Skip to content

Releases: cyberark/conjur

v1.15.0

22 Dec 16:41
@szh szh
v1.15.0
This tag was signed with the committer’s verified signature.
szh Shlomo Zalman Heigh
GPG key ID: F3830420E22740F7
Learn about vigilant mode.
27f2107
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.15.0

Added

  • Added API endpoint to enable and disable GCP authenticator #2448

Fixed

  • Check to stop hosts from setting passwords fixed for admin user #2440
Assets 2
Loading

v1.14.2

14 Dec 18:11
@jtuttle jtuttle
v1.14.2
This tag was signed with the committer’s verified signature.
jtuttle John Tuttle
GPG key ID: E223AA1BC63309AE
Learn about vigilant mode.
5335422
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.14.2

Changed

  • Failed Login now writes the error code in the log #2424
  • Bump cyberark base images from 1.0.5 to 1.0.6 #2420
  • Bump cyberark base images from 1.0.4 to 1.0.5 #2418

Fixed

  • Return 401 instead of 500 for invalid basic auth header. #1990
  • Added check to stop hosts from setting passwords #1920

Security

  • Bump gems related to openid_connect stack for improving the certificate
    validation procedure during the OIDC keys discovery process cyberark/ONYX-13304
Assets 2
Loading

v1.14.1

09 Nov 15:31
@jtuttle jtuttle
v1.14.1
This tag was signed with the committer’s verified signature.
jtuttle John Tuttle
GPG key ID: E223AA1BC63309AE
Learn about vigilant mode.
0916da8
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.14.1

1.14.1 - 2021-11-05

Fixed

  • Version bump to resolve build error on tagged master. #2416

1.14.0 - 2021-11-03

Added

  • Create default account when no account is specified in conjurctl account create.
    cyberark/conjur#2388
  • JWT Authenticator supports nested claims in token-app-property, enforced-claims,
    claim-aliases and role annotations. (ONYX-11204:
    #2397,
    #2404,
    #2403)
Assets 2
Loading

v1.13.2

13 Oct 18:06
@jtuttle jtuttle
v1.13.2
This tag was signed with the committer’s verified signature.
jtuttle John Tuttle
GPG key ID: E223AA1BC63309AE
Learn about vigilant mode.
6a1c6a5
Compare
Choose a tag to compare
v1.13.2

Security

Assets 2
Loading

v1.13.1

14 Sep 12:04
@jtuttle jtuttle
v1.13.1
This tag was signed with the committer’s verified signature.
jtuttle John Tuttle
GPG key ID: E223AA1BC63309AE
Learn about vigilant mode.
a45cd81
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.13.1

Fixed

Changed

  • OIDC based authenticators no longer return Bad Gateway and Gateway Timeout http error codes.
    Unauthorised is returned instead.
    cyberark/conjur#2360
Assets 2
Loading

v1.13.0

29 Jul 18:54
@micahlee micahlee
v1.13.0
This tag was signed with the committer’s verified signature.
micahlee Micah Lee
GPG key ID: 86DC546BB7F526B6
Learn about vigilant mode.
945da8e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.13.0

Added

  • Added enforced claims support to JWT generic vendor configuration. ONYX-10520
  • Added claims mapping support to JWT generic vendor configuration. ONYX-10850
  • Added audience check to JWT generic vendor configuration. ONYX-10512

Security

  • Bump cyberark/ubi-ruby-fips from 1.0.3 to 1.0.4 to address CVE-2021-33910.
    cyberark/conjur#2333
  • Upgraded addressable in ./Gemfile.lock and ./docs/Gemfile.lock to 2.8.0 to resolve
    GHSA-jxhc-q857-3j6g cyberark/conjur#2311
  • Previously, OIDC authentication requests that included a user ID in the URL
    path would return a Conjur access token without requiring a valid OIDC token
    in the request. OIDC authentication requests that attempt to include a user ID
    in the URL path now return a 404 Not Found response.
    Security Bulletin
Assets 2
Loading

v1.12.0

25 Jun 14:16
@jtuttle jtuttle
v1.12.0
This tag was signed with the committer’s verified signature.
jtuttle John Tuttle
GPG key ID: E223AA1BC63309AE
Learn about vigilant mode.
5fe6b22
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.12.0

Added

  • The JWT Authenticator (authn-jwt) supports authenticating third-party vendors that utilize JWT.
    See design

Changed

  • Parsing a Conjur config with invalid YAML content now outputs a more user
    friendly error message without a stack trace.
    cyberark/conjur#2256
  • Set the Puma process explicitly to reliably restart the correct process
    when the Conjur configuration is reloaded.
    cyberark/conjur#2291

Security

  • Upgrade bindata to 2.4.10 to resolve Unspecified Issue reported by JFrog Xray
    cyberark/conjur#2257
Assets 2
Loading

v1.11.7

10 Jun 01:25
@izgeri izgeri
v1.11.7
781b4d5
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.11.7

Changelog

Added

  • Enabled authenticators can now be configured via a configuration file, or the
    CONJUR_AUTHENTICATORS environment variable.
    cyberark/conjur##2173
  • Trusted Proxies can now be configured with a configuration file or by setting
    the CONJUR_TRUSTED_PROXIES environment variable.
    cyberark/conjur#2168
  • Added conjurctl configuration show command to print the Conjur configuration
    values and the sources they are loaded from.
    cyberark/conjur#2169
  • Added conjurctl configuration apply command restart the Conjur process and
    pick up changes to the configuration file.
    cyberark/conjur#2171

Fixed

  • Fix bug where running conjurctl server or conjurctl account create with
    passwords that contain ,s sent via stdin raised an error.
    cyberark/conjur#2159
  • Update the default keepalive timeout for puma to be longer than most common proxy and load balancers.
    Previously, the load balancer in front of Conjur would commonly have a longer timeout than the
    server itself, which can lead to Conjur closing connections even as there are pending requests and
    the proxy returning 502 errors to the client.
    PR cyberark/conjur#2191

Security

Assets 2
Loading

v1.11.6

29 Apr 13:15
@telday telday
v1.11.6
1cc4b25
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.11.6

Changelog

Fixed

  • Fix bug where running conjurctl server or conjurctl account create with
    non-alpha-numeric passwords sent via stdin raised an error.
    cyberark/conjur#2083

Changed

  • The batch secret retrieval endpoint now returns a 406 Not Acceptable instead
    of a 500 error when a secret with incompatible encoding is requested.
    cyberark/conjur#2124

Security

Added

Assets 2
Loading

v1.11.5

05 Apr 20:33
@izgeri izgeri
v1.11.5
c7325df
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.11.5

Changelog

Fixed

  • Secrets batch request with blank variable names, now returns Error 422 Unprocessable Entity.
    cyberark/conjur#2083

Added

  • conjurctl server and conjurctl account create allow the operator to specify
    the admin user's password via STDIN by providing the --password-from-stdin switch.
    cyberark/conjur#2043
  • conjurctl account create now allows the operator to specify the account name via
    the --name flag. We recommend using this explicit flag when using the --password-from-stdin
    option so that commands are explicit and more readable.
    cyberark/conjur#2043
  • /whoami API endpoint now produces audit events.
    cyberark/conjur#2052
  • When a user checks permissions of a non-existing role or a non-existing resource,
    Conjur now audits a failure message.
    cyberark/conjur#2059

Changed

  • The secrets batch retrieval endpoint now refers to the Accept-Encoding
    header rather than Accept to determine the response encoding.
    cyberark/conjur#2065
  • When trying to fetch a missing or empty secret, a proper error message is now
    returned.
    cyberark/conjur#2023
  • Login and authentication error stack traces are printed to the log at the
    default INFO level. Previously, users had to restart their servers with
    CONJUR_LOG_LEVEL=debug to get meaningful log messages that diagnosed
    configuration or enablement errors; with this change, server logs will be
    clearer about login or authentication errors and will include minimal stack
    traces.
    cyberark/conjur#2080
  • Conjur base image updated to v1.0.1.
    PR cyberark/conjur#2088
Assets 2
Loading