Comments (5)
mbyczkowski
commented on June 2, 2024
The biggest breaking changes are probably dropping support for H2 and PostgreSQL, so if you're not using those you should be fine.
We have also introduced row-level HMACs to protect records from DB tampering, but it requires a backfill to the database in order to be used (optionally you can disable it by adding rowHmacCheck: disabled to the config).
Other than that, you should check out the CHANGELOG.
from keywhiz.
FlavioImbertDomingos
commented on June 2, 2024
Great, thank you!
row-level HMACs to protect records from DB tampering
I am not using it. Where can I get more information about it?
Thank you so much.
from keywhiz.
mbyczkowski
commented on June 2, 2024
@alokmenghrajani do you have more information about row-level HMAC feature and potential impact for people upgrading from older versions?
from keywhiz.
FlavioImbertDomingos
commented on June 2, 2024
Hi @mbyczkowski ,
I have another question.. We are using 0.8 in PCI area. The compliance people is asking me if my version 0.8 has any known vulnerability. They can't find ny CVE for Keywhiz.. Please let me know if the new releases are fixing any known vulnerability.
Best regards,
Flavio.
from keywhiz.
mcpherrinm
commented on June 2, 2024
Some of Keywhiz's dependencies have had CVEs, such as jackson-databind.
We haven't evaluated if those are applicable to Keywhiz, but it is best to
keep upgraded.
Re: row-level hmacs. You can leave validation turned off to avoid any
impact. It is a new feature to reduce attack surface, by preventing
database modifications.
In order to turn it on, upgrading users must backfill existing entries to
have the HMACs applied to them. I think there's instructions on doing that
in the github PRs, not sure offhand. Alok would know
…On Wed, Dec 11, 2019 at 10:57 AM Flavio I Domingos ***@***.***> wrote:
Mat,
Another question.. We are using 0.8 in PCI area. The compliance people is
asking me if my version 0.8 has any know vulnerability. They can find and
CVE for Keywhiz.. I am trying to delay the upgrade as much as I can since
it will be a little trick for me (HSM client install, etc) at this moment.
Let me know if the new releases are fixing any known vulnerability.
Best regards,
Flavio.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#552?email_source=notifications&email_token=AAALSQMVLVHBGJGREXXBK6LQYEZX5A5CNFSM4JOWIL62YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEGUGIAA#issuecomment-564683776>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAALSQPBABSWNW36YEENGFLQYEZX5ANCNFSM4JOWIL6Q>
.
from keywhiz.
Related Issues (20)
- Authenticator Secret Key
- Migrating from MySQL to PostgreSQL - having issues HOT 1
- Database compatibility
- Publish artifacts to maven central for 0.9.0 release? HOT 7
- Flyway 6.0 blockers
- Document (or nuke) adminConnector
- Document database trustness/untrustness
- Could not build the image HOT 5
- I am having issues to build the latest version fo Keywhiz... HOT 3
- Keywhiz 0.10.2 having error "java.lang.NoClassDefFoundError: org/bouncycastle/jce/provider/BouncyCastleProvider" ... HOT 10
- Upgrade from 0.8 to 0.10.1 - I am getting this error "Validate failed: Migration checksum mismatch for migration version 1" HOT 1
- How to do an upgrade from 0.8.0 to 0.10.1 - Database issue - Migration checksum mismatch for migration version 1 HOT 8
- MySQL version in README.md HOT 1
- Docker run error -RUN mvn install-Failed to execute goal org.codehaus.mojo:sql-maven-plugin
- Proposal: Do not require x-forwarded-client-cert header for client identification
- Failed to build server on CentOS 8
- There is a vulnerability in Hibernate Validator 5.4.3.Final ,upgrade recommended
- Where can I find the automation APIs documents?
- Automation API 'io.dropwizard.jersey.errors.LoggingExceptionMapper: Error handling a request' HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from keywhiz.