Releases: AthenZ/athenz
Releases · AthenZ/athenz
Athenz v1.11.34 Release
What's Changed
- excluce bc jdk15on from pom in favor of jdk18on by @havetisyan in #2221
- Go code to get SIA certs from a CGF (Google Cloud Function) by @gilad-bendor in #2220
- config options to specify preferred key algorithms for zts sign operations by @havetisyan in #2222
- Support PKCS#8-formatted private key by @haruyama480 in #2223
- improve error reporting from gcp identity provider by @havetisyan in #2224
- introduce trust-domain/namesparce components into service spiffe uri by @havetisyan in #2228
New Contributors
- @haruyama480 made their first contribution in #2223
Full Changelog: v1.11.33...v1.11.34
Athenz v1.11.33 Release
What's Changed
- increased/configure json string limit for jackson by @havetisyan in #2203
- UI: apply timezone settings by @ysknkd in #2124
- refactor out request pkg in zts client by @jimmytsang in #2211
- Prevent buffer overflow by @tokle in #2212
- log Athenz principal as part of the JettyConnectionLogger by @dvirguttman in #2207
- Generic way to handle tags by @dvirguttman in #2204
- add wildcard support for ServiceMemberSkipDomains by @hiragi-gkuth in #2202
- provide capability to provide proxy host details for gcp-zts-creds by @havetisyan in #2214
- correct handling of role cert key path when service key filename is user-specified by @havetisyan in #2213
- update dependency libraries to their latest releases by @havetisyan in #2215
- GCF support for Java by @gilad-bendor in #2209
- add license headers + full code coverage by @havetisyan in #2216
Full Changelog: v1.11.32...v1.11.33
Athenz v1.11.32 Release
What's Changed
- support headless user type - managed by user authority but treated like service by @havetisyan in #2197
- disable wadl output by @havetisyan in #2198
- update java and go dependencies to their latest releases by @havetisyan in #2199
Full Changelog: v1.11.31...v1.11.32
Athenz v1.11.31 Release
What's Changed
- Disable Microsegmentation validation checkbox for AWS env by @chandrasekhar1996 in #2173
- Deriving ssh cert principals from the GCP provider attestation data t… by @abvaidya in #2177
- add principals from metadata in ssh cert request by @abvaidya in #2178
- add overwrite option for zms-cli by @TakuyaMatsu in #2179
- replace deprecated request pkg by @jimmytsang in #2180
- checked in package-lock.json was generated with old npm version by @havetisyan in #2189
- fix role update on expiration and review dates by @noy93845 in #2185
- disallow by default services with _ in their names by @havetisyan in #2191
- support athenz as oidc provider for aws iam by @havetisyan in #2190
- support product id (string) format association with domains by @havetisyan in #2193
Full Changelog: v1.11.30...v1.11.31
Athenz v1.11.30 Release
What's Changed
- for oidc redirect uri check both configured endpoint and auto-generated value by @havetisyan in #2167
- option to return id token in json output instead of redirect uri by @havetisyan in #2166
- option to continously update zts domain cache files by @havetisyan in #2169
- single command line argument for sia called init by @havetisyan in #2170
- new athenz-gcp-zts-creds library to simplify fetching Google credentials based on ZTS ID Tokens by @havetisyan in #2168
- provide run-after (cert/tokens) capability for sia by @havetisyan in #2174
Full Changelog: v1.11.29...v1.11.30
Athenz v1.11.29 Release
What's Changed
- return dns suffix through method so the AWS Provider can be extended by @havetisyan in #2150
- correct handling of java client code generation for status 302 by @havetisyan in #2151
- for id tokens with group scope always use full arns by @havetisyan in #2157
- sia copy if source file exists, gcp meta functions to get instance ip by @abvaidya in #2161
- Ensure snow error does not interfere with UI usability by @jimmytsang in #2143
- expose getIdToken methods in ZTS Java Client by @havetisyan in #2163
- Update dynamodbMaxRetries to avoid Integer Overflow by @4xpl0r3r in #2164
- better attribute name for Athenz domain in GCP project metadata by @abvaidya in #2165
Full Changelog: v1.11.28...v1.11.29
Athenz v1.11.28 Release
What's Changed
- fix NPE while setting User Authority Expiration for role without members by @dvirguttman in #2142
- feat: code signing provider by @abvaidya in #2141
- Set a connect timeout when fetching JWT signing keys by @jeffreytolar in #2144
- limit the number of entries in the zpe client library token cache by @havetisyan in #2145
- allow use of cluster names in san dns entries for eks by @havetisyan in #2146
- config setting for reserved top level domains by @havetisyan in #2147
- sia agent - exit when refresh fails after configured number of attempts by @havetisyan in #2148
- gce fix for host cert principals and x509 cert expiry by @abvaidya in #2149
Full Changelog: v1.11.27...v1.11.28
Athenz v1.11.27 Release
What's Changed
- msd static services by type api by @dvirguttman in #2133
- fix k8s dns svc.cluster.local entry use of spec.hostname by @havetisyan in #2134
- update jetty to latest 11.0.15 + other depedencies by @havetisyan in #2135
- remove default 120 min token expiry from access/role-token tools by @havetisyan in #2137
- if direct update option is set for go util.Update, file must be writeable by owner by @havetisyan in #2138
- update zms expiry notification unit test by @havetisyan in #2140
- update svc/role cert tests cases for macos by @havetisyan in #2139
Full Changelog: v1.11.26...v1.11.27
Athenz v1.11.26 Release
What's Changed
- relax san dns check rules for k8s suffixes - svc.cluster.local/pod.cluster.local by @havetisyan in #2125
- zms/utils helper methods in athenzutils go library by @havetisyan in #2126
- designate separate action for assertions when assuming gcp service accounts by @havetisyan in #2127
- sia: use hostname -f if os.Hostname does not return fqdn by @havetisyan in #2128
- making access_management optional based on a config for EKS by @abvaidya in #2130
- for eks/gke generate san dns entries based on k8s dns spec by @havetisyan in #2131
- same openjdk version in doc as ci/cd by @andreer in #2132
New Contributors
Full Changelog: v1.11.25...v1.11.26
Athenz v1.11.25 Release
What's Changed
- fix static instance view by @dvirguttman in #2116
- Log notification email sent details - subject and recipients by @OferLevi85 in #2117
- Add support delete static instance by @mendi160 in #2107
- Update DB Dockerfile to fix deploy-dev by @4xpl0r3r in #2119
- support ssh_principals field in sia_config with cert_request object for ecdsa by @havetisyan in #2121
- relax sandns check for aws instances to require configured suffix with domain/service values by @havetisyan in #2120
- Fix UI MSD policy validation by @OferLevi85 in #2118
- allow ssh-principals with service name based dns cnames by @havetisyan in #2122
- gcp sia by @abvaidya in #2123
New Contributors
Full Changelog: v1.11.24...v1.11.25