Version v1.11.3+suite.1

This Suite release aligns with Conjur Server version 1.11.3. It includes better error handling by the Conjur server and new support for using Summon environments in the Conjur Buildpack.

To learn more about the Conjur Open Source Suite Release structure, refer to the documentation introduction.

What's New

New and enhanced functionality includes:

Conjur Core

Conjur Server

This release includes improved error handling by the Conjur server.

Conjur Integrations

Conjur Cloud Foundry Integration

The Conjur Buildpack has been updated to add support for Summon environments in the secrets.yml file. Users can now divide their secrets.yml files into environments and specify which environment secrets should be loaded at runtime using the new SECRETS_YAML_ENVIRONMENT environment variable. For detailed instructions on using this new functionality, see the project README.

This release also includes a minor update to the Conjur Service Broker. Users who consume our Tanzu Application Service tile should wait for the next tile release to update the service broker, but all users may install the buildpack at any time following the documented instructions.

Components

These are the primary repositories for Conjur Open Source and its SDK.

The following components are included or enhanced in Conjur OSS Suite Version v1.11.3+Suite.1:

Conjur server

Conjur SDK

Platform integrations

DevOps tools

Secretless Broker

Summon

Conjur OSS Suite installation

Installing the Suite Release Version of Conjur requires setting the container image tag.

Follow the instructions relevant for your environment.

  • Docker or docker-compose

    Set the container image tag to cyberark/conjur:1.11.3. For example, make the following update to the conjur service in the quickstart docker-compose.yml:

    image: cyberark/conjur:1.11.3
  • Conjur OSS Helm chart

    Update the image.tag value and use the appropriate release of the helm chart:

    helm install ... \
      --set image.tag="1.11.3" \
      ...
      https://github.com/cyberark/conjur-oss-helm-chart/releases/download/v2.0.3/conjur-oss-2.0.3.tgz

Upgrade instructions

Upgrade instructions are available for the following suite components:

What's new by component

The following components were introduced or enhanced in the Conjur OSS suite version v1.11.3+suite.1.

cyberark/conjur

v1.11.3 (2021-02-22)

Changed

  • Conjur now raises a RoleNotFound error when trying to authenticate a non-existent host in authn-k8s. cyberark/conjur#2046

Fixed

  • Conjur now raises a new ServiceIdMissing error if the service-id param is missing in an authentication request for the OIDC authenticator. cyberark/conjur#2004

cyberark/conjur-api-go

v0.7.0 (2021-02-10)

Added

  • RetrieveBatchSecretsSafe method, which allows the user to specify the use of the Accept: base64 header in batch retrieval requests. This allows binary secrets to be retrieved from Conjur. cyberark/conjur-api-go#88

Changed

  • Updated Go versions to 1.15.

v0.7.1 (2021-03-01)

Fixed

  • Resources method no longer sends improperly URL-encoded query strings when filtering resources with the "Search" parameter. Previously, if you used a "Search" value that included a slash "/", the client would return no results even if the server had matching resources due to an issue with the URL-encoding. cyberark/conjur-api-go#93

cyberark/cloudfoundry-conjur-buildpack

v2.2.0 (2020-03-01)

Added

  • Support for using Summon environments in the secrets.yml file. Users can now divide their secrets.yml files into sections for each environment and specify the secrets to load at runtime using the new SECRETS_YAML_ENVIRONMENT environment variable. See the README for more information. cyberark/cloudfoundry-conjur-buildpack#44

Removed

cyberark/conjur-service-broker

v1.1.5 (2021-03-01)

Fixed

  • The service broker Gemfile now specifies the Ruby version so that the service broker no longer fails to install when using a version of the Ruby Buildpack v1.8.15 or older, due to an incompatibility issue between Ruby and Nokogiri versions. cyberark/conjur-service-broker#229

Removed

cyberark/conjur-authn-k8s-client

v0.19.1 (2021-02-08)

Changed

  • The Authenticate method now parses the authentication response and writes it to the token file, without the need to call ParseAuthenticationResponse. This is a breaking change for software that leverages the go get github.com/cyberark/conjur-authn-k8s-client/pkg/authenticator Go package (Secretless and Secrets Provider for Kubernetes); users of the Kubernetes Authenticator Client Docker image are not impacted by this change. cyberark/conjur-authn-k8s-client#180

  • The project Golang version is updated from the end-of-life v1.12 to the latest version v1.15. cyberark/conjur-authn-k8s-client#206

  • Improve the error message raised when the username doesn't include the host/ prefix. cyberark/conjur-authn-k8s-client#212

cyberark/secrets-provider-for-k8s

v1.1.3 (2021-03-01)

Changed

  • Updated Kubernetes Authenticator Client to version to 0.19.1, which streamlines the parsing of authentication responses, updates the project Golang version to v1.15, and improves error messaging.

cyberark/secretless-broker

v1.7.3 (2020-03-09)

Changed

  • Updated Kubernetes Authenticator Client version to 0.19.1, which streamlines the parsing of authentication responses, updates the project Golang version to v1.15, and improves error messaging.

Fixed

  • When configured for the SSL mode of require or prefer, Secretless now sends a valid "SSL is not supported" response per the PostgreSQL protocol standard when a client attempts to open an SSL connection using the PostgreSQL connector. When the client is configured for SSL mode prefer, the updated response enables the client to downgrade to an insecure connection and continue. Previously, clients sending requests using the SSL mode of either require or prefer would receive a generic error from Secretless, which made it harder to determine the root cause of the problem and caused the preferSSL mode to not function correctly. cyberark/secretless-broker#1377