Skip to content

Release 9.2.30.1

These are the Rolling Release Notes for Release 9.2.30.1. These release notes are applicable to Privacera's Self-Managed version.

🔥 Breaking Changes

Breaking Changes

PolicySync connectors wait for Solr schema upload in Data Plane (D2P) deployments

Starting with release 9.2.30.1, a PolicySync connector pod includes an init container that waits for the PolicySync Solr schema (config) to be uploaded before the connector starts. In a Data Plane (D2P) deployment where Solr is not enabled on the Data Plane, this init container never completes, so the connector pod stays in a waiting (non-Running) state.

  • Impact: In D2P deployments that run PolicySync connectors with Solr disabled on the Data Plane, connector pods do not reach the Running state after upgrading to 9.2.30.1.
  • Change: Set the CONNECTOR_WAIT_FOR_POLICYSYNC_SOLR_CONFIG property to "false" to disable this wait so the connectors can start. For details and the full decision matrix, see PolicySync connector wait for Solr schema upload.
  • Reason: In a D2P deployment, the PolicySync Solr schema is managed in the PrivaceraCloud control plane, so the connector should not wait for a Solr schema upload on the Data Plane.

Note

This applies only to D2P deployments that have PolicySync connectors and Solr disabled on the Data Plane. If no PolicySync connectors are deployed, or if Solr is enabled on the Data Plane, this property is not required.

Plugin

OLAC support for Apache Spark Version 4.1.2

OLAC support for Apache Spark Version 4.1.2

  • Added Object-Level Access Control (OLAC) support for Apache Spark Version 4.1.2.
  • For the supported version matrix, refer Supported Runtime Versions.

PolicySync Connector

PolicySync POLICY_RESPONSE Audit Uses Numeric Policy ID and Version

PolicySync POLICY_RESPONSE Audit Uses Numeric Policy ID and Version

  • PolicySync POLICY_RESPONSE audit events written to Solr and Amazon SQS now emit policyId and policyVersion as numeric (Long) values instead of strings.
  • ACCESS events use a list of Long values for policyId and policyVersion when multiple Ranger policies contribute to one grant or revoke.
  • This change applies to AWS Lake Formation, Databricks Unity Catalog, and Databricks SQL Analytics connectors. Other PolicySync audit event types remain unchanged.
Tag Sync Loader Grafana Metrics

Tag Sync Loader Grafana Metrics

Introduced Prometheus metrics and a new Tag Sync Loader Metrics section to the Connector-Common Grafana dashboard. This provides real-time visibility into catalog tag-sync connectors, tracking scanned tag/resource counts, change deltas, sync cycle success/failure rates, and per-connector cycle durations.

Improved Exact Match Handling for Microsoft Purview Qualified Name Search

Enhanced the Microsoft Purview entity search to prioritize exact qualified name matches over broad keyword-based search results. This ensures reliable tag fetching and synchronization, preventing missing tags within the Data Catalog.

Privacera Manager

Fixed Solr Schema Upload Mismatch

Fixed Solr Schema Upload Mismatch

Fixed an issue in Privacera Manager where Solr data was uploaded before the latest Solr schema was pushed, causing a schema mismatch during Solr schema upload.

Apache Ranger

Audit Fluentd S3 Path Prefix Support For Admin Audits

Audit Fluentd S3 Path Prefix Support For Admin Audits

Updated the admin_audits S3 output configuration in audit-fluentd to honor the AUDIT_FLUENTD_S3_PATH_PREFIX setting. Previously, admin audit events always used a hardcoded S3 path and ignored the configured prefix, which could lead to S3 authorization failures in environments using custom audit path prefixes. The admin audit stream now behaves consistently with other audit streams and writes audit data under the configured S3 path prefix. For more information, see Configure audits to S3.

CVE Fixes In Ranger

CVE Fixes In Ranger

Upgraded system binaries to address known security vulnerabilities identified in the CVE (Common Vulnerabilities and Exposures) report.