Merge pull request #60 from Conjur-Enterprise/name-change

akosasi · GitHub Enterprise · commit 9f3225231901 · 2025-09-04T09:52:01.000-04:00
CNJR-10966: Name Change Updates
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,9 +10,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Nothing should go in this section, please add to the latest unreleased version
   (and update the corresponding date), or add a new version.
 
-## [1.7.29] - 2025-08-26
+## [1.7.29] - 2025-09-03
 
 ### Changed
+- Update README to align with Conjur's name change to CyberArk Secrets Manager and update SECURITY.md. CNJR-10966
 - Upgrade base docker images from Debian Bullseye to Bookworm.
 - Migrate from MySQL 8.1 to MySQL LTS and enable `mysql_native_password` plugin in the configuration files.
 - Remove deprecated docker compose version declarations
diff --git a/README.md b/README.md
@@ -41,7 +41,7 @@ When the client connects to a target service through the Secretless Broker:
 
   Secretless is responsible for establishing connections to the backend, and can handle secret rotation in a way that’s transparent to the client.
 
-To provide Secretless access to a target service, a [Service Connector](#service-connectors) implements the protocol of the service, replacing the authentication handshake. The client does not need to know or use a real password to the service. Instead, it proxies its connection to the service through a local connection to Secretless. Secretless obtains credentials to the target service from a secrets vault (such as Conjur, a keychain service, text files, or other sources) via a [Credential Provider](#credential-providers). The credentials are used to establish a connection to the actual service, and Secretless then rapidly shuttles data back and forth between the client and the service.
+To provide Secretless access to a target service, a [Service Connector](#service-connectors) implements the protocol of the service, replacing the authentication handshake. The client does not need to know or use a real password to the service. Instead, it proxies its connection to the service through a local connection to Secretless. Secretless obtains credentials to the target service from a secrets vault (such as CyberArk Secrets Manager, a keychain service, text files, or other sources) via a [Credential Provider](#credential-providers). The credentials are used to establish a connection to the actual service, and Secretless then rapidly shuttles data back and forth between the client and the service.
 
 Secretless Broker is currently licensed under [ASL 2.0](#license)
 
@@ -52,7 +52,7 @@ Secretless supports several target services out of the box, and these include:
 - MySQL (Socket and TCP)
 - PostgreSQL (Socket and TCP)
 - SSH / SSH-Agent (Beta)
-- HTTP with Basic auth, Conjur, and AWS authorization strategies (Beta)
+- HTTP with Basic auth, CyberArk Secrets Manager or Conjur OSS, and AWS authorization strategies (Beta)
 
 Support for these services is provided via internal plugins (also referred to as "Service Connectors") that are part
 of the Secretless binary distribution.
diff --git a/SECURITY.md b/SECURITY.md
@@ -1,42 +1,6 @@
 # Security Policies and Procedures
 
-This document outlines security procedures and general policies for the CyberArk Conjur
-suite of tools and products.
-
-  * [Reporting a Bug](#reporting-a-bug)
-  * [Disclosure Policy](#disclosure-policy)
-  * [Comments on this Policy](#comments-on-this-policy)
-
 ## Reporting a Bug
+CyberArk takes product security very seriously. If you believe you have found a vulnerability in one of our products, we ask that you follow responsible disclosure guidelines and contact producxst_security@cyberark.com and work with us toward a quick resolution to protect our customers.
 
-The CyberArk Conjur team and community take all security bugs in the Conjur suite seriously.
-Thank you for improving the security of the Conjur suite. We appreciate your efforts and
-responsible disclosure and will make every effort to acknowledge your
-contributions.
-
-Report security bugs by emailing the lead maintainers at security@conjur.org.
-
-The maintainers will acknowledge your email within 2 business days. Subsequently, we will 
-send a more detailed response within 2 business days of our acknowledgement indicating
-the next steps in handling your report. After the initial reply to your report, the security
-team will endeavor to keep you informed of the progress towards a fix and full
-announcement, and may ask for additional information or guidance.
-
-Report security bugs in third-party modules to the person or team maintaining
-the module.
-
-## Disclosure Policy
-
-When the security team receives a security bug report, they will assign it to a
-primary handler. This person will coordinate the fix and release process,
-involving the following steps:
-
-  * Confirm the problem and determine the affected versions.
-  * Audit code to find any potential similar problems.
-  * Prepare fixes for all releases still under maintenance. These fixes will be
-    released as fast as possible.
-
-## Comments on this Policy
-
-If you have suggestions on how this process could be improved please submit a
-pull request.
+Refer to [CyberArk's Security Vulnerability Policy](https://www.cyberark.com/cyberark-security-vulinerability-policy.pdf) for more details
