Skip to content

Releases: cyberark/secretless-broker

v1.7.5

05 Aug 21:38
@conjur-jenkins conjur-jenkins
v1.7.5
This tag was signed with the committer’s verified signature.
jtuttle John Tuttle
GPG key ID: E223AA1BC63309AE
Learn about vigilant mode.
dd9e1b6
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.5

Changelog

Security

Assets 12
Loading

v1.7.4

30 Jun 16:01
@conjur-jenkins conjur-jenkins
v1.7.4
This tag was signed with the committer’s verified signature.
jtuttle John Tuttle
GPG key ID: E223AA1BC63309AE
Learn about vigilant mode.
f253671
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.4

Changed

Assets 12
Loading

v1.7.3

09 Mar 21:03
@conjur-jenkins conjur-jenkins
v1.7.3
982859b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.3

Changelog

Changed

  • Update k8s authenticator client version to 0.19.1, which streamlines the parsing of authentication responses, updates the project Golang version to v1.15, and improves error messaging.

Fixed

  • Secretless now sends a valid "SSL is not supported" response per the PostgreSQL protocol standard when a client attempts to open an SSL connection (i.e. when configured with SSL mode require or prefer) via the PostgreSQL connector. When the client is configured with SSL mode prefer, the updated response enables the client to downgrade to an insecure connection and continue. Previously, clients sending requests using either require or prefer SSL mode would receive a generic error from Secretless, which made it harder to determine the root cause of the problem and broke how prefer is expected to work.
    cyberark/secretless-broker#1377
Assets 12
Loading

v1.7.2

05 Feb 22:41
@conjur-jenkins conjur-jenkins
v1.7.2
c778f0e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.2

Changelog

Added

Deprecated

Fixed

  • Automatic endpoint discovery for the AWS connector was updated to address two
    bugs where (1) the request host header was not being updated to the discovered
    endpoint, and (2) the request modification was being done after signing the
    request which would result in a failing integrity check.
    cyberark/secretless-broker#1369
Assets 12
Loading

v1.7.1

23 Oct 21:09
@izgeri izgeri
v1.7.1
4658911
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.1 Pre-release
Pre-release

Change log

Added

  • The vault provider now supports loading secrets from the KV Version 2 secret engine. Reference a secret in Vault using the right path and a field navigation in the Secretless configuration. cyberark/secretless-broker#1331

Changed

Assets 12
Loading

v1.7.0

14 Sep 13:56
@izgeri izgeri
v1.7.0
b3c42e3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.0

Change log

Added

  • Secretless and secretless-redhat containers now use Alpine 3.12 as their base image.
    PR cyberark/secretless-broker#1296
  • MySQL and PostgreSQL connectors support SSL host name verification with verify-full SSL mode. Also adds optional sslhost configuration parameter that is compared to the server's certificate SAN.
    cyberark/secretless-broker#548
  • Generic HTTP connector now supports queryParam as a configurable section in the Secretless configuration file, under config. This allows the construction of a query string which can have credentials injected as needed.
    cyberark/secretless-broker#1290
  • Generic HTTP connector now supports oauth1 as a configurable section in the Secretless configuration file, under config. This allows the construction of a header for an OAuth 1.0 request. The OAuth 1.0 feature currently only supports HMAC-SHA1, but there is an issue logged to support other hashing methods.
    cyberark/secretless-broker#1297
  • Many (20+) example generic connector configurations were added to the project, to demonstrate support for a broad set of popular APIs and to serve as an example for other APIs users may need to use Secretless with their apps. See here for the full list of examples.
    cyberark/secretless-broker#1248
Assets 12
Loading

v1.6.0

05 May 14:08
@izgeri izgeri
v1.6.0
ed1d329
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.6.0

Change log

Added

  • Support for a SECRETLESS_HTTP_CA_BUNDLE environment variable that specifies the path to a CA cert bundle and enables users to configure Secretless with additional CA certificates for server cert verification when using HTTP connectors. (PR #1180)
  • TLS support for the Secretless-to-server connections of the MSSQL connector. This is the recommended way to secure this connection and achieves feature parity with other TLS connectors. (#1163, #1164, #1165)
  • MSSQL connector supports SSL host name verification with verify-full SSL mode. Also adds optional sslhost configuration parameter that is compared to the server's certificate SAN. (#1199)

Fixed

  • PostgreSQL connector log messages were updated to improve formatting, fixing a previous issue where the log messages were improperly formatted and were garbled in the logs. (PR #1192)

Security

  • TCP connectors all automatically zeroize the connection credentials in memory after successfully opening a connection; previously, credentials were only zeroized in memory on error. (#1188)
Assets 11
Loading

v1.5.2

24 Feb 22:31
@izgeri izgeri
v1.5.2
b9bf4e4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.5.2

Change log

Changed

Fixed

  • Updated RH image push to ensure we're logged into the RH container registry
    appropriately before pushing (#1149)
Assets 12
Loading

v1.5.1

12 Feb 22:43
@izgeri izgeri
v1.5.1
0889076
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.5.1

Notable changes

Improved integration tests, MSSQL connector support in our performance testing tool, and updated logging to display INFO level messages by default.

Upgrade instructions

Update your application manifests to refer to cyberark/secretless-broker:1.5.1

Known issues

None.

Change log

Added

  • Added RedHat certified image build to pipeline (#1141)
  • Added pipeline step to validate changelog (#1138)
  • Added MSSQL support to juxtaposer perf testing tool (#1135)
  • Added SIGPIPE to signals handled by Secretless Juxtaposer (#1136)
  • Added JDBC Integration tests for Postgres (#1130)
  • Added JDBC Tests for MSSQL (#1124)
  • Added client params propagation to MSSQL integration tests (#1103)

Changed

  • Default logging level changed from Warn to Info. Some logging message
    levels were readjusted to retain the same UX. (#1127)
  • Update bin/prefill_changelog to generate valid CHANGELOG / ensure current
    CHANGELOG parses (#1138)
  • Converted integration tests to use configs.v2 (#1120)

Fixed

  • Fixed broken documentation links (#1122)
Assets 12
Loading

v1.5.0

29 Jan 22:46
@izgeri izgeri
v1.5.0
4dfeef3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.5.0

The MSSQL connector is beta!

Change Log

Added

  • Added option to specify MSSQL edition in tests (#1093)
  • Added debug image that can be used with a debugger like delve (#1056)
  • Added template READMEs to connector templates (#1020)

Changed

  • Updated release instructions (#1080)
  • Improved MSSQL connector tests (#1107, #1089, #1098)
  • Improved handling of io.EOF errors on TCP proxy_service
  • Conjur authn-k8s client version bumped to v0.16.0
  • Added links to SDK docs in README (#1104)
  • Ensure external connector plugins will not override built-in connectors (#1085)
  • MSSQL connector moved to beta

Fixed

  • Updated pg connector to better validate packet length (#1095)
  • MSSQL connector faithfully propagates login response (#1106)
  • MSSQL connector faithfully propagates login request (#1107)
Assets 12
Loading