Athenz v1.12.3 Release

What's Changed

• Athenz Identity Provider for Harness by @havetisyan in #2773
• Bump next from 13.5.4 to 14.2.15 in /ui by @dependabot in #2765
• Store SIA user agent information in x509 certificate request table by @rajeshal in #2772
• fix functional tests in services.spec by @ArtjomsPorss in #2781
• clean up unused consts in the aws common library by @havetisyan in #2779
• update harness api key env variable name by @havetisyan in #2775
• use configured identity instead of hard-coded sys.auth.monitor identity by @havetisyan in #2780
• Store SIA certificate creds in AWS parameter store, use custom json … by @rajeshal in #2776
• allow % character in tag value by @chandrasekhar1996 in #2777
• keep track of request entries in the role audit log by @havetisyan in #2782
• improve UX of dropdown inputs by @ArtjomsPorss in #2774
• updated java and go dependencies to their latest releases by @havetisyan in #2783
• consistent indentation - formatting change only by @havetisyan in #2784
• fix functional tests in roles.spec by @ArtjomsPorss in #2786
• config option to support ambiguous uris in jetty servlets by @havetisyan in #2787

Full Changelog: v1.12.2...v1.12.3

Athenz v1.12.2 Release

What's Changed

• diplay service provider error message by @ArtjomsPorss in #2761
• [skip ci] specify source/target in example pom.xml by @havetisyan in #2762
• maven central publishing fixes by @havetisyan in #2760
• update example to utilize nimbus library for token validation by @havetisyan in #2764
• update package build list for docker image by @havetisyan in #2763
• update go and java versions for docker builds by @havetisyan in #2767
• touch done files after individual sia commands by @havetisyan in #2766
• update go/java dependencies to their latest release by @havetisyan in #2769
• defer accesstoken error logging by @abvaidya in #2770
• docker build fixes for go 1.22 - no GO111MODULE support by @havetisyan in #2771

Full Changelog: v1.12.1...v1.12.2

Athenz v1.12.1 Release

Athenz 1.12.x includes the following changes:

• Upgrade to Jetty 12.x / EE10 Release using Jakarta 6.x
• Remove all deprecated methods from server side interfaces
• Migrate all aws v1 usage from server side code to aws v2 since v1 sdk is EOL
• Migrate Apache HttpClient 4.x to 5.x
• Server builds are released w/ JDK 17 due to jetty requirement but all client libraries are continued to be built and published with JDK 11 support
• replace jjwt library with nimbus-jwt library
• CI/CD pipeline will be moved from SD to GitHub Actions
• Move AWSPrivateKeyStore implementation from server-common to auth-core where it belongs with the correct package name
• Remove single email notification support and only support consolidated email notifications (there is no point of spamming the admin with 20 separate emails where a single email can include all the roles that the admin needs to review)

Full details about required changes: https://github.com/AthenZ/athenz/blob/master/docs/migration-1.11-to-1.12.md

Athenz v1.11.66 Release

What's Changed

• do not exit when token refresh fails while pod is running by @havetisyan in #2724
• Bump serve-static and express in /ui by @dependabot in #2728
• Bump send and express in /ui by @dependabot in #2726
• Bump body-parser from 1.20.0 to 1.20.3 in /ui by @dependabot in #2725
• disable advanced settings for delegated roles during role creation or editing by @ArtjomsPorss in #2733
• send notification for put role membership decision by @chandrasekhar1996 in #2737
• Adding resource ownership support for MSD API by @yosrixp in #2744
• during delete tenancy check the primary db instance by @havetisyan in #2743
• Adding support to GCE SIA multiple service by @yosrixp in #2740
• send notification for put group membership decision by @chandrasekhar1996 in #2742
• update java and go dependencies to their latest releases by @havetisyan in #2745

Full Changelog: v1.11.65...v1.11.66

Athenz v1.11.65 Release

What's Changed

• not allow principal to approve/reject own requests for audit enabled roles/groups by @havetisyan in #2702
• fix tests failing to run due to babel node sytax conflicts by @ArtjomsPorss in #2703
• add role member UI enhancement by @ArtjomsPorss in #2700
• add group review icon, it becomes red when group review required by @ArtjomsPorss in #2705
• enforce resource ownership for delete role member operation by @chandrasekhar1996 in #2708
• enforce resource ownership for delete group member operation by @chandrasekhar1996 in #2709
• enforce resource ownership for delete assertion operation by @chandrasekhar1996 in #2710
• allow adding authorization header on msd-agent calls by @abvaidya in #2701
• Jonmv/build kite integration by @jonmv in #2706
• Bump micromatch from 4.0.7 to 4.0.8 in /ui by @dependabot in #2716
• fix added tag is displayed in UI, fix delete last tag by @ArtjomsPorss in #2712
• open role and group members in new tab by @ArtjomsPorss in #2718
• email notifications improvements with notify roles and groups by @havetisyan in #2719
• update zms go client with latest rdl changes by @havetisyan in #2722

Full Changelog: v1.11.64...v1.11.65

Athenz v1.11.64 Release

What's Changed

• display warning for expired and disabled members in Roles and Groups by @ArtjomsPorss in #2668
• fix skip non revocable attribute logic by @havetisyan in #2680
• [documentation/github actions provider] Fix service name for prs by @tokle in #2681
• provide java api for gcp workloads to refresh their identity certificates by @havetisyan in #2672
• minor update to the key refresher unit test by @havetisyan in #2682
• more specific error message for user authority filter checks by @havetisyan in #2683
• fix red role review icon conditions by @ArtjomsPorss in #2684
• Adding the Otel Implementation by @salladi30 in #2687
• Bump axios from 1.6.0 to 1.7.4 in /clients/nodejs/zts by @dependabot in #2690
• update java and go dependencies to their latest releases by @havetisyan in #2694
• SIA (Service Identity Agent for GCP Runs by @havetisyan in #2693

New Contributors

• @ArtjomsPorss made their first contribution in #2668
• @salladi30 made their first contribution in #2687

Full Changelog: v1.11.63...v1.11.64

Athenz v1.11.63 Release

What's Changed

• include recently added fields in domain audit log by @abvaidya in #2664
• Extend support for authority filter for roles/groups to skip unnecessary checks by @havetisyan in #2663
• expose github provider specific error back to client for debugging by @havetisyan in #2665
• UI: update dependencies and unit test by @chandrasekhar1996 in #2666
• DIscover additional instances to MSD, with dynamic/static workloads by @rajeshal in #2660

Full Changelog: v1.11.62...v1.11.63

Athenz v1.11.62 Release

What's Changed

• Omit specifying trust store or CA cert when generating KeyRefresher by @massakam in #2650
• add x509-cert-signer-keyid and ssh-cert-signer-keyid fields to domain meta by @havetisyan in #2652
• update ZTS to honor domain's x509/ssh signer key ids by @havetisyan in #2654
• UI fix: group review submitted for wrong domain by @chandrasekhar1996 in #2655
• add new option for id token request to require all scope items to be present by @havetisyan in #2658
• update test cases to use valid keystore by @havetisyan in #2656
• update go and java dependencies to their latest releases by @havetisyan in #2659

Schema Update

https://github.com/AthenZ/athenz/blob/master/servers/zms/schema/updates/update-20240708.sql

New Contributors

• @massakam made their first contribution in #2650

Full Changelog: v1.11.61...v1.11.62

Athenz v1.11.61 Release

This release requires a schema change

https://github.com/AthenZ/athenz/blob/master/servers/zms/schema/updates/update-20240523.sql

What's Changed

• Jonmv/assume azure services by @jonmv in #2634
• update error messages/formatting + fix zts property name in docs by @havetisyan in #2637
• Bump braces from 3.0.2 to 3.0.3 in /ui by @dependabot in #2639
• Enable SSH Host certificate for AWS EC2 instances by @ean in #2635
• implement domain group members api by @havetisyan in #2641
• /oauth2/keys Specify the service to obtain the public key by @TakuyaMatsu in #2642
• fix not able to update POC in domain by @chandrasekhar1996 in #2643
• support refreshing provider ip blocks every hour by @havetisyan in #2644
• change order of signature validation for zpu policies by @havetisyan in #2645
• separate key algorithm setting for instance provider by @havetisyan in #2646
• extend the logic to set the preferred expiry time for service certificates by @havetisyan in #2648
• update java and go dependencies to their latest releases by @havetisyan in #2649

New Contributors

• @jonmv made their first contribution in #2634
• @ean made their first contribution in #2635

Full Changelog: v1.11.60...v1.11.61

Athenz v1.11.60 Release

This release requires a schema change

https://github.com/AthenZ/athenz/blob/master/servers/zms/schema/updates/update-20240525.sql

What's Changed

• address CodeQL warning about safe int32 conversion and insecure cipher by @havetisyan in #2622
• keep state when key/cert were backed up for restore in case of failure by @havetisyan in #2623
• update schema for azure support by @havetisyan in #2624
• for role/group member expiry support all restrictions by @havetisyan in #2625
• support system allowed roles in id tokens by skipping limit check by @havetisyan in #2626
• remove dependency on jetty from client libraries by @havetisyan in #2627
• fix comparing ecdsa key/cert public key match by @havetisyan in #2630
• aws parameter store implementation for PrivateKeyStore interface by @abvaidya in #2631
• support principal domain filter for role/group members by @havetisyan in #2629
• update java and go depedencies to their latest releases by @havetisyan in #2633
• server k8s common module by @abvaidya in #2632

Full Changelog: v1.11.59...v1.11.60