v1.19.3
[1.19.3] - 2023-04-17
Added
- Conjur now logs when it detects that the Conjur configuration file
(conjur.yml) or directory permissions prevent the Conjur server from
successfully reading it. Conjur also now logs at the DEBUG level when it
detects that either the directory or file do not exist.
cyberark/conjur#2715 - Account admin roles now have a corresponding resource. This ensures that
access controls work as expected for this role to access itself.
cyberark/conjur#2757
Changed
- Removes support for disabling the
CONJUR_FEATURE_PKCE_SUPPORT_ENABLEDflag.
cyberark/conjur#2713 - Routes on the
/roles/API endpoints now correctly verify the existing of
a Role and return404when it doesn't exist or the caller has insufficient
privilege.
cyberark/conjur#2755
Fixed
- Fixed a thread-safety bug in secret retrieval when multiple threads attempt
to decrypt a secret value with Slosilo/OpenSSL.
cyberark/slosilo#31
cyberark/conjur#2718 - Incomplete HTTP proxy support in the Kubernetes Authenticator is fixed. This
allows for an HTTP proxy between Conjur and the Kubernetes API.
cyberark/conjur#2766
Security
- Updated github-pages version in docs/Gemfile to allow upgrading activesupport
to v7.0.4.2 to resolve CVE-2022-22796
cyberark/conjur#2729 - Upgraded rack to v2.2.6.3 to resolve CVE-2023-27530
cyberark/conjur#2739 - Upgraded rack to v2.2.6.4 to resolve CVE-2023-27539
cyberark/conjur#2750 - Updated nokogiri to 1.14.3 for CVE-2023-29469 and CVE-2023-28484 and rails to
6.1.7.3 for CVE-2023-28120 in Gemfile.lock, nokogiri to 1.1.4.3 for CVE-2023-29469
and commonmarker to 0.23.9 for CVE-2023-24824 and CVE-2023-26485 in docs/Gemfile.lock
(all Medium severity issues flagged by Dependabot)
cyberark/conjur#2776