Release 9.2.28.1¶

PolicySync Resource Sync Stats and Failure Reporting¶

Fixed resource sync completion reporting to include per-resource-type counts (catalog, schema, table, column, and so on) in PolicySync audits.

PolicySync CHANGELOG Completion Solr Payload Chunking¶

PolicySync completion audits for very large policy updates are now written to Solr in smaller batches so indexing does not fail. Each completion summary lists which policies changed; grant and revoke details for each policy stay in the existing per-policy audit records.

PolicySync RocksDB CLI — Resource and Permission Inspection¶

Enhanced the PolicySync RocksDB CLI to explore connector storage from an offline database copy—for example, keys resources to list resource keys and get permissions to read stored permission data in plain form.

Lake Formation Connector Enhancements¶

• Added retry handling for transient InternalServiceException errors by treating them as retriable exceptions.
• Fixed an issue in PolicySync audit reporting where the Action (Grant/Revoke) and Time Taken fields were not populated correctly. Audit records now reflect accurate operation details.
• Removed Pull Mode (reverse sink) support. Only Push Mode (Privacera → Lake Formation) is now supported. This simplifies the connector and improves stability and maintainability.
• Upgraded the Athena JDBC dependency to remediate known security vulnerabilities identified in the CVE (Common Vulnerabilities and Exposures) report.

Snowflake Audit Exclusion Support¶

• Added support to exclude specific audits for users in the Snowflake connector.
• Fixed a NullPointerException during Snowflake user loading when role entries are null.

Snowflake Fix Repeated CREATE OR REPLACE MASKING POLICY Operations¶

Fixed repeated CREATE OR REPLACE MASKING POLICY operations for custom masking.

Compatibility Fix for Older Trino Versions¶

Fixed a compatibility issue introduced by the JDK 21 upgrade in the Privacera Trino Plugin. This fix ensures that Trino deployments running on JDK 17 continue to work correctly across supported Trino versions.

Australia and New Zealand Phone Number Detection¶

Discovery now supports detection of Australian (AU_PHONE_NUMBER) and New Zealand (NZ_PHONE_NUMBER) phone numbers using the AUSTRALIA_PHONE_NUMBER_ML_MODEL and NEW_ZEALAND_PHONE_NUMBER_ML_MODEL models. A shared ANZ_PHONE_NUMBER_KEYWORD dictionary can be used for stricter column-name-aware detection rules. Tags, models, and dictionaries are disabled by default — enable them under Discovery → Tags / Models / Dictionaries.

See Heuristic Models and Using Dictionaries for configuration details.

Australia Tax File Number Detection¶

Discovery now supports detection of Australian Tax File Numbers using the AUSTRALIA_TFN_ML_MODEL model and the AU_TFN tag.

The model can be used with the AU_TFN_KEYWORD dictionary for stricter column-name-aware detection rules. Tags, models, and dictionaries are disabled by default — enable them under Discovery → Tags / Models / Dictionaries.

See Heuristic Models and Using Dictionaries for configuration details.

Improved Vehicle Identification Number (VIN) Detection¶

The existing Vehicle Identification Number detector (VIN_ML_MODEL, tag VIN) has been improved to reduce false positives. A new VIN_KEYWORD dictionary can be used for stricter column-name-aware detection rules.

See Heuristic Models and Using Dictionaries for configuration details.

Australia and New Zealand Vehicle Number Plate Detection¶

Discovery now supports detection of Australian and New Zealand vehicle license plate / registration numbers using the ANZ_VEHICLE_NUMBER_PLATE_ML_MODEL model and the ANZ_VEHICLE_NUMBER_PLATE tag.

The model can be used with the ANZ_VEHICLE_PLATE_KEYWORD dictionary for stricter column-name-aware detection rules. Tags, models, and dictionaries are disabled by default — enable them under Discovery → Tags / Models / Dictionaries.

See Heuristic Models and Using Dictionaries for configuration details.

Security PIN Detection¶

Discovery now supports detection of ATM / debit PINs, CVV / CVC / CSC card-verification values, and short account-access passcodes using the SECURITY_PIN_PATTERN pattern and the SECURITY_PIN tag.

The pattern can be used with the PIN_KEYWORD dictionary for stricter column-name-aware detection rules. Tags, patterns, and dictionaries are disabled by default — enable them under Discovery → Tags / Patterns / Dictionaries.

See Using Dictionaries for configuration details.

Fixed CVE-2023-3635 by Upgrading Okio to 3.4.0¶

Upgraded okio to version 3.4.0 to address CVE-2023-3635.

Fixed CVE-2026-42198 by Upgrading PostgreSQL JDBC Driver to 42.7.11¶

Upgraded the PostgreSQL JDBC driver to version 42.7.11 to address CVE-2026-42198.

Improved Security Zone Management¶

A new Manage modal has been added to security zones. You can now seamlessly search for existing resources, add new ones, and make quick updates.

Fixed Discovery Scan Request API Configuration Scoping¶

Fixed an issue where Discovery scans could include resources outside the selected Application Configuration scope. Scans now correctly process only the configured resources.

Base Image Upgraded¶

Updated the base image to a newer Debian version to address known security vulnerabilities identified in CVE report.

Update Application Dependencies¶

Upgraded application dependencies to address known security vulnerabilities identified in CVE (Common Vulnerabilities and Exposures) report.

PEG Base Image Upgraded¶

Updated the PEG base image to a newer version to address known security vulnerabilities identified in CVE report.

Updated PEG Dependencies¶

Upgraded PEG dependencies to address known security vulnerabilities identified in CVE (Common Vulnerabilities and Exposures) report.