Search Guard FLX 1.6.0
Release Date: 2024-02-05
This is a new minor release of Search Guard FLX.
It brings one breaking change, some new features, some bug fixes, and updates a number of dependencies.
New features
Auth Token cache should be configurable
You can now configure the Auth Token cache.
Config Vars: Support for base 64 and bcrypt encoding
Pipe expressions can be used to transform values of configuration variables.
Signals: Global configuration for proxy settings
It is now possible to manage proxies via an API and then reference them in watches.
Improvements
Make error message about missing_permissions less verbose
This is a breaking change.
So far, error responses related to security exceptions have always included the missing_permissions
attribute. From now on it will be hidden by default.
If you want these details to be included, you must enable authorization debugging mode.
Support for json_file variable resolver
Adds a new variable resolver json_file
that reads JSON files and provides their structure.
Misleading error message when using private tenant with Signals search API
Fixes a confusing error message that was returned when a user tried to use Signals with a private tenant.
Added explicit ldap_search_operation metrics
Adds explicit metrics about LDAP search operations.
Enforce absolute paths for login page branding images
Improves login page branding images validation so that only absolute paths are accepted.
AuthTokenService generates signing key but does not use it
Auth tokens are signed with default signing key in case of no explicit configuration.
Improve validation in case tenant does not exist
Improves validation of tenants pointed in role permissions.
Bug fixes
_analyze API fails to execute in SG FLX if no index is provided
Fixes handling of requests sent to the _analyze
API when no index is specified.
Cannot delete configuration by type using request DELETE /_searchguard/config/authc
Fixes an endpoint which handles removal of the authc
configuration.
Headers are not case-insensitive
Fixes improper handling of HTTP Headers.
Remove truststore only when it’s not used by any watch
Allows removal of truststore only when it’s not in use.
sg_frontend_multi_tenancy.yml in the example config directory is using the wrong format
Corrects an example of the frontend multi tenancy configuration.
Node startup fails if there are files larger than 2 GB in the elasticsearch/config directory or subdirectories
Fixes a java.lang.OutOfMemoryError
error that could occur when loading demo certificates on startup.
Signals trigger timestamps are incorrect.
More
- See the complete changes in the Gitlab Milestone