Release 9.2.10.1¶

Handled Concurrency Issues While Fetching an STS Token¶

Handled the issue when multiple requests were received to Dataserver for STS Token, where the Dataserver would fail due to ConcurrentModificationException and send error response back to Spark Application which caused failures during execution.

Add Timeout for Audit-Parser to Prevent Parsing from Getting Stuck in Redshift Connector¶

• Introduced a timeout mechanism for the audit-parser to prevent it from getting stuck during parsing in Redshift connector.
• This enhancement is implemented as a flag-based feature and is configured via Privacera Manager (PM).

ABAC Policies Applied at Role/Group Level When Only Tag-Based Macros Are Present in the Snowflake Connector¶

• Role/Group ABAC policies (Access, Masking, Row Filter) are applied at the role/group level when the policy condition, custom mask value, or row filter expression contains only tag-based macros—no flattening to user-based policies.
• When any of these expressions contain user-based macros, policies flatten to user-based and apply per user as before.

Configure Role Evaluation Method for Masking and RLF in the Snowflake Connector¶

• Added a property to control which Snowflake function is used to evaluate roles for masking and row-level filter (RLF) conditions: current_available_roles() when enabled, or is_role_in_session() when disabled (default).
• When Omni and PBAC are enabled with an ABAC policy, PolicySync uses is_role_in_session() regardless of this property; otherwise the property setting applies.

Databricks Unity Catalog: Enhanced API Throttling Metrics and Dashboards¶

Implemented enhanced throttling-related metrics along with new Grafana panels to analyze and monitor API throttling behavior in Databricks Unity Catalog.

Databricks Unity Catalog: Added Masking Support for VOID Data Type¶

Adds support for applying masking policies on columns with VOID data types in Databricks Unity Catalog.

Snowflake: Updated Row Filter and Data Mask ID Generation Logic for PBAC¶

Updated the Row Filter ID and Data Mask ID generation logic to ensure consistent and accurate evaluation when PBAC is enabled.

Snowflake: Principal Name Case Handling for RLF and Masking Policies under PBAC¶

Ensuring consistent case handling for principal names during RLF and masking policy evaluation when PBAC is enabled.

Bigquery RangerTagPermissionLoader No Longer Deletes Masking Policies Not Created by privacera¶

Fixed an issue in RangerTagPermissionLoader for the GBQ Connector, where the connector was attempting to delete masking data policies not created by privacera.

Partial Masking Support¶

• Introduced partial encryption feature to mask First N or Last N characters of data.
• This enhancement supports all format types, enabling more granular control over sensitive data protection.

Diagnostics Server Enhancements¶

Migrated the Diagnostics Server runtime from Flask to FastAPI and added MariaDB support.

Diagnostics Client Enhancements¶

• Skipped Ranger test cases when running in D2P mode.
• Upgraded Kafka client to a version compatible with Python 3.13.
• Improved support package generation and contents.

Updated Application Dependencies¶

Upgraded application dependencies to address known security vulnerabilities identified in CVE (Common Vulnerabilities and Exposures) report for Diagnostics Server and Diagnostics Client.

Fixed Critical Vulnerabilities¶

Addressed several security vulnerabilities for Solr. These fixes include updates for CVE-flagged issues identified during our security scans, ensuring improved protection and platform reliability.

Fixed Critical Vulnerabilities¶

Addressed several security vulnerabilities Zookeeper. These fixes include updates for CVE-flagged issues identified during our security scans, ensuring improved protection and platform reliability.

Updated Application Dependencies¶

Upgraded application dependencies to address known security vulnerabilities identified in CVE (Common Vulnerabilities and Exposures) report.

SCIM Server Metrics Reporting¶

Fix metrics reporting for SCIM Server http requests.

Update Docker Container User¶

Update docker container to use privacera user.

Updated Application Dependencies¶

Upgraded application dependencies to address known security vulnerabilities identified in CVE (Common Vulnerabilities and Exposures) report.

Removed Unsupported libary in Self-Managed¶

Removed the unsupported Oozie library to reduce risk and maintenance overhead.