Athenz v1.11.59 Release

What's Changed

• in jws domain object return service resource ownership by @havetisyan in #2613
• use issuer aws account or gcp project for launch authorization by @abvaidya in #2614
• update interface to use both enterprise and cloud hostname resolvers by @abvaidya in #2615
• provide capability to enable/disable principals by @havetisyan in #2616
• provide capability for system admins to use zms-cli to set business service by @havetisyan in #2618
• remove dups from role/group review list by @havetisyan in #2619
• updated go and java dependencies to their latest releases by @havetisyan in #2620
• bcprov-ext does not have 1.78.1 version by @havetisyan in #2621

Full Changelog: v1.11.58...v1.11.59

Athenz v1.11.58 Release

What's Changed

• support trust domains in spiffe uri in role certificates by @havetisyan in #2598
• systemd-notify-all option to notify systemd after role certificates by @havetisyan in #2599
• explicit launch authorization for k8s provider multi-tenancy use cases by @abvaidya in #2601
• Bump ejs from 3.1.9 to 3.1.10 in /ui by @dependabot in #2602
• for sia settings from env, set the config service field by @havetisyan in #2604
• extend gcp functions identity method to be generic for vm workloads by @havetisyan in #2605
• switch to using mysql 8.0 image from 5.7 for unit tests by @havetisyan in #2606
• automatically skip empty roles/group from review list by @havetisyan in #2607
• extended notification support by @havetisyan in #2603
• include additional sandns entry for pod ip by @abvaidya in #2608
• update role/service/group last modified time on tag update by @havetisyan in #2610
• allow groups in admin role based on config setting by @havetisyan in #2609
• updated go (1.22.3) and java dependencies to their latest releases by @havetisyan in #2611

Full Changelog: v1.11.57...v1.11.58

Athenz v1.10.62 Release

What's Changed

• update org.bouncycastle ( 1.10.x-jetty9 ) by @TakuyaMatsu in #2592

Full Changelog: v1.10.61...v1.10.62

Athenz v1.11.57 Release

What's Changed

• allow attribute validator for K8SProvider issuer validation by @abvaidya in #2589
• support for systemd notify option for sia agents by @havetisyan in #2593
• Add identifier in transport policy response by @rajeshal in #2596
• spiffe trust domain in role certificates by @havetisyan in #2591
• extend update_members action for role/group review api by @havetisyan in #2595
• Bump formidable and supertest in /ui by @dependabot in #2597

Full Changelog: v1.11.56...v1.11.57

Athenz v1.11.56 Release

What's Changed

• set resource ownership commands in zms-cli by @havetisyan in #2581
• Perform a retry when error code 3101 is returned from the MySQL DB by @sh1myama in #2583
• provide option to disable resource ownership server-side by @havetisyan in #2582
• update java dependencies by @havetisyan in #2587
• migrate from gopkg.in/square/go-jose.v2 to github.com/go-jose/go-jose/v4 by @havetisyan in #2588
• add close method to zpe by @TakuyaMatsu in #2585
• generate notifications 3 days before expiry by @havetisyan in #2586

New Contributors

• @sh1myama made their first contribution in #2583

Full Changelog: v1.11.55...v1.11.56

Athenz v1.11.55 Release

What's Changed

• Fixed ZMSUtils to correctly determine PrincipalType by @hiragi-gkuth in #2556
• Update README.md by @adir852 in #2569
• Group MSD transport policy conditions by @rajeshal in #2565
• correct handling of audit enabled flag in zms-cli import by @havetisyan in #2568
• Option to build GCPZTSCredentials using a pre-existing SSLContext by @tokle in #2571
• initial changes for resource owner feature by @havetisyan in #2572
• Bump express from 4.18.1 to 4.19.2 in /ui by @dependabot in #2575
• add new environment field to domain details by @jimmytsang in #2574
• resource ownership feature: part 2 by @havetisyan in #2576
• verification and validation of resource ownership by @havetisyan in #2578
• provide sia config option to exit process if run_after script fails by @havetisyan in #2580

This release includes a required schema update:

https://github.com/AthenZ/athenz/blob/master/servers/zms/schema/updates/update-20240325.sql

New Contributors

• @adir852 made their first contribution in #2569

Full Changelog: v1.11.54...v1.11.55

Athenz v1.10.61 Release

What's Changed

• support gcp-zts-creds for jdk8 clients by @havetisyan in #2579

Full Changelog: v1.10.60...v1.10.61

Athenz v1.11.54 Release

What's Changed

• fetch verification key from server via proxy during accesstoken and roletoken verification by @Bigdrea6 in #2527
• limit jest max workers to 8 for SD by @havetisyan in #2544
• improve role/group review list based on creation time by @havetisyan in #2543
• aws role session name can include _'s by @havetisyan in #2541
• use spiffe namespace of default by @havetisyan in #2547
• validate principals during role/group review api by @havetisyan in #2551
• add support for -spiffe-trust-domain to zts-svccert utility by @havetisyan in #2550
• correct handling for put system meta with invalid service name by @havetisyan in #2546
• do not allow deletion of domain is it's associated with aws/gcp/azure by @havetisyan in #2552
• Option to include public IP in ssh host certificate requests by @havetisyan in #2549
• Adding provider interface for fetching public keys of a service by @psasidhar in #2553
• Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 by @dependabot in #2554
• update provider interface impl in sia agents by @havetisyan in #2555
• sia-aws: set service cert and key in role option by @chandrasekhar1996 in #2557
• sia: set service cert and key in role option by @chandrasekhar1996 in #2558
• correct handling of review-enabled roles/groups during review api by @havetisyan in #2560
• Allowing SSH certificates for secureboot by @psasidhar in #2563
• update java and go dependencies to their latest releases by @havetisyan in #2561
• Bump follow-redirects from 1.15.4 to 1.15.6 in /ui by @dependabot in #2564

New Contributors

• @Bigdrea6 made their first contribution in #2527

Full Changelog: v1.11.53...v1.11.54

Athenz v1.11.53 Release

What's Changed

• update action during domain template request by @havetisyan in #2522
• support domain (security) point of contact fields by @jimmytsang in #2521
• optional argument to skip errors during sia init by @havetisyan in #2524
• extend subdomain delete capability to domain admins by @havetisyan in #2523
• sia run-after-scripts for cmd line options must be in blocking mode by @havetisyan in #2529
• log authz failure for github action provider by @havetisyan in #2530
• fix direct link service tabs bug by @jimmytsang in #2531
• fix to not omit the user domain when completion search result is empty by @hiragi-gkuth in #2532
• minor lowercase of a word by @jimmytsang in #2534
• update java/go dependencies to their latest releases by @havetisyan in #2539
• delete user groups before deleting user from system by @havetisyan in #2538
• extend instance id for github actions identity to include :: by @havetisyan in #2537
• replace aws role session name from harcoded to principal name by @havetisyan in #2536
• minor update to zts java client unit test by @havetisyan in #2535
• set role/group last review date check differenly for new and updated objects by @havetisyan in #2533

Full Changelog: v1.11.52...v1.11.53

Athenz v1.11.52 Release

What's Changed

• upgrade nextjs major version by @jimmytsang in #2500
• include instance-id as a principal in ssh host certificates on aws ec2 by @havetisyan in #2498
• upgrade babel related packages by @jimmytsang in #2501
• upgrade jest related pkgs by @jimmytsang in #2502
• upgrade jest related pkgs and package-lock.json by @jimmytsang in #2503
• upgrade saucelabs and webdriver pkgs by @jimmytsang in #2504
• update entityName in audit logs for role/group meta calls by @chandrasekhar1996 in #2505
• UI: fix filter by role in domain history by @chandrasekhar1996 in #2507
• upgrade axios and jsdom by @jimmytsang in #2508
• update tagKey and tagValue type for all ZMS roles by @chandrasekhar1996 in #2509
• GitHub actions service identity provider by @havetisyan in #2510
• allow param values to include any string by @havetisyan in #2511
• use correct algorithm when generating csr by @havetisyan in #2513
• update jetty and go/java dependencies by @havetisyan in #2514
• Bump ip from 1.1.8 to 1.1.9 in /ui by @dependabot in #2520
• fix rdl for meta string fields so they can be unset by @havetisyan in #2515
• update role certificate handling in sia agents by @havetisyan in #2516
• store operation type as part of the auth history record by @havetisyan in #2519

Full Changelog: v1.11.51...v1.11.52