Version v1.13.0+suite.1

This Suite release aligns with Conjur Server version v1.13.0. To learn more about the Conjur Open Source Suite Release structure, please refer to the documentation Conjur Open Source Suite.

What's new

This suite release aligned with Conjur Server version 1.13.0. It includes a new JWT authenticator for Conjur, Apple Silicon support for Summon , and several bug fixes and security patches.

JWT Authenticator

The new JWT Authenticator allows applications to authenticate with Conjur using an identity token signed by a JWT provider. For more information, see the JWT Authenticator documentation.

Apple Silicon support

Secretless Broker, Summon (along with the summon-conjur provider), and the Conjur Terraform provider have been updated to be compatible with the Apple Silicon processor. They can be installed or upgraded through homebrew or by following the installation instructions in the READMEs of their repositories.

Service Broker org / space annotations

The Conjur Service Broker now automatically adds the org and space name as annotations to the host identity defined in Conjur policy. Special thanks to open-source contributor mkkeffeler for working in this change.

Components

The following components are included or enhanced in the Conjur OSS Suite version v1.13.0+suite.1.

Conjur Server

Conjur SDK

Platform Integrations

DevOps Tools

Secretless Broker

Summon

Conjur OSS Suite installation

Installing the Suite Release Version of Conjur requires setting the container image tag.

Follow the instructions relevant for your environment.

  • Docker or docker-compose

    Set the container image tag to cyberark/conjur:1.13.0. For example, make the following update to the conjur service in the quickstart docker-compose.yml:

    image: cyberark/conjur:1.13.0
  • Conjur OSS Helm chart

    Update the image.tag value and use the appropriate release of the helm chart:

    helm install ... \
      --set image.tag="1.13.0" \
      ...
      https://github.com/cyberark/conjur-oss-helm-chart/releases/download/v2.0.4/conjur-oss-2.0.4.tgz

Upgrade instructions

Upgrade instructions are available for the following suite components:

What's new by component

The following components were introduced or enhanced in the Conjur OSS Suite version v1.13.0+suite.1.

cyberark/conjur

v1.12.0 (2021-06-25)

Added

  • The JWT Authenticator (authn-jwt) supports authenticating third-party vendors that utilize JWT. See design.

  • Set MAX_REQUESTS_PER_CONNECTION to infinity and introduced an environment variable to allow users to set their own value. See PR for further information: cyberark/conjur#2282

Changed

  • Parsing a Conjur config with invalid YAML content now outputs a more user-friendly error message without a stack trace. cyberark/conjur#2256

  • Set the Puma process explicitly to reliably restart the correct process when the Conjur configuration is reloaded. cyberark/conjur#2291

Security

  • Upgrade bindata to 2.4.10 to resolve Unspecified Issue reported by JFrog Xray cyberark/conjur#2257

v1.13.0 (2021-07-29)

Added

Security

  • Bump cyberark/ubi-ruby-fips from 1.0.3 to 1.0.4 to address CVE-2021-33910. cyberark/conjur#2333

  • Upgraded addressable in ./Gemfile.lock and ./docs/Gemfile.lock to 2.8.0 to resolve GHSA-jxhc-q857-3j6g cyberark/conjur#2311

  • Previously, OIDC authentication requests that included a user ID in the URL path would return a Conjur access token without requiring a valid OIDC token in the request. OIDC authentication requests that attempt to include a user ID in the URL path now return a 404 Not Found response. Security Bulletin

cyberark/conjur-cli

v6.2.4 (2021-07-01)

Changed

cyberark/conjur-service-broker

v1.2.0 (2021-06-09)

Added

  • Service Broker API spec 2.15 and above provide organization_name and space_name. If these are available, they are added as annotations on the organization and space policies that are created in Conjur. Note that this requires Conjur Open Source v1.3.7+ and Conjur Enterprise (formerly Dynamic Access Provider) v11.3.0+; prior to these versions, Conjur did not support adding annotations to policy resources. cyberark/conjur-service-broker#238

Security

v1.2.1 (2021-08-02)

Fixed

cyberark/secrets-provider-for-k8s

v1.1.4 (2021-06-30)

Changed

cyberark/terraform-provider-conjur

v0.6.0 (2021-08-12)

Added

cyberark/secretless-broker

v1.7.4 (2021-06-30)

Changed

v1.7.5 (2021-08-04)

Security

cyberark/summon

v0.9.0 (2021-07-19)

Added

Fixed

  • Default provider path can be overridden via the SUMMON_PROVIDER_PATH environment variable, resolving an issue where providers cannot be found when installed via homebrew in a non-default location. cyberark/summon#213

cyberark/summon-conjur

v0.5.5 (2021-06-01)

Security

v0.6.0 (2021-08-11)

Added