Athenz v1.11.65 Release

What's Changed

• not allow principal to approve/reject own requests for audit enabled roles/groups by @havetisyan in #2702
• fix tests failing to run due to babel node sytax conflicts by @ArtjomsPorss in #2703
• add role member UI enhancement by @ArtjomsPorss in #2700
• add group review icon, it becomes red when group review required by @ArtjomsPorss in #2705
• enforce resource ownership for delete role member operation by @chandrasekhar1996 in #2708
• enforce resource ownership for delete group member operation by @chandrasekhar1996 in #2709
• enforce resource ownership for delete assertion operation by @chandrasekhar1996 in #2710
• allow adding authorization header on msd-agent calls by @abvaidya in #2701
• Jonmv/build kite integration by @jonmv in #2706
• Bump micromatch from 4.0.7 to 4.0.8 in /ui by @dependabot in #2716
• fix added tag is displayed in UI, fix delete last tag by @ArtjomsPorss in #2712
• open role and group members in new tab by @ArtjomsPorss in #2718
• email notifications improvements with notify roles and groups by @havetisyan in #2719
• update zms go client with latest rdl changes by @havetisyan in #2722

Full Changelog: v1.11.64...v1.11.65

Athenz v1.11.64 Release

What's Changed

• display warning for expired and disabled members in Roles and Groups by @ArtjomsPorss in #2668
• fix skip non revocable attribute logic by @havetisyan in #2680
• [documentation/github actions provider] Fix service name for prs by @tokle in #2681
• provide java api for gcp workloads to refresh their identity certificates by @havetisyan in #2672
• minor update to the key refresher unit test by @havetisyan in #2682
• more specific error message for user authority filter checks by @havetisyan in #2683
• fix red role review icon conditions by @ArtjomsPorss in #2684
• Adding the Otel Implementation by @salladi30 in #2687
• Bump axios from 1.6.0 to 1.7.4 in /clients/nodejs/zts by @dependabot in #2690
• update java and go dependencies to their latest releases by @havetisyan in #2694
• SIA (Service Identity Agent for GCP Runs by @havetisyan in #2693

New Contributors

• @ArtjomsPorss made their first contribution in #2668
• @salladi30 made their first contribution in #2687

Full Changelog: v1.11.63...v1.11.64

Athenz v1.11.63 Release

What's Changed

• include recently added fields in domain audit log by @abvaidya in #2664
• Extend support for authority filter for roles/groups to skip unnecessary checks by @havetisyan in #2663
• expose github provider specific error back to client for debugging by @havetisyan in #2665
• UI: update dependencies and unit test by @chandrasekhar1996 in #2666
• DIscover additional instances to MSD, with dynamic/static workloads by @rajeshal in #2660

Full Changelog: v1.11.62...v1.11.63

Athenz v1.11.62 Release

What's Changed

• Omit specifying trust store or CA cert when generating KeyRefresher by @massakam in #2650
• add x509-cert-signer-keyid and ssh-cert-signer-keyid fields to domain meta by @havetisyan in #2652
• update ZTS to honor domain's x509/ssh signer key ids by @havetisyan in #2654
• UI fix: group review submitted for wrong domain by @chandrasekhar1996 in #2655
• add new option for id token request to require all scope items to be present by @havetisyan in #2658
• update test cases to use valid keystore by @havetisyan in #2656
• update go and java dependencies to their latest releases by @havetisyan in #2659

Schema Update

https://github.com/AthenZ/athenz/blob/master/servers/zms/schema/updates/update-20240708.sql

New Contributors

• @massakam made their first contribution in #2650

Full Changelog: v1.11.61...v1.11.62

Athenz v1.11.61 Release

This release requires a schema change

https://github.com/AthenZ/athenz/blob/master/servers/zms/schema/updates/update-20240523.sql

What's Changed

• Jonmv/assume azure services by @jonmv in #2634
• update error messages/formatting + fix zts property name in docs by @havetisyan in #2637
• Bump braces from 3.0.2 to 3.0.3 in /ui by @dependabot in #2639
• Enable SSH Host certificate for AWS EC2 instances by @ean in #2635
• implement domain group members api by @havetisyan in #2641
• /oauth2/keys Specify the service to obtain the public key by @TakuyaMatsu in #2642
• fix not able to update POC in domain by @chandrasekhar1996 in #2643
• support refreshing provider ip blocks every hour by @havetisyan in #2644
• change order of signature validation for zpu policies by @havetisyan in #2645
• separate key algorithm setting for instance provider by @havetisyan in #2646
• extend the logic to set the preferred expiry time for service certificates by @havetisyan in #2648
• update java and go dependencies to their latest releases by @havetisyan in #2649

New Contributors

• @jonmv made their first contribution in #2634
• @ean made their first contribution in #2635

Full Changelog: v1.11.60...v1.11.61

Athenz v1.11.60 Release

This release requires a schema change

https://github.com/AthenZ/athenz/blob/master/servers/zms/schema/updates/update-20240525.sql

What's Changed

• address CodeQL warning about safe int32 conversion and insecure cipher by @havetisyan in #2622
• keep state when key/cert were backed up for restore in case of failure by @havetisyan in #2623
• update schema for azure support by @havetisyan in #2624
• for role/group member expiry support all restrictions by @havetisyan in #2625
• support system allowed roles in id tokens by skipping limit check by @havetisyan in #2626
• remove dependency on jetty from client libraries by @havetisyan in #2627
• fix comparing ecdsa key/cert public key match by @havetisyan in #2630
• aws parameter store implementation for PrivateKeyStore interface by @abvaidya in #2631
• support principal domain filter for role/group members by @havetisyan in #2629
• update java and go depedencies to their latest releases by @havetisyan in #2633
• server k8s common module by @abvaidya in #2632

Full Changelog: v1.11.59...v1.11.60

Athenz v1.11.59 Release

What's Changed

• in jws domain object return service resource ownership by @havetisyan in #2613
• use issuer aws account or gcp project for launch authorization by @abvaidya in #2614
• update interface to use both enterprise and cloud hostname resolvers by @abvaidya in #2615
• provide capability to enable/disable principals by @havetisyan in #2616
• provide capability for system admins to use zms-cli to set business service by @havetisyan in #2618
• remove dups from role/group review list by @havetisyan in #2619
• updated go and java dependencies to their latest releases by @havetisyan in #2620
• bcprov-ext does not have 1.78.1 version by @havetisyan in #2621

Full Changelog: v1.11.58...v1.11.59

Athenz v1.11.58 Release

What's Changed

• support trust domains in spiffe uri in role certificates by @havetisyan in #2598
• systemd-notify-all option to notify systemd after role certificates by @havetisyan in #2599
• explicit launch authorization for k8s provider multi-tenancy use cases by @abvaidya in #2601
• Bump ejs from 3.1.9 to 3.1.10 in /ui by @dependabot in #2602
• for sia settings from env, set the config service field by @havetisyan in #2604
• extend gcp functions identity method to be generic for vm workloads by @havetisyan in #2605
• switch to using mysql 8.0 image from 5.7 for unit tests by @havetisyan in #2606
• automatically skip empty roles/group from review list by @havetisyan in #2607
• extended notification support by @havetisyan in #2603
• include additional sandns entry for pod ip by @abvaidya in #2608
• update role/service/group last modified time on tag update by @havetisyan in #2610
• allow groups in admin role based on config setting by @havetisyan in #2609
• updated go (1.22.3) and java dependencies to their latest releases by @havetisyan in #2611

Full Changelog: v1.11.57...v1.11.58

Athenz v1.10.62 Release

What's Changed

• update org.bouncycastle ( 1.10.x-jetty9 ) by @TakuyaMatsu in #2592

Full Changelog: v1.10.61...v1.10.62

Athenz v1.11.57 Release

What's Changed

• allow attribute validator for K8SProvider issuer validation by @abvaidya in #2589
• support for systemd notify option for sia agents by @havetisyan in #2593
• Add identifier in transport policy response by @rajeshal in #2596
• spiffe trust domain in role certificates by @havetisyan in #2591
• extend update_members action for role/group review api by @havetisyan in #2595
• Bump formidable and supertest in /ui by @dependabot in #2597

Full Changelog: v1.11.56...v1.11.57