v1.12.0
Discover the new features, logic changes, bug fixes, breaking changes, and known issues and limitations in this Piiano Vault release.
New features
- Direct JWT authentication now supports two new options:
allowed_roles
- to limit the roles that can be used with the IDP, androles_map
- to map the roles from the IDP to Vault roles. See Configure JWT Authentication for more information. - JWT tokens that are used to authenticate to Vault using Direct JWT authentication now supports extra enforcement using specific claims. This can scope down the permission of a session to a specific set of values. See namespace claims for more information.
- Vault now supports role-delegation, a feature that allows a role to act on behalf of another authenticated role. You use this feature for allowing end-users to authorize your backend services to perform actions on their behalf, without giving the backend services direct access to the end-users' stored data. See Role Delegation for more information.
Logic changes
- Validation of CC_NUMBER data type has changed to allow 12-digits numbers.
- Validation of CC_NUMBER data type has changed to disallow two consecutive
-
characters.
Bug fixes
- Fixed a bug where existing tables of Postgres
pg_stat_statements
extension would prevent Vault from initializing a new database. - Fixed a bug where searching an object by a JSON or BLOB data type property would fail.
Known issues
- Search by a JSON data type property only works if the value is exactly the same as it was originally added.
note
This release includes a minor change in Vault's anti-tampering signatures of JWT structures. If you are running multiple instance, and wish to run this release along side the previous one, you must remove the enforcement of the anti tampering for that transition time. Set the PVAULT_FEATURES_ANTI_TAMPERING
environment variable to log
or off
on the existing instances before upgrading to this version. Restore the enforcement once all Vault instances are running this release.