Release Notes for Self-Hosted Styra DAS
Self-Hosted Styra DAS 0.16.3 was released on November 27th, 2024.
New Features and Changes
Beta UI name transition and additions
The Beta UI label is transitioning to "New UI", with the existing UI labeled as "Legacy UI".
Added Workspace-level decision logs view and decision timeseries metrics graphs to the Usage tab. Added kind (system, stack, library) filter to Workspace search. Additional support for more System and Stack user role types in the policy editor. Added the list of all the user's roles to the user info dialog.
Upgraded to OPA v0.70.0
The internal version of OPA used by Styra DAS has been upgraded to OPA 0.70.0.
Improved performance for /v2/authz/rolebindings API in tenants with many resources
In tenants with hundreds of resources (Systems, Stacks, and Libraries) and hundreds of users and API tokens, the v2 authz rolebindings endpoint performance could slow to 6+ seconds, especially in self-hosted environments using a PostgreSQL database for the DAS data layer. Moving to a multi-threaded architecture improves this endpoint's performance in these scenarios, reducing request times by up to 2/3 while still preserving pagination ordering.
Return sample batch count in logreplay APIs
The /v1/logreplay and /v2/logreplay APIs have been updated to additionally return the count for each batch object in samples.
SLP memory and CPU config options in Kubernetes system install customization
The Kubernetes system type now allows for customizing the SLP memory and CPU resource requests and limits during install asset configuration.
Relay client v0.1.11 base image hardened to remove unnecessary libraries with CVEs
In the relay client v0.1.11 release, the base image has been hardened to remove libraries with new CVEs and which were not used by the client.
Fixed Issues
Slow initial UI load for Workspace admins with many systems and users
In tenants with several hundred systems and several hundred users, the initial UI load for a Workspace admin user could be slowed by several seconds.
Policy editor auto preview and validate triggered before policy publishing
After running preview or validate in the policy editor, any code change to a policy would prematurely trigger a rerun of preview or validate automatically, which could result in an error for an invalid or incomplete policy change.
Data source conflict error not displayed
In some cases, if a Git or HTTPS data source path and name conflicted with an existing data source, the conflict error would not be displayed in the UI.
Workspace access control missing roles and SSO claims
When viewing the Workspace-level access control tab, access control resources may not have been shown depending on navigation path to the tab.
Library roles assigned via SSO claims couldn't edit policies
Users assigned the LibraryOwner or LibraryEditor roles via SSO claims could not edit Library files.
SSO configuration modal missing rolebindings
In some cases, the SSO configuration modal did not display the configured SSO rolebindings.
500 response on Terraform run task configuration API instead of 403
Users with System roles without permissions for Terraform run task configuration received a 500 API response instead of the expected 403.
Users with WorkspaceViewer role cannot view Workspace tabs
Users with only a WorkspaceViewer role could not access Workspace-level tabs in the UI.
Users with SystemOwner role could not modify bundle registry settings
SystemOwner role users were not able to access and edit system bundle registry settings as expected.
UI policy editor error on autocomplete of long complex strings
In some rare cases in the UI policy editor, autocomplete of a very long complex string could result in a UI error.