Release 9.2.25.1¶

[PrivaceraCloud only] Added Support for Checksum Header in Request for AWS CLI V2.23 and above¶

The use case with the AWS CLI v2.23 and above failed due to the missing checksum header in the signed request. Now, introduced support to populate the required headers and ensure the request executes successfully.

Fixed an issue when executing a Spark-SQL command in EMR¶

• Fixed an issue where Spark-SQL failed to start due to SSL error in EMR version higher than 7.8.0.
• Fixed an issue when executing a Spark-SQL command with external location using s3:// protocol in EMR with OLAC deployment.

Fixed issue due to ScalaReflectionException and ClassNotFoundException with Spark OLAC¶

Fixed failures occurring due to ScalaReflectionException and ClassNotFoundException when executing a usecase in Spark with OLAC deployment.

Added Deny-by-Default Support for Unsupported SQL Primitives in Spark FGAC¶

• Enhanced Spark FGAC authorization handling to block unsupported SQL primitives and reduce potential data leak scenarios during execution.
• For configuration details, refer to Deny unsupported SQL primitives by default on EMR and Deny unsupported SQL primitives by default on Databricks FGAC.

Fixed an issue where the Beeline Hive usecases failed with s3:// protocol¶

Fixed an issue where the Beeline Hive usecases failed with s3:// protocol.

Enhanced Policy Tracing and Access Grant Visibility¶

• Introduced policy change tracking through SQS events for Policy Response and Access Grants, along with end-to-end policy tracing and policy-specific grant summaries accessible from the Policy icon for Redshift, Databricks Unity Catalog, Lake Formation, and Databricks SQL Analytics.

Databricks JDBC Driver Migration for Connector Integration¶

• Upgraded connector integrations to use the new Databricks JDBC driver, improving compatibility, connectivity reliability, and support for updated Databricks platform capabilities for Databricks Unity Catalog and Databricks SQL Analytics.

Fixed issue of volume loading for Databricks Unity Catalog Connector¶

• Fixed issue to load volumes even when metastore loading is disabled for Unity Catalog Connector. See Selective Resource Type Loading for configuration details.

Databricks Unity Catalog — Reusable RLS Functions¶

• Added support for reusable Row-Level Security (RLS) functions in the Databricks Unity Catalog connector.
• Reusable RLS functions reduce operational overhead by eliminating the need to update Databricks RLS functions for every Privacera Row-Level Filter (RLF) policy change. See Use Reusable UDF for Row-level Filter for configuration details.

Lake Formation Connector — Enhanced Metrics, Exception Handling, and Grant/Revoke Observability¶

• Added batch size metrics to improve monitoring and operational insights.
• Introduced exception handling for federated resources and resource loading failures.
• Enhanced grant and revoke event visibility by including request, response, and batch-level details for better traceability and debugging.

See Enhanced grant and revoke event visibility for configuration details.

Purview Tag Sync | MSSQL¶

Added support in MSSQL for integration with Microsoft Purview to enable tag sync.

See Configuring Microsoft Purview for Privacera PolicySync Connectors for configuration details.

Purview Tag Sync | Databricks Unity Catalog¶

Added support in Databricks Unity Catalog (UC) for integration with Microsoft Purview to enable tag sync.

See Configuring Microsoft Purview for Privacera PolicySync Connectors for configuration details.

Improvement (Metadata Enricher & Metadata Service): Optimized Tag Resource Mapping Export¶

• Improved the performance of tag resource mapping export operations by using the enhanced Metadata Service export API.
• This optimization significantly reduces the time required to download tag mappings during PolicySync operations.

Improved Schema Migration Reliability and Java Patch Tracking¶

This release improves reliability, safety, and observability of Ranger schema migrations and Java upgrade patches. Java patches are now tracked in the database to avoid repeated execution, while migration and patch failures now correctly fail the process and trigger pod restart/crash-loop behavior instead of silently proceeding.

It also enhances migration logging and schema validation handling, reducing the risk of undetected upgrade issues and improving troubleshooting during deployments.

Kubernetes RollingUpdate Deployment Strategy Fix¶

This release improves Kubernetes rollout handling for Apache Ranger deployments using the RollingUpdate strategy. The Deployment template now correctly applies rollingUpdate settings only when RANGER_K8S_STRATEGY_TYPE=RollingUpdate, and updates maxUnavailable from 1 to 0 to maintain full pod availability during upgrades while still allowing a surge of one additional pod.

Australia Medicare Number Detection¶

Discovery now supports detection of Australian Medicare card numbers using the AU_MEDICARE_ML_MODEL model and the AU_MEDICARE tag.

The model validates the Medicare number format and check digit, rejects common false positives, and can be used with the AU_MEDICARE_KEYWORD dictionary for stricter column-name-aware detection rules.

See Heuristic Models and Using Dictionaries for configuration details.

Australia and New Zealand Driver Licence Detection¶

Discovery now supports detection of Australian (AU_DRIVER_LICENSE) and New Zealand (NZ_DRIVER_LICENSE) driver licence numbers. The Australian detector covers all eight states and territories using per-state patterns. The New Zealand detector matches the standard 2-letter + 6-digit format. Tags, models, and dictionaries are disabled by default — enable them under Discovery → Tags / Models / Dictionaries.

See Heuristic Models and Using Dictionaries for configuration details.

Australia and New Zealand Passport Detection¶

Discovery now supports detection of Australian (AU_PASSPORT) and New Zealand (NZ_PASSPORT) passport numbers. Tags, models, and dictionaries are disabled by default — enable them under Discovery → Tags / Models / Dictionaries.

See Heuristic Models and Using Dictionaries for configuration details.

Azure Key Vault and Kubernetes Secrets Now Supported as Secret Store¶

You can now use Azure Key Vault or Kubernetes Secrets as a secret store for your connector secrets.

Public APIs for Connector Export and Import¶

Connectors can now be created and exported using REST APIs. See Import Connector and Export Connector.

Fixed Runtime Agent Not Restarting After Helm Regeneration¶

Fixed a bug where Helm regeneration did not restart the runtime agent, leaving it stuck with the old API key and unable to connect to the manager. A restartedAt pod annotation is now injected on each regeneration to force a rolling restart.

Owner Field Added to Connector Listings¶

Connector listings now include an Owner field. Sync status is computed on the backend from pod revisions and returned with the listing API, eliminating the need for additional UI calls.

Tenant Disable and Re-enable Now Manages Runtime Plane Lifecycle¶

Disabling a tenant now automatically runs the runtime plane disable flow: stops applications, disables keys, then disables the runtime agent. Re-enabling a tenant restores applications, keys, and the runtime agent, with observable and retriable behavior on failure.

Updated Dependencies¶

Upgraded dependencies to address known security vulnerabilities identified in CVE (Common Vulnerabilities and Exposures) report.

[PrivaceraCloud only] Introducing Trust3 AI: The New Identity of Privacera Governance¶

Privacera Governance is now Trust3 AI with a refreshed look, improved navigation, and enhanced user experience. All your data and settings remain unchanged.

[PrivaceraCloud only] Data Catalog Tag Auditing & History¶

The Data Catalog now includes a Created By column on the Tags and Metadata listing page, and a new history drawer — accessible via a clock icon on any applied tag — that provides a timeline of who added or updated a tag on a specific resource.

Introduced Support for User Defined Functions in Access Controls¶

User Defined Functions (UDFs) can be created and used in Row Level Filter policies. This release adds support for using UDFs as master UDF and filter in policy management.

Introduced Policy Sync Status and Enhanced Policy Sync Audits¶

Policies in Access Controls now include Sync Status, which shows the latest information on whether a policy has been applied. Policy Sync audits now support custom column selection, along with newly introduced columns.