Releases: opensearch-project/security
Releases · opensearch-project/security
Release 2.5.0.0
2023-01-17 Version 2.5.0.0
Compatible with OpenSearch 2.5.0
Enhancements
- When excluding fields also exclude the term + .keyword (#2377)
- Update tool scripts to run in windows (#2371, #2379)
- Remove trimming of whitespace when extracting SAML backend roles (#2381, #2383)
- Add script for workflow version increment (#2374, #2386)
Bug Fixes
Maintenance
- Upgrade CXF to 3.5.5 to address CVE-2022-46363 (#2350, #2357)
Release 2.4.0.0
2022-11-10 Version 2.4.0.0
Compatible with OpenSearch 2.4.0
Enhancements
- Add install_demo_configuration Batch script for Windows (#2161#2203
- Add CI for Windows and MacOS platforms (#2190#2205)
- Make ldap pool period and idle time configurable (#2091#2097)
- Allow custom LDAP return attributes (#2093#2110)
- Add bcpkix-jdk15on runtimeOnly dependency to read keys with bouncycastle (#2191#2200)
Bug Fixes
Maintenance
- Add groupId = org.opensearch.plugin (#2158#2185)
- Roles yml changes for security-analytics plugin (#2192#2225)
- Upgrade Kafka Client to 3.0.2 (#2123#2126)
- Log deprecation message on legacy ldap pool settings (#2099#2147)
- Address CVE-2022-42889 by updating commons-text (#2177#2186)
- Patch bump for scala dependency (#2163#2187)
- Woodstox Version Bump to 6.4.0 (#2197#2199)
Release 2.3.0.0
Release 2.2.0.0
2022-08-11 Version 2.2.0.0
Compatible with OpenSearch 2.2.0
Enhancements
- Adds a basic sanity test to run against a remote cluster (#1958)
- Create a manually started workflow for bulk run of integration tests (#1937)
Bug Fixes
- Use Collections.synchronizedSet and Collections.synchronizedMap for roles, securityRoles and attributes in User (#1970)
Maintenance
- Update to Gradle 7.5 (#1963)
- Increment version to 2.2.0.0 (#1948)
- Force netty-transport-native-unix-common version (#1945)
- Add release notes for 2.2.0.0 release (#1974)
- Staging for version increment automation (#1932)
- Fix breaking API change introduced in Lucene 9.3.0 (#1988)
- Update indices resolution to be clearer (#1999)
Refactoring
- Abstract waitForInit to minimize duplication and improve test reliability (#1935)
Release v1.13.1.1
Compatible with Elasticsearch 7.10.2
Enhancement
- Allow attempt to load security config in case of plugin restart even if security index already exists (#1154)
- Check and create multi-tenant index with alias for Update and Delete requests. Try to find a name for the multi-tenant index if index/alias with ".kibana_..._#" already exists. (#1058)
New feature
- Added changes to support validation of security roles for plugins (#1367) (#1442)
- Add support for ResolveIndexAction handling (#1312) (#1398)
- Introducing passive_intertransport_auth to facilitate communication between nodes with adv sec enabled and nodes without adv sec enabled.(#1156)
Bug fix
- fix to include hidden indices when resolving wildcards (#1487)
- Add validation for null elements in JSON array (#1157) (#1361)
- Return HTTP 409 (conflict) if get parallel put request (#1158)
- Delay the security index initial bootstrap when the index is red (#1153)
- [Fix][Usage][Hasher] wrong file reference hash.sh (#1093)
Test fix
- Correcting setupSslOnlyMode to use AbstractSecurityUnitTest.hasCustomTransportSettings() (#1057)
- Fix race condition on async test for PR #1158 (#1331)
Maintenance
- Upgrade CXF (#1943)
- [backport] Upgrade json-smart from 2.4.2 to 2.4.7 (#1299) (#1503)
- [Backport] Extended role injection support for cross cluster requests (#1195) (#1441)
- [Backport] Handled DLS/FLS/Field masking for Cross cluster replication (#1436)
- Added replication specific roles and system index to the configuration (#1437)
- Use JDK 14 for CI and CD (#1226)
- Redact BCrypt security config internal hashes from audit logs (#756)
- Use smart logging and optimize debug/trace enabled checks (#895)
- Do not trim SAML roles (#1207) (#1223)
- Update docs on snapshot restore settings
- remove config (#1067)
2.1.0.0
2022-07-07 Version 2.1.0.0
Compatible with OpenSearch 2.1.0
Enhancements
- Delegate to NettyAllocator.getAllocator() for ByteBufAllocator instead of hard-coding PooledByteBufAllocator. (#1396)
- Tenant Permissions : added the possibility to specify tenants via parameter (#1813)
- JWT: validate issuer and audience (#1780, #1781) (#1785)
- Adds build script for publishing plugin zip and makes it executable (#1921) (#1923)
Refactoring
- Remove master keywords (#1886)
Bug Fix
- Cluster permissions evaluation logic will now include
index_templatetype action (#1885) - Add missing settings to plugin allowed list (#1814)
- Updates license headers (#1829)
- Prevent recursive action groups (#1868)
- Update
org.springframework:spring-coreto5.3.20(#1850)
Test Fix
Maintenance
- Revert "Bump version to 2.1.0.0 (#1865)" (#1882)
- Bump version to 2.1.0.0 (#1865)
- Revert "Bump version to 2.1.0.0 (#1855)" (#1864)
- Bump version to 2.1.0.0 (#1855)
- Add suppression for all removal warnings (#1828)
- Update support link (#1851)
- Create 2.0.0 release notes (#1854)
- Switch to standard OpenSearch gradle build (#1888)
- Fix build break from cluster manager changes (#1911)
- Update org.apache.zookeeper:zookeeper to 3.7.1 (#1912)
- Adds default roles for Snapshot Management plugin (#1897) (#1916)
- testComplianceEnable supports variable number of audit messages (#1920)
- Use version of netty from core's version.properties (#1926) (#1929)
2.0.0.0
Compatible with OpenSearch 2.0.0
Enhancements
- Remove checked-in zip files (#1774)
- Introduce dfm_empty_overrides_all setting to enable role without dls/fls to override roles with dls/fls (#1735)
- Add depreciation notice to security tools (#1756)
- [Practice] Reverting changes (#1754)
- Renames securityconfig folder to config in bundle step and makes relevant changes (#1749)
- Updated issue templates from .github. (#1740)
- Updates Dev guide (#1590)
- List out test failures in CI log (#1737)
- Make Git ignore out/ directory (#1734)
- Fix data-stream name resolution for wild-cards (#1723)
- Remove support for JDK14 (#1720)
- Speeding up tests (#1715)
- Fix min_doc_count handling when using Document Level Security (#1714)
- Set the mapped security roles of the user so these can be used by the DLS privileges evaluator. Allow security roles to be used for DLS parameter substitution. Fixes opensearch-project/security/#1568 (#1588)
- Convert Plugin install to only build once (#1708)
- Upgrade to Gradle 7 (#1710)
- Move CodeQL into parallel workfow (#1705)
- Seperate BWC tests into parallel workflow (#1706)
- Fixes broken test due to unsupported EC using JDK-17 (#1711)
- Centralize version settings (#1702)
- Remove TransportClient auth/auth (#1701)
- Add new code hygiene workflow (#1699)
- Remove JDK8 from CI (#1703)
- Add CI check for demo script (#1690)
- Introduce BWC tests in security plugin (#1685)
- Correct the step name in CI (#1683)
- Add support for DLS Term Lookup Queries (#1541)
- Add Alerting getFindings cluster permission (#1844)
- Introduce new API _plugins/_security/ssl/certs (#1841)
- Add default roles for Notifications plugin (#1847)
Bug fixes
- Add signal/wait model for TestAuditlogImpl (#1758)
- Switch to log4j logger (#1751)
- Remove sleep when waiting for node closure (#1722)
- Remove explictt dependency on jackson-databind (#1709)
- Fix break thaat was missed during a merge (#1707)
- Revert "Replace opensearch class names with opendistro class names during serialization and restore them back during deserialization (#1278)" (#1691)
- Update to most recent verson of jackson-databind (#1679)
- Fixed rest status for the replication action failure with DLS/FLS and (#1677)
- Downgrade Gradle version (#1661)
- Fix 'openserach' typo in roles.yml (#1770)
Maintenance
- Incremented version to 2.0-rc1. (#1764)
- Upgrade to opensearch 2.0.0 alpha1 (#1741)
- Upgrade to OpenSearch 2.0.0 (#1698)
- Move to version 2.0.0.0 (#1695)
- Generate release notes for 2.0.0 (#1772)
- Switch from RC1 to the GA of OpenSearch 2.0 (#1826)
- Updates dependency vulnerabilities versions (#1806)
- Update org.springframework:spring-core to 5.3.20 (#1850)
2.0.0.0-rc1
Compatible with OpenSearch 2.0.0-rc1
Enhancements
- Remove checked-in zip files (#1774)
- Introduce dfm_empty_overrides_all setting to enable role without dls/fls to override roles with dls/fls (#1735)
- Add depreciation notice to security tools (#1756)
- [Practice] Reverting changes (#1754)
- Renames securityconfig folder to config in bundle step and makes relevant changes (#1749)
- Updated issue templates from .github. (#1740)
- Updates Dev guide (#1590)
- List out test failures in CI log (#1737)
- Make Git ignore out/ directory (#1734)
- Fix data-stream name resolution for wild-cards (#1723)
- Remove support for JDK14 (#1720)
- Speeding up tests (#1715)
- Fix min_doc_count handling when using Document Level Security (#1714)
- Set the mapped security roles of the user so these can be used by the DLS privileges evaluator. Allow security roles to be used for DLS parameter substitution. Fixes opensearch-project/security/#1568 (#1588)
- Convert Plugin install to only build once (#1708)
- Upgrade to Gradle 7 (#1710)
- Move CodeQL into parallel workfow (#1705)
- Seperate BWC tests into parallel workflow (#1706)
- Fixes broken test due to unsupported EC using JDK-17 (#1711)
- Centralize version settings (#1702)
- Remove TransportClient auth/auth (#1701)
- Add new code hygiene workflow (#1699)
- Remove JDK8 from CI (#1703)
- Add CI check for demo script (#1690)
- Introduce BWC tests in security plugin (#1685)
- Correct the step name in CI (#1683)
- Add support for DLS Term Lookup Queries (#1541)
Bug fixes
- Add signal/wait model for TestAuditlogImpl (#1758)
- Switch to log4j logger (#1751)
- Remove sleep when waiting for node closure (#1722)
- Remove explictt dependency on jackson-databind (#1709)
- Fix break thaat was missed during a merge (#1707)
- Revert "Replace opensearch class names with opendistro class names during serialization and restore them back during deserialization (#1278)" (#1691)
- Update to most recent verson of jackson-databind (#1679)
- Fixed rest status for the replication action failure with DLS/FLS and (#1677)
- Downgrade Gradle version (#1661)
Maintenance
1.3.1.0
1.3.0.0
Compatible with OpenSearch 1.3.0
Enhancements
- Adds CI support for Java 8, 11 and 14 (#1580)
- Updates the test retry-count to give flaky tests more chances to pass (#1601)
- Adds support for OPENSEARCH_JAVA_HOME (#1603)
- Adds auto delete workflow for backport branches (#1604)
- Create the plugin-descriptor programmatically (#1623)
- Add test to make sure exception causes aren't sent to callers (#1639)
- Switch gradle to info logging for improved test debugging (#1646)
- Remove artifact step from CI workflow (#1645)
- Adds ssl script (#1530)
- Adds Java-17 to CI matrix (#1609)
- Reverts ssl script PR (#1637)
- Remove java17 from 1.3 build matrix (#1668)
Bug fixes
- Bumps JJWT version (#1589)
- Updates backport workflow with custom branch and github app (#1597)
- Always run checks on PRs (#1615)
- Adds 'opens' command-line argument for java.io libraries to unblock build (#1616)
- Adds jacoco report and pass the location to codecov (#1617)
- Fixes the settings of roles_separator (#1618)
- Use standard opensearch.version property (#1622)
Maintenance
- Updates bug template (#1582)
- Updates jackson-databind library version (#1584)
- Upgrades Kafka version (#1598)
- Upgrades Guava version (#1594)
- Update maintainers list (#1607)
- Exclude velocity 1.7 from OpenSAML dependency (#1606)
- Migrate build system to gradle (#1592)
- Updates documentation for practices for maintainers (#1611)
- Remove jcenter repository (#1625)
- Remove '-SNAPSHOT' from opensearch.version in plugin descriptor (#1634)
- Add git ignore for VScode IDE settings (#1629)
- Remove netty-tcnative dependency to unblock security plugin build on ARM64 (#1649)
- Add plugin-descriptor.properties to .gitignore (#1651)
- Removes Github DCO action as it is replaced by Github app (1657)
- Configure ML reserved roles and system indices (#1662)
- Release Notes for 1.3.0.0 (#1671)