Release 9.2.22.1¶

Base Image Upgraded¶

Updated the base image to a newer Debian version to address known security vulnerabilities identified in the CVE (Common Vulnerabilities and Exposures) report.

Removed Duplicate On-Demand Sync V2 Default for Databricks Unity Catalog Connector¶

• Removed the duplicate CONNECTOR_DATABRICKS_UNITY_CATALOG_ON_DEMAND_V2_ENABLED definition from the Databricks Unity Catalog connector defaults in Privacera Manager, so privacera-manager.sh setup no longer emits Ansible’s “Found duplicate mapping key” warning for that variable.

Fixed Row-Level Filter Policies Dropped When New Sub-Resources Are Added with Omni Metadata Sync (PolicySync Core)¶

• When Omni metadata sync is enabled, fixed an issue in PolicySync core where row-level filter (RLF) policies could be dropped when a resource gained new sub-resources (for example, new table columns), including when column wildcard policies apply. Resource updates that add sub-resources now trigger a full ACL recompute when needed so RLF, masking, and column-level permissions are evaluated correctly.
• When Omni metadata sync is enabled, resource definitions no longer omit sub-resources when a per-sub-resource permission entry is not pre-populated in the sync request.

Fixed Descendant Table and View Loading for Database- and Schema-Scoped Filters in Snowflake Connector¶

• Fixed an issue in the Snowflake connector where, during filtered or on-demand sync, tables and views under a selected database or schema were not always loaded when only the parent database or schema was included in the request. The connector now loads descendant tables and views in that case, consistent with the filter query parameters and container behavior used elsewhere in PolicySync.

Bug Fix (PolicySync): Duplicate Masking Conditions in Final Masking Policy¶

• Fixed an issue where multiple masking policies (or policy items) applied to the same principal could result in an incorrect mask value being enforced by the connector in certain scenarios.
• Improved the data masking policy evaluation to ensure more accurate and consistent application of masking rules. This update enhances how policies are matched and prevents incorrect masking behavior.

Updated Dataserver Dependencies¶

Upgraded dataserver dependencies to address known security vulnerabilities identified in CVE (Common Vulnerabilities and Exposures) report.

Dataserver Base Image Upgraded¶

Updated the dataserver base image to a newer Debian version to address known security vulnerabilities identified in CVE report.

Added Support for Checksum Header for AWS CLI V2 Request¶

The use case with the latest version of AWS CLI v2 failed due to the missing checksum header in the signed request. Now, introduced support to populate the required headers and ensure the request executes successfully.

Diagnostics Server Enhancements¶

• Improved Diagnostics Server performance by optimizing SQLite performance.

Updated Apache Solr Dependencies¶

Upgraded Apache Solr dependencies to address known security vulnerabilities identified in CVE (Common Vulnerabilities and Exposures) report.

Updated Apache Zookeeper Dependencies¶

Upgraded Apache Zookeeper dependencies to address known security vulnerabilities identified in CVE (Common Vulnerabilities and Exposures) report.

SCIM Server Delete User API¶

Correct issue that resulted in delete user requests in SCIM Server returning 401 HTTP error.