v1.2.11

Security

• Upgrade Ruby to 3.3, Go to 1.22, and various other dependencies
  cyberark/conjur-service-broker#340
• Upgrade Puma to 6.4.2
  cyberark/conjur-service-broker#339

v1.2.10

Security

• Upgrade ruby to 3.2, Go image to 1.20-alpine, and golang.org/x/sys to v0.8.0
  cyberark/conjur-service-broker#331
• Update nokogiri to 1.14.3 to address GHSA-pxvg-2qj5-37jq
  cyberark/conjur-service-broker#326

v1.2.9

Security

• Update rack in Gemfile.lock and tests/integration/test-app/Gemfile.lock to 2.2.6.4 to address CVE-2023-27539,
  and activesupport in Gemfile.lock and tests/integration/test-app/Gemfile.lock to 6.1.7.3 for CVE-2023-28120 (not vulnerable)
  cyberark/conjur-service-broker#323
• Update rack in Gemfile.lock and tests/integration/test-app/Gemfile.lock to 2.2.6.3
  for CVE-2023-27630 (not vulnerable)
  cyberark/conjur-service-broker#320

v1.2.8

Changed

• Upgrade supported Ruby version to 3.1.x. Resolves CVE-2021-33621, CVE-2020-36327 and CVE-2021-43809
  cyberark/conjur-service-broker#306

Security

• Update activesupport in Gemfile.lock to 6.1.7.2 for CVE-2023-22796 (not vulnerable)
  cyberark/conjur-service-broker#312
• Update activesupport in tests/integration/test-app/Gemfile.lock to 7.0.4.1
  for CVE-2023-22796 (not vulnerable)
  cyberark/conjur-service-broker#307
• Update conjur-api-go to v0.10.2 to udpate indirect dependency gopkg.in/yaml.v2
  cyberark/conjur-service-broker#305
• Update loofah to 2.19.1 for CVE-2022-23514, CVE-2022-23515 and CVE-2022-23516 (all Not Vulnerable)
  and rails-html-sanitizr to 1.4.4 for CVE-2022-23517, CVE-2022-23518, CVE-2022-23519, and CVE-2022-23520 (Not vulnerable)
  cyberark/conjur-service-broker#304
• Upgrade nokogiri to 1.13.10 to resolve CVE-2022-23476
  cyberark/conjur-service-broker#302
• Upgrade sinatra to 2.2.3 in tests/integration/test-app
  cyberark/conjur-service-broker#301

v1.2.7

Security

• Upgrade nokogiri to v1.3.9 to resolve GHSA-2qc6-mcvw-92cw
  cyberark/conjur-service-broker#296
• Upgrade cucumber (2.99.0 -> 7.1.0) and aruba (1.1.2 -> 2.0.0)
  to resolve medium severity security issue on Snyk
  cyberark/conjur-service-broker#294

v1.2.6

Security

• Updated tzinfo to 1.2.10 in Gemfile.lock and test/integration/test-app/Gemfile.lock to
  resolve CVE-2022-31163
  cyberark/conjur-service-broker#289
• Updated rails-html-sanitizer to 1.4.3 to resolve CVE-2022-32209
  cyberark/conjur-service-broker#288

v1.2.5

Changed

• Upgrade conjur-api-go to v0.10.1 and rack to 2.2.3.1
  cyberark/conjur-service-broker#285

Security

• Upgrade nokogiri to 1.13.6 to resolve un-numbered libxml CVEs
  cyberark/conjur-service-broker#280
• Upgrade rack to 2.2.3.1 to resolves CVE-2022-30122 and CVE-2022-30123
  cyberark/conjur-service-broker#283

v1.2.4

Changelog

Security

• Upgrade nokogiri to 1.13.4 to resolve CVE-2022-24836, CVE-2018-25032,
  CVE-2022-24839, and CVE-2022-23437 (not vulnerable to all)
  cyberark/conjur-service-broker#273
• Upgraded puma to 5.6.4 to resolve CVE-2022-24790
  cyberark/conjur-service-broker#271
• Upgraded rails components to 5.2.6.2 and puma to 5.6.2 to resolve CVE-2022-23633 and
  CVE-2022-23634 cyberark/conjur-service-broker#270
• Updated puma to 5.5.1
  cyberark/conjur-service-broker#267
• Update rails components to 5.2.7.1 to resolve CVE-2022-22577 and CVE-2022-27777
  cyberark/conjur-service-broker#274

Fixed

• Unpin the Ruby Buildpack in the service broker's manifest.yml and update the pinned
  Ruby version in the service broker's Gemfile to ~> 2.7. This captures the idea that
  the service broker works for all 2.x Ruby versions from 2.7 and up, anything less has reached end of life.
  cyberark/conjur-service-broker#266

v1.2.3

Changelog

Changed

• Updated to go 1.17 and conjur-api-go 0.8.1
  cyberark/conjur-service-broker#263

v1.2.2

Security

• Updated Nokogiri to 1.12.5-x86_64-darwin to resolve
  CVE-2021-41098
  cyberark/conjur-service-broker#257