-signed certificate or a certificate signed by a third-party CA for JWT generic vendor configuration
      (#2462 #2461 #2456 #2455 #2457 #2452 #2437)
    • Added the ability for JWT generic vendor configuration to receive signing keys for JWT token verification from a variable. Variable name is public-keys
      (#2463 #2461 #2456 #2455 #2454 #2450 #2447 #2437)
    • Added support for SNI certificates when talking to the Kubernetes API server through the web socket client.
      #2482
    • Added support for http(s)_proxy for Kubernetes client in Kubernetes authenticator
      #2432
  • Fixed
    • IAM Authn bug fix - Take rexml gem to production configuration #2493
    • Previously, a stale puma pid file would prevent the Conjur server from starting successfully. Conjur now removes a stale pid file at startup, if it exists. #2498
    • Use entirety of configured Kubernetes endpoint URL in Kubernetes authenticator's web socket client, instead of only host and port #2479
  • Security

v1.17.6 (2022-04-07)

cyberark/conjur-openapi-spec

v5.3.0 (2021-12-22)

cyberark/conjur-api-dotnet

v2.1.1 (2022-03-14)

cyberark/conjur-api-go

v0.8.1 (2021-12-16)

v0.9.0 (2022-02-20)

v0.10.0 (2022-05-19)

v0.10.1 (2022-06-14)

cyberark/conjur-api-java

v3.0.3 (2022-05-31)

cyberark/conjur-api-ruby

v5.3.6 (2021-12-09)

v5.3.7 (2021-12-28)

cyberark/cloudfoundry-conjur-buildpack

v2.2.2 (2022-01-03)

v2.2.3 (2022-06-07)

v2.2.4 (2022-06-16)

cyberark/conjur-service-broker

v1.2.4 (2022-05-05)

v1.2.5 (2022-06-16)

cyberark/conjur-authn-k8s-client

v0.23.0 (2022-01-14)

v0.23.1 (2022-02-11)

v0.23.3 (2022-05-19)

v0.23.5 (2022-06-14)

v0.23.6 (2022-06-16)

cyberark/secrets-provider-for-k8s

v1.4.0 (2022-02-15)

v1.4.1 (2022-04-01)

v1.4.3 (2022-07-07)

cyberark/secretless-broker

v1.7.9 (2022-01-14)

v1.7.10 (2022-02-15)

v1.7.11 (2022-04-29)

v1.7.12 (2022-05-02)

v1.7.13 (2022-07-07)

  • Changed
    • Updated direct dependencies in bin/juxtaposer/go.mod and in go.mod and add replace statements
      for known vulnerable third-party versions.
      cyberark/secretless-broker#1467

cyberark/summon

v0.9.1 (2021-12-22)

  • Changed
    • Update go to 1.17 & switch to github.com/urfave/cli
      from github.com/codegangsta/cli
      cyberark/summon#226

v0.9.2 (2022-05-31)

v0.9.3 (2022-06-15)

  • Changed
    • Updated dependencies in go.mod (github.com/stretchr/testify -> 1.7.2,
      github.com/urfave/cli -> 1.22.9, golang.org/x/net -> v0.0.0-20220607020251-c690dde0001d,
      gopkg.in/yaml.v3 -> v3.0.1)
      cyberark/summon#234

cyberark/summon-conjur

v0.6.1 (2021-12-31)

v0.6.2 (2022-02-25)

v0.6.3 (2022-05-19)

v0.6.4 (2022-07-06)

  • Changed
    • Updated direct dependencies (github.com/cyberark/conjur-api-go -> v0.10.1,
      github.com/stretchr/testify -> 1.7.2)
      cyberark/summon-conjur#106

@john-odonnell john-odonnell marked this pull request as ready for review May 17, 2022 15:59
@john-odonnell john-odonnell requested a review from a team as a code owner May 17, 2022 15:59
@jtuttle
Copy link
Member

jtuttle commented Jul 12, 2022

What's New

This suite release aligned with Conjur Server version 1.17.6. It includes the release of Secrets Provider Rotation and a Ruby version fix for Conjur Service Broker. Support has also been added for JWT authentication in several projects and there have been a great deal of fixes for recent CVEs.

Secrets Provider Rotation

The Secrets Provider for Kubernetes can now be configured to support rotation of secrets in push-to-file mode. This Suite release includes both the Community and GA milestones. See ROTATION.md for details.

Conjur Service Broker Ruby update

The Ruby version specified in the Conjur Service Broker's manifest is no longer pinned, which should prevent a known issue where the pinned buildpack was no longer available on newer versions of Tanzu. The service broker has also been update to work with Ruby version 2.7 and above.

Rancher Support

A fix was made to Conjur that makes the Kubernetes cluster URL configuration more flexible and enables support for deployment on Rancher.

JWT Authentication

Support for using a JWT authentication flow has been added to the following projects:

OpenShift 3.11 Support Deprecation

Products that can be deployed on OpenShift will no longer be supported for OpenShift 3.11.

Security Fixes

This release includes a security fixes for a number of CVEs across all projects. See the CHANGELOGs of individual products for more details.

@jtuttle jtuttle merged commit dbbecd6 into main Jul 12, 2022
@jtuttle jtuttle deleted the release-v1.17.6+suite.1 branch July 12, 2022 19:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

2 participants