Releases: pivotal/credhub-release
Releases · pivotal/credhub-release
0.4.0
Compatibility -
- This release must use BOSH version 261 or later.
- CLI version 0.4.0 must be used with this release
Notice -
- You are advised to backup your database prior to upgrade.
- UAA client name for the CredHub CLI is now
credhub_cli. You must update your UAA client name fromcredhubtocredhub_cli. - Deployment properties structure for credhub.encryption has changed. You must update your manifest to use the separate keys and providers structure as shown here.
- dev_internal encryption provider no longer includes a default key value
New Features -
- Major performance optimizations for generating rsa, ssh and certificate credentials [4096 generation now ~1.5 seconds, from 20-30+ seconds previously]
- Storing all historical credential values
- Changes to API to simplify BOSH integration and clarify resources for authorization work
- Restructured encryption provider deployment properties to allow future encryption key rotation feature
- Regenerate credentials in same form as previously generated
- Experimental support for Dyadic DSM encryption provider
- Credential name added to credential response
- Capturing credential/CA name explicitly in audit logs
- Define extended key usage extension values when generating certificates
- Bump OpenJDK for CVEs
- Resolved github issue #2 - 5-10 minute delay in startup on GCP
- Resolved github issue #4 - Inconsistency in parallel operations
[Release has been removed, as it is no longer recommended. Please install subsequent version.]
0.3.0
Compatibility -
- This release must use BOSH version 260.x or prior. For version 261 and later, you must use 0.4.0+.
- CLI version 0.3.0 must be used with this release
New features -
- Fixed CVE 2016-6655: Utility script command injection #131930061 details here
- CEF audit logging
- logging enhancements
- user-provided AES key for internal encryption
- RSA credential type (e.g. UAA JWT keys)
- SSH credential type
[Release has been removed, as it is no longer recommended. Please install subsequent version.]
0.2.0
Fixes major bug that dropped the target database on re-deploy.
New features -
- API now produces error if request includes unrecognized parameters
- Dependencies are now vendored to static versions
- Ability to find credentials by partial name or path search
- Updated TLS ciphers to remove support of 'DHE-RSA-AES128-GCM-SHA256' & 'DHE-RSA-AES256-GCM-SHA384'
- Ability to deploy with internal software encryption
[Release has been removed, as it is no longer recommended. Please install subsequent version.]
0.1.0 - Initial Release
Initial release of the CredHub Server for alpha testing. Backward compatibility may be broken during alpha testing period, so you should check back for a new release before reporting issues.
Included Features -
- Store arbitrary string credentials
- Generate random string credentials (configurable params below)
- length
- exclude upper
- exclude lower
- exclude number
- exclude special
- Generate RSA certificates and private keys (configurable params below)
- signing certificate authority
- duration
- key length
- common name
- subject alternative names
- organization
- organization unit
- locality
- state
- country
- Generate and store root CAs (same params above less CA and SAN)
- Access control via UAA
- Logging of all access and modification of data
- Data storage to MySQL or PostgreSQL
- Sensitive data encryption via HSM
- HTTP API that conforms to BOSH config server spec
[Release has been removed, as it is no longer recommended. Please install subsequent version.]