v1.17.2
Pre-release
Pre-release
·
730 commits
to master
since this release
[1.17.2] - 2022-03-09
Added
- Added the ability to fetch signing keys from JWKS endpoints that use a self-signed
certificate or a certificate signed by a third-party CA for JWT generic vendor
configuration
(#2462
#2461
#2456
#2455
#2457
#2452
#2437) - Added the ability for JWT generic vendor configuration to receive signing keys
for JWT token verification from a variable. Variable name ispublic-keys
(#2463
#2461
#2456
#2455
#2454
#2450
#2447
#2437) - Added support for SNI certificates when talking to the Kubernetes API
server through the web socket client.
#2482 - Added support for http(s)_proxy for Kubernetes client in Kubernetes
authenticator
#2432
Changed
- Update to automated release process
- Proper error message appears when JWT Authenticator gets HTTP code error
while trying to fetch JWKS data fromjwks-uri#2474 - Upgrade to Ruby 3. #2444
Fixed
- IAM Authn bug fix - Take rexml gem to production configuration #2493
- Previously, a stale puma pid file would prevent the Conjur server from starting
successfully. Conjur now removes a stale pid file at startup, if it exists.
#2498 - Use entirety of configured Kubernetes endpoint URL in Kubernetes authenticator's
web socket client, instead of only host and port
#2479
Security
- Updated rails to 6.1.4.7 to resolve CVE-2022-21831 (not vulnerable)
cyberark/conjur#2513 - Updated nokogiri to 1.13.3 to resolve CVE-2022-23308 and CVE-2021-30560
cyberark/conjur#2504 - Updated Rails to 6.1.4.4 to resolve CVE-2021-44528 (Medium, Not Vulnerable)
cyberark/conjur#2486 - Updated Rails to 6.1.4.6 to resolve CVE-2022-23633
- Updated Puma to 5.6.2 to resolve CVE-2022-23634
cyberark/conjur#2492 - Updated Puma to 5.6.4 to resolve CVE-2022-24790
cyberark/conjur#2534