Release 9.2.5.1¶

These are the Rolling Release Notes for Release 9.2.5.1. These release notes are applicable to both Privacera's Self-Managed version and PrivaceraCloud.

Breaking Changes

CPU Resource Configuration Variable Names Updated¶

Impact: This change only affects customers who have defined custom CPU request and limit settings in their Privacera Manager variables. Customers using default CPU settings are not impacted.
Issue: A regression prevents custom CPU configurations from being applied. Privacera Manager does not recognize the legacy variable naming convention in these versions.
Action Required: If you have custom CPU settings configured, update your variable names in the custom vars file to use the new naming convention.
Variable Naming Changes:
- Old format: <SERVICE>_CPU_MIN and <SERVICE>_CPU_MAX
- New format: <SERVICE>_K8S_CPU_REQUESTS and <SERVICE>_K8S_CPU_LIMITS
- Example: AUDITSERVER_CPU_MIN → AUDITSERVER_K8S_CPU_REQUESTS
- Note: This applies to all Privacera services (AuditServer, DataServer, Portal, etc.)
More Details:
- Complete variable mapping and examples
- JVM Parameters and Override Variables

PolicySync Connector¶

Enhanced Common Dashboard with Improved Metric Standardization

Enhanced Common Dashboard with Improved Metric Standardization¶

Added a new Common Dashboard for PolicySync connectors with expanded panel coverage and improved alignment of key operational metrics.
Standardized metric visualization across dashboards, including updating event panels to display rate (ops) instead of raw counts for better trend analysis in the Connector Common dashboard.

Added Support for Ranger Tag Reconciliation for Tags and Tag Resource Mapping in Google BigQuery Connector

Added Support for Ranger Tag Reconciliation for Tags and Tag Resource Mapping in Google BigQuery Connector¶

The connector now supports automated reconciliation for both tags and tag–resource mappings in BigQuery.
This ensures missing tags and mappings are detected and restored automatically.
Refer to Tag Reconcile Loader Configuration for more details.

Updated BigQuery Apache Avro Dependencies

Updated BigQuery Apache Avro Dependencies¶

Upgraded BigQuery dependencies to address known security vulnerabilities identified in CVE (Common Vulnerabilities and Exposures) reports.

Added Support for Histogram Metrics for Timers

Added Support for Histogram Metrics for Timers¶

Introduced configurable Timer Service Level Objectives (SLOs) that can be applied to all Timer metrics via MeterFilter.
This enhancement provides better observability into timer performance with configurable SLO thresholds and simplifies the metrics APIs for counters, gauges, and timers.
For information on how to configure Histogram Metrics, refer to Configuring Histogram Timers for Connectors.

Added Metrics to Track Changelog Backlog by Type

Added Metrics to Track Changelog Backlog by Type¶

Added metrics to monitor changelog backlog categorized by changelog type, enabling better visibility into processing queues and helping identify bottlenecks in changelog processing.

Enhanced Connector Common and Connector JDBC Dashboards with Latency Panels & Heatmap Visualizations

Enhanced Connector Common and Connector JDBC Dashboards with Latency Panels & Heatmap Visualizations¶

Enhanced the Connector Common and Connector JDBC dashboards by introducing P95/P99 latency panels and heatmap latency visualizations across HTTP, SDK, JDBC, and event metrics.

Redshift Connector Audit Fix

Redshift Connector Audit Fix¶

Fixed transaction_id parsing by casting as BIGINT, ensuring complete audit data loads.

Reduced Failed JDBC Call Errors in Databricks Unity Catalog and Databricks SQL Analytics Connector

Reduced Failed JDBC Call Errors in Databricks Unity Catalog and Databricks SQL Analytics Connector¶

Reduced Failed JDBC Call errors for missing resources in Databricks Unity Catalog and Databricks SQL Analytics Connector.

Fixed an Issue with Implicit Grants for Databricks Unity Catalog Connector

Fixed an Issue with Implicit Grants for Databricks Unity Catalog Connector¶

Fixed an issue where USE SCHEMA and USE CATALOG privileges were not enforced during reconcile in the Databricks Unity Catalog connector.

Fixed an Issue Where Policy Version Information was not Logged for SELECT Permissions in the Unity Catalog Connector

Fixed an Issue Where Policy Version Information was not Logged for SELECT Permissions in the Unity Catalog Connector¶

Fixed an issue where the policy version was not being recorded in apply logs when SELECT permissions were applied through the Unity Catalog connector. This issue was identified in release 9.2.4.1 (see Known Issue). Policy versions are now correctly recorded in apply logs for all permissions.

Fixed CEL Script Evaluator Configuration Property Typo with Backward Compatibility

Fixed CEL Script Evaluator Configuration Property Typo with Backward Compatibility¶

Fixed a typo in the CEL script evaluator configuration property name from CONNECTOR_RANGER_PLUGIN_CEL_SCRIPT_EVALUALTOR_ENABLED to CONNECTOR_RANGER_PLUGIN_CEL_SCRIPT_EVALUATOR_ENABLED. Added backward compatibility logic to ensure that if the old misspelled property is explicitly set to true, it takes precedence over the new correctly spelled property, preventing any disruption to existing configurations.

DataServer¶

[Self-Managed only] Updated DataServer Dependencies

Updated DataServer Dependencies¶

Upgraded DataServer dependencies to address known security vulnerabilities identified in CVE (Common Vulnerabilities and Exposures) reports.

Privacera Diagnostics¶

Diagnostics Server Enhancements: UI Optimization

Diagnostics Server Enhancements: UI Optimization¶

Optimized Diagnostics Server UI with lazy loading and reduced redundant API calls for faster navigation.

Diagnostics Server CVE Fixes

Diagnostics Server CVE Fixes¶

Upgraded Diagnostics Server dependencies to address known security vulnerabilities identified in CVE (Common Vulnerabilities and Exposures) reports.

Diagnostics Client

Diagnostics Client¶

Added tests for DataServer AWS multi-account profile configurations to validate that all configurations are applied correctly.

Privacera Manager¶

Enhanced Security: Masking of Sensitive Data in Logs

Enhanced Security: Masking of Sensitive Data in Logs¶

Implemented conditional masking of sensitive information in log files, including tokens, passwords, secrets, and other credentials. This enhancement ensures that sensitive data is protected in logs when GLOBAL_NO_LOG is disabled, reducing the risk of inadvertent exposure.

[Diagnostics] Configure Pytest Data cleanup on service level

[Diagnostics] Configure Pytest Data cleanup on service level¶

Added configurable pytest data purging mechanism for each service in the diagnostics client sidecar.
Introduced default variable DIAG_TEST_RESULTS_FILE_RETENTION_COUNT set to 7 latest test execution files for automatic cleanup, with automatic fallback to this default value when service-specific container variable is not configured.
Implemented service-specific retention configuration through container-level environment variables, allowing per-service customization of test result retention counts.
Automatic cleanup mechanism: when the retention limit (default 7 files) is reached and a new test run file appears, the oldest file is automatically deleted to maintain the latest test execution files.

Privacera Portal¶

[Self-Managed Only] Enhanced Database Connection Test with SSL Mode Support

[Self-Managed Only] Enhanced Database Connection Test with SSL Mode Support¶

The diagnostic test case for database connections has been updated to include SSL mode support. This improves the ability to verify secure database connections directly from the Portal.

[PrivaceraCloud only] Omni Tags Now Auto-Populated on Tag Policy Page

[PrivaceraCloud only] Omni Tags Now Auto-Populated on Tag Policy Page¶

Enhanced the "Tag Policy" page to automatically display and utilize tags created under the Omni Tags feature. This auto-discovery functionality streamlines the process of defining policies based on existing tags.

[PrivaceraCloud Only] New API Endpoint for Retrieving Inactive Users

[PrivaceraCloud Only] New API Endpoint for Retrieving Inactive Users¶

A new API endpoint has been introduced to fetch a list of inactive users. Note: This capability is intended for administrative use only and is accessible within the Portal.

Apache Solr¶

Updated Apache Solr Dependencies

Updated Apache Solr Dependencies¶

Upgraded Apache Solr dependencies to address known security vulnerabilities identified in CVE (Common Vulnerabilities and Exposures) reports.

Metadata-Service (OMNI)¶

Bulk Import Endpoint for Resources and Tags

Bulk Import Endpoint for Resources and Tags¶

We have added a new bulk import endpoint that streamlines resource and tag synchronization. With this update, you can:

Imports resources and tags in a single API call
Validates and links tags automatically
Maintains relationship integrity
Processes large batches efficiently
Returns detailed status messages for validation errors

Privacera Discovery¶

Discovery Pod Stability Enhancements

Discovery Stability Improvements¶

This release delivers significant reliability improvements to the Discovery pod: - Reduced restart frequency through enhanced resource management - Optimized memory allocation to prevent resource exhaustion - Improved failure handling for better error recovery

Updated Dependencies

Updated Discovery Application Dependencies¶

Upgraded Discovery application dependencies to address known security vulnerabilities, including critical Apache Tika CVEs. Enhancements include Tika 3.x API support, standard parser package integration, custom MIME type definitions, and improved file detection capabilities.

Prev topic: Releases