Search Guard FLX 1.6.0

Release Date: 2024-02-05

This is a new minor release of Search Guard FLX.

It brings one breaking change, some new features, some bug fixes, and updates a number of dependencies.

New features

Auth Token cache should be configurable

You can now configure the Auth Token cache.

• Documentation
• Issue
• Merge Request

Config Vars: Support for base 64 and bcrypt encoding

Pipe expressions can be used to transform values of configuration variables.

• Documentation
• Issue
• Merge Request

Signals: Global configuration for proxy settings

It is now possible to manage proxies via an API and then reference them in watches.

• Documentation
• Issue
• Merge Request

Signals: Operator view

Introduces a new separate operator view which gives an overview over the current status of the watches and focuses on current issues.

• Issue
• Merge Request
• Issue
• Merge Request

Improvements

Make error message about missing_permissions less verbose

This is a breaking change.

So far, error responses related to security exceptions have always included the missing_permissions attribute. From now on it will be hidden by default. If you want these details to be included, you must enable authorization debugging mode.

• Issue
• Merge Request

Support for json_file variable resolver

Adds a new variable resolver json_file that reads JSON files and provides their structure.

• Merge Request

Misleading error message when using private tenant with Signals search API

Fixes a confusing error message that was returned when a user tried to use Signals with a private tenant.

• Issue
• Merge Request

Added explicit ldap_search_operation metrics

Adds explicit metrics about LDAP search operations.

• Merge Request

Enforce absolute paths for login page branding images

Improves login page branding images validation so that only absolute paths are accepted.

• Documentation
• Issue
• Merge Request

AuthTokenService generates signing key but does not use it

Auth tokens are signed with default signing key in case of no explicit configuration.

• Documentation
• Issue
• Merge Request

Improve validation in case tenant does not exist

Improves validation of tenants pointed in role permissions.

• Issue
• Merge Request

Bug fixes

_analyze API fails to execute in SG FLX if no index is provided

Fixes handling of requests sent to the _analyze API when no index is specified.

• Issue
• Merge Request

Cannot delete configuration by type using request DELETE /_searchguard/config/authc

Fixes an endpoint which handles removal of the authc configuration.

• Issue
• Merge Request

Headers are not case-insensitive

Fixes improper handling of HTTP Headers.

• Issue
• Merge Request

Remove truststore only when it’s not used by any watch

Allows removal of truststore only when it’s not in use.

• Issue
• Merge Request

sg_frontend_multi_tenancy.yml in the example config directory is using the wrong format

Corrects an example of the frontend multi tenancy configuration.

• Issue
• Merge Request

Node startup fails if there are files larger than 2 GB in the elasticsearch/config directory or subdirectories

Fixes a java.lang.OutOfMemoryError error that could occur when loading demo certificates on startup.

• Issue
• Merge Request

More

• See the complete changes in the Gitlab Milestone