Releases: AthenZ/athenz
Releases · AthenZ/athenz
Athenz v1.11.60 Release
This release requires a schema change
https://github.com/AthenZ/athenz/blob/master/servers/zms/schema/updates/update-20240525.sql
What's Changed
- address CodeQL warning about safe int32 conversion and insecure cipher by @havetisyan in #2622
- keep state when key/cert were backed up for restore in case of failure by @havetisyan in #2623
- update schema for azure support by @havetisyan in #2624
- for role/group member expiry support all restrictions by @havetisyan in #2625
- support system allowed roles in id tokens by skipping limit check by @havetisyan in #2626
- remove dependency on jetty from client libraries by @havetisyan in #2627
- fix comparing ecdsa key/cert public key match by @havetisyan in #2630
- aws parameter store implementation for PrivateKeyStore interface by @abvaidya in #2631
- support principal domain filter for role/group members by @havetisyan in #2629
- update java and go depedencies to their latest releases by @havetisyan in #2633
- server k8s common module by @abvaidya in #2632
Full Changelog: v1.11.59...v1.11.60
Athenz v1.11.59 Release
What's Changed
- in jws domain object return service resource ownership by @havetisyan in #2613
- use issuer aws account or gcp project for launch authorization by @abvaidya in #2614
- update interface to use both enterprise and cloud hostname resolvers by @abvaidya in #2615
- provide capability to enable/disable principals by @havetisyan in #2616
- provide capability for system admins to use zms-cli to set business service by @havetisyan in #2618
- remove dups from role/group review list by @havetisyan in #2619
- updated go and java dependencies to their latest releases by @havetisyan in #2620
- bcprov-ext does not have 1.78.1 version by @havetisyan in #2621
Full Changelog: v1.11.58...v1.11.59
Athenz v1.11.58 Release
What's Changed
- support trust domains in spiffe uri in role certificates by @havetisyan in #2598
- systemd-notify-all option to notify systemd after role certificates by @havetisyan in #2599
- explicit launch authorization for k8s provider multi-tenancy use cases by @abvaidya in #2601
- Bump ejs from 3.1.9 to 3.1.10 in /ui by @dependabot in #2602
- for sia settings from env, set the config service field by @havetisyan in #2604
- extend gcp functions identity method to be generic for vm workloads by @havetisyan in #2605
- switch to using mysql 8.0 image from 5.7 for unit tests by @havetisyan in #2606
- automatically skip empty roles/group from review list by @havetisyan in #2607
- extended notification support by @havetisyan in #2603
- include additional sandns entry for pod ip by @abvaidya in #2608
- update role/service/group last modified time on tag update by @havetisyan in #2610
- allow groups in admin role based on config setting by @havetisyan in #2609
- updated go (1.22.3) and java dependencies to their latest releases by @havetisyan in #2611
Full Changelog: v1.11.57...v1.11.58
Athenz v1.10.62 Release
What's Changed
- update org.bouncycastle ( 1.10.x-jetty9 ) by @TakuyaMatsu in #2592
Full Changelog: v1.10.61...v1.10.62
Athenz v1.11.57 Release
What's Changed
- allow attribute validator for K8SProvider issuer validation by @abvaidya in #2589
- support for systemd notify option for sia agents by @havetisyan in #2593
- Add identifier in transport policy response by @rajeshal in #2596
- spiffe trust domain in role certificates by @havetisyan in #2591
- extend update_members action for role/group review api by @havetisyan in #2595
- Bump formidable and supertest in /ui by @dependabot in #2597
Full Changelog: v1.11.56...v1.11.57
Athenz v1.11.56 Release
What's Changed
- set resource ownership commands in zms-cli by @havetisyan in #2581
- Perform a retry when error code 3101 is returned from the MySQL DB by @sh1myama in #2583
- provide option to disable resource ownership server-side by @havetisyan in #2582
- update java dependencies by @havetisyan in #2587
- migrate from gopkg.in/square/go-jose.v2 to github.com/go-jose/go-jose/v4 by @havetisyan in #2588
- add close method to zpe by @TakuyaMatsu in #2585
- generate notifications 3 days before expiry by @havetisyan in #2586
New Contributors
Full Changelog: v1.11.55...v1.11.56
Athenz v1.11.55 Release
What's Changed
- Fixed ZMSUtils to correctly determine PrincipalType by @hiragi-gkuth in #2556
- Update README.md by @adir852 in #2569
- Group MSD transport policy conditions by @rajeshal in #2565
- correct handling of audit enabled flag in zms-cli import by @havetisyan in #2568
- Option to build GCPZTSCredentials using a pre-existing SSLContext by @tokle in #2571
- initial changes for resource owner feature by @havetisyan in #2572
- Bump express from 4.18.1 to 4.19.2 in /ui by @dependabot in #2575
- add new environment field to domain details by @jimmytsang in #2574
- resource ownership feature: part 2 by @havetisyan in #2576
- verification and validation of resource ownership by @havetisyan in #2578
- provide sia config option to exit process if run_after script fails by @havetisyan in #2580
This release includes a required schema update:
https://github.com/AthenZ/athenz/blob/master/servers/zms/schema/updates/update-20240325.sql
New Contributors
Full Changelog: v1.11.54...v1.11.55
Athenz v1.10.61 Release
What's Changed
- support gcp-zts-creds for jdk8 clients by @havetisyan in #2579
Full Changelog: v1.10.60...v1.10.61
Athenz v1.11.54 Release
What's Changed
- fetch verification key from server via proxy during accesstoken and roletoken verification by @Bigdrea6 in #2527
- limit jest max workers to 8 for SD by @havetisyan in #2544
- improve role/group review list based on creation time by @havetisyan in #2543
- aws role session name can include _'s by @havetisyan in #2541
- use spiffe namespace of default by @havetisyan in #2547
- validate principals during role/group review api by @havetisyan in #2551
- add support for -spiffe-trust-domain to zts-svccert utility by @havetisyan in #2550
- correct handling for put system meta with invalid service name by @havetisyan in #2546
- do not allow deletion of domain is it's associated with aws/gcp/azure by @havetisyan in #2552
- Option to include public IP in ssh host certificate requests by @havetisyan in #2549
- Adding provider interface for fetching public keys of a service by @psasidhar in #2553
- Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 by @dependabot in #2554
- update provider interface impl in sia agents by @havetisyan in #2555
- sia-aws: set service cert and key in role option by @chandrasekhar1996 in #2557
- sia: set service cert and key in role option by @chandrasekhar1996 in #2558
- correct handling of review-enabled roles/groups during review api by @havetisyan in #2560
- Allowing SSH certificates for secureboot by @psasidhar in #2563
- update java and go dependencies to their latest releases by @havetisyan in #2561
- Bump follow-redirects from 1.15.4 to 1.15.6 in /ui by @dependabot in #2564
New Contributors
Full Changelog: v1.11.53...v1.11.54
Athenz v1.11.53 Release
What's Changed
- update action during domain template request by @havetisyan in #2522
- support domain (security) point of contact fields by @jimmytsang in #2521
- optional argument to skip errors during sia init by @havetisyan in #2524
- extend subdomain delete capability to domain admins by @havetisyan in #2523
- sia run-after-scripts for cmd line options must be in blocking mode by @havetisyan in #2529
- log authz failure for github action provider by @havetisyan in #2530
- fix direct link service tabs bug by @jimmytsang in #2531
- fix to not omit the user domain when completion search result is empty by @hiragi-gkuth in #2532
- minor lowercase of a word by @jimmytsang in #2534
- update java/go dependencies to their latest releases by @havetisyan in #2539
- delete user groups before deleting user from system by @havetisyan in #2538
- extend instance id for github actions identity to include :: by @havetisyan in #2537
- replace aws role session name from harcoded to principal name by @havetisyan in #2536
- minor update to zts java client unit test by @havetisyan in #2535
- set role/group last review date check differenly for new and updated objects by @havetisyan in #2533
Full Changelog: v1.11.52...v1.11.53