Releases: AthenZ/athenz
Releases · AthenZ/athenz
Athenz v1.12.3 Release
What's Changed
- Athenz Identity Provider for Harness by @havetisyan in #2773
- Bump next from 13.5.4 to 14.2.15 in /ui by @dependabot in #2765
- Store SIA user agent information in x509 certificate request table by @rajeshal in #2772
- fix functional tests in services.spec by @ArtjomsPorss in #2781
- clean up unused consts in the aws common library by @havetisyan in #2779
- update harness api key env variable name by @havetisyan in #2775
- use configured identity instead of hard-coded sys.auth.monitor identity by @havetisyan in #2780
- Store SIA certificate creds in AWS parameter store, use custom json … by @rajeshal in #2776
- allow % character in tag value by @chandrasekhar1996 in #2777
- keep track of request entries in the role audit log by @havetisyan in #2782
- improve UX of dropdown inputs by @ArtjomsPorss in #2774
- updated java and go dependencies to their latest releases by @havetisyan in #2783
- consistent indentation - formatting change only by @havetisyan in #2784
- fix functional tests in roles.spec by @ArtjomsPorss in #2786
- config option to support ambiguous uris in jetty servlets by @havetisyan in #2787
Full Changelog: v1.12.2...v1.12.3
Athenz v1.12.2 Release
What's Changed
- diplay service provider error message by @ArtjomsPorss in #2761
- [skip ci] specify source/target in example pom.xml by @havetisyan in #2762
- maven central publishing fixes by @havetisyan in #2760
- update example to utilize nimbus library for token validation by @havetisyan in #2764
- update package build list for docker image by @havetisyan in #2763
- update go and java versions for docker builds by @havetisyan in #2767
- touch done files after individual sia commands by @havetisyan in #2766
- update go/java dependencies to their latest release by @havetisyan in #2769
- defer accesstoken error logging by @abvaidya in #2770
- docker build fixes for go 1.22 - no GO111MODULE support by @havetisyan in #2771
Full Changelog: v1.12.1...v1.12.2
Athenz v1.12.1 Release
Athenz 1.12.x includes the following changes:
- Upgrade to Jetty 12.x / EE10 Release using Jakarta 6.x
- Remove all deprecated methods from server side interfaces
- Migrate all aws v1 usage from server side code to aws v2 since v1 sdk is EOL
- Migrate Apache HttpClient 4.x to 5.x
- Server builds are released w/ JDK 17 due to jetty requirement but all client libraries are continued to be built and published with JDK 11 support
- replace jjwt library with nimbus-jwt library
- CI/CD pipeline will be moved from SD to GitHub Actions
- Move AWSPrivateKeyStore implementation from server-common to auth-core where it belongs with the correct package name
- Remove single email notification support and only support consolidated email notifications (there is no point of spamming the admin with 20 separate emails where a single email can include all the roles that the admin needs to review)
Full details about required changes: https://github.com/AthenZ/athenz/blob/master/docs/migration-1.11-to-1.12.md
Athenz v1.11.66 Release
What's Changed
- do not exit when token refresh fails while pod is running by @havetisyan in #2724
- Bump serve-static and express in /ui by @dependabot in #2728
- Bump send and express in /ui by @dependabot in #2726
- Bump body-parser from 1.20.0 to 1.20.3 in /ui by @dependabot in #2725
- disable advanced settings for delegated roles during role creation or editing by @ArtjomsPorss in #2733
- send notification for put role membership decision by @chandrasekhar1996 in #2737
- Adding resource ownership support for MSD API by @yosrixp in #2744
- during delete tenancy check the primary db instance by @havetisyan in #2743
- Adding support to GCE SIA multiple service by @yosrixp in #2740
- send notification for put group membership decision by @chandrasekhar1996 in #2742
- update java and go dependencies to their latest releases by @havetisyan in #2745
Full Changelog: v1.11.65...v1.11.66
Athenz v1.11.65 Release
What's Changed
- not allow principal to approve/reject own requests for audit enabled roles/groups by @havetisyan in #2702
- fix tests failing to run due to babel node sytax conflicts by @ArtjomsPorss in #2703
- add role member UI enhancement by @ArtjomsPorss in #2700
- add group review icon, it becomes red when group review required by @ArtjomsPorss in #2705
- enforce resource ownership for delete role member operation by @chandrasekhar1996 in #2708
- enforce resource ownership for delete group member operation by @chandrasekhar1996 in #2709
- enforce resource ownership for delete assertion operation by @chandrasekhar1996 in #2710
- allow adding authorization header on msd-agent calls by @abvaidya in #2701
- Jonmv/build kite integration by @jonmv in #2706
- Bump micromatch from 4.0.7 to 4.0.8 in /ui by @dependabot in #2716
- fix added tag is displayed in UI, fix delete last tag by @ArtjomsPorss in #2712
- open role and group members in new tab by @ArtjomsPorss in #2718
- email notifications improvements with notify roles and groups by @havetisyan in #2719
- update zms go client with latest rdl changes by @havetisyan in #2722
Full Changelog: v1.11.64...v1.11.65
Athenz v1.11.64 Release
What's Changed
- display warning for expired and disabled members in Roles and Groups by @ArtjomsPorss in #2668
- fix skip non revocable attribute logic by @havetisyan in #2680
- [documentation/github actions provider] Fix service name for prs by @tokle in #2681
- provide java api for gcp workloads to refresh their identity certificates by @havetisyan in #2672
- minor update to the key refresher unit test by @havetisyan in #2682
- more specific error message for user authority filter checks by @havetisyan in #2683
- fix red role review icon conditions by @ArtjomsPorss in #2684
- Adding the Otel Implementation by @salladi30 in #2687
- Bump axios from 1.6.0 to 1.7.4 in /clients/nodejs/zts by @dependabot in #2690
- update java and go dependencies to their latest releases by @havetisyan in #2694
- SIA (Service Identity Agent for GCP Runs by @havetisyan in #2693
New Contributors
- @ArtjomsPorss made their first contribution in #2668
- @salladi30 made their first contribution in #2687
Full Changelog: v1.11.63...v1.11.64
Athenz v1.11.63 Release
What's Changed
- include recently added fields in domain audit log by @abvaidya in #2664
- Extend support for authority filter for roles/groups to skip unnecessary checks by @havetisyan in #2663
- expose github provider specific error back to client for debugging by @havetisyan in #2665
- UI: update dependencies and unit test by @chandrasekhar1996 in #2666
- DIscover additional instances to MSD, with dynamic/static workloads by @rajeshal in #2660
Full Changelog: v1.11.62...v1.11.63
Athenz v1.11.62 Release
What's Changed
- Omit specifying trust store or CA cert when generating KeyRefresher by @massakam in #2650
- add x509-cert-signer-keyid and ssh-cert-signer-keyid fields to domain meta by @havetisyan in #2652
- update ZTS to honor domain's x509/ssh signer key ids by @havetisyan in #2654
- UI fix: group review submitted for wrong domain by @chandrasekhar1996 in #2655
- add new option for id token request to require all scope items to be present by @havetisyan in #2658
- update test cases to use valid keystore by @havetisyan in #2656
- update go and java dependencies to their latest releases by @havetisyan in #2659
Schema Update
https://github.com/AthenZ/athenz/blob/master/servers/zms/schema/updates/update-20240708.sql
New Contributors
Full Changelog: v1.11.61...v1.11.62
Athenz v1.11.61 Release
This release requires a schema change
https://github.com/AthenZ/athenz/blob/master/servers/zms/schema/updates/update-20240523.sql
What's Changed
- Jonmv/assume azure services by @jonmv in #2634
- update error messages/formatting + fix zts property name in docs by @havetisyan in #2637
- Bump braces from 3.0.2 to 3.0.3 in /ui by @dependabot in #2639
- Enable SSH Host certificate for AWS EC2 instances by @ean in #2635
- implement domain group members api by @havetisyan in #2641
- /oauth2/keys Specify the service to obtain the public key by @TakuyaMatsu in #2642
- fix not able to update POC in domain by @chandrasekhar1996 in #2643
- support refreshing provider ip blocks every hour by @havetisyan in #2644
- change order of signature validation for zpu policies by @havetisyan in #2645
- separate key algorithm setting for instance provider by @havetisyan in #2646
- extend the logic to set the preferred expiry time for service certificates by @havetisyan in #2648
- update java and go dependencies to their latest releases by @havetisyan in #2649
New Contributors
Full Changelog: v1.11.60...v1.11.61
Athenz v1.11.60 Release
This release requires a schema change
https://github.com/AthenZ/athenz/blob/master/servers/zms/schema/updates/update-20240525.sql
What's Changed
- address CodeQL warning about safe int32 conversion and insecure cipher by @havetisyan in #2622
- keep state when key/cert were backed up for restore in case of failure by @havetisyan in #2623
- update schema for azure support by @havetisyan in #2624
- for role/group member expiry support all restrictions by @havetisyan in #2625
- support system allowed roles in id tokens by skipping limit check by @havetisyan in #2626
- remove dependency on jetty from client libraries by @havetisyan in #2627
- fix comparing ecdsa key/cert public key match by @havetisyan in #2630
- aws parameter store implementation for PrivateKeyStore interface by @abvaidya in #2631
- support principal domain filter for role/group members by @havetisyan in #2629
- update java and go depedencies to their latest releases by @havetisyan in #2633
- server k8s common module by @abvaidya in #2632
Full Changelog: v1.11.59...v1.11.60