Release 9.0.34.1¶

This is the Rolling Release Notes for the Release 9.0.34.1. These release notes are applicable only to Privacera's Self Managed version.

Breaking Changes

SAML Encryption: ECDH-ES Key Agreement No Longer Supported¶

Description: This release clarifies and enforces our supported encryption methods for SAML assertions. Our Service Provider (SP) no longer supports ECDH-ES (Elliptic Curve Diffie-Hellman Ephemeral-Static) key agreement for SAML assertion encryption.

Impact: If your Identity Provider (IdP) is currently encrypting SAML assertions for our SP using ECDH-ES key agreement (e.g., algorithms like urn:oasis:names:tc:saml:2.0:profiles:ecdh:aes256-gcm, which involve a Key Derivation Function like http://www.w3.org/2009/xmlenc11#ConcatKDF, these assertions will now fail to decrypt.

Action Required: Your IdP must be reconfigured to use a supported key transport method for SAML assertion encryption.

Recommendation: For robust and interoperable encryption, we strongly recommend configuring your IdP to use RSA-OAEP for key transport with AES-256 (GCM or CBC) for content encryption. These methods remain fully supported.

Note: SAML encryption using RSA-PKCS#1 v1.5 for key transport is also unaffected and remains supported for compatibility.

Self-Managed : FIPS 140-2/3 Compliance Update¶

FIPS 140-2/3 Compliance Update

FIPS 140-2/3 Compliance Update¶

This release introduces comprehensive support for FIPS 140-2 and 140-3 compliance, ensuring that all data protection and governance functions operate using federally validated cryptographic standards. This critical update integrates FIPS-validated modules, approved algorithms, and secure protocols across the platform to deliver the highest level of security assurance for public sector and enterprise customers.

Supported Services: Zookeeper, Solr, Ranger, Portal, Audit Server, Dataserver, Audit Fluentd, UserSync, Snowflake Connector, Databricks Unity Catalog Connector, Diagnostics Tool.

Privacera Portal¶

Security Vulnerability Fixes

Security Vulnerability Fixes¶

Addressed known CVEs by updating vulnerable dependencies.

Bug Fix: Expression Warning Removed in Policy Form Page (Beta UI)

Bug Fix: Expression Warning Removed in Policy Form Page (Beta UI)¶

Removed warning messages related to expressions was shown in the Beta UI. It has now been removed for better clarity.

Privacera Manager¶

Privacera Manager Installation

Privacera Manager Installation¶

Updated default cluster sizing for new Kubernetes installations to use 3 replicas for Solr and ZooKeeper components, improving high availability and fault tolerance. This change applies only to new setups to keep backward compatibility, while existing deployments keep their current replica settings for smooth upgrades.

Privacera Solr

Privacera Solr¶

Enhanced Solr cluster management in Kubernetes deployments with automatic SSL certificate cleanup during scaling operations. The system now detects changes in Solr replica count and automatically updates outdated SSL certificates to ensure proper cluster functionality when scaling Solr StatefulSets.

PolicySync Connector¶

[DBX-UC] Fix: Improved Masking Function Handling

[DBX-UC] Fix: Improved Masking Function Handling¶

The masking logic has been enhanced to properly interpret UDF creation syntax. This update removes previous minor performance overheads that occurred during permission reconciliation.

[DBX-UC] Fix: Masking and RLF Policy Handling for Views

[DBX-UC] Fix: Masking and RLF Policy Handling for Views¶

Databricks does not support masking and row-level filtering (RLF) on views. PolicySync now skips processing masking and RLF policies for views in Databricks Unity Catalog and logs a message to indicate this limitation.

Prev topic: Releases