Athenz v1.12.38 Release

What's Changed

• extract the external domain prefix before calling validatMember method by @havetisyan in #3268
• Handle missing group gracefully in role page by @t4niwa in #3274
• Add group consistency check to domain template deletion by @t4niwa in #3275
• Make service page Instances, Providers, and Microsegmentation configurable by @MartinTrojans in #3278
• Allow MySQL test image to be configured via env var by @Bhuff1 in #3280
• Assembly k8s by @abvaidya in #3281
• S3ClientFactoryTest unit test fails to receive default us-west-2 by @Bhuff1 in #3283
• fix AwsDomainStoreTest test exception, aws.disableEc2Metadata true by @Bhuff1 in #3287
• Bump lodash from 4.17.23 to 4.18.1 in /ui by @dependabot[bot] in #3284
• Bump path-to-regexp and express in /ui by @dependabot[bot] in #3269
• Add scope parameter to zts-usercert OIDC authorization request by @t4niwa in #3291
• wrong domain name used for external member validation check by @havetisyan in #3295
• Configurable domain page details by @MartinTrojans in #3294
• API changes to support external FQDN in MSD by @psasidhar in #3297
• update go/java/npm dependencies to their latest releases by @havetisyan in #3299

New Contributors

• @t4niwa made their first contribution in #3274
• @Bhuff1 made their first contribution in #3280

Full Changelog: v1.12.37...v1.12.38

Athenz v1.12.37 Release

What's Changed

• user certificate support in zts by @havetisyan in #3239
• domain filter support in S3 ChangeLogStore by @havetisyan in #3241
• support sni_host_check and sni_required flags within port-uri json by @havetisyan in #3244
• make zms/zts metric name configurable by @havetisyan in #3246
• libs/go/sia/util: fix dropped error by @alrs in #3243
• Feat: support downscoping for ID-JAG assertions by @mlajkim in #3225
• handle http server close gracefully in idp by @havetisyan in #3251
• re-add invalid email cert test cases by @havetisyan in #3253
• add new external member validator attribute for domains by @havetisyan in #3256
• UI: show the role when trying to create a policy from the role page. … by @chandrasekhar1996 in #3257
• support for exteral member validator manager by @havetisyan in #3258
• libs/go/sia/file: error handling by @alrs in #3259
• support external members in roles and groups by @havetisyan in #3263
• update go/java/npm dependencies to their latest relases by @havetisyan in #3264

Full Changelog: v1.12.36...v1.12.37

This release requires a schema update:
https://github.com/AthenZ/athenz/blob/master/servers/zms/schema/updates/update-20260323.sql

Athenz v1.12.36 Release

What's Changed

• fix help message for set-policy-resource-ownership by @chandrasekhar1996 in #3211
• Defining snapshop api for MSD by @psasidhar in #3210
• extend oidc token exchange to support id tokens by @havetisyan in #3212
• expose get oidc token optioin for github sia by @havetisyan in #3218
• Add server-aws-common to ZMS/ZTS assembly tarballs by @gjoranv in #3219
• Use DefaultCredentialsProvider for RDS IAM auth by @gjoranv in #3216
• Bump multer from 2.0.2 to 2.1.0 in /ui by @dependabot[bot] in #3213
• Removing ETag for getTransportPolicySnapshot api by @psasidhar in #3221
• Bump multer from 2.1.0 to 2.1.1 in /ui by @dependabot[bot] in #3223
• add option to delete old versions when storing identity in gcp secret manager by @havetisyan in #3224
• [skip ci] Doc: Typo fixed in OIDC AWS EKS by @mlajkim in #3227
• [skip ci] Docfix: Clarify partial scope behavior for ID-JAG token exchange in zts_token_exchange_requirements.md by @mlajkim in #3228
• add support for principal_issuer claim in id/access tokens by @havetisyan in #3230
• allow domain admins to enable/disable domains by @havetisyan in #3234
• support multiple dn and key values for principal issuers json by @havetisyan in #3235
• expose oidc key type argument for sia github by @havetisyan in #3236
• update go/java/nodejs dependencies to their latest releases by @havetisyan in #3237

Full Changelog: v1.12.35...v1.12.36

Athenz v1.12.35 Release

What's Changed

• Include OIDC token endpoint to ZTS OIDC Discovery metadata by @ctyano in #3200
• A utility to retrieve and report authorization history dependencies by @havetisyan in #3201
• Doc: typo fixed id-token => id_token for rfc 8693 token exchange specification by @mlajkim in #3206
• provide option to return jwt id token with x.509 instead of ntoken by @havetisyan in #3208
• provide option for target role arn when storing lambda idenitty in se… by @havetisyan in #3204
• update java/go/nodejs dependencies to their latest releases by @havetisyan in #3209

Full Changelog: v1.12.34...v1.12.35

Athenz v1.12.34 Release

What's Changed

• expose add-temporary-group-member command in zms-cli by @havetisyan in #3184
• log all db error opertions that don't update any rows by @havetisyan in #3185
• domain-dependency-list - return 404 for unknown domains by @havetisyan in #3186
• Add support for S3 compatible storage by @gyakami in #3188
• extend resource validator to check policy assertions by @havetisyan in #3192
• extensible Issuer support for tokens by @havetisyan in #3193
• update java/go dependencies to their latest releases by @havetisyan in #3195
• Adding support to filter requests based on port-uri combination by @psasidhar in #3190

Full Changelog: v1.12.33...v1.12.34

Athenz v1.12.33 Release

What's Changed

• UI - fix functional tests by @ArtjomsPorss in #3173
• ui - display domains org as link to a role in audit domain by @ArtjomsPorss in #3162
• Support rfc6598 IP addresses in service subnet by @balamanova in #3165
• UI - fix functional tests by @ArtjomsPorss in #3174
• ui - functional test fixes by @ArtjomsPorss in #3178
• Fix the FQDN regexp of StaticWorkloadName by @yosrixp in #3177
• UI - fix snapshots by @ArtjomsPorss in #3179
• Bump lodash from 4.17.21 to 4.17.23 in /ui by @dependabot[bot] in #3180
• use gcp certificate manager v1 api for scope support by @havetisyan in #3181
• update all test cases to set the jwks uri as expected by @havetisyan in #3182
• update go and java dependencies to their latest releases by @havetisyan in #3183

Full Changelog: v1.12.32...v1.12.33

Athenz v1.12.32 Release

What's Changed

• Otel configuration for default metrics by @mukesh31994 in #3135
• zms storage layer does not return multiple matches for the product id listing by @havetisyan in #3145
• Use httptest and http packages to run test servers by @frumioj in #3150
• support delegation/impersonation token exchange requests by @havetisyan in #3148
• expiry date not shows in case of groups by @balamanova in #3151
• support for service jwt svids by @havetisyan in #3154
• Bump next from 14.2.32 to 14.2.35 in /ui by @dependabot[bot] in #3155
• OTel configuration updated by @mukesh31994 in #3161
• include token exchange requirements doc by @havetisyan in #3156
• zms server does not include service dependency for dynamic checks by @havetisyan in #3158
• x509 otel certificate refresh events in cert_refresher library. by @balamanova in #3146
• Abort server startup on invalid SolutionTemplate configuration by @gyakami in #3159
• UI - blank expiration in workflow member review should not override individual expiration by @ArtjomsPorss in #3164
• extend system allowed role support to have wildcards and multiple values by @havetisyan in #3163
• Httptest2 by @frumioj in #3152
• Refactor: Optimize validation order in validateRoleStructure() by @mlajkim in #3166
• support maintaining aws account name in the domain attributes by @havetisyan in #3171
• Httptest3 by @frumioj in #3167
• update java and go dependencies to their latest releases by @havetisyan in #3172

New Contributors

• @mukesh31994 made their first contribution in #3135
• @balamanova made their first contribution in #3151
• @mlajkim made their first contribution in #3166

Full Changelog: v1.12.31...v1.12.32

This release includes a required schema update:
https://github.com/AthenZ/athenz/blob/master/servers/zms/schema/updates/update-20260104.sql

Athenz v1.12.31 Release

What's Changed

• fix athenz version for the example code by @havetisyan in #3134
• Adding GCP Firestore implementations for CertRecordStore and SSHRecordStore by @psasidhar in #3133
• add HTTP support for sia agents for health checks by @havetisyan in #3137
• allow to return jag token with subset of scopes by @havetisyan in #3138
• membership decision should reject if the approver is the same as the member being reviewed by @havetisyan in #3140
• update go/java dependencies to their latest releases by @havetisyan in #3141

Full Changelog: v1.12.30...v1.12.31

Athenz v1.12.30 Release

What's Changed

• ui - add static instance external appliance support for fqdn and wildcard in subdomain by @ArtjomsPorss in #3123
• Implement sia provider for client assertion use cases for fetching access tokens by @havetisyan in #3122
• initial work for supporting token exchange rfc by @havetisyan in #3128
• configure oauth client id per athenz service by @havetisyan in #3130
• support external identity provider for issuing jag tokens by @havetisyan in #3131
• Add sia go lib to support use default service identity from pod service account annotation by @MartinTrojans in #3126
• update java and go dependencies to their latest releases by @havetisyan in #3132

This release requires a schema update:
https://github.com/AthenZ/athenz/blob/master/servers/zms/schema/updates/update-20251119.sql

Full Changelog: v1.12.29...v1.12.30

Athenz v1.12.29 Release

What's Changed

• remove filter validation for simple name for resource access list by @havetisyan in #3109
• additional unit tests for jwts signing key resolver class by @havetisyan in #3110
• correct handling of notifications if member domain has no admins by @havetisyan in #3112
• option to auto-expunge audit log entries from role/group log tables by @havetisyan in #3114
• sia helper function for adding certificates into aws acm by @havetisyan in #3117
• sia helper function to store cert in gcp certificate manager by @havetisyan in #3118
• update go and java deps to their latest release by @havetisyan in #3120
• expose jag api functions in zts java client by @havetisyan in #3119

Full Changelog: v1.12.28...v1.12.29