Xena Series Release Notes


Security Issues

  • Part of the fix for Story 2009664 required renaming the policy for Container Consumers from “consumers:get” to “container_consumers:get”, “consumers:post” to “container_consumers:post”, and “consumers:delete” to “container_consumers:delete”. If you are using custom policies to override the default policies you will need to update them to use the new names.

  • Fixed Story #2009791: Users with the “creator” role on a project can now delete secrets owned by the project even if the user is different than the user that originally created the secret. Previous to this fix a user with the “creator” role was only allowed to delete a secret owned by the project if they were also the same user that originally created, which was inconsistent with the way that deletes are handled by other OpenStack projects that integrate with Barbican. This change does not affect private secrets (i.e. secrets with the “project-access” flag set to “false”).

Bug Fixes

  • Fixed Story #2009247 - Fixed the response for POST /v1/secrets/{secret-id}/metadata so it matches the documented behavior.

  • Fixed Story 2009664 - Fixed the Consumer controller to be able to use the associated Container’s ownership information in policy checks.

  • Fixed Story #2009672 - Fixed validator for Container Consumers to prevent 500 errors.


New Features

  • The default maximum secret size has been increased from 10 kB to 20 kb, and the default maximum request size has been increased from 15 kB to 25 kB.

Bug Fixes

  • Fixed Story 2008335: Fixed a data encoding issue in the Hashicorp Vault backend that was causing errors when retrieving keys that were generated by the Vault Key Manager in Castellan.