Athenz v1.12.20 Release

What's Changed

• replace deprecated csrf dependency by @tsultanov00 in #3001
• remove logging of csrf tokens and okta callback uri by @tsultanov00 in #3002
• UI - extract data for e2e tests, cleanup of unit tests by @ArtjomsPorss in #3003
• validate generated local service name in templates by @havetisyan in #3007
• support different public keys per region for aws provider by @havetisyan in #3009
• updated java/go dependencies to their latest releases by @havetisyan in #3012
• allow deletes by req principal in self serve roles by @abvaidya in #3011

Full Changelog: v1.12.19...v1.12.20

Athenz v1.12.19 Release

What's Changed

• Fix usage line of set-azure-subscription by @hakonhall in #2989
• introduce a new domain meta attribute called oncall by @havetisyan in #2987
• skip non-human users from the notification object store calls by @havetisyan in #2990
• validate role cert domain/role name against schema by @havetisyan in #2994
• Add support to a different client_id jwt claim name by @yosrixp in #2996
• update java/go dependencies to their latest releases by @havetisyan in #2997
• add additional settings when creating a group by @tsultanov00 in #2993

Required Schema Change

https://github.com/AthenZ/athenz/blob/master/servers/zms/schema/updates/update-20250604.sql

New Contributors

• @hakonhall made their first contribution in #2989

Full Changelog: v1.12.18...v1.12.19

Athenz v1.12.18 Release

What's Changed

• fix incorrect email displayed for a user by @tsultanov00 in #2959
• simplify total request time included in athenz request logs by @havetisyan in #2972
• ui node22 changes by @ArtjomsPorss in #2973
• Bump undici from 6.21.1 to 6.21.3 in /ui by @dependabot in #2967
• Bump multer from 1.4.5-lts.1 to 2.0.0 in /ui by @dependabot in #2974
• introduce notification storage object interface by @havetisyan in #2977
• Ensure that the 'modified' column is updated even when column values do not change by @TakuyaMatsu in #2966
• ddb implementation of notification object store by @havetisyan in #2978
• return service resource owners in jws domains by @havetisyan in #2979
• update java/go dependencies to their latest releases by @havetisyan in #2980
• add expiry log when a new service cert is saved by sia lib by @py4chen in #2982

New Contributors

• @py4chen made their first contribution in #2982

Full Changelog: v1.12.17...v1.12.18

Athenz v1.12.17 Release

What's Changed

• make role based authz support in zts configurable by @havetisyan in #2956
• add a log line in sia agent to show which spiffe uri is being used by @abvaidya in #2957
• remove config value output in logs by @havetisyan in #2958
• chore: remove unused package by @chandrasekhar1996 in #2961
• update UI dependency express by @chandrasekhar1996 in #2960
• Enforce domain expiration settings on roles by @tsultanov00 in #2949
• update nanoid version to address dependabot alert by @chandrasekhar1996 in #2962
• rename test class to avoid codeql duplicate class warning by @havetisyan in #2964
• include key name in the error message when not found by @havetisyan in #2963
• update sia go host key test case to avoid race condition by @havetisyan in #2965
• expose putServiceCredsEntry api in zms java client by @havetisyan in #2968
• introduce metric object into rate limit filter by @havetisyan in #2969
• update java/go dependencies to their latest releases by @havetisyan in #2970

Full Changelog: v1.12.16...v1.12.17

Athenz v1.12.16 Release

What's Changed

• set up permissions for github actions by @havetisyan in #2944
• include timer metric name as a dimension for otel by @havetisyan in #2942
• codeql: Incorrect conversion between integer types by @havetisyan in #2943
• msd workload cache count and reset api endpoints by @abvaidya in #2946
• configurable option to only support rfc curve names in jwk list by @havetisyan in #2947
• make home domain availability configurable by @havetisyan in #2948
• correct handling of empty proxy for principal in access token request by @havetisyan in #2951
• add setup-jest-env.js to configure global TextEncoder and TextDecoder by @chandrasekhar1996 in #2952
• Bump formidable from 3.5.1 to 3.5.4 in /ui by @dependabot in #2945
• Allow multiple authority filters for roles and groups by @tsultanov00 in #2938
• update java/go dependencies to their latest releases by @havetisyan in #2953

Full Changelog: v1.12.15...v1.12.16

Athenz v1.12.15 Release

What's Changed

• removed old archived code by @havetisyan in #2929
• Bump @babel/runtime from 7.25.0 to 7.27.0 in /ui by @dependabot in #2931
• updated golang-jwt to latest v5 release by @havetisyan in #2932
• update cookie settings in java client by @chandrasekhar1996 in #2930
• move otel implementation to use histograms for timing counters by @havetisyan in #2933
• make jetty dump config after start configurable by @havetisyan in #2934
• extend token authority/authorization to support zts access tokens by @havetisyan in #2936
• support roles in scope without domain value by @havetisyan in #2937
• Add restrictTo tag for sia-gce by @YuchenWang01 in #2935
• Set cookie session options for security and domain configuration by @chandrasekhar1996 in #2939
• update go/java dependencies to their latest releases by @havetisyan in #2941
• make inclusion of host header in response configurable by @havetisyan in #2940

Full Changelog: v1.12.14...v1.12.15

Athenz v1.12.14 Release

What's Changed

• fix acl policy with two hosts should not allow empty as host by @ArtjomsPorss in #2916
• consider force suffix while doing resource ownership check during del… by @abvaidya in #2922
• Bump next from 14.2.25 to 14.2.26 in /ui by @dependabot in #2921
• Bump tar-fs from 3.0.6 to 3.0.8 in /ui by @dependabot in #2917
• Expand assertions when viewing the Policy Rules for a given role by @tsultanov00 in #2920
• Adding singleton support to OtelTelemetryMetricFactory, and providing one increment() api implementation by @psasidhar in #2923
• Bump nanoid in /ui by @dependabot in #2924
• support empty cert signer class to disable cert signing by @havetisyan in #2926
• generate aes key without salt for zms/zts use by @havetisyan in #2925
• group support in templates by @abvaidya in #2927
• update java + go dependencies to their latest release. move to go 1.24.x by @havetisyan in #2928

Full Changelog: v1.12.13...v1.12.14

Athenz v1.12.13 Release

What's Changed

• Bump axios from 1.7.4 to 1.8.2 in /clients/nodejs/zts by @dependabot in #2904
• support encryption/decryption of service secrets used to sign jwts by @havetisyan in #2906
• Bump @babel/helpers from 7.25.0 to 7.26.10 in /ui by @dependabot in #2908
• Bump axios from 1.7.8 to 1.8.2 in /ui by @dependabot in #2905
• Bump xml-crypto from 2.1.4 to 2.1.6 in /ui by @dependabot in #2911
• support setting and fetching service credentials by @havetisyan in #2909
• Enable deletion of Assertion with delete {domain}:assertion.{assertionId} permission by @TakuyaMatsu in #2902
• simplify map creation with given data by @havetisyan in #2907
• Add access log for athenz ui by @YuchenWang01 in #2912
• Minor - use console.log for access log by @YuchenWang01 in #2913
• Bump next from 14.2.22 to 14.2.25 in /ui by @dependabot in #2915
• update java/go dependencies to their latest releases by @havetisyan in #2914

This release includes a required schema update:
https://github.com/AthenZ/athenz/blob/master/servers/zms/schema/updates/update-20250513.sql

Full Changelog: v1.12.12...v1.12.13

Athenz v1.12.12 Release

What's Changed

• Bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 by @dependabot in #2891
• introspect api support by @havetisyan in #2890
• add security warning for Dockerfile DB connection by @chandrasekhar1996 in #2895
• new service access token authority for introspect calls by @havetisyan in #2893
• make sure log query in access log is encoded by @havetisyan in #2896
• add domainWorkflowLink for notification by @chandrasekhar1996 in #2897
• feat: auto-load latest certificate and implement token caching by @TakuyaMatsu in #2879
• extend domain x.509/ssh signer key-id feature to services by @havetisyan in #2898
• Go client supports prefetching of role tokens by @massakam in #2892
• improve error reporting to help with debugging issues with tokens by @havetisyan in #2900
• Change authorization model for composite instance update by @rajeshal in #2899
• resource ownership override idempotency by @abvaidya in #2901
• update java and go dependencies to their latest releases by @havetisyan in #2903

This release includes a required schema update:
https://github.com/AthenZ/athenz/blob/master/servers/zms/schema/updates/update-20250304.sql

Full Changelog: v1.12.11...v1.12.12

Athenz v1.12.11 Release

What's Changed

• extract access token request body into its own class by @havetisyan in #2875
• update go image to 1.23 for docker builds by @havetisyan in #2874
• Resource ownership override support using a special keyword by @abvaidya in #2877
• support client_assertion with jwt bearer token by @havetisyan in #2878
• update ui dependencies by @ArtjomsPorss in #2880
• Rename TokenRequest classes to TokenScope for correct representation by @havetisyan in #2881
• rename request->scope objects + test classes by @havetisyan in #2882
• rename body->request class name for correct representation by @havetisyan in #2884
• Update slack handle error logic & handle null in PendingRoleMembershi… by @chandrasekhar1996 in #2883
• expose client assertion parameter for access token call by @havetisyan in #2885
• fix minor typos and Go imports order by @dmitris in #2886
• functional test - fix slack channel test by @ArtjomsPorss in #2887
• update java and go dependencies to their latest releases by @havetisyan in #2889

Full Changelog: v1.12.10...v1.12.11