From cac7743504ac8ee255364bbdb9d5fd2197cd225f Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Thu, 30 Jan 2025 17:13:12 -0500 Subject: [PATCH] Add release notes for 2.19.0 release (#5072) Signed-off-by: Craig Perkins --- ...nsearch-security.release-notes-2.19.0.0.md | 68 +++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 release-notes/opensearch-security.release-notes-2.19.0.0.md diff --git a/release-notes/opensearch-security.release-notes-2.19.0.0.md b/release-notes/opensearch-security.release-notes-2.19.0.0.md new file mode 100644 index 0000000000..638717e9b7 --- /dev/null +++ b/release-notes/opensearch-security.release-notes-2.19.0.0.md @@ -0,0 +1,68 @@ +## Version 2.19.0 Release Notes + +Compatible with OpenSearch and OpenSearch Dashboards version 2.19.0 + +### Enhancements +* Allow skipping hot reload dn validation ([#4839](https://github.com/opensearch-project/security/pull/4839)) +* Add validation of authority certificates ([#4862](https://github.com/opensearch-project/security/pull/4862)) +* Add support for certificates hot reload ([#4880](https://github.com/opensearch-project/security/pull/4880)) +* Optimize privilege evaluation for index permissions across '*' index pattern (i.e. all_access role) ([#4926](https://github.com/opensearch-project/security/pull/4926)) +* Refactor SafeSerializationUtils for better performance ([#4977](https://github.com/opensearch-project/security/pull/4977)) +* Optimized Privilege Evaluation: Action privileges ONLY, with feature flag ([#4998](https://github.com/opensearch-project/security/pull/4998)) +* Implement new extension points in IdentityPlugin and add ContextProvidingPluginSubject ([#5028](https://github.com/opensearch-project/security/pull/5028)) +* Implement new extension points in IdentityPlugin and add ContextProvidingPluginSubject - legacy authz code path ([#5037](https://github.com/opensearch-project/security/pull/5037)) +* Ensure that plugin can search on system index when utilizing pluginSubject.runAs ([#5032](https://github.com/opensearch-project/security/pull/5032)) +* Ensure that plugin can update on system index when utilizing pluginSubject.runAs ([#5055](https://github.com/opensearch-project/security/pull/5055)) +* add ingest pipeline and indices related permissions for anomaly_full_access role ([#5069](https://github.com/opensearch-project/security/pull/5069)) +* Added roles for ltr read and full access ([#5070](https://github.com/opensearch-project/security/pull/5070)) + +### Bug Fixes +* Fix issue with jwt attribute parsing of lists ([#4885](https://github.com/opensearch-project/security/pull/4885)) +* Log io.netty.internal.tcnative.SSLContext availability warning only when OpenSSL is explicitly enabled but not available ([#4906](https://github.com/opensearch-project/security/pull/4906)) +* Reduce log level in HttpJwtAuthenticator if request cannot be authenticated ([#4917](https://github.com/opensearch-project/security/pull/4917)) +* Honor log_request_body setting in compliance audit log ([#4918](https://github.com/opensearch-project/security/pull/4918)) +* Change log level for log line in OBO Authenticator if OBO is disabled ([#4956](https://github.com/opensearch-project/security/pull/4956)) +* Set default value for key/trust store type as constant for JDK PKCS setup ([#5003](https://github.com/opensearch-project/security/pull/5003)) +* Fix SSL config for JDK PKCS setup ([#5033](https://github.com/opensearch-project/security/pull/5033)) +* Fix Netty4 header verifier inbound handler to deal with upgrade requests ([#5045](https://github.com/opensearch-project/security/pull/5045)) +* Generate jacoco report for integTestRemote task ([#5050](https://github.com/opensearch-project/security/pull/5050)) + +### Maintenance +* Bump org.junit.jupiter:junit-jupiter-api from 5.11.2 to 5.11.3 ([#4856](https://github.com/opensearch-project/security/pull/4856)) +* Bump ch.qos.logback:logback-classic from 1.5.11 to 1.5.12 ([#4857](https://github.com/opensearch-project/security/pull/4857)) +* Bump com.google.errorprone:error_prone_annotations from 2.34.0 to 2.35.1 ([#4850](https://github.com/opensearch-project/security/pull/4850)) +* Bump org.junit.jupiter:junit-jupiter from 5.11.2 to 5.11.3 ([#4861](https://github.com/opensearch-project/security/pull/4861)) +* Bump Wandalen/wretry.action from 3.5.0 to 3.7.0 ([#4874](https://github.com/opensearch-project/security/pull/4874)) +* Bump org.checkerframework:checker-qual from 3.48.1 to 3.48.2 ([#4875](https://github.com/opensearch-project/security/pull/4875)) +* Bump com.nimbusds:nimbus-jose-jwt from 9.41.2 to 9.45 ([#4876](https://github.com/opensearch-project/security/pull/4876)) +* Bump com.nimbusds:nimbus-jose-jwt from 9.45 to 9.46 ([#4890](https://github.com/opensearch-project/security/pull/4890)) +* Bump Wandalen/wretry.action from 3.7.0 to 3.7.2 ([#4891](https://github.com/opensearch-project/security/pull/4891)) +* Bump Zookeeper to 3.9.3 ([#4895](https://github.com/opensearch-project/security/pull/4895)) +* Bump com.nimbusds:nimbus-jose-jwt from 9.46 to 9.47 ([#4916](https://github.com/opensearch-project/security/pull/4916)) +* Update Gradle to 8.11 ([#4922](https://github.com/opensearch-project/security/pull/4922)) +* Update Gradle to 8.11.1 ([#4925](https://github.com/opensearch-project/security/pull/4925)) +* Bump com.google.googlejavaformat:google-java-format from 1.24.0 to 1.25.0 ([#4933](https://github.com/opensearch-project/security/pull/4933)) +* Bump Wandalen/wretry.action from 3.7.2 to 3.7.3 ([#4932](https://github.com/opensearch-project/security/pull/4932)) +* Bump commons-io:commons-io from 2.17.0 to 2.18.0 ([#4935](https://github.com/opensearch-project/security/pull/4935)) +* Bump io.dropwizard.metrics:metrics-core from 4.2.28 to 4.2.29 ([#4941](https://github.com/opensearch-project/security/pull/4941)) +* Fix typos ([#4951](https://github.com/opensearch-project/security/pull/4951)) +* Bump com.carrotsearch.randomizedtesting:randomizedtesting-runner from 2.8.1 to 2.8.2 ([#4962](https://github.com/opensearch-project/security/pull/4962)) +* Bump org.checkerframework:checker-qual from 3.48.2 to 3.48.3 ([#4958](https://github.com/opensearch-project/security/pull/4958)) +* Bump org.eclipse.platform:org.eclipse.core.runtime from 3.31.100 to 3.32.0 ([#4964](https://github.com/opensearch-project/security/pull/4964)) +* Bump org.apache.commons:commons-text from 1.12.0 to 1.13.0 ([#4971](https://github.com/opensearch-project/security/pull/4971)) +* Bump com.google.googlejavaformat:google-java-format from 1.25.0 to 1.25.2 ([#4972](https://github.com/opensearch-project/security/pull/4972)) +* Bump org.junit.jupiter:junit-jupiter from 5.11.3 to 5.11.4 ([#4985](https://github.com/opensearch-project/security/pull/4985)) +* Bump com.nimbusds:nimbus-jose-jwt from 9.47 to 9.48 ([#4986](https://github.com/opensearch-project/security/pull/4986)) +* Bump com.netflix.nebula.ospackage from 11.10.0 to 11.10.1 ([#4987](https://github.com/opensearch-project/security/pull/4987)) +* Bump ch.qos.logback:logback-classic from 1.5.12 to 1.5.15 ([#4989](https://github.com/opensearch-project/security/pull/4989)) +* Bump org.apache.camel:camel-xmlsecurity from 3.22.2 to 3.22.3 ([#4996](https://github.com/opensearch-project/security/pull/4996)) +* Bump org.apache.santuario:xmlsec from 2.3.4 to 2.3.5 ([#5008](https://github.com/opensearch-project/security/pull/5008)) +* Bump ch.qos.logback:logback-classic from 1.5.15 to 1.5.16 ([#5009](https://github.com/opensearch-project/security/pull/5009)) +* Update Gradle to 8.12 ([#5018](https://github.com/opensearch-project/security/pull/5018)) +* Bump commons-codec:commons-codec from 1.17.1 to 1.17.2 ([#5024](https://github.com/opensearch-project/security/pull/5024)) +* Bump org.scala-lang:scala-library from 2.13.15 to 2.13.16 ([#5026](https://github.com/opensearch-project/security/pull/5026)) +* Bump Wandalen/wretry.action from 3.7.3 to 3.8.0 ([#5025](https://github.com/opensearch-project/security/pull/5025)) +* Bumps guava to 33.4.0-jre ([#5041](https://github.com/opensearch-project/security/pull/5041)) +* Bump io.dropwizard.metrics:metrics-core from 4.2.29 to 4.2.30 ([#5043](https://github.com/opensearch-project/security/pull/5043)) +* Remove deprecation comment for protected indices settings ([#5059](https://github.com/opensearch-project/security/pull/5059)) +* Bump org.gradle.test-retry from 1.6.0 to 1.6.1 ([#5060](https://github.com/opensearch-project/security/pull/5060))