Releases: cyberark/conjur
Releases · cyberark/conjur
v1.19.2
[1.19.2] - 2022-01-13
Fixed
- Previously, including
limitoroffsetparameters to a resource list request
resulted in the returned list being unexpectedly sorted. Now, all resource list
request results are sorted by resource ID.
cyberark/conjur#2702
Security
- Upgraded Rails to 6.1.7.1 to resolve CVE-2023-22794 (not vulnerable)
cyberark/conjur#2703
v1.19.1
[1.19.1] - 2022-12-08
Security
- Update loofah to 2.19.1 for CVE-2022-23514, CVE-2022-23515 and CVE-2022-23516 (all Not Vulnerable)
and rails-html-sanitizr to 1.4.4 for CVE-2022-23517, CVE-2022-23518, CVE-2022-23519, and CVE-2022-23520 (Not vulnerable)
cyberark/conjur#2686 - Updated nokogiri in root and docs Gemfile.lock files to resolve GHSA-qv4q-mr5r-qprj
cyberark/conjur#2684
Fixed
- Previously, if an OIDC authenticator was configured with a
Statuswebservice,
the OIDC provider endpoint would include duplicate OIDC authenticators. This change resolves ONYX-25530.
cyberark/conjur#2678 - Allows V2 OIDC authenticators to be checked through the authenticator status
endpoint. This change resolves ONYX-25531.
cyberark/conjur#2692 - Previously, if an OIDC provider endpoint was incorrect, the provider list endpoint
would raise an exception. This change resolves ONYX-30387
cyberark/conjur#2688
Added
- Provides support for PKCE in the OIDC Authenticator code redirect workflow.
This is enabled by default. If needed, it can be disabled using the
CONJUR_FEATURE_PKCE_SUPPORT_ENABLEDfeature flag.
cyberark/conjur#2678 - OIDC Authenticator can now be configured to distribute access tokens with a
custom time-to-live.
cyberark/conjur#2683 - List members request (
GET /roles/conjur/{kind}/{identifier}?members) now produce audit events.
cyberark/conjur#2691 - Show resource request (
GET /resources/:account/:kind/*identifier) now produce audit events.
cyberark/conjur#2695 - List memberships request (
GET /roles/:account/:kind/*identifier?memberships) now produce audit events.
cyberark/conjur#2693
v1.19.0
[1.19.0] - 2022-11-29
Added
- Conjur policy loads can now emit callbacks to extensions on policy
load lifecycle events (e.g. before/after policy load). This is disabled
by default, but is available under the
CONJUR_FEATURE_POLICY_LOAD_EXTENSIONSfeature flag.
cyberark/conjur#2671 - Conjur roles API can now emit callbacks to extensions on member add and
remove events (e.g. before/after add member). This is disabled by default,
but is available under theCONJUR_FEATURE_ROLES_API_EXTENSIONSfeature flag.
cyberark/conjur#2671
Security
- Updated nokogiri in root and docs Gemfile.lock files to resolve GHSA-2qc6-mcvw-92cw
cyberark/conjur#2670
v1.18.5
[1.18.5] - 2022-09-14
Added
- List resources request (
GET /resources) now produce audit events.
(cyberark/conjur#2652
Changed
- AWS Access Key Rotation now preserves only one key
v1.18.4
[1.18.4] - 2022-09-11
Added
- Adds support for authorization token in header in OIDC authenticator.
cyberark/conjur#2637
v1.18.3
v1.18.2
v1.18.1
[1.18.1] - 2022-08-01
Changed
- Migrates OIDC Provider list to be accessable via an unauthentated
endpoint. This is not a concern as logins using this endpoint already
display the redirect endpoint on the login page.
cyberark/conjur#2625
v1.18.0
[1.18.0] - 2022-08-01
Added
- Adds support for namespace label based identity scope for the Kubernetes Authenticator
cyberark/conjur#2613
Changed
- Adds support for authentication using OIDC's code authorization flow
cyberark/conjur#2595
Security
- Updated tzinfo to 1.2.10 to address CVE-2022-31163
cyberark/conjur#2610
v1.17.8
[1.17.8] - 2022-07-14
Security
- Updated rails to 6.1.6.1 to remove CVE-2022-32224
cyberark/conjurinc#2605