Softpedia >Windows >Internet >Remote Utils >Boundary >  Changelog

Boundary Changelog

What's new in Boundary 0.16.0

Apr 30, 2024
  • New and Improved:
  • Target aliases have been added: You can now create an alias for a target. In most situations where you would use a target id, you can now instead use the alias value. Crate an alias with boundary aliases create target -value example.boundary -destination-id ttcp_1234567890 and connect to a target using an alias using boundary connect example.boundary
  • Worker local storage state: Self managed workers that are configured to be used for session recordings will report the state of the its disk space. To learn more about this new feature, refer to the documentation.
  • MinIO storage plugin: You can now create a storage bucket that allows Boundary to interoperate with a MinIO cluster for Session Recording storage. This includes some added functionality such as credential rotation and credential management. To learn more about the plugin, refer to the readme. Note: Due to a library incompatibility, this release is not yet compatible with the netbsd operating system. Please refer to the following documentation to learn how to create a storage bucket.
  • ui: Add UI support for filtering and pagination (PR)
  • ui: Add UI support for MinIO (Enterprise and HCP Boundary only) (PR)
  • Added dependency:
  • postgres citext dependency added to enable aliases to be globally unique in a case insensitive way.

New in Boundary 0.15.4 (Apr 10, 2024)

  • bump api/sdk

New in Boundary 0.15.3 (Mar 22, 2024)

  • Bug Fixes:
  • Fix a nil pointer error in the client cache daemon when a refresh was forced performing a boundary search. (PR)
  • Resolved an issue introduced in 0.14 where, after successfully deleting an AWS S3 Storage Bucket with credential rotation enabled, Boundary could not delete the associated IAM Access Key resource
  • New and Improved:
  • templating: A new templating function coalesce can be used to match a template against multiple possible values, returning the first non-empty value. As an example, this can be used in a credential library to allow a username value that might be comprised of a name or login name depending on the auth method, e.g. {{ coalesce .Account.Name .Account.LoginName}} (PR))

New in Boundary 0.15.1 (Mar 1, 2024)

  • Bug Fixes:
  • cli: Update proxy listener to not close when the number of connections left for the session is zero. The listener will refuse new connections when the number of connections left is zero but existing connections will be active.This fixes a CLI client issue where sessions with max connection count configured were closed when the number of connections left hit 0. (Issue, (PR))
  • Fix issue where the websocket connection was throwing closing errors during the session teardown. (PR)
  • New and Improved:
  • feat: support added for tracking and reporting monthly active users for the purpose of billing. It adds a new API endpoint, /v1/billing:monthly-active-users and new cli command, boundary billing monthly-active-users that can be used to view the monthly active user counts.

New in Boundary 0.15.0 (Jan 31, 2024)

  • Deprecations/Changes:
  • Per the note in Boundary 0.13.0, the previous kms worker method has been removed. Since 0.13.0, unless the use_deprecated_kms_auth_method value was set on the worker config, the new kms mechanism was already being used; this is simply no longer an available option.
  • Per the notes in Boundary 0.12.0 and 0.14.0, it is now an error if an address on a host or target contains a port. As of this release, this restriction also affects existing addresses (not just creation/updating via the API) so any existing addresses containing a port will not be able to be used as part of a target's session authorization call.
  • The grant_scope_id field on roles is now deprecated in favor of the multiple grant scope support.
  • Per the note in Boundary 0.13.1, the id field in grants has changed to ids which allows multiple ids to be included; existing grants submitted to Boundary will continue to work, but grants using "id" can no longer be added to or set on a role.
  • All list endpoints except workers now return the first 1000 items instead of all items if no parameters are provided. The number of items returned can be configured through the new controller configuration value max_page_size. The Admin UI, CLI and api package automatically paginate results.
  • New and Improved:
  • Multiple grant scopes in roles: Roles now support multiple grant scopes, along with the special values this, children (global/org only) to apply to all direct children of a scope, and descendants (global only) to apply to all descendants of a scope. These use the new actions add-grant-scopes, set-grant-scopes, and remove-grant-scopes on roles. For now the grant_scope_id field on roles will continue to be able to be set, which will set a single grant scope, but this capability is now deprecated.
  • Policies (Enterprise and HCP Boundary only): This release introduces Policies, a Boundary resource that represents a Governance Policy to enforce. The first implementation targets Storage Policies, which enables administrators to automate the process of retention and deletion of Session Recordings, ensuring that they're only retaining data that is explicitly required from a security/compliance perspective.
  • ui: Add full UI support for Storage Policies managing the lifecycle of Session Recordings.
  • (PR)
  • New generic commands read, update, and delete have been added. These allow operating on resources by directly specifying the ID of the resource as the next parameter (e.g. boundary update ttcp_1234567890). Subtypes do not need to be specified (e.g. that command is equivalent to boundary targets update tcp -id ttcp_1234567890), and any flags given after the ID are passed through to the type-specific subcommand. Once the ID has been entered, autocomplete is also supported. (PR)
  • The key_id parameter within SSH Certificate Credential Libraries now accepts the use of templated parameters (PR)
  • List endpoint pagination: All list endpoints except workers now support pagination.
  • api: All list endpoints except workers have added support for pagination. The api package automatically paginates until the end of the results. The new `WithListToken`` option can be used to request a list of updated and deleted resources relative to the last result received.
  • config: add new controller field max_page_size for controlling the default and max size of pages when paginating through results.
  • New command search has been added allowing quick searching of targets or sessions. It utilizes a client side cache also added in this release. The client side cache starts itself automatically in the background when successfully executing any command that communicates with a Boundary controller. To disable the client cache from starting automatically set the BOUNDARY_SKIP_CACHE_DAEMON environment variable or pass the -skip-cache-daemon flag when running a command that may start it.
  • Commands daemon start, daemon stop, daemon status, and daemon add-token were added to help manage the cache. The cache does not currently work with Boundary instances that require the use of client side certs.

New in Boundary 0.14.2 (Nov 2, 2023)

  • New and Improved:
  • Expose Valid Principals for Vault SSH Signed Certs: Allow users to add additional valid principals when creating a vault ssh signed cert credential library (PR).
  • Bug Fixes:
  • High CPU consumption: A background GRPC connection state check caused high CPU utilization. This was caused by a long running loop that was checking for GRPC connection state changes between a worker and an upstream connection address. The loop was not correctly waiting for GRPC connection state changes before running. The issue was fixed by correctly updating the state that determines when the loop in GRPC connection state check should run. (PR)
  • LDAP auth methods: Fix encoding of mTLS client key which prevented Boundary from making mTLS connections to an LDAP server (Issue, PR).

New in Boundary 0.14.1 (Oct 17, 2023)

  • Bug Fixes:
  • deps: Bump Go version to v1.21.3; gRPC to v1.58.3; golang.org/x/net to v0.17.0. This is to address a security vulnerability in the HTTP stack where a malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption.

New in Boundary 0.14.0 (Oct 11, 2023)

  • Deprecations/Changes:
  • Per the note in Boundary 0.12.0, the vault credential library subtype has now been removed in favor of vault-genericFor example, instead of boundary credential-libraries create vault, you must use boundary credential-libraries create vault-generic.
  • Per the note in Boundary 0.12.0, errors returned from the cli when using the -format=json option will now only use the status_code fieldThe status field has been removed.
  • Per the note in Boundary 0.12.0, targets require a default port valuePorts defined as part of a host address were ignored but allowed as part of a target definition; from 0.14.0 onwards, any port defined on a host address will now become an error.
  • Targets: Per the note in Boundary 0.10.10, target Application Credentials has been renamed to Brokered Credentialsapplication-credential-source has been removed as a fieldbrokered-credential-source should be used instead(PR, deprecated changelog).
  • New and Improved:
  • cli: Add support for specifying a command that will be executed on the remote host when using the boundary connect ssh subcommand.
  • (Issue, PR).
  • feat: add API support for additional LDAP auth method fields: maximum_page_size and dereference_aliases
  • (PR).
  • feat: add worker upstream connection status to ops health check
  • (PR).
  • feat: allow HCP cluster id to be sourced from file or env variable
  • (PR).
  • feat: add support for telemetry events via flag or Boundary configuration (requires observation events to be enabled)Deny filter now filters coordination worker status from observation events by default(This behavior is overridden by any user specified allow or deny filters)
  • (PR).
  • ui: Add full UI support for LDAP auth method
  • (PR)
  • ui: Add new attribute fields to storage bucket to support the assume role service in AWS.
  • (PR)
  • Bug Fixes:
  • LDAP auth methods: allow bind-dn and bind-password to be updated independently(PR)
  • targets: Fix address field not being populated if the number of targets on a list returns more than 10000 entries (PR)
  • cli: Fix issue when using the authenticate command against a password auth method on Windows where the password would be swallowed when the login name is submitted (PR)
  • worker: Fix an issue that could cause intermittent startup issues on slow systems (PR)
  • cli: Remove websocket max message sizeThis fixes issues where large message sizes are sent to the client from a worker which resulted in the connection being terminated, as is the case with an scp download when using an SSH Target(PR)

New in Boundary 0.13.1 (Jul 18, 2023)

  • Bug Fixes:
  • PKI worker authentication: A worker authentication record can be stored more than once, if it matches the
  • existing record for that worker auth key ID. Fixes an edge case where a worker attempted authorization
  • and the controller successfully stored the worker auth record but went down before returning authorization
  • details to the worker. (PR)
  • LDAP managed groups: adding/setting/removing a principal to a role now works
  • properly when it's an LDAP managed group.
  • (PR and
  • PR)

New in Boundary 0.13.0 (Jun 13, 2023)

  • New and Improved:
  • KMS workers: KMS workers now have feature parity with PKI workers (they support multi-hop and Vault private access) and support separate KMSes for authenticating downstreams across different networks. See the worker configuration documentation for more information. (PR)
  • roles: Perform additional validity checking on grants at submission time (PR)
  • targets: The new default_client_port field allows specifying the default port to use on the client side when connecting to a target, unless overridden by the client via -listen-port (PR)
  • cli/api/sdk: New LDAP auth method type added with support for create, read, update, delete, and list (see new cli ldap subcommands available on CRUDL operations for examples), as well as the ability to authenticate against it via the SDK, CLI, admin UI, and desktop client. (PR)
  • ui: Display external names when listing dynamic hosts (PR)
  • ui: Add support for LDAP authentication (PR)
  • Dynamic Host Catalog: You can now view the AWS or Azure host name when listing hosts in CLI, admin console, and desktop client. (PR)
  • Deprecations/Changes:
  • With the introduction of the new KMS variant for worker registration (as described below), using the deprecated behavior requires opting-in. This is only recommended if compatibility with pre-0.13 workers using the KMS auth method is required. Requiring opting in removes some potentially confusing behavior for deciding when to use the old versus new mechanism. To opt in, add use_deprecated_kms_auth_method = true to the worker config block. Note that if a 0.13+ worker using KMS connects to a 0.13+ controller using KMS, the transition to the new method will happen automatically. To go back to the old method after that will require the worker to be deleted and re-added with the use_deprecated_kms_auth_method config field specified.
  • When grants are added to roles additional validity checking is now performed. This extra validity checking is designed to reject grants that are not documented grant formats or are for combinations of IDs and types that cannot actually be used together. These previously would have been accepted without error but would never result in permissions being granted, causing confusion. As a result, attempting to write such grants into roles may now result in an error; the error message gives hints for resolution.
  • WithAutomaticVersioning for auth tokens in Go SDK: this option was incorrectly being generated for auth token resources, which do not support versioning. This is technically a breaking change, but it was a no-op option anyways that there was no reason to be using. It has now been removed.
  • Plugins: With the introduction of new plugin services, the Azure and AWS Host plugin repositories have been renamed to drop the host element of the repository name:
  • https://github.com/hashicorp/boundary-plugin-host-aws -> https://github.com/hashicorp/boundary-plugin-aws
  • https://github.com/hashicorp/boundary-plugin-host-azure -> https://github.com/hashicorp/boundary-plugin-azure
  • similarly the plugins/host package has been renamed to plugins/boundary (PR1,PR2, PR3, PR4).
  • PostgreSQL 12 or greater is now required. PostgreSQL 11 is no longer supported.
  • Bug Fixes:
  • targets: authorize-session now works properly when using a target's name as the identifier and the target name contains one or more slashes (PR)
  • resource listing: API requests to list a resource (targets, sessions, users, etc) now properly return all resources the callers has appropriate permission to list (PR)
  • sessions: Fix a bug that contributed to slow response times when listing sessions that had a large number of connections (PR)
  • ui: Fix client secret bug for OIDC authentication methods(PR)
  • ui: Fix linking to a Host from the Host Set screen of a Dynamic Host Catalog (PR)

New in Boundary 0.12.2 (Apr 8, 2023)

  • Security:
  • Boundary now uses Go 1.19.8 to address CVE-2023-24536.

New in Boundary 0.12.1 (Mar 13, 2023)

  • Fix(tests): break out of infinite loop for bats tests

New in Boundary 0.12.0 (Feb 8, 2023)

  • Deprecations/Changes:
  • In Boundary 0.9.0, targets were updated to require a default port value. This
  • Had been the original intention; it was a mistake that it was optional.
  • Unfortunately, due to a separate defect in the update verification logic for
  • Static hosts, it was possible for a host to be updated (but not created) with
  • A port. This meant that targets could use ports attached to host addresses,
  • Which was not the intention and leads to confusing behavior across different
  • Installations. In this version, updating static hosts will no longer allow
  • Ports to be part of the address; when authorizing a session, any port on such
  • A host will be ignored in favor of the default port on the target. In Boundary
  • 0.14.0, this will become an error instead. As a consequence, it means that the
  • Fallback logic for targets that did not have a default port defined is no
  • Longer in service; all targets must now have a default port defined.
  • With the introduction of vault-ssh-certificate credential libraries, the
  • Vault credential library subtype is being renamed to vault-generic to
  • Denote it as a credential library that can be used in a generalized way to
  • Issue credentials from vault. Existing credential libraries with the
  • Subtype of vault will be updated to vault-generic. The subtype of
  • Vault will still be accepted as a valid subtype in API requests to the
  • Credential libraries endpoints, but is deprecated. Instead vault-generic
  • Should be used. In addition the boundary credential-libraries create vault and boundary credential-libraries update vault subcommands will
  • Still function, but are deprecated. Instead boundary credential-libraries create vault-generic and boundary credential-libraries update vault-generic should be used. Also note that any credential library created
  • Using the subtype of vault, either via the API or via the deprecated
  • Subcommand, will have the subtype set to vault-generic. The deprecated
  • Subtype and subcommands will be removed in boundary 0.14.0, at which point
  • Vault-generic must be used.
  • In Boundary 0.1.8 using the -format=json option with the cli would provide
  • A status_code for successful API requests from the cli. However, in the
  • Case where an error was returned, the JSON would use status instead. This
  • Inconsistency has been fixed, with status_code being used in both cases.
  • For error cases status will still be populated, but is deprecated and will
  • Be removed in 0.14.0.
  • New and Improved:
  • Direct Address Targets: You can now set an address directly on a target,
  • Bypassing the need for host catalogs, host sets and hosts.
  • (PR)
  • Custom Response Headers: Adds ability to set api and ui response headers based
  • On status code. Includes default secure CSP and other headers.
  • (PR)
  • Metrics: Adds accepted connections and closed connections counters to keep track
  • Downstream connections for worker and controller servers.
  • (PR)
  • Egress and Ingress worker filters: The target worker_filter field has been deprecated and
  • Replaced with egress and ingress worker filters. Egress worker filters determine which workers are
  • Used to access targets. Ingress worker filters (HCP Boundary only) determine which workers are
  • Used to connect with a client to initiate a session. (PR)
  • Multi-Hop Sessions (HCP Boundary only): Multi-hop PKI workers can communicate with each other to serve
  • 2 primary purposes: authentication and session proxying. This results in the ability to chain
  • Multiple workers together to access services hidden under layers of network security. Multi-hop
  • Workers can also establish a TCP session through multiple workers, with the ability to reverse
  • Proxy and establish a connection.
  • Ui: Upgrade Admin UI to Ember 4.4.
  • (PR)
  • Ui: Add support for JSON credentials in Admin UI.
  • (PR)
  • Vault SSH certificate credential library: A new credential library that uses
  • The vault ssh secret engine to generate ssh private key and certificates. The
  • Library can be used as an injected application credential source for targets
  • That support credential injection. (PR)
  • Bug Fixes:
  • Plugins: Ignore SIGHUP sent to parent process; some init systems, notably
  • Dumb-init, would pass them along to the child processes and cause the
  • Plugin to exit (PR)
  • Data warehouse: Fix bug that caused credential dimensions to not get
  • Associated with session facts (PR).
  • Sessions: Fix two authorizeSession race conditions in handleProxy. (PR)
  • Cli: When using -format=json the JSON was inconsistent in how it reported
  • Status codes. In successful cases it would use status_code, but in error
  • Cases it would use status. Now status_code is used in both cases. In
  • Error cases status is still populated, see the deprecations above for
  • More details. (PR)
  • Database: Add job that automatically cleans up completed runs in the job_run table.
  • (PR)

New in Boundary 0.11.2 (Dec 9, 2022)

  • Security:
  • Boundary now uses Go 1.19.4 to address security vulnerability (CVE-2022-41717)

New in Boundary 0.11.1 (Nov 29, 2022)

  • Bug Fixes:
  • sessions: Fix workers not being in random order when returned to clients at
  • authorize-session time, which could allow one worker to bear the majority of
  • sessions (PR)
  • workers: In some error conditions when sending status to controllers, errors
  • could be written to stdout along with a message that they could not
  • successfully be evented instead of being written to the event log
  • (PR)
  • workers: Fixed a panic that can happen in certain situations
  • (PR)
  • sessions: Fixed a panic in a controller when a worker is deleted while
  • sessions are ongoing (PR)
  • sessions: Fixed a panic in a worker when a user with an active
  • session is deleted (PR)
  • sessions: Fixed a bug where reading a session after its associated project
  • had been deleted would result in an error
  • (PR)
  • config: Fixed a bug where supplying multiple KMS blocks with the same purpose
  • would silently ignore all but the last block
  • (PR)
  • Deprecations/Changes:
  • In order to standardize on the templating format, templates in
  • grantsnnow are documented to use the new capitalization and format; however, the previous style will continue to work.

New in Boundary 0.11.0 (Sep 27, 2022)

  • Known Issues:
  • PKI workers in past versions did not store a prior encryption key, and a bug
  • Prior to 0.11.0 meant that auth rotations could happen more frequently than
  • Expected. This could cause some race issues around rotation time. However,
  • There was another issue where a past worker authentication record could be
  • Looked up for some operations instead of the current one, made more likely by the too-frequent rotations. In 0.11.0 we attempt to ensure that the record
  • That remains on upgrade is the most current one, but it is possible that the
  • Wrong one is chosen, leading to a failure for the worker to authenticate or
  • For some operations to consistently fail. In this case, the worker will need
  • To be deleted and re-authorized. We apologize for any issues this causes and
  • This should be remedied going forward.
  • Bug Fixes:
  • Fix bug preventing delete of org.
  • Scopes: Organizations could be prevented from being deleted if some resources
  • Remained
  • Workers: Authentication rotation could occur prior to the expected time
  • Workers: When looking up worker authentication records, an old record could be returned instead of the new one, leading to errors for encryption or decryption operations
  • New and Improved:
  • Vault: (HCP Boundary only): Private Vault clusters can be used with HCP Boundary by using PKI workers
  • Deployed in the same network as a private cluster. Tags are used to control which PKI workers can manage private Vault
  • Requests by specifying a worker_filter attribute when configuring a Vault credential store.
  • Credentials: There is now a json credential type supported by static
  • Credential stores that allows submitting a generic JSON object to Boundary for
  • Use with credential brokering workflows
  • Ui: Add support for worker management
  • Ui: Add support for PKI worker registration
  • Ui: Add support for Static Credential Stores
  • Ui: Add support for Username & Password Credentials
  • Ui: Add support for Username & Key Pair Credentials
  • Ui (HCP Boundary only): SSH Target creation along with injected application
  • Credential support
  • Ui (HCP Boundary only): Update vault credential stores to support private
  • Vault access
  • Ui: Improve quick setup wizard onboarding guide resource names
  • Ui: Updates to host catalog and host set forms and “Learn More” links
  • Workers: Added the ability to read and reinitialize the Worker certificate
  • Authority (PR1,
  • Workers: Return the worker Boundary binary version on worker list and read
  • Workers: Addition of worker graceful shutdown, triggered by an initial
  • SIGINT or SIGTERM
  • Workers: Retain one previous encryption/decryption key after authentication
  • Rotation
  • Deprecations/Changes:
  • In 0.5.0, the add-host-sets, remove-host-sets, and set-host-sets actions
  • On targets were deprecated in favor of add-host-sources,
  • Remove-host-sources, and set-host-sources. Originally these actions and
  • API calls were to be removed in 0.6, but this was delayed to give extra time
  • For clients to switch over. This has now been fully switched over. A database
  • Migration will modify any grants in roles to have the new actions. This same
  • Changeover has been made for add-/remove-/set-credential-libraries to
  • Add-/remove-/set-credential-sources, although those actions would only be in
  • Grant strings in very rare circumstances as the -sources actions replaced
  • The -libraries actions very quickly.

New in Boundary 0.10.5 (Sep 14, 2022)

  • Bug Fixes:
  • Grants: Properly resolve "only self" for permissions. When generating
  • permissions from grants, if a single grant was limited only to a set of "self"
  • actions and that was the last grant parsed (which would be semi-random
  • depending on a number of factors), the overall set of permissions would be
  • marked as only-self. This would result in the generated permissions being more
  • limiting then they should be based on the grants. This only impacts the
  • sessions list endpoint. It would result in users that have been granted access
  • to list other user's sessions to be unable to see these sessions in the list
  • results (PR).

New in Boundary 0.10.4 (Sep 13, 2022)

  • New and Improved:
  • Controller-led worker authorization: This is a second authorization option for the workers using PKI-based authentication that was introduced in Boundary 0.10.0. In 0.10.0, the only mode available was "worker-led", in which a worker generates an authorization request which can be submitted to a controller to authorize the worker. With this new controller-led flow, a worker can be created via the controller API first and return a one-time-use authorization token. This token can then be made available to the worker at startup time via its configuration file, env var, or a file with the value. If the worker is not authorized and this token is provided, it will use the token to authorize itself to the controller and set up PKI-based authentication.
  • Initial upstreams reloading on SIGHUP: Workers will now re-read the initial_upstreams value from the configuration file when given a SIGHUP. This allows a worker to reconnect to controllers if the full set of controllers has been changed over at the same time, without having to restart the worker. (PR)
  • Bug Fixes:
  • Vault: Correctly handle Vault credential stores and libraries that are linked to an expired Vault token.
  • Aws host catalog: Fix an issue where the request to list hosts could timeout on a large number of hosts
  • Aws host catalog: Fix an issue where filters could become unreadable in the UI if only one filter was created and was set by the CLI or directly via the API
  • Aws host catalog: Use provided region for IAM calls in addition to EC2
  • Azure host catalog: Fix hosts not being found depending on the exact filter used because different filters return values with different casing
  • Sessions: Fix an issue where sessions could not have more than one connection
  • Workers: Fix repeating error in logs when connected to HCP Boundary about an unimplemented HcpbWorkers call
  • Workers: Fix a panic that could occur when workers:create:worker-led (e.g.
  • Via boundary workers create worker-led) was given an invalid token
  • Workers: Add the ability to set API-based worker tags via the CLI

New in Boundary 0.10.3 (Aug 31, 2022)

  • db: Fix an issue with migrations failing due to not updating the project_id value for the host plugin set (Issue), (PR).

New in Boundary 0.10.1 (Aug 11, 2022)

  • Bug Fixes:
  • db: Fix an issue with migrations affecting clusters that contain credential libraries or static credentials. (Issue), (PR).
  • Managed Groups: Fix an issue where the filter field is not sent by admin UI (PR).
  • Host Sets: Fix an issue causing host sets to not display in UI when using the aws plugin (PR)
  • Plugins: Fixes regression from 0.9.0 causing a failure to start when using multiple KMS blocks of the same type (PR1, PR2)
  • CLI: Fixed errors related to URL detection when passing in -attr or -secret values that contained colons (PR)

New in Boundary 0.10.0 (Aug 10, 2022)

  • New and Improved:
  • boundary connect Credential Brokering Integration: we have extended integration into the boundary connect helpers. When using the ssh helper if the brokered credentials contain a ssh_private_key type the command will automatically pass the credentials to the ssh process (PR).
  • boundary authenticate, boundary accounts: Enables use of env:// and file:// syntax to specify location of a password (PR)
  • Bug Fixes:
  • cli: Correctly cleanup plugins after exiting boundary dev, boundary server and boundary database init (Issue, PR).
  • boundary accounts change-password: Fixed being prompted for confirmation of the current password instead of the new one (PR)
  • Deprecations/Changes:
  • API Module: Changed the return types that reference interfaces into their expected typed definition. Type casting is only allowed against interface types, therefore to mitigate compiler errors please remove any type casting done against the return values. (Issue, PR)
  • Targets: Rename Application credentials to Brokered credentials (PR).
  • Host plugins: Plugin-type host catalogs/sets/hosts now use typed prefixes for any newly-created resources. Existing resources will not be affected. (PR)
  • Credential stores: Static-type credential stores/credentials now use typed prefixes for any newly-created resources. Existing resources will not be affected. (PR)
  • Change of behavior on -token flag in CLI: Passing a token this way can reveal the token to any user or service that can look at process information. This flag must now reference a file on disk or an env var. Direct usage of the BOUNDARY_TOKEN env var is also deprecated as it can show up in environment information; the env:// format now supported by the -token flag causes the Boundary process to read it instead of the shell so is safer. (PR)
  • Change of behavior on -password flag in CLI: The same change made above for -token has also been applied to -password or, for supporting resource types, -current-password and -new-password. (PR)

New in Boundary 0.9.1 (Jul 7, 2022)

  • New and Improved:
  • azure host plugin: Support multiple MSI identities PR
  • Bug Fixes:
  • scheduler: Fix regression causing controller names of less than 10 characters to fail to register jobs(PR).
  • sessions: Fix an additional case from the changes in the 0.8.x series that could result in sessions never moving from canceling state to terminated. (PR)
  • The plugin execution_dir configuration parameter is now respected by kms plugins too PR.
  • Deprecations/Changes:
  • sessions: The default connect limit for new sessions changed from 1 to unlimited (-1).
  • Specific connection limits is an advanced feature of Boundary and this setting is more friendly for new users. (PR)

New in Boundary 0.9.0 (Jun 20, 2022)

  • New and Improved:
  • PKI Workers: This release introduces a new worker type pki which authenticates to Boundary using a new certificate-based method, allowing for worker deployment without using a shared KMS.
  • Credentials: This release introduces a new credential store type static, which simply takes in a user-supplied credential and stores it (encrypted) directly in Boundary. Currently, the static credential store can hold credentials of type username_password. These credentials can act as credential sources for targets, similar to credential libraries from the vault credential store, and thus can be brokered to users at session authorization time. PR
  • boundary connect Credential Brokering Integration: we have extended integration into the boundary connect helpers. A new sshpass style has been added to the ssh helper, when used, if the credential contains a username/password and sshpass is installed, the command will automatically pass the credentials to the ssh process. Additionally, the default ssh helper will now use the username of the brokered credential. PR.
  • controller: Improve response time for listing sessions. This also creates a new periodic job that will delete terminated sessions after 1 hour. See Deprecations/Changes for some additional details. PR.
  • event filtering: Change event filters to use lowercase and snake case for data elements like the rest of Boundary filters do.
  • ui: Use include_terminated flag for listing sessions. PR.
  • ui: Add Quick Setup onboarding guide. PR.
  • Bug Fixes:
  • The plugin execution_dir configuration parameter is now respected. PR.
  • ui: Fix Users page not updating fields correctly. PR.
  • Deprecations/Changes:
  • Targets: Removes support for credential libraries with respect to Target resources. The library fields and actions were deprecated in Boundary 0.5.0, please use credential sources instead. See changelog referenced above for more details (PR).
  • Credential Libraries: The user_password credential type has been renamed to username_password to remove any inconsistency over what the credential type is. All existing user_password typed credential libraries will be migrated to username_password (PR).
  • controller: Change the default behavior of the session list endpoint to no longer include sessions in a terminated state and introduces a new query parameter/cli flag to include the terminated sessions. This also removes the connection information from the list response. PR.
  • Anonymous user permissions: In order to reduce the risk of accidental and unintended granting of permissions to anonymous users, the permissions system now only allows certain actions on certain resources to be assigned to the anonymous user; currently these are the same permissions as assigned in Boundary's default role permissions. If other use-cases arise this list can be expanded. See the documentation for more details.

New in Boundary 0.8.1 (May 16, 2022)

  • Bug Fixes:
  • Controller: Do not shut down cluster listener when it receives an invalid packet (Issue, PR)
  • Session: update cancel_session() function to check for terminated state (Issue, PR)

New in Boundary 0.8.0 (May 3, 2022)

  • New and Improved:
  • Metrics: provide metrics for controllers and workers
  • Controller: new health endpoint (PR).
  • Improve response time for listing sessions and targets.
  • Ui: Add support for worker filters in targets.
  • Ui: Add manual refresh button in sessions list.
  • Bug Fixes:
  • Worker: create new error to prevent event.newError: missing error: invalid parameter and handle session cancel
  • With no TOFU token (Issue, PR)
  • Controller: Reconcile DEKs with existing scopes (Issue, PR)
  • Fix for retrieving sessions that could result in incomplete results when there is a large number (10k+) of sessions. PR
  • Session: update session state trigger to prevent transitions to invalid states (Issue, PR)

New in Boundary 0.7.6 (Mar 17, 2022)

  • Bug Fixes:
  • sessions: Sessions and session connections have been refactored to better isolate transactions and prevent resource contention that caused deadlocks. (Issue, PR)
  • scheduler: Fix bug that causes erroneous logs when racing controllers attempted to run jobs (Issue, PR).

New in Boundary 0.7.5 (Feb 17, 2022)

  • New and Improved:
  • Cli: Update authentication examples to remove password flag and make subcommend selection a bit clearer (PR)
  • Data Warehouse: Add addresses on plugin based hosts to the database warehouse. 3 new dimension tables have been added including wh_network_address_group (which is now referenced by wh_host_dimension), wh_network_address_dimension, and wh_network_address_group_membership. (PR)
  • Ui: Add support for dynamic host catalog. AWS and Azure plugin-based CRUD operations.
  • Bug Fixes:
  • Targets: Specifying a plugin based host id when authorizing a session now works. (PR)
  • Targets: DNS names are now properly parsed when selecting an endpoint for authorizing a session. (PR)
  • Hosts: Static hosts now include the host sets they are in. (PR)

New in Boundary 0.7.4 (Jan 18, 2022)

  • Deprecations/Changes:
  • In newly-created scopes, if default role creation is not disabled, the roles will now contain a grant to allow listing targets. This will still be subject to listing visibility rules, so only targets the user is granted some action on (such as authorize-session) will be returned.
  • New and Improved:
  • config: The description field for workers now supports being set from environment variables or a file on disk (PR)
  • config: The max_open_connections field for the database field in controllers now supports being set from environment variables or a file on disk (PR)
  • config: The execution_dir field for plugins now supports being set from environment variables or a file on disk.(PR)
  • config: Add support for reading worker controllers off of environment variables as well as files. (PR)
  • config: The description field for controllers now supports being set from environment variables or a file on disk (PR)
  • config: Add support for reading worker tags off of environment variables as well as files. (PR)
  • config: Add support for go-sockaddr templates to Worker and Controller addresses. (PR)
  • controllers/workers: Add client IP to inbound request information which is included in Boundary events (PR)
  • host: Plugin-based host catalogs will now schedule updates for all of its host sets when its attributes are updated. (PR)
  • scopes: Default roles in newly-created scopes now contain a grant to allow listing targets. (PR)
  • plugins/aws: AWS plugin based hosts now include DNS names in addition to the IP addresses they already provide.
  • Bug Fixes:
  • session: Fix duplicate sessions and invalid session state transitions. (PR)

New in Boundary 0.7.3 (Dec 17, 2021)

  • Bug Fixes:
  • Target: Fix permission bug which prevents the UI from being able to add and remove
  • Host sources on a target. (PR)
  • Credential: Fix panic during credential issue when a nil secret is received. This can
  • Occur when using the Vault KV backend which returns a nil secret and no error if the
  • Secret does not exist. (PR)

New in Boundary 0.7.2 (Dec 16, 2021)

  • Security:
  • Boundary now uses Go 1.17.5 to address a security vulnerability (CVE-2021-44716) where an attacker can cause unbounded memory growth in a Go server accepting HTTP/2 requests.
  • See the Go announcement formore details. (PR)

New in Boundary 0.7.1 (Nov 19, 2021)

  • Bug Fixes:
  • db: Fix panic invoking the CLI on Windows. Some changes to how the binary is initialized resulted in running some functions on every startup that looked for some embedded files. However, Go's embed package does not use OS-specific path separators, so a mismatch between path separators caused a failure in the function. (PR)

New in Boundary 0.7.0 (Nov 18, 2021)

  • Deprecations/Changes:
  • tls: Boundary's support for TLS 1.0/1.1 on the API listener was broken. Rather than fix this, we are simply not supporting TLS 1.0/1.1 as they are insecure.
  • New and Improved:
  • Boundary now supports dynamic discovery of host resources using our (currently internal) new plugin system. See the documentation for configuration instructions. Currently, only Azure and AWS are supported, but more providers
  • will be following in future releases.
  • workers: The existing worker connection replay prevention logic has been enhanced to be more robust against attackers that have decryption access to the shared worker-auth KMS key (PR)
  • Bug Fixes:
  • tls: Support TLS 1.2 for more clients. This was broken for some clients due to a missing mandated cipher suite of the HTTP/2 (h2) specification that could result in no shared cipher suites between the Boundary API listener and those
  • clients. (PR)
  • vault: Fix credential store support when using Vault namespaces (Issue, PR)

New in Boundary 0.6.2 (Sep 28, 2021)

  • Deprecations/Changes:
  • permissions: Fix bug in Host Sets service that authenticated requests
  • againist incorrect grant actions. This bug affects the SetHosts, AddHosts and RemoveHosts paths that do not have wildcard (*) action grants. If affected, please update grant actions as follows:
  • set-host-sets -> set-hosts
  • add-host-sets -> add-hosts
  • remove-host-sets -> remove-hosts (PR).
  • Removes support for the auth-methods/<id>:authenticate:login action that was deprecated in Boundary 0.2.0, please use auth-methods/<id>:authenticate instead. (PR).
  • Removes support for the credential field within auth-methods/<id>:authenticate action. This field was deprecated in Boundary 0.2.0, please use attributes instead. (PR).

New in Boundary 0.6.1 (Sep 15, 2021)

  • Bug Fixes
  • Grants: Fix issue where credential-store, credential-library, and managed-group would not be accepted as specific type values in grant strings. Also, fix authorized actions not showing credential-store values in project scope output. (PR)
  • Actions: Fix sessions collection actions not being visible when reading a scope (PR)
  • Credential stores: Fix credential stores not showing authorized collection actions (PR)

New in Boundary 0.6.0 (Sep 9, 2021)

  • New and Improved:
  • ui: Reflect user authorized actions in the UI: users now see only actionable items for which they have permissions granted.
  • ui: Icons refreshed for a friendlier look and feel.
  • Bug Fixes:
  • Controller: Fix issue with recursive listing across services when using the unauthenticated user (u_anon) with no token and the list was started in a scope where the user does not have permission (PR)
  • Grants: Fix grant format type=<type>;output_fields=<fields> with no action specified. In some code paths this format would trigger an error when validating even though it is correctly handled within the ACL code. (PR)
  • Targets: Fix panic when using boundary targets authorize-session (issue, PR).

New in Boundary 0.5.1 (Aug 19, 2021)

  • New and Improved:
  • Data Warehouse: Add OIDC auth method and accounts to the database warehouse.
  • Four new columns have been added to the wh_user_dimension table:
  • auth_method_external_id, auth_account_external_id,
  • auth_account_full_name, and auth_account_email.
  • (PR)
  • Bug Fixes:
  • events: Fix panic when using the hclog-text event's format.
  • (PR)
  • oidc managed groups: Allow colons in selector paths
  • (PR)

New in Boundary 0.5.0 (Aug 5, 2021)

  • Bug Fixes:
  • Config: Fix error when populating all kms purposes in separate blocks (as well as the error message) (issue, PR)
  • server: Fix panic on worker startup failure when the server was not also configured as a controller (PR)
  • New and Improved:
  • Docker: Add support for muti-arch docker images (amd64/arm64) via Docker buildx

New in Boundary 0.4.0 (Jul 1, 2021)

  • New and Improved:
  • Credential Stores: This release introduces Credential Stores, with the first implementation targeting Vault. A credential store can be created that accepts a Vault periodic token (which it will keep refreshed) and connection information allowing it to make requests to Vault.
  • Credential Libraries: This release introduces Credential Libraries, with the first implementation targeting Vault. Credential libraries describe how to make a request to fetch a credential from the credential store. The first credential library is the generic type that takes in a user-defined request body to send to Vault and thus can work for any type of Vault secrets engine. When a credential library is used to fetch a credential, if the credential contains a lease, Boundary will keep the credential refreshed, and revoke the credential when the session that requested it is finished.
  • Credential Brokering: Credential libraries can be attached to targets; when a session is authorized against that target, a credential will be fetched from the library that is then relayed to the client. The client can then use this information to make a connection, allowing them to gain the benefit of dynamic credential generation from Vault, but without needing their own Vault login/token (see NOTE below). boundary connect Credential Brokering Integration: Additionally, we have started integration into the boundary connect helpers, starting in this release with the Postgres helper; if the credential contains a username/password and boundary connect postgres is the helper being used, the command will automatically pass the credentials to the psql process.
  • The worker will now close any existing proxy connections it is handling when it cannot make a status request to the worker. The timeout for this behavior is currently 15 seconds.
  • Bug Fixes:
  • scheduler: removes a Postgres check constraint, on the length of the controller name, causing an error when the scheduler attempts to run jobs

New in Boundary 0.3.0 (Jun 9, 2021)

  • Deprecations/Changes:
  • Password account IDs: When the oidc auth method came out, accounts were given the prefix acctoidc. Unfortunately, accounts in the password method were using apw...oops. We're standardizing on acct and have updated the password method to generate new IDs with acctpw prefixes. Previously-generated prefixes will continue to work.
  • New and Improved:
  • oidc: The new Managed Groups feature allows groups of accounts to be created based on an authenticating user's JWT or User Info data. This data uses the same filtering syntax found elsewhere in Boundary to provide a rich way to specify the criteria for group membership. Once defined, authenticated users are added to or removed from these groups as appropriateds each time they authenticate. These groups are treated like other role principals and can be added to roles to provide grants to users.
  • Dev: Predictable IDs in boundary dev mode now extend to the accounts created in the default password and oidc auth methods.
  • Mlock: Add a Docker entrypoint script and modify Dockerfiles to handle mlock in a fashion similar to Vault (PR)

New in Boundary 0.2.3 (May 25, 2021)

  • Deprecations/Changes:
  • The behavior when cors_enabled is not specified for a listener is changing to be equivalent to a cors_allowed_origins value of *; that is, accept all origins. This allows Boundary, by default, to have the admin UI and desktop client work without further specification of origins by the operator. This is only affecting default behavior; if cors_enabled is explicitly set to true, the behavior will be the same as before. This had been changed in v0.2.1 due to a bug found in v0.2.0 that caused all origins to always be allowed, but fixing that bug exposed that the default behavior was difficult for users to configure to simply get up and running. If a cancel operation is run on a session already in a canceling or terminated state, a 200 and the session information will be returned instead of an error.
  • New and Improved:
  • sessions: Return a 200 and session information when canceling an already-canceled or terminated session (PR)
  • Bug Fixes:
  • cors: Change the default allowed origins when cors_enabled is not specified to be *. (PR)

New in Boundary 0.2.2 (May 19, 2021)

  • New and Improved:
  • Inline OIDC authentication flow: when the OIDC authentication flow succeeds, the third-party provider browser window is automatically closed and the user is returned to the admin UI.
  • Bug Fixes:
  • Sessions: Clean up connections that are dangling after a worker dies (is restarted, powered off, etc.) This fixes some cases where a session never goes to terminated state because connections are not properly marked closed. (Issue 1, Issue 2, PR)
  • Sessions: Add some missing API-level checks when session cancellation was requested. It's much easier than interpreting the domain-level check failures. (PR)
  • Authenticate: When authenticating with OIDC and json format output, the command will no longer print out a notice that it's opening your web browser (Issue, PR)

New in Boundary 0.2.2 (May 19, 2021)

  • New and Improved:
  • Inline OIDC authentication flow: when the OIDC authentication flow succeeds, the third-party provider browser window is automatically closed and the user is returned to the admin UI.
  • Bug Fixes:
  • Sessions: Clean up connections that are dangling after a worker dies (is restarted, powered off, etc.) This fixes some cases where a session never goes to terminated state because connections are not properly marked closed. (Issue 1, Issue 2, PR)
  • Sessions: Add some missing API-level checks when session cancellation was requested. It's much easier than interpreting the domain-level check failures. (PR)
  • Authenticate: When authenticating with OIDC and json format output, the command will no longer print out a notice that it's opening your web browser (Issue, PR)

New in Boundary 0.2.1 (May 6, 2021)

  • Deprecations/Changes:
  • API delete actions now result in a 204 status code and no body when successful. This was not the case previously due to a technical limitation which has now been solved.
  • When using a delete command within the CLI we now either show success or treat the 404 error the same as any other 404 error, that is, it results in a non-zero status code and an error message. This makes delete actions behave the same as other commands, all of which pass through errors to the CLI. Given -format json capability, it's relatively easy to perform a check to see whether an error was 404 or something else from within scripts, in conjunction with checking that the returned status code matches the API error status code (1).
  • When outputting from the CLI in JSON format, the resource information under item or items (depending on the action) now exactly matches the JSON sent across the wire by the controller, as opposed to matching the Go SDK representation which could result in some extra fields being shown or fields having Go-specific types. This includes delete actions which previously would show an object indicating existence, but now show no item on success or the API's 404 error.
  • Permissions in new scope default roles have been updated to include support for list, read:self, and delete:self on auth-token resources. This allows a user to list and manage their own authentication tokens. (As is the case with other resources, list will still be limited to returning tokens on which the user has authorization to perform actions, so granting this capability does not automatically give user the ability to list other users' authentication tokens.)
  • New and Improved:
  • Permissions:
  • Improving upon the work put into 0.2.0 to limit the fields that are returned when listing as the anonymous user, grants now support a new output_fields section. This takes in a comma-delimited (or in JSON format, array) set of values that correspond to the JSON fields returned from an API call (for listing, this will be applied to each resource under the items field). If specified for a given ID or resource type (and scoped to specific actions, if included), only the given values will be returned in the output.
  • If no output_fields are specified, the defaults are used. For authenticated users this defaults to all fields; for u_anon this defaults to the fields useful for navigating to and authenticating to the system. In either case, this is overridable. See the permissions documentation for more information on why and when to use this. This currently only applies to top-level fields in the response.
  • Cli/api/sdk: Add support to request additional OIDC claims scope values from the OIDC provider when making an authentication request. (PR).
  • By default, Boundary only requests the "openid" claims scope value. Many providers, like Okta and Auth0 for example, will not return the standard claims of email and name when you request the default claims scope (openid).
  • Boundary uses the standard email and name claims to populate an OIDC account's Email and FullName attributes. If you'd like these account attributes populated, you'll need to reference your OIDC provider's documentation to learn which claims scopes are required to have these claims returned during the authentication process.
  • Boundary now provides a new OIDC auth method parameter claims_scopes which allows you to add multiple additional claims scope values to an OIDC auth method configuration.
  • For information on claims scope values see: Scope Claims in the OIDC
  • specification
  • Cli: Match JSON format output with the across-the-wire API JSON format (PR)
  • Api: Return 204 instead of an empty object on successful delete operations (PR)
  • Actions: The new no-op action allows a grant to be given to a principals without conveying any actionable result. Since resources do not appear in list results if the principal has no actions granted on that resource, this can be used to allow principals to see values in list results without also giving read or other capabilities on the resources. The default scope permissions have been updated to convey no-op,list instead of read,list. (PR)
  • Cli/api/sdk: User resources have new attributes for:
  • Primary Account ID
  • Login Name
  • Full Name
  • Email
  • These new user attributes correspond to attributes from the user's primary auth method account. These attributes will be empty when the user has no account in the primary auth method for their scope, or there is no designated primary auth method for their scope.
  • Cli: Support for reading and deleting the user's own token via the new read:self and delete:self actions on auth tokens. If no token ID is provided, the stored token's ID will be used (after prompting), or "self" can be set as the value of the -id parameter to trigger this behavior without prompting. (PR)
  • Cli: New logout command deletes the current token in Boundary and forgets it from the local system credential store, respecting -token-name (PR)
  • Config: The name field for workers and controllers now supports being set from environment variables or a file on disk (PR)
  • Bug Fixes:
  • Cors: Fix allowing all origins by default (PR)
  • Cli: It is now an error to run boundary database migrate on an uninitalized db.
  • Use boundary database init instead. (PR)
  • Cli: Correctly honor the -format flag when running boundary database init (PR)

New in Boundary 0.2.0 (Apr 15, 2021)

  • The auth-methods/<id>:authenticate:login action is deprecated and will be
  • removed in a few releases. (Yes, this was meant to deprecate the
  • authenticate action; apologies for going back on this!) To better support
  • future auth methods, and especially the potential for plugins, rather than
  • defining custom actions on the URL path the authenticate action will consume both a map of parameters but also a command parameter that specifies the type of command. This allows workflows that require multiple steps, such as OIDC, to not require custom subactions. Additionally, the credentials map in the authenticate action has been renamed attributes to better match other types of resources. credentials will still work for now but will be removed in a few releases. Finally, in the Go SDK, the Authenticate function now requires a command value to be passed in. Related to the above change, the output of an API auth-methods/<id>:authenticate call will return the given command value and a map of attributes that depend on the given command. On the SDK side, the output of the Authenticate function returns a map, from which a concrete type can be easily umarshaled (see the updated authenticate password command for an example).
  • Anonymous scope/auth method listing: When listing auth methods and scopes without authentication (that is, as the anonymous user u_anon), only information necessary for navigation to an auth method and authenticating to the auth method is now output. Granting u_anon list access to other resource types will not currently filter any information out.

New in Boundary 0.1.8 (Mar 11, 2021)

  • Changes/Deprecations:
  • api: A few functions have changed places. Notably, instead of ResponseMap() and ResponseBody(), resources simply expose Response(). This higher-level response object contains the map and body, and also exposes StatusCode() in place of indivdidual resources.
  • cli: In json output format, a resource item is now an object under the top-level key item; a list of resource items is now an list of objects under the top-level key items. This preserves the top level for putting in other useful information later on (and the HTTP status code is included now).
  • cli: In json output format, errors are now serialized as a JSON object with an error key instead of outputting normal text
  • cli: All errors, including API errors, are now written to stderr. Previously in the default table format, API errors would be written to stdout.
  • cli: Error return codes have been standardized across CLI commands. An error code of 1 indicates an error generated from the actual controller API; an error code of 2 is an error encountered due to the CLI command's logic; and an error code of 3 indicates an error that was caused due to user input to the command. (There is some nuance sometimes whether an error is really due to user input or not, but we attempt to be consistent.)
  • New and Improved:
  • list filtering: Listing now supports filtering results before being returned to the user. The filtering takes place server side and uses boolean expressions against the JSON representation of returned items.
  • server: Officially support reloading TLS parameters on SIGHUP. (This likely worked before but wasn't fully tested.)
  • server: On SIGHUP, worker tags will bere-parsed and new values used
  • server: In addition to the existing tls_min_version listener configuration value, tls_max_version is now supported. This should generally be left blank but can be useful for situations where e.g. a load balancer has broken TLS 1.3 support, or does not support TLS 1.3 and flags it as a disallowed value.