diff --git a/release-notes/opensearch-security.release-notes-2.12.0.0.md b/release-notes/opensearch-security.release-notes-2.12.0.0.md new file mode 100644 index 0000000000..be6ddbc125 --- /dev/null +++ b/release-notes/opensearch-security.release-notes-2.12.0.0.md @@ -0,0 +1,61 @@ +## 2024-02-20 Version 2.12.0.0 + +Compatible with OpenSearch 2.12.0 + +### Enhancements +* Add additional sendRequestDecorate cases ([#4007](https://github.com/opensearch-project/security/pull/4007)) +* [BUG-2556] Add new DLS filtering test ([#4001](https://github.com/opensearch-project/security/pull/4001)) +* [Enhancement-3191] `transport_enabled` setting on an auth domain and authorizer may be unnecessary after transport client removal ([#3966](https://github.com/opensearch-project/security/pull/3966)) +* Update roles.yml with new API for experimental alerting plugin feature [#4027](https://github.com/opensearch-project/security/pull/4027) ([#4029](https://github.com/opensearch-project/security/pull/4029)) +* Admin role for Query insights plugin ([#4022](https://github.com/opensearch-project/security/pull/4022)) +* Validate 409s occur when multiple config updates happen simultaneously ([#3962](https://github.com/opensearch-project/security/pull/3962)) +* Protect config object from concurrent modification issues ([#3956](https://github.com/opensearch-project/security/pull/3956)) +* Add test coverage for ComplianceConfig ([#3957](https://github.com/opensearch-project/security/pull/3957)) +* Update security analytics roles to include custom log type cluster permissions ([#3954](https://github.com/opensearch-project/security/pull/3954)) +* Add logging for test LdapServer actions ([#3942](https://github.com/opensearch-project/security/pull/3942)) +* HeapBasedRateTracker uses time provider to allow simluating of time in unit tests ([#3941](https://github.com/opensearch-project/security/pull/3941)) +* Add additional logging around `testShouldSearchAll` tests ([#3943](https://github.com/opensearch-project/security/pull/3943)) +* Add permission for get workflow step ([#3940](https://github.com/opensearch-project/security/pull/3940)) +* Add additional ignore_headers audit configuration setting ([#3926](https://github.com/opensearch-project/security/pull/3926)) +* Update to Gradle 8.5 ([#3919](https://github.com/opensearch-project/security/pull/3919)) ([#3923](https://github.com/opensearch-project/security/pull/3923)) +* Refactor SSL handler retrieval to use HttpChannel / TranportChannel APIs instead of typecasting ([#3917](https://github.com/opensearch-project/security/pull/3917)) ([#3922](https://github.com/opensearch-project/security/pull/3922)) +* Improve messaging on how to set initial admin password ([#3918](https://github.com/opensearch-project/security/pull/3918)) +* Re-enable disabled PIT integration tests ([#3914](https://github.com/opensearch-project/security/pull/3914)) +* Switched to more reliable OpenSearch Lucene snapshot location ([#3913](https://github.com/opensearch-project/security/pull/3913)) +* Add deprecation check for `jwt_header` setting ([#3896](https://github.com/opensearch-project/security/pull/3896)) +* Add render search template as a cluster permission ([#3689](https://github.com/opensearch-project/security/pull/3689)) ([#3872](https://github.com/opensearch-project/security/pull/3872)) +* Add flow framework system indices and roles ([#3851](https://github.com/opensearch-project/security/pull/3851)) ([#3880](https://github.com/opensearch-project/security/pull/3880)) +* Search operation test flakiness fix ([#3862](https://github.com/opensearch-project/security/pull/3862)) +* Extracts demo configuration setup into a java tool, adds support for Bundled JDK for this tool and updates DEVELOPER_GUIDE.md ([#3845](https://github.com/opensearch-project/security/pull/3845)) +* SAML permissions changes in DynamicConfigModelV7 ([#3853](https://github.com/opensearch-project/security/pull/3853)) +* Add do not fail on forbidden test cases around the stats API ([#3825](https://github.com/opensearch-project/security/pull/3825)) ([#3828](https://github.com/opensearch-project/security/pull/3828)) + +### Bug Fixes +* Fix Bug with Install demo configuration running in cluster mode with -y ([#3936](https://github.com/opensearch-project/security/pull/3936)) +* Allow TransportConfigUpdateAction when security config initialization has completed ([#3810](https://github.com/opensearch-project/security/pull/3810)) ([#3927](https://github.com/opensearch-project/security/pull/3927)) +* Fix the CI / report-coverage check by switching to corresponding actions/upload-artifact@v4 ([#3893](https://github.com/opensearch-project/security/pull/3893)) ([#3895](https://github.com/opensearch-project/security/pull/3895)) + +### Maintenance +* Bump org.apache.camel:camel-xmlsecurity from 3.22.0 to 3.22.1 ([#4018](https://github.com/opensearch-project/security/pull/4018)) +* Bump release-drafter/release-drafter from 5 to 6 ([#4021](https://github.com/opensearch-project/security/pull/4021)) +* Bump com.netflix.nebula.ospackage from 11.6.0 to 11.7.0 ([#4019](https://github.com/opensearch-project/security/pull/4019)) +* Bump org.junit.jupiter:junit-jupiter from 5.10.1 to 5.10.2 ([#4020](https://github.com/opensearch-project/security/pull/4020)) +* Bump jjwt_version from 0.12.4 to 0.12.5 ([#4017](https://github.com/opensearch-project/security/pull/4017)) +* Bump io.dropwizard.metrics:metrics-core from 4.2.24 to 4.2.25 ([#3998](https://github.com/opensearch-project/security/pull/3998)) +* Bump gradle/gradle-build-action from 2 to 3 ([#4000](https://github.com/opensearch-project/security/pull/4000)) +* Bump jjwt_version from 0.12.3 to 0.12.4 ([#3999](https://github.com/opensearch-project/security/pull/3999)) +* Bump spotless (6.24.0 -> 6.25.0) to bump eclipse resources (3.18 -> 3.19) ([#3993](https://github.com/opensearch-project/security/pull/3993)) +* Fix: remove unnecessary trailing slashes in APIs. ([#3978](https://github.com/opensearch-project/security/pull/3978)) +* Adds new ml-commons system indices to the list ([#3974](https://github.com/opensearch-project/security/pull/3974)) +* Bump io.dropwizard.metrics:metrics-core from 4.2.23 to 4.2.24 ([#3970](https://github.com/opensearch-project/security/pull/3970)) +* Bump com.fasterxml.woodstox:woodstox-core from 6.5.1 to 6.6.0 ([#3969](https://github.com/opensearch-project/security/pull/3969)) +* Bump com.diffplug.spotless from 6.23.3 to 6.24.0 ([#3947](https://github.com/opensearch-project/security/pull/3947)) +* Bump org.apache.camel:camel-xmlsecurity from 3.21.3 to 3.22.0 ([#3906](https://github.com/opensearch-project/security/pull/3906)) +* Bump com.google.errorprone:error_prone_annotations from 2.23.0 to 2.24.0 ([#3897](https://github.com/opensearch-project/security/pull/3897)) ([#3902](https://github.com/opensearch-project/security/pull/3902)) +* Bump io.dropwizard.metrics:metrics-core from 4.2.22 to 4.2.23 ([#3900](https://github.com/opensearch-project/security/pull/3900)) +* Bump com.google.googlejavaformat:google-java-format from 1.18.1 to 1.19.1 ([#3901](https://github.com/opensearch-project/security/pull/3901)) +* Bump github/codeql-action from 2 to 3 ([#3859](https://github.com/opensearch-project/security/pull/3859)) ([#3867](https://github.com/opensearch-project/security/pull/3867)) +* Bump org.apache.camel:camel-xmlsecurity from 3.21.2 to 3.21.3 ([#3864](https://github.com/opensearch-project/security/pull/3864)) +* Bump org.checkerframework:checker-qual from 3.40.0 to 3.42.0 ([#3857](https://github.com/opensearch-project/security/pull/3857)) ([#3866](https://github.com/opensearch-project/security/pull/3866)) +* Bump com.flipkart.zjsonpatch:zjsonpatch from 0.4.14 to 0.4.16 ([#3865](https://github.com/opensearch-project/security/pull/3865)) +* Bump com.netflix.nebula.ospackage from 11.5.0 to 11.6.0 ([#3863](https://github.com/opensearch-project/security/pull/3863))