Skip to content

Releases: cyberark/secretless-broker

v1.7.9

18 Jan 22:02
@conjur-jenkins conjur-jenkins
v1.7.9
This tag was signed with the committer’s verified signature.
szh Shlomo Zalman Heigh
GPG key ID: F3830420E22740F7
Verified
Learn about vigilant mode.
a570fb4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.7.9

Changelog

Changed

Loading

v1.7.8

10 Nov 20:32
@conjur-jenkins conjur-jenkins
v1.7.8
This tag was signed with the committer’s verified signature.
jtuttle Julia Tuttle
GPG key ID: E223AA1BC63309AE
Verified
Learn about vigilant mode.
e745226
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.7.8

1.7.8 - 2021-11-09

Fixed

v1.7.7 - 2021-11-03

Fixed

  • Request-signing on the AWS connector was updated to address a bug that was
    causing failed integrity checks, where the request-signing by Secretless was
    incorporating more headers than were used on the original request-signing. The
    fix limits the headers used by Secretless to those used in the original
    request. cyberark/secretless-broker#1432

Security

Loading

v1.7.6

14 Sep 18:52
@jtuttle jtuttle
v1.7.6
This tag was signed with the committer’s verified signature.
jtuttle Julia Tuttle
GPG key ID: E223AA1BC63309AE
Verified
Learn about vigilant mode.
2856148
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.7.6

Added

Loading

v1.7.5

05 Aug 21:38
@conjur-jenkins conjur-jenkins
v1.7.5
This tag was signed with the committer’s verified signature.
jtuttle Julia Tuttle
GPG key ID: E223AA1BC63309AE
Verified
Learn about vigilant mode.
dd9e1b6
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.7.5

Changelog

Security

Loading

v1.7.4

30 Jun 16:01
@conjur-jenkins conjur-jenkins
v1.7.4
This tag was signed with the committer’s verified signature.
jtuttle Julia Tuttle
GPG key ID: E223AA1BC63309AE
Verified
Learn about vigilant mode.
f253671
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.7.4

Changed

Loading

v1.7.3

09 Mar 21:03
@conjur-jenkins conjur-jenkins
v1.7.3
982859b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.7.3

Changelog

Changed

  • Update k8s authenticator client version to 0.19.1, which streamlines the parsing of authentication responses, updates the project Golang version to v1.15, and improves error messaging.

Fixed

  • Secretless now sends a valid "SSL is not supported" response per the PostgreSQL protocol standard when a client attempts to open an SSL connection (i.e. when configured with SSL mode require or prefer) via the PostgreSQL connector. When the client is configured with SSL mode prefer, the updated response enables the client to downgrade to an insecure connection and continue. Previously, clients sending requests using either require or prefer SSL mode would receive a generic error from Secretless, which made it harder to determine the root cause of the problem and broke how prefer is expected to work.
    cyberark/secretless-broker#1377
Loading

v1.7.2

05 Feb 22:41
@conjur-jenkins conjur-jenkins
v1.7.2
c778f0e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.7.2

Changelog

Added

Deprecated

Fixed

  • Automatic endpoint discovery for the AWS connector was updated to address two
    bugs where (1) the request host header was not being updated to the discovered
    endpoint, and (2) the request modification was being done after signing the
    request which would result in a failing integrity check.
    cyberark/secretless-broker#1369
Loading

v1.7.1

23 Oct 21:09
@izgeri izgeri
v1.7.1
4658911
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.7.1 Pre-release
Pre-release

Change log

Added

  • The vault provider now supports loading secrets from the KV Version 2 secret engine. Reference a secret in Vault using the right path and a field navigation in the Secretless configuration. cyberark/secretless-broker#1331

Changed

Loading

v1.7.0

14 Sep 13:56
@izgeri izgeri
v1.7.0
b3c42e3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.7.0

Change log

Added

  • Secretless and secretless-redhat containers now use Alpine 3.12 as their base image.
    PR cyberark/secretless-broker#1296
  • MySQL and PostgreSQL connectors support SSL host name verification with verify-full SSL mode. Also adds optional sslhost configuration parameter that is compared to the server's certificate SAN.
    cyberark/secretless-broker#548
  • Generic HTTP connector now supports queryParam as a configurable section in the Secretless configuration file, under config. This allows the construction of a query string which can have credentials injected as needed.
    cyberark/secretless-broker#1290
  • Generic HTTP connector now supports oauth1 as a configurable section in the Secretless configuration file, under config. This allows the construction of a header for an OAuth 1.0 request. The OAuth 1.0 feature currently only supports HMAC-SHA1, but there is an issue logged to support other hashing methods.
    cyberark/secretless-broker#1297
  • Many (20+) example generic connector configurations were added to the project, to demonstrate support for a broad set of popular APIs and to serve as an example for other APIs users may need to use Secretless with their apps. See here for the full list of examples.
    cyberark/secretless-broker#1248
Loading

v1.6.0

05 May 14:08
@izgeri izgeri
v1.6.0
ed1d329
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.6.0

Change log

Added

  • Support for a SECRETLESS_HTTP_CA_BUNDLE environment variable that specifies the path to a CA cert bundle and enables users to configure Secretless with additional CA certificates for server cert verification when using HTTP connectors. (PR #1180)
  • TLS support for the Secretless-to-server connections of the MSSQL connector. This is the recommended way to secure this connection and achieves feature parity with other TLS connectors. (#1163, #1164, #1165)
  • MSSQL connector supports SSL host name verification with verify-full SSL mode. Also adds optional sslhost configuration parameter that is compared to the server's certificate SAN. (#1199)

Fixed

  • PostgreSQL connector log messages were updated to improve formatting, fixing a previous issue where the log messages were improperly formatted and were garbled in the logs. (PR #1192)

Security

  • TCP connectors all automatically zeroize the connection credentials in memory after successfully opening a connection; previously, credentials were only zeroized in memory on error. (#1188)
Loading