2.7.0.0

2023-04-25 Version 2.7.0.0

Compatible with OpenSearch 2.7.0

Features

• Dynamic tenancy configurations (#2607)

Bug Fixes

• Support multitenancy for the anonymous user (#2459)
• Fix error message when system index is blocked (#2525)
• Fix of OpenSSLTest is not using the OpenSSL Provider (#2301)
• Add chmod 0600 to install_demo_configuration bash script (#2550)
• Fix SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder" (#2564)
• Fix lost privileges during auto initializing of the index (#2498)
• Fix NPE and add additional graceful error handling (#2687)

Enhancements

• Clock skew tolerance for oidc token validation (#2482)
• Adding index template permissions to kibana_server role (#2503)
• Add a test in order to catch incorrect handling of index parsing during Snapshot Restoration (#2384)
• Expand Dls Tests for easier verification of functionality (#2634)
• New system index[.ql-datasources] for ppl/sql datasource configurations (#2650)
• Allows for configuration of LDAP referral following (#2135)

Maintenance

• Update kafka client to 3.4.0 (#2484)
• Update to gradle 8.0.2 (#2520)
• XContent Refactor (#2598)
• Update json-smart to 2.4.10 and update spring-core to 5.3.26 (#2630)
• Update certs for SecuritySSLReloadCertsActionTests (#2679)

Infrastructure

• Add auto github release workflow (#2450)
• Use correct format for push trigger (#2474)

Documentation

• Fix the format of the codeowners file (#2469)

1.3.9.0

2023-03-16 Version 1.3.9.0

Compatible with OpenSearch 1.3.9

Enhancement

• Flatten response times (#2471)
• Add auto github release workflow (#2450)
• Adding index template permissions to kibana_server role (2503)
• Clock skew tolerance for oidc token validation (2482)

Maintenance

• Update kafka client to 3.4.0 (#2484)
• Fix the format of the codeowners file (#2469)

Release 2.6.0.0

2023-02-28 Version 2.6.0.0

Compatible with OpenSearch 2.6.0

Enhancements

• Add actions cluster:admin/component_template/* to cluster_manage_index_templates (#2409)
• Publish snapshots to maven (#2438)
• Integrate k-NN functionality with security plugin (#2274)
• Flatten response times (#2471)

Maintenance

• Updates toString calls affected by change in method signature (#2418)
• Updates DlsFlsFilterLeafReader with Lucene change and fix broken deprecation logger test (#2429)
• Add CODEOWNERS (#2445)

Release 2.5.0.0

2023-01-17 Version 2.5.0.0

Compatible with OpenSearch 2.5.0

Enhancements

• When excluding fields also exclude the term + .keyword (#2377)
• Update tool scripts to run in windows (#2371, #2379)
• Remove trimming of whitespace when extracting SAML backend roles (#2381, #2383)
• Add script for workflow version increment (#2374, #2386)

Bug Fixes

• Changing logging type to give warning for basic auth with no creds (#2347, #2364)

Maintenance

• Upgrade CXF to 3.5.5 to address CVE-2022-46363 (#2350, #2357)

Release 2.4.0.0

2022-11-10 Version 2.4.0.0

Compatible with OpenSearch 2.4.0

Enhancements

• Add install_demo_configuration Batch script for Windows (#2161#2203
• Add CI for Windows and MacOS platforms (#2190#2205)
• Make ldap pool period and idle time configurable (#2091#2097)
• Allow custom LDAP return attributes (#2093#2110)
• Add bcpkix-jdk15on runtimeOnly dependency to read keys with bouncycastle (#2191#2200)

Bug Fixes

• Point in time API security changes (#2094#2223)
• Fix windows encoding issues (#2206#2218)

Maintenance

• Add groupId = org.opensearch.plugin (#2158#2185)
• Roles yml changes for security-analytics plugin (#2192#2225)
• Upgrade Kafka Client to 3.0.2 (#2123#2126)
• Log deprecation message on legacy ldap pool settings (#2099#2147)
• Address CVE-2022-42889 by updating commons-text (#2177#2186)
• Patch bump for scala dependency (#2163#2187)
• Woodstox Version Bump to 6.4.0 (#2197#2199)

Release 2.3.0.0

2022-09-15 Version 2.3.0.0

Compatible with OpenSearch 2.3.0

Enhancements

• Point in time API security changes (#2033)

Bug Fixes

• Triple audit logging fix (#1996)
• Add allowlist.yml to 3 places in securityadmin tool (#2046)
• Fix legacy check in SecurityAdmin (#2052)

Maintenance

• Increment version to 2.3.0.0 (#2022)
• Update Gradle to 7.5.1 (#2027)

Release 2.2.0.0

2022-08-11 Version 2.2.0.0

Compatible with OpenSearch 2.2.0

Enhancements

• Adds a basic sanity test to run against a remote cluster (#1958)
• Create a manually started workflow for bulk run of integration tests (#1937)

Bug Fixes

• Use Collections.synchronizedSet and Collections.synchronizedMap for roles, securityRoles and attributes in User (#1970)

Maintenance

• Update to Gradle 7.5 (#1963)
• Increment version to 2.2.0.0 (#1948)
• Force netty-transport-native-unix-common version (#1945)
• Add release notes for 2.2.0.0 release (#1974)
• Staging for version increment automation (#1932)
• Fix breaking API change introduced in Lucene 9.3.0 (#1988)
• Update indices resolution to be clearer (#1999)

Refactoring

• Abstract waitForInit to minimize duplication and improve test reliability (#1935)

Release v1.13.1.1

Compatible with Elasticsearch 7.10.2

Enhancement

• Allow attempt to load security config in case of plugin restart even if security index already exists (#1154)
• Check and create multi-tenant index with alias for Update and Delete requests. Try to find a name for the multi-tenant index if index/alias with ".kibana_..._#" already exists. (#1058)

New feature

• Added changes to support validation of security roles for plugins (#1367) (#1442)
• Add support for ResolveIndexAction handling (#1312) (#1398)
• Introducing passive_intertransport_auth to facilitate communication between nodes with adv sec enabled and nodes without adv sec enabled.(#1156)

Bug fix

• fix to include hidden indices when resolving wildcards (#1487)
• Add validation for null elements in JSON array (#1157) (#1361)
• Return HTTP 409 (conflict) if get parallel put request (#1158)
• Delay the security index initial bootstrap when the index is red (#1153)
• [Fix][Usage][Hasher] wrong file reference hash.sh (#1093)

Test fix

• Correcting setupSslOnlyMode to use AbstractSecurityUnitTest.hasCustomTransportSettings() (#1057)
• Fix race condition on async test for PR #1158 (#1331)

Maintenance

• Upgrade CXF (#1943)
• [backport] Upgrade json-smart from 2.4.2 to 2.4.7 (#1299) (#1503)
• [Backport] Extended role injection support for cross cluster requests (#1195) (#1441)
• [Backport] Handled DLS/FLS/Field masking for Cross cluster replication (#1436)
• Added replication specific roles and system index to the configuration (#1437)
• Use JDK 14 for CI and CD (#1226)
• Redact BCrypt security config internal hashes from audit logs (#756)
• Use smart logging and optimize debug/trace enabled checks (#895)
• Do not trim SAML roles (#1207) (#1223)
• Update docs on snapshot restore settings
• remove config (#1067)

2.1.0.0

2022-07-07 Version 2.1.0.0

Compatible with OpenSearch 2.1.0

Enhancements

• Delegate to NettyAllocator.getAllocator() for ByteBufAllocator instead of hard-coding PooledByteBufAllocator. (#1396)
• Tenant Permissions : added the possibility to specify tenants via parameter (#1813)
• JWT: validate issuer and audience (#1780, #1781) (#1785)
• Adds build script for publishing plugin zip and makes it executable (#1921) (#1923)

Refactoring

• Remove master keywords (#1886)

Bug Fix

• Cluster permissions evaluation logic will now include index_template type action (#1885)
• Add missing settings to plugin allowed list (#1814)
• Updates license headers (#1829)
• Prevent recursive action groups (#1868)
• Update org.springframework:spring-core to 5.3.20 (#1850)

Test Fix

• Bump version to 2.1.0.0 (#1883)
• ComplianceAuditlogTest to use signal/wait (#1914)

Maintenance

• Revert "Bump version to 2.1.0.0 (#1865)" (#1882)
• Bump version to 2.1.0.0 (#1865)
• Revert "Bump version to 2.1.0.0 (#1855)" (#1864)
• Bump version to 2.1.0.0 (#1855)
• Add suppression for all removal warnings (#1828)
• Update support link (#1851)
• Create 2.0.0 release notes (#1854)
• Switch to standard OpenSearch gradle build (#1888)
• Fix build break from cluster manager changes (#1911)
• Update org.apache.zookeeper:zookeeper to 3.7.1 (#1912)
• Adds default roles for Snapshot Management plugin (#1897) (#1916)
• testComplianceEnable supports variable number of audit messages (#1920)
• Use version of netty from core's version.properties (#1926) (#1929)

2.0.0.0

Compatible with OpenSearch 2.0.0

Enhancements

• Remove checked-in zip files (#1774)
• Introduce dfm_empty_overrides_all setting to enable role without dls/fls to override roles with dls/fls (#1735)
• Add depreciation notice to security tools (#1756)
• [Practice] Reverting changes (#1754)
• Renames securityconfig folder to config in bundle step and makes relevant changes (#1749)
• Updated issue templates from .github. (#1740)
• Updates Dev guide (#1590)
• List out test failures in CI log (#1737)
• Make Git ignore out/ directory (#1734)
• Fix data-stream name resolution for wild-cards (#1723)
• Remove support for JDK14 (#1720)
• Speeding up tests (#1715)
• Fix min_doc_count handling when using Document Level Security (#1714)
• Set the mapped security roles of the user so these can be used by the DLS privileges evaluator. Allow security roles to be used for DLS parameter substitution. Fixes opensearch-project/security/#1568 (#1588)
• Convert Plugin install to only build once (#1708)
• Upgrade to Gradle 7 (#1710)
• Move CodeQL into parallel workfow (#1705)
• Seperate BWC tests into parallel workflow (#1706)
• Fixes broken test due to unsupported EC using JDK-17 (#1711)
• Centralize version settings (#1702)
• Remove TransportClient auth/auth (#1701)
• Add new code hygiene workflow (#1699)
• Remove JDK8 from CI (#1703)
• Add CI check for demo script (#1690)
• Introduce BWC tests in security plugin (#1685)
• Correct the step name in CI (#1683)
• Add support for DLS Term Lookup Queries (#1541)
• Add Alerting getFindings cluster permission (#1844)
• Introduce new API _plugins/_security/ssl/certs (#1841)
• Add default roles for Notifications plugin (#1847)

Bug fixes

• Add signal/wait model for TestAuditlogImpl (#1758)
• Switch to log4j logger (#1751)
• Remove sleep when waiting for node closure (#1722)
• Remove explictt dependency on jackson-databind (#1709)
• Fix break thaat was missed during a merge (#1707)
• Revert "Replace opensearch class names with opendistro class names during serialization and restore them back during deserialization (#1278)" (#1691)
• Update to most recent verson of jackson-databind (#1679)
• Fixed rest status for the replication action failure with DLS/FLS and (#1677)
• Downgrade Gradle version (#1661)
• Fix 'openserach' typo in roles.yml (#1770)

Maintenance

• Incremented version to 2.0-rc1. (#1764)
• Upgrade to opensearch 2.0.0 alpha1 (#1741)
• Upgrade to OpenSearch 2.0.0 (#1698)
• Move to version 2.0.0.0 (#1695)
• Generate release notes for 2.0.0 (#1772)
• Switch from RC1 to the GA of OpenSearch 2.0 (#1826)
• Updates dependency vulnerabilities versions (#1806)
• Update org.springframework:spring-core to 5.3.20 (#1850)