v1.19.1
[1.19.1] - 2022-12-08
Security
- Update loofah to 2.19.1 for CVE-2022-23514, CVE-2022-23515 and CVE-2022-23516 (all Not Vulnerable)
and rails-html-sanitizr to 1.4.4 for CVE-2022-23517, CVE-2022-23518, CVE-2022-23519, and CVE-2022-23520 (Not vulnerable)
cyberark/conjur#2686 - Updated nokogiri in root and docs Gemfile.lock files to resolve GHSA-qv4q-mr5r-qprj
cyberark/conjur#2684
Fixed
- Previously, if an OIDC authenticator was configured with a
Statuswebservice,
the OIDC provider endpoint would include duplicate OIDC authenticators. This change resolves ONYX-25530.
cyberark/conjur#2678 - Allows V2 OIDC authenticators to be checked through the authenticator status
endpoint. This change resolves ONYX-25531.
cyberark/conjur#2692 - Previously, if an OIDC provider endpoint was incorrect, the provider list endpoint
would raise an exception. This change resolves ONYX-30387
cyberark/conjur#2688
Added
- Provides support for PKCE in the OIDC Authenticator code redirect workflow.
This is enabled by default. If needed, it can be disabled using the
CONJUR_FEATURE_PKCE_SUPPORT_ENABLEDfeature flag.
cyberark/conjur#2678 - OIDC Authenticator can now be configured to distribute access tokens with a
custom time-to-live.
cyberark/conjur#2683 - List members request (
GET /roles/conjur/{kind}/{identifier}?members) now produce audit events.
cyberark/conjur#2691 - Show resource request (
GET /resources/:account/:kind/*identifier) now produce audit events.
cyberark/conjur#2695 - List memberships request (
GET /roles/:account/:kind/*identifier?memberships) now produce audit events.
cyberark/conjur#2693