All notable changes to this project will be documented in this file.
The format is based on Keep a Changelogand this project adheres to Semantic Versioning.
- Subfolder Host Identity Mapping Issue: Fixed an issue where credentials mapped to subfolder host identities were not injected during pipeline execution, despite being visible at the subfolder level.
- Jenkins Credential Store Inheritance: Fixed the issue with Jenkins credential store inheritance.
- Credentials store list is randomly empty: If the Conjur appliance account or appliance URL is empty, should fall back to the global configuration values.
- Jenkins folder-level Job: Skip JWT/API Key authentication if Jenkins folder credentials scope is null.
- Folder-level Display Name: Fixed the Jenkins folder-level display name.
Fixed to support Jenkins folder-level system (non-global) credentials with Conjur API key authentication.
Enhancement to support read/view permissions of Conjur Credentials for Jenkins users
Support for multithreading access.
Simplified JWT Configuration for Enhanced Security and User Experience We're excited to announce a significant update to the Conjur Credentials plugin for Jenkins, focusing on simplifying and enhancing the JWT (JSON Web Token) configuration process. Our goal with this update is to streamline the user experience while increasing the security of your configurations.
- Reduced Complexity: We've reduced the number of custom fields in the JWT configuration. This approach not only simplifies the configuration process but also enhances the overall security by minimizing potential vulnerabilities.
- Deprecation of Some Fields: Please note that some fields (claims) have been deprecated in this update. Fields are restricted to pre-selected values, please ensure your existing configuration is compatible. This means that certain custom user inputs will no longer be supported. This change is critical for maintaining a secure and efficient configuration environment.
- **Simplified Configuration:he number of custom fields in the JWT configuration. This approach not only simplifies the configuration process but also enhances the overall security by minimizing potential vulnerabilities.
- Deprecation of Some Fields: Please note th** This functionality allows you to temporarily use some "grandfathered" values from your previous configurations. This interim solution is available until the next release, providing a comfortable adjustment period.
These changes are designed to enhance both security and user experience. However, they may impact your current environment due to the deprecation of certain fields and the shift towards a more streamlined configuration approach. We encourage you to review your current configurations and adapt to the new system, leveraging simplified configuration for an easier transition.
We strongly recommend utilizing the default values recommended for fields that will be deprecated. These defaults are either system-generated or selected from an approved list of values, ensuring optimal security and compatibility.
- Update to support JWKS public key re-generation.
- Fixed for Null-Pointer exception while retrieving Secrets
- Fixed pipeline build Junit Test cases rewritten with Mockito and removed power-mockito dependencies compatibility with JDK 11 &17 version.
- Fixed Jenkins-Bitbucket Instance
- End to End test of internal automated build process
- Update for internal automated build process
- Support access of Folder level crdentials to child folders & jobs.
- Security updates in pom.xml & support to Java 11. The following depedency updates are made:
- org.jenkins-ci.plugins is updated from 4.17 to 4.48
- Jenkins version has been updated from 2.176.1 to 2.377
- kotlin-stdlib-common updated to 1.6.20
- okhttp has been updated from 3.11.0 to 4.10.0
- jackson-databind has been updated from 2.12.5 to 2.14.0
- gsom from 2.8.8 to 2.8.9
- io.jenkins.tools.bom artifact id updated from bom-2.164.x to bom-2.332.x
- JWT token issuer is set to the root URL of the jenkins instance
- WebService ID for the authentication can be either the service id or authenticator_type/service_id (authn-jwt/id)
- Warning/error on validation for Key and Token TTL
- Updated README.md
- Added "JWT Token Claims" button to configuration page to obtain referecence claims to be used by JWT Authenticator
- Fixed bindings for context aware store credentials
- Added JWT Authentication
- Added Context Aware (Based on JWT) Credential Provider
- Updated Doc
- Misc fixes
- Incorporated changes for null certificate on slave
- Brought fixes for core cyberark/conjur-credentials-plugin
- Release in plugins
## 1.0.2 - 2020-05-05
- Included changes to allow GIT plugin to retrieve credentials from slaves
- Removed binaries deliverables, to use artifactory to deliver binaries
- Added Support for SSH Private Key