Conjur Versions Save

CyberArk Conjur automatically secures secrets used by privileged users and machine identities

v1.20.1-3

8 months ago

[1.20.1] - 2023-07-31

Changed

Conjur will now use the new FIPS Base Images.
Docker Image build is now multistage.
Dependencies update.
Bumped Appliance and Debify versions
Display FIPS Mode status in the UI (requires temporary fix for OpenSSL gem). cyberark/conjur#2874

v1.20.1-4405

8 months ago

[1.20.1] - 2023-10-13

Fixed

OIDC Authenticator now writes custom certs to a non-default directory instead of the system default certificate store. cyberark/conjur#2988

Added

Support for the no_proxy & NO_PROXY environment variables for the k8s authenticator. CNJR-2759

Security

Upgrade google/cloud-sdk in ci/test_suites/authenticators_k8s/dev/Dockerfile/test to use latest version (448.0.0) cyberark/conjur#2972

v1.20.0-4127

9 months ago

[1.20.0] - 2023-08-16

Fixed

OIDC authenticators support https_proxy and HTTPS_PROXY environment variables cyberark/conjur#2902
Support plural syntax for revoke and deny cyberark/conjur#2901

Added

New flag to conjurctl server command called --no-migrate which allows for skipping the database migration step when starting the server. cyberark/conjur#2895
Telemetry support cyberark/conjur#2854
Introduces support for Policy Factory, which enables resource creation through a new factories API. cyberark/conjur#2855

Changed

The database thread pool max connection size is now based on the number of web worker threads per process, rather than an arbitrary fixed number. This mitigates the possibility of a web worker becoming starved while waiting for a connection to become available. cyberark/conjur#2875

Fixed

Support Authn-IAM regional requests when host value is missing from signed headers. cyberark/conjur#2827

Security

Support plural syntax for revoke and deny CONJSE-1783
Previously, attempting to add and remove a privilege in the same policy load resulted in only the positive privilege (grant, permit) taking effect. Now we fail safe and the negative privilege statement (revoke, deny) is the final outcome CONJSE-1785

v1.20.0

9 months ago

[1.20.0] - 2023-09-21

Fixed

Allow Factories with optional variables to save without error cyberark/conjur#2956
OIDC authenticators support https_proxy and HTTPS_PROXY environment variables cyberark/conjur#2902
Support plural syntax for revoke and deny cyberark/conjur#2901

Added

Support an optionalca-cert variable for providing custom certs/chains to verify OIDC providers or proxies when using the OIDC authenticator cyberark/conjur#2933
New flag to conjurctl server command called --no-migrate which allows for skipping the database migration step when starting the server. cyberark/conjur#2895
Telemetry support cyberark/conjur#2854
Introduces support for Policy Factory, which enables resource creation through a new factories API. cyberark/conjur#2855
Use base images with newer Ubuntu and UBI. Display FIPS Mode status in the UI (requires temporary fix for OpenSSL gem). cyberark/conjur#2874

Changed

The database thread pool max connection size is now based on the number of web worker threads per process, rather than an arbitrary fixed number. This mitigates the possibility of a web worker becoming starved while waiting for a connection to become available. cyberark/conjur#2875
Changed base-image tagging strategy cyberark/conjur#2926

Fixed

Support Authn-IAM regional requests when host value is missing from signed headers. cyberark/conjur#2827

Security

Support plural syntax for revoke and deny cyberark/conjur#2901
Previously, attempting to add and remove a privilege in the same policy load resulted in only the positive privilege (grant, permit) taking effect. Now we fail safe and the negative privilege statement (revoke, deny) is the final outcome cyberark/conjur#2907
Update puma to 6.3.1 to address CVE-2023-40175. cyberark/conjur#2925

v0.0.5-13

9 months ago

[0.0.5] - 2023-07-17

Security

Use newer base images with Ubuntu 22.04, Ruby 3.2 and OpenSSL 3 cyberark/conjur#2827

v1.19.3.1-6

10 months ago

[1.19.3.1] - 2023-07-12

Security

Update bundler to 2.2.33 to remove CVE-2021-43809 cyberark/conjur#2804

v1.19.6-4066

10 months ago

[1.19.6] - 2023-07-05

Fixed

Support Authn-IAM regional requests when host value is missing from signed headers. cyberark/conjur#2827

v1.19.6-3961

10 months ago

[1.19.6] - 2023-07-05

Fixed

Support Authn-IAM regional requests when host value is missing from signed headers. cyberark/conjur#2827

v1.19.6-4046

10 months ago

[1.19.6] - 2023-07-05

Fixed

Support Authn-IAM regional requests when host value is missing from signed headers. cyberark/conjur#2827

v1.19.5

11 months ago

[1.19.5] - 2023-06-29

Security

Update bundler to 2.2.33 to remove CVE-2021-43809 cyberark/conjur#2804

Fixed

AuthnJWT now supports claims that include hyphens and inline namespaces. cyberark/conjur#2792
Authn-IAM now uses the host in the signed headers to determine which STS endpoint (global or regional) to use for validation.

Changed

OIDC tokens will now have a default ttl of 60 mins cyberark/conjur#2800