Releases: opensearch-project/security
Releases · opensearch-project/security
Release 1.2.0.0
Compatible with OpenSearch 1.2.0
Enhancements
- Add observability permissions and index (#1484)
- Add AD validate, multi-category results API permissions to AD read access (#1480)
Bug fixes
- Fix to include hidden indices when resolving wildcards (#1472)
Maintenance
- Adding DCO check to repo (#1468)
- Moved dco.yml to workflows folder (#1469)
- Incremented version to 1.2.0.0-SNAPSHOT (#1464)
- Moved SNAPSHOTS repo to project level (#1479)
- Update OpenSearch core dependency version to 1.2.0 (#1482)
- Bump xmlsec from 2.2.0 to 2.2.3 (#1450)
- Create 1.2.0.0 release notes (#1494)
- Updated copyright notices (#1477)
- Updated release notes for 1.2 with copyright updates (#1496)
Release 1.1.0.0
Compatible with OpenSearch 1.1.0
Enhancements
- Added replication specific roles and system index to the configuration (#1408)
- Handled DLS/FLS/Field masking for replication actions (#1330)
- Extended role injection support for cross cluster requests (#1195)
- Added changes to support validation of security roles for plugins (#1367)
- Adding the default role for IM plugin (#1427)
Maintenance
- Upgrade OpenSearch version to 1.1.0 (#1335)
- Incremented version to 1.1.0.0-SNAPSHOT. (#1429)
- Remove alerting and ism indices from protected indices usage in sample configuration (#1416)
- Build against OpenSearch 1.1.0-SNAPSHOT. (#1430)
- Create release notes 1.1.0.0 (#1440)
- Switch opensearch from 1.x to 1.1 (#1445)
Release 1.0.1.0
Compatible with OpenSearch 1.0.0.
Bug fixes
- Return HTTP 409 if get parallel put request (#1158)
- Add validation for null array DataType (#1157)
- Add support for ResolveIndexAction handling (#1312)
- Fix LDAP authentication when using StartTLS (#1415)
- Fix index permissions for negative lookahead and negated regex index patterns (#1300)
Maintenance
- Fix maven build ${version} deprecation warning (#1209)
- Fix race condition on async test for PR #1158 (#1331)
- Build OpenSearch in CD workflow in order to build security plugin (#1364)
- Update checkNullElementsInArray() unit test to check both error message and error code instead of only checking the error code (#1370)
- Add themed logo to README (#1333)
- Checkout OpenSearch after Cache in CD (#1410)
- Address follow up comments for PR #1172 (#1224)
- Upgrade CXF to v3.4.4 (#1412)
- Bump version to 1.0.1.0 (#1418)
Release 1.0.0.0
Compatible with OpenSearch 1.0.0.
Enhancements
- Allow attempt to load security config in case of plugin restart even if security index already exists (#1154)
- Allowing granular access for data-stream related transport actions (#1170)
- Introducing passive_intertransport_auth to facilitate communication between nodes with adv sec enabled and nodes without adv sec enabled. (#1156)
- Add static action group for managing data streams (#1258)
Bug fixes
- Delay the security index initial bootstrap when the index is red (#1153)
- Remove redundant isEmpty check and incorrect string equals operator (#1181)
- Do not trim SAML roles (#1207)
- Replace opensearch class names with opendistro class names during serialization and restore them back during deserialization (#1278)
Maintenance
- Bump commons-io from 2.6 to 2.7 (#1137)
- Update issue template with multiple labels (#1164)
- move issue templates to ISSUE_TEMPLATE (#1166)
- Rename kibana substrings with OpenSearchDashboards in class name, method name and comments (#1160)
- Rename 'Open Distro' to follow open search naming convention (#1149)
- Build plugin on top of 1.x branch of OpenSearch core (#1174)
- Add build.version_qualifier and make security plugin compatible with OpenSearch 1.0.0-rc1 (#1179)
- Update anchor link for documentation and apply opensearch-security naming convention in PR template (#1180)
- Force the version of json-path 2.4.0 (#1175)
- Bump version to rc1, create release notes and fix the url used in release notes drafter (#1186)
- Rename settings constant value and related testing yml files for migration to Opensearch (#1184)
- Remove prefix "OPENDISTRO_" for identifier for settings (#1185)
- Rename documents and demo for settings (#1188)
- Add fallback for opendistro_security_config.ssl_dual_mode_enabled (#1190)
- Change security plugin REST API to support both opensearch and opendistro routes (#1172)
- Fix CODEOWNERS file (#1193)
- Dashboards rename related changes (#1192)
- Build OpenSearch 1.0 branch on CI (#1189)
- Fix install_demo_configuration.sh (#1211)
- Move AdvancedSecurityMigrationTests.java to opensearch directory (#1255)
- upgrade CXF to v3.4.3 (#1210)
- Bump httpclient version from 4.5.3 to 4.5.13 (#1257)
- Cleanup md files (#1298)
- Upgrade json-smart from 2.4.2 to 2.4.7 (#1299)
- Bump version to 1.0.0.0 and create release notes (#1303)
- Build on OpenSearch 1.0.0 (#1304)
- Consolidate the release notes for RC1 and GA (#1305)
Release 1.0.0.0
Compatible with OpenSearch 1.0.0.
Enhancements
- Allow attempt to load security config in case of plugin restart even if security index already exists (#1154)
- Allowing granular access for data-stream related transport actions (#1170)
- Introducing passive_intertransport_auth to facilitate communication between nodes with adv sec enabled and nodes without adv sec enabled. (#1156)
- Add static action group for managing data streams (#1258)
Bug fixes
- Delay the security index initial bootstrap when the index is red (#1153)
- Remove redundant isEmpty check and incorrect string equals operator (#1181)
- Do not trim SAML roles (#1207)
- Replace opensearch class names with opendistro class names during serialization and restore them back during deserialization (#1278)
Maintenance
- Bump commons-io from 2.6 to 2.7 (#1137)
- Update issue template with multiple labels (#1164)
- move issue templates to ISSUE_TEMPLATE (#1166)
- Rename kibana substrings with OpenSearchDashboards in class name, method name and comments (#1160)
- Rename 'Open Distro' to follow open search naming convention (#1149)
- Build plugin on top of 1.x branch of OpenSearch core (#1174)
- Add build.version_qualifier and make security plugin compatible with OpenSearch 1.0.0-rc1 (#1179)
- Update anchor link for documentation and apply opensearch-security naming convention in PR template (#1180)
- Force the version of json-path 2.4.0 (#1175)
- Bump version to rc1, create release notes and fix the url used in release notes drafter (#1186)
- Rename settings constant value and related testing yml files for migration to Opensearch (#1184)
- Remove prefix "OPENDISTRO_" for identifier for settings (#1185)
- Rename documents and demo for settings (#1188)
- Add fallback for opendistro_security_config.ssl_dual_mode_enabled (#1190)
- Change security plugin REST API to support both opensearch and opendistro routes (#1172)
- Fix CODEOWNERS file (#1193)
- Dashboards rename related changes (#1192)
- Build OpenSearch 1.0 branch on CI (#1189)
- Fix install_demo_configuration.sh (#1211)
- Move AdvancedSecurityMigrationTests.java to opensearch directory (#1255)
- upgrade CXF to v3.4.3 (#1210)
- Bump httpclient version from 4.5.3 to 4.5.13 (#1257)
- Cleanup md files (#1298)
- Upgrade json-smart from 2.4.2 to 2.4.7 (#1299)
- Bump version to 1.0.0.0 and create release notes (#1303)
- Build on OpenSearch 1.0.0 (#1304)
- Consolidate the release notes for RC1 and GA (#1305)
Release v1.0.0.0-rc1
Compatible with OpenSearch 1.0.0-rc1.
Enhancements
- Allow attempt to load security config in case of plugin restart even … (#1154)
- Allowing granular access for data-stream related transport actions (#1170)
Bug fixes
- Delay the security index initial bootstrap when the index is red (#1153)
- Remove redundant isEmpty check and incorrect string equals operator (#1181)
Maintenance
- Bump commons-io from 2.6 to 2.7 (#1137)
- Update issue template with multiple labels (#1164)
- move issue templates to ISSUE_TEMPLATE (#1166)
- Rename kibana substrings with OpenSearchDashboards in class name, method name and comments (#1160)
- Rename 'Open Distro' to follow open search naming convention (#1149)
- Build plugin on top of 1.x branch of OpenSearch core (#1174)
- Add build.version_qualifier and make security plugin compatible with OpenSearch 1.0.0-rc1 (#1179)
- Update anchor link for documentation and apply opensearch-security naming convention in PR template (#1180)
- Force the version of json-path 2.4.0 (#1175)
- Bump version to rc1, create release notes and fix the url used in release notes drafter (#1186)
- Rename settings constant value and related testing yml files for migration to Opensearch (#1184)
- Remove prefix "OPENDISTRO_" for identifier for settings (#1185)
- Rename documents and demo for settings (#1188)
- Add fallback for opendistro_security_config.ssl_dual_mode_enabled (#1190)
- Change security plugin REST API to support both opensearch and opendistro routes (#1172)
- Fix CODEOWNERS file (#1193)
- Dashboards rename related changes (#1192)
- Build OpenSearch 1.0 branch on CI (#1189)
- Fix install_demo_configuration.sh (#1211)
Release v1.0.0.0-beta1
Compatible with OpenSearch 1.0.0-beta1.
Enhancements
- Check and create multi-tenant index with alias for Update and Delete requests. Try to find a name for the multi-tenant index if index/alias with ".kibana_..._#" already exists (#1058)
Bug fixes
- [Fix][Usage][Hasher] wrong file reference hash.sh (#1093)
Maintenance
- Redact BCrypt security config internal hashes from audit logs (#756)
- Update docs on snapshot restore settings (#814)
- Optimize debug log enable check (#895)
- Correcting setupSslOnlyMode to use AbstractSecurityUnitTest.hasCustomTransportSettings() (#1057)
- Remove code setting the value for cluster.routing.allocation.disk.threshold_enabled (#1067)
- Rename for OpenSearch (#1126)
- Fix CI (#1131)
- Consume OpenSearch 1.0.0-alpha1 (#1132)
- Change name and version of plugin (#1133)
- Build with OpenSearch 1.0.0-alpha2 (#1140)
- Bump plugin version to beta1 (#1141)
- Build security plugin with OpenSearch 1.0.0-beta1 (#1143)
- Change opensearch version to use (#1146)
- Fix echo messages and anchor links (#1147)
- Update static roles for compatibility for new indices used in OpenSearch Dashboards (#1148)
- Update release note for OpenSearch Security Plugin
1.0.0.0-beta1(#1152)
Release v1.13.1.0
Release v1.13.0.0
Compatible with Elasticsearch 7.10.2.
Enhancements
- Using SAML subject_key and roles_key in the HTTPSamlAuthenticator (#892)
- Support for ES system index (#946)
- Updating Autheticators to throw RuntimeException on errors (#505)
- Add security configuration for Kibana Notebooks (#903)
- Short circuit privilege evaluation for bulk requests without index resolution (#926)
- Added async search response index to system index list (#859)
Bug fixes
- Replace InjectedUser with User during serialization (#891)
- ConfigUpdateRequest should include only updated CType (#953)
- Fix AuthCredentials equality (#876)
- Revert "Using SAML subject_key and roles_key in the HTTPSamlAuthenticator (#1019)
Maintenance
- Pull request intake form (PR template) (#884)
- Fix typos in template (#898)
- Upgrade Bouncy Castle to 1.67 (#910)
- Optimize creating new collection objects in IndexResolverReplacer (#911)
- Optimize by avoid creating wildcard matchers for every request (#902)
- Replace writeByte with writeShort in TLSUtilTests (#927)
- Integrate Github CodeQL Analysis into CI (#905)
- Rename security plugin artifacts from opendistro_security to opendistro-security (#966)
- Remove veracode profile and associated config (#992)
- Try using another port 8088 for running the webhook test (#999)
- Cleanup single shard request index check (#993)
- add AD search task permission to ad read access (#997)
- Change CD workflow to use new staging bucket for artifacts (#954)
- Refactor Resolved (#929)
- Combine log messages of no cluster-level permission (#1002)
- Support ES 7.10.2 (#1005)
- Bump version to 1.13 (#1004)
- Cleanup reflection helper and advanced modules enabled / dls fls enab… (#1001)
- Sample configuration for password strength rules (#1020)
- Updating Github actions and files to use main branch. (#1023)
- Add the Linux Foundation's Developer Certificate of Origin in pull request template (#1022)
- Change the build configuration for deb package and rename the folder of artifacts. (#1027)
- Update release notes 1.13 (#1028)
- Fix release version (#1029)
- Revert back the renaming of jar file and update release notes 1.13 (#1031)
- Fixed async search action names and system index (#1033)
- Update release notes 1.13 (#1036)
Release v1.12.0.0
Compatible with Elasticsearch 7.10.0
Enhancements
- Adding support for SSL dual mode (#712)
- When replacing .kibana index with multi-tenant index, create index with alias if one already does not exist (#765)
- Demo Config : Adding AD Indices to system index and creating pre-defined roles (#776)
- Add user & roles to the thread context (#798)
- Security configuration for reporting and notification plugins (#836)
- Support user injection for transport requests (#763)
- Support ES 7.10.0 (#840)
- Support certs with separate Extended Key Usage (#493)
- Adding requested tenant to the thread context transient info for consumption (#850)
Bug fixes
- Fix missing trim when parsing roles in proxy authenticator (#766)
- Fix empty password issue in upgrade from 6x to 7x (#816)
- Reject empty password in internal user creation (#818)
- Use reflection to get reduceOrder, termBytes and format due to java.lang.IllegalAccessError (#866)
- Fix for java.io.OptionalDataException that is caused by changes to User object after it is put on thread context. (#869)
- Catch and respond invalid_index_name_exception when an index with invalid name is mentioned (#865)
Maintenance
- Create release drafter (#769)
- Upgrade junit to 4.13.1 (#835)
- updating static_roles.yml (#838)
- Security configuration cleanup for static and test resources (#841)
- Change version to 1.12.0.0 (#860)
- Upgrade github CD action to using Environment Files (#862)
- Refactor getUserInfoString (#864)
- Update 1.12 release notes (#867)
- Update 1.12 release notes (#872)
- Use StringJoiner instead of (Immutable)List builder (#877)