Release 9.2.30.1¶
These are the Rolling Release Notes for Release 9.2.30.1. These release notes are applicable to Privacera's Self-Managed version.
Breaking Changes¶
Breaking Changes
PolicySync connectors wait for Solr schema upload in Data Plane (D2P) deployments¶
Starting with release 9.2.30.1, a PolicySync connector pod includes an init container that waits for the PolicySync Solr schema (config) to be uploaded before the connector starts. In a Data Plane (D2P) deployment where Solr is not enabled on the Data Plane, this init container never completes, so the connector pod stays in a waiting (non-Running) state.
- Impact: In D2P deployments that run PolicySync connectors with Solr disabled on the Data Plane, connector pods do not reach the
Runningstate after upgrading to 9.2.30.1. - Change: Set the
CONNECTOR_WAIT_FOR_POLICYSYNC_SOLR_CONFIGproperty to"false"to disable this wait so the connectors can start. For details and the full decision matrix, see PolicySync connector wait for Solr schema upload. - Reason: In a D2P deployment, the PolicySync Solr schema is managed in the PrivaceraCloud control plane, so the connector should not wait for a Solr schema upload on the Data Plane.
Note
This applies only to D2P deployments that have PolicySync connectors and Solr disabled on the Data Plane. If no PolicySync connectors are deployed, or if Solr is enabled on the Data Plane, this property is not required.
Plugin¶
OLAC support for Apache Spark Version 4.1.2
OLAC support for Apache Spark Version 4.1.2¶
- Added Object-Level Access Control (OLAC) support for Apache Spark Version 4.1.2.
- For the supported version matrix, refer Supported Runtime Versions.
PolicySync Connector¶
PolicySync POLICY_RESPONSE Audit Uses Numeric Policy ID and Version
PolicySync POLICY_RESPONSE Audit Uses Numeric Policy ID and Version¶
- PolicySync
POLICY_RESPONSEaudit events written to Solr and Amazon SQS now emitpolicyIdandpolicyVersionas numeric (Long) values instead of strings. ACCESSevents use a list ofLongvalues forpolicyIdandpolicyVersionwhen multiple Ranger policies contribute to one grant or revoke.- This change applies to AWS Lake Formation, Databricks Unity Catalog, and Databricks SQL Analytics connectors. Other PolicySync audit event types remain unchanged.
Tag Sync Loader Grafana Metrics
Tag Sync Loader Grafana Metrics¶
Introduced Prometheus metrics and a new Tag Sync Loader Metrics section to the Connector-Common Grafana dashboard. This provides real-time visibility into catalog tag-sync connectors, tracking scanned tag/resource counts, change deltas, sync cycle success/failure rates, and per-connector cycle durations.
Improved Exact Match Handling for Microsoft Purview Qualified Name Search
Improved Exact Match Handling for Microsoft Purview Qualified Name Search¶
Enhanced the Microsoft Purview entity search to prioritize exact qualified name matches over broad keyword-based search results. This ensures reliable tag fetching and synchronization, preventing missing tags within the Data Catalog.
Privacera Manager¶
Fixed Solr Schema Upload Mismatch
Fixed Solr Schema Upload Mismatch¶
Fixed an issue in Privacera Manager where Solr data was uploaded before the latest Solr schema was pushed, causing a schema mismatch during Solr schema upload.
Apache Ranger¶
Audit Fluentd S3 Path Prefix Support For Admin Audits
Audit Fluentd S3 Path Prefix Support For Admin Audits¶
Updated the admin_audits S3 output configuration in audit-fluentd to honor the AUDIT_FLUENTD_S3_PATH_PREFIX setting. Previously, admin audit events always used a hardcoded S3 path and ignored the configured prefix, which could lead to S3 authorization failures in environments using custom audit path prefixes. The admin audit stream now behaves consistently with other audit streams and writes audit data under the configured S3 path prefix. For more information, see Configure audits to S3.
CVE Fixes In Ranger
CVE Fixes In Ranger¶
Upgraded system binaries to address known security vulnerabilities identified in the CVE (Common Vulnerabilities and Exposures) report.
- Prev topic: Releases