Releases: opentdf/platform
Releases · opentdf/platform
service: v0.9.0
0.9.0 (2025-08-27)
Features
- core: add multi-strategy ERS to support ldap and sql (#2596) (855611d)
- policy: Add legacy keys. (#2613) (57370b0)
- policy: add values to CreateObligationRequest (#2614) (94535cc)
- policy: Modify KAS indexer to support legacy keys. (#2616) (ba96c18)
Bug Fixes
- deps: bump github.com/docker/docker from 28.2.2+incompatible to 28.3.3+incompatible in /service (#2598) (3c392aa)
- deps: bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 in /service (#2649) (b838bbc)
- deps: bump github.com/opentdf/platform/sdk from 0.5.0 to 0.7.0 in /service (#2660) (2c998ac)
- kas: Allow admin to set registered kas uri (#2624) (6203fba)
- updated generated sqlc (#2609) (e44a569)
sdk: v0.7.0
0.7.0 (2025-08-25)
⚠ BREAKING CHANGES
- core: Require go 1.23+ (#1979)
Features
- add system metadata assertions to TDFConfig (#2446) (4eb9fff)
- authz: authz v2 versioning implementation (#2173) (557fc21)
- core: adds bulk rewrap to sdk and service (#1835) (11698ae)
- core: Adds EC withSalt options (#2126) (67b6fb8)
- core: Adds ErrInvalidPerSchema (#1860) (456639e)
- core: DSPX-608 - Deprecate public_client_id (#2185) (0f58efa)
- core: EXPERIMENTAL: EC-wrapped key support (#1902) (652266f)
- core: Expose version info (#1841) (92a9f5e)
- core: Require go 1.23+ (#1979) (164c922)
- core: v2 ERS with proto updates (#2210) (a161ef8)
- policy: actions service RPCs should actually hit storage layer CRUD (#2063) (da4faf5)
- policy: Add list key mappings rpc. (#2533) (fbc2724)
- policy: adds new public keys table (#1836) (cad5048)
- policy: Allow the deletion of a key. (#2575) (82b96f0)
- policy: Default Platform Keys (#2254) (d7447fe)
- policy: DSPX-902 NDR service crud implementation (2/2) (#2066) (030ad33)
- policy: key management crud (#2110) (4c3d53d)
- sdk: Add a KAS allowlist (#2085) (d7cfdf3)
- sdk: add nanotdf plaintext policy (#2182) (e5c56db)
- sdk: adds seeker interface to TDF Reader (#2385) (63ccd9a)
- sdk: Allow key splits with same algo (#2454) (7422b15)
- sdk: Allow schema validation during TDF decrypt (#1870) (b7e6fb2)
- sdk: autoconfig kaos with kids (#2438) (c272016)
- sdk: bump protocol/go v0.6.0 (#2536) (23e4c2b)
- sdk: CreateTDF option to run with specific target schema version (#2045) (0976b15)
- sdk: Enable base key support. (#2425) (9ff3806)
- sdk: Expose connectrpc wrapper codegen for re-use (#2322) (8b29392)
- sdk: MIC-1436: User can decrypt TDF files created with FileWatcher2.0.8 and older. (#1833) (f77d110)
- sdk: remove hex encoding for segment hash (#1805) (d7179c2)
- sdk: sdk.New should validate platform connectivity and provide precise error (#1937) (aa3696d)
- sdk: Use ConnectRPC in the go client (#2200) (fc34ee6)
Bug Fixes
- Allow parsing IPs as hostnames (#1999) (d54b550)
- ci: Fix intermittent failures from auth tests (#2345) (395988a)
- ci: Update expired ca and certs in oauth unit tests (#2113) (5440fcc)
- core: Autobump sdk (#1863) (855cb2b)
- core: Autobump sdk (#1873) (085ac7a)
- core: Autobump sdk (#1894) (201244e)
- core: Autobump sdk (#1917) (edeeb74)
- core: Autobump sdk (#1941) (0a5a948)
- core: Autobump sdk (#1948) (4dfb457)
- core: Autobump sdk (#1968) (7084061)
- core: Autobump sdk (#1972) (7258f5d)
- core: Autobump sdk (#2102) (0315635)
- core: Fixes protoJSON parse bug on ec rewrap (#1943) (9bebfd0)
- core: Improves errors when under heavy load (#2132) (4490a14)
- core: Update fixtures and flattening in sdk and service (#1827) (d6d6a7a)
- core: Updates ec-wrapped to newer salt (#1961) (0e17968)
- deps: bump github.com/docker/docker from 28.2.2+incompatible to 28.3.3+incompatible in /sdk (#2597) (a68d00d)
- deps: bump github.com/opentdf/platform/lib/ocrypto from 0.2.0 to 0.3.0 in /sdk ([#2502](#25...
service: v0.8.1
protocol/go: v0.7.0
0.7.0 (2025-08-08)
⚠ BREAKING CHANGES
Features
- add ability to retrieve policy resources by id or name (#1901) (deb4455)
- authz: authz v2, ers v2 protos and gencode for ABAC with actions & registered resource (#2124) (ea7992a)
- authz: improve v2 request proto validation (#2357) (f927b99)
- authz: sensible request limit upper bounds (#2526) (b3093cc)
- core: adds bulk rewrap to sdk and service (#1835) (11698ae)
- core: EXPERIMENTAL: EC-wrapped key support (#1902) (652266f)
- core: Require go 1.23+ (#1979) (164c922)
- core: v2 ERS with proto updates (#2210) (a161ef8)
- policy: add enhanced standard/custom actions protos (#2020) (bbac53f)
- policy: Add legacy keys. (#2613) (57370b0)
- policy: Add list key mappings rpc. (#2533) (fbc2724)
- policy: add obligation protos (#2579) (50882e1)
- policy: Add validation to delete keys (#2576) (cc169d9)
- policy: add values to CreateObligationRequest (#2614) (94535cc)
- policy: adds new public keys table (#1836) (cad5048)
- policy: Allow the deletion of a key. (#2575) (82b96f0)
- policy: cache SubjectConditionSet selectors in dedicated column maintained via trigger (#2320) (215791f)
- policy: Change return type for delete key proto. (#2566) (c1ae924)
- policy: Default Platform Keys (#2254) (d7447fe)
- policy: disable kas grants in favor of key mappings (#2220) (30f8cf5)
- policy: DSPX-1018 NDR retrieval by FQN support (#2131) (0001041)
- policy: DSPX-1057 registered resource action attribute values (protos only) (#2217) (6375596)
- policy: DSPX-893 NDR define crud protos (#2056) (55a5c27)
- policy: DSPX-902 NDR service crud protos only (1/2) (#2092) (24b6cb5)
- policy: Finish resource mapping groups (#2224) (5ff754e)
- policy: key management crud (#2110) (4c3d53d)
- policy: Key management proto (#2115) (561f853)
- policy: Modify get request to search for keys by kasid with keyid. (#2147) (780d2e4)
- policy: Return KAS Key structure (#2172) (7f97b99)
- policy: Return Simple Kas Keys from non-Key RPCs (#2387) (5113e0e)
- policy: rotate keys rpc (#2180) (0d00743)
- policy: Update key status's and UpdateKey rpc. (#2315) (7908db9)
- policy: Update simple kas key (#2378) (09d8239)
Bug Fixes
- add pagination to list public key mappings response (#1889) (9898fbd)
- core: Allow 521 curve to be used (#2485) (aaf43dc)
- core: Fixes protoJSON parse bug on ec rewrap (#1943) (9bebfd0)
- core: Update fixtures and flattening in sdk and service (#1827) (d6d6a7a)
- deps: bump toolchain in /lib/fixtures and /examples to resolve CVE GO-2025-3563 (#2061) (9c16843)
- policy: protovalidate deprecated action types and removal of gRPC gateway in subject mappings svc (#2377) (54a6de0)
- policy: remove gRPC gateway in policy except where needed (#2382) (1937acb)
- policy: remove new public keys rpc's (#1962) (5049bab)
- policy: remove predefined rules in actions protos (#2069) (060f059)
- policy: return kas uri on keys for definition, namespace and values (#2186) (6c55fb8)
- sdk: Fix compatibility between bulk and non-bulk rewrap (#1914) (74abbb6)
- update key_mode to provide more context (#2226) (44d0805)
service: v0.8.0
0.8.0 (2025-07-29)
Features
- authz: RR GetDecision improvements (#2479) (443cedb)
- authz: sensible request limit upper bounds (#2526) (b3093cc)
- core: Add the ability to configure the http server settings (#2522) (b1472df)
- policy: Add list key mappings rpc. (#2533) (fbc2724)
- policy: add obligation protos (#2579) (50882e1)
- policy: add obligation tables (#2532) (c7d7aa4)
- policy: Add validation to delete keys (#2576) (cc169d9)
- policy: Allow the deletion of a key. (#2575) (82b96f0)
- policy: Change return type for delete key proto. (#2566) (c1ae924)
- policy: sqlc queries refactor (#2541) (e34680e)
Bug Fixes
- add back grants to listAttributesByDefOrValueFqns (#2493) (2b47095)
- authz: access pdp should use proto getter (#2530) (f856212)
- core: Allow 521 curve to be used (#2485) (aaf43dc)
- core: resolve 'built-in' typos (#2548) (ccdfa96)
- deps: bump github.com/opentdf/platform/lib/ocrypto from 0.2.0 to 0.3.0 in /service (#2504) (a9cc4dd)
- sdk: Prefer KID and Algorithm selection from key maps (#2475) (98fd392)