Release 9.0.24.1¶

This is the Rolling Release Notes for the Release 9.0.24.1. These release notes are applicable only to Privacera's Self Managed version.

Breaking Changes

Portal OAuth 2.0 SSO Configuration Update

OAuth 2.0 SSO support has been enhanced in Portal to improve security, address known login issues, and align with modern authentication standards. This update resolves previously reported vulnerabilities and ensures more reliable integration with identity providers.

This change only affects users who already have OAuth configured for Portal SSO (Single-Sign-On). This update introduces changes to the OAuth configuration properties. If you're upgrading to this version and have an existing OAuth configuration, you must update the properties.

Required Configuration Updates: Please add the following properties in your OAuth configuration file: config/custom-vars/vars.okta.yml

OAUTH_CLIENT_ISSUER_URI: "" Specifies the issuer URI of your IDP. This is usually the base URI of your OAuth 2.0 provider.

PORTAL_SSO_OAUTH_ENABLE: "true"

Refer to the configuration guide for full details: OAUTH2 Setup

Limitation

[Portal] Kubernetes Compatibility for GKE and AKS¶

The current release of the Portal service includes changes that are only compatible with specific Kubernetes patch and node image versions.

GKE Compatibility: The service is supported only up to GKE patch version v1.32.2-gke.129700.
AKS Compatibility: The service is supported only up to AKS version v1.32.0.

Attempting to run the service on versions beyond these may result in failed deployments or unexpected behavior.

Trino Plugin¶

Enhanced External Location Access Control in Trino Plugin

Enhanced External Location Access Control in Trino Plugin¶

Tip

This feature is available from 9.0.24.1 and onwards.

Previously, the Trino plugin exclusively used privacera_s3 to verify access to external locations. If no policy is defined in privacera_s3, or if the privacera_s3 repository is absent, the plugin returned an AccessDeniedException for external location access.

This release introduces a fallback mechanism to address this limitation. The plugin now supports policy evaluation using privacera_files and privacera_hive (for Hive catalogs only).

Fallback Policy Evaluation Order:

Primary Check: The plugin first checks for access policies in privacera_s3.

First Fallback: If no policy is found in privacera_s3, the plugin falls back to privacera_files.

Second Fallback (Hive Catalog Only): For Hive catalogs, if no policy is found in either privacera_s3 or privacera_files, the plugin falls back to privacera_hive.

This enhancement improves the flexibility and reliability of access control for external locations, minimizing unnecessary access denials due to missing configurations or policies.

Behavioral Changes

In previous versions, access was denied if no policy existed in privacera_s3, even if applicable policies were present in privacera_files or privacera_hive.
With this release, the plugin evaluates these fallback sources, potentially granting access that was previously denied.

Limitations

Custom Service Repository configuration is currently unsupported for S3 and Files. Policy evaluation will use the default privacera_s3 and privacera_files repositories.

Ranger Admin¶

Optimisation of importservicetags API

Optimisation of `importservicetags` API¶

The importservicetags API has been optimized to efficiently handle large volumes of tags and resources.
This optimization improves performance, resolves deadlocks, and prevents timeouts during high-volume imports from Lake Formation.

Privacera UserSync¶

Enhanced Cache Comparison

Enhanced Cache Comparison¶

Improved the cache comparison process to reduce the number of false positive alters in Ranger when primary user attribute values are null.

Correction of Metrics Counts in SCIM Server

Correction of Metrics Counts in SCIM Server¶

Resolved an issue in the SCIM Server where the "Updated Groups" metric incorrectly counted modifications made through PATCH requests.

Privacera Portal¶

[Portal] Refactored Data Explorer APIs for Data and Classification Retrieval

[Portal] Refactored Data Explorer APIs for Data and Classification Retrieval¶

We have improved how Data Explorer loads information to enhance performance, reliability, and scalability. This helps ensure a smoother user experience and better handling of classification data, especially when working with large datasets.

Prev topic: Releases