|
| 1 | +## Version 3.0.0 Release Notes |
| 2 | + |
| 3 | +Compatible with OpenSearch and OpenSearch Dashboards version 3.0.0 |
| 4 | + |
| 5 | +#### Breaking Changes |
| 6 | +* Fix Blake2b hash implementation ([#5089](https://github.com/opensearch-project/security/pull/5089)) |
| 7 | +* Remove OpenSSL provider ([#5220](https://github.com/opensearch-project/security/pull/5220)) |
| 8 | +* Remove whitelist settings in favor of allowlist ([#5224](https://github.com/opensearch-project/security/pull/5224)) |
| 9 | + |
| 10 | +#### Enhancements |
| 11 | +* Optimized Privilege Evaluation ([#4380](https://github.com/opensearch-project/security/pull/4380)) |
| 12 | +* Add support for CIDR ranges in `ignore_hosts` setting ([#5099](https://github.com/opensearch-project/security/pull/5099)) |
| 13 | +* Add 'good' as a valid value for `plugins.security.restapi.password_score_based_validation_strength` ([#5119](https://github.com/opensearch-project/security/pull/5119)) |
| 14 | +* Adding stop-replication permission to `index_management_full_access` ([#5160](https://github.com/opensearch-project/security/pull/5160)) |
| 15 | +* Replace password generator step with a secure password generator action ([#5153](https://github.com/opensearch-project/security/pull/5153)) |
| 16 | +* Run Security build on image from opensearch-build ([#4966](https://github.com/opensearch-project/security/pull/4966)) |
| 17 | + |
| 18 | +#### Bug Fixes |
| 19 | +* Fix version matcher string in demo config installer ([#5157](https://github.com/opensearch-project/security/pull/5157)) |
| 20 | +* Escape pipe character for injected users ([#5175](https://github.com/opensearch-project/security/pull/5175)) |
| 21 | +* Assume default of v7 models if _meta portion is not present ([#5193](https://github.com/opensearch-project/security/pull/5193))) |
| 22 | +* Fixed IllegalArgumentException when building stateful index privileges ([#5217](https://github.com/opensearch-project/security/pull/5217)) |
| 23 | +* DlsFlsFilterLeafReader::termVectors implementation causes assertion errors for users with FLS/FM active ([#5243](https://github.com/opensearch-project/security/pull/5243)) |
| 24 | +* Only check validity of certs in the chain of the node certificates ([#4979](https://github.com/opensearch-project/security/pull/4979)) |
| 25 | +* Corrections in DlsFlsFilterLeafReader regarding PointVales and object valued attributes ([#5304](https://github.com/opensearch-project/security/pull/5304)) |
| 26 | + |
| 27 | +#### Maintenance |
| 28 | +* Update AuditConfig.DEPRECATED_KEYS deprecation message to match 4.0 ([#5155](https://github.com/opensearch-project/security/pull/5155)) |
| 29 | +* Update deprecation message for `_opendistro/_security/kibanainfo` API ([#5156](https://github.com/opensearch-project/security/pull/5156)) |
| 30 | +* Update DlsFlsFilterLeafReader to reflect Apache Lucene 10 API changes ([#5123](https://github.com/opensearch-project/security/pull/5123)) |
| 31 | +* Adapt to core changes in `SecureTransportParameters` ([#5122](https://github.com/opensearch-project/security/pull/5122)) |
| 32 | +* Format SSLConfigConstants.java and fix typos ([#5145](https://github.com/opensearch-project/security/pull/5145)) |
| 33 | +* Remove typo in `AbstractAuditlogUnitTest` ([#5130](https://github.com/opensearch-project/security/pull/5130)) |
| 34 | +* Update Andriy Redko's affiliation ([#5133](https://github.com/opensearch-project/security/pull/5133)) |
| 35 | +* Upgrade common-utils version to `3.0.0.0-alpha1-SNAPSHOT` ([#5137](https://github.com/opensearch-project/security/pull/5137)) |
| 36 | +* Bump Spring version ([#5173](https://github.com/opensearch-project/security/pull/5173)) |
| 37 | +* Bump org.checkerframework:checker-qual from 3.49.0 to 3.49.2 ([#5162](https://github.com/opensearch-project/security/pull/5162)) ([#5247](https://github.com/opensearch-project/security/pull/5247)) |
| 38 | +* Bump org.mockito:mockito-core from 5.15.2 to 5.17.0 ([#5161](https://github.com/opensearch-project/security/pull/5161)) ([#5248](https://github.com/opensearch-project/security/pull/5248)) |
| 39 | +* Bump org.apache.camel:camel-xmlsecurity from 3.22.3 to 3.22.4 ([#5163](https://github.com/opensearch-project/security/pull/5163)) |
| 40 | +* Bump ch.qos.logback:logback-classic from 1.5.16 to 1.5.17 ([#5149](https://github.com/opensearch-project/security/pull/5149)) |
| 41 | +* Bump org.awaitility:awaitility from 4.2.2 to 4.3.0 ([#5126](https://github.com/opensearch-project/security/pull/5126)) |
| 42 | +* Bump org.springframework.kafka:spring-kafka-test from 3.3.2 to 3.3.4 ([#5125](https://github.com/opensearch-project/security/pull/5125)) ([#5201](https://github.com/opensearch-project/security/pull/5201)) |
| 43 | +* Bump org.junit.jupiter:junit-jupiter from 5.11.4 to 5.12.2 ([#5127](https://github.com/opensearch-project/security/pull/5127)) ([#5269](https://github.com/opensearch-project/security/pull/5269)) |
| 44 | +* Bump Gradle to 8.13 ([#5148](https://github.com/opensearch-project/security/pull/5148)) |
| 45 | +* Bump Spring version to fix CVE-2024-38827 ([#5173](https://github.com/opensearch-project/security/pull/5173)) |
| 46 | +* Bump com.google.guava:guava from 33.4.0-jre to 33.4.6-jre ([#5205](https://github.com/opensearch-project/security/pull/5205)) ([#5228](https://github.com/opensearch-project/security/pull/5228)) |
| 47 | +* Bump ch.qos.logback:logback-classic from 1.5.17 to 1.5.18 ([#5204](https://github.com/opensearch-project/security/pull/5204)) |
| 48 | +* Bump spring_version from 6.2.4 to 6.2.5 ([#5203](https://github.com/opensearch-project/security/pull/5203)) |
| 49 | +* Bump bouncycastle_version from 1.78 to 1.80 ([#5202](https://github.com/opensearch-project/security/pull/5202)) |
| 50 | +* remove java version check for reflection args in build.gradle ([#5218](https://github.com/opensearch-project/security/pull/5218)) |
| 51 | +* Improve coverage: Adding tests for ConfigurationRepository class ([#5206](https://github.com/opensearch-project/security/pull/5206)) |
| 52 | +* Refactor InternalAuditLogTest to use Awaitility ([#5214](https://github.com/opensearch-project/security/pull/5214)) |
| 53 | +* Bump com.google.googlejavaformat:google-java-format from 1.25.2 to 1.26.0 ([#5231](https://github.com/opensearch-project/security/pull/5231)) |
| 54 | +* Bump open_saml_shib_version from 9.1.3 to 9.1.4 ([#5230](https://github.com/opensearch-project/security/pull/5230)) |
| 55 | +* Bump com.carrotsearch.randomizedtesting:randomizedtesting-runner from 2.8.2 to 2.8.3 ([#5229](https://github.com/opensearch-project/security/pull/5229)) |
| 56 | +* Bump open_saml_version from 5.1.3 to 5.1.4 ([#5227](https://github.com/opensearch-project/security/pull/5227)) |
| 57 | +* Bump org.ow2.asm:asm from 9.7.1 to 9.8 ([#5244](https://github.com/opensearch-project/security/pull/5244)) |
| 58 | +* Bump com.netflix.nebula.ospackage from 11.11.1 to 11.11.2 ([#5246](https://github.com/opensearch-project/security/pull/5246)) |
| 59 | +* Bump com.google.errorprone:error_prone_annotations from 2.36.0 to 2.37.0 ([#5245](https://github.com/opensearch-project/security/pull/5245)) |
| 60 | +* More tests for FLS and field masking ([#5237](https://github.com/opensearch-project/security/pull/5237)) |
| 61 | +* Migrate from com.amazon.dlic to org.opensearch.security package ([#5223](https://github.com/opensearch-project/security/pull/5223)) |
| 62 | +* Fix compilation issue after Secure gRPC PR (#17796) merged into core ([#5263](https://github.com/opensearch-project/security/pull/5263)) |
| 63 | +* Bump commons-io:commons-io from 2.18.0 to 2.19.0 ([#5267](https://github.com/opensearch-project/security/pull/5267)) |
| 64 | +* Bump org.apache.commons:commons-text from 1.13.0 to 1.13.1 ([#5266](https://github.com/opensearch-project/security/pull/5266)) |
| 65 | +* Bump org.junit.jupiter:junit-jupiter-api from 5.12.1 to 5.12.2 ([#5268](https://github.com/opensearch-project/security/pull/5268)) |
| 66 | +* Bump com.google.guava:failureaccess from 1.0.2 to 1.0.3 ([#5265](https://github.com/opensearch-project/security/pull/5265)) |
![opensearch-trigger-bot[bot]](https://avatars.githubusercontent.com/u/80134844?v=4&size=40){kind=avatar}
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
0 commit comments