Skip to main content

Release Notes for Styra DAS On-Premises 0.4.2

Styra DAS On-Premise version 0.4.2 was released on July 1, 2020.

Release Summary

Styra DAS On-Premises 0.4.2 delivers the new features and enhancements, and the list of issues fixed in Styra DAS On-Premises 0.4.2 for Documentation, GUI, Installation, On-Premises, Security, and Systems sections.

New Features and Enhancements

This section describes the New Features and Enhancements in Styra DAS On-Premises 0.4.2.

Documentation

  • This release documents the core requirements to install DAS On-Premises. The requirements are listed on the On-Premises Installation page.

Installation

  • Support for Elasticsearch 7.x.
warning

The End-of-Life (EOL) cycle for Elasticsearch 6.x will be on November 20, 2020. Therefore, starting from On-Premises 0.4.2, Styra recommends that you use Elasticsearch 7.x or higher versions.

Prior to On-Premises 0.4.2, some changes were not compatible with the code written for Elasticsearch 6.x. This release supports and deploys Elasticsearch 7.x. The changes are made to detect used Elasticsearch versions and adjust accordingly to support both 6.x and 7.x.

On-Premises

  • Parameterize CPU and memory requirements, and limits in Helm chart.
info

Styra DAS now supports Elasticsearch versions 6.8.5 and 7.8.0.

This release enhances the parameterization in Helm chart to support user preferred requests/limits by allowing resource requests (environment specific customization of CPU and memory resource requirements) and limits per expected load.

  • Container security requirements: Starting from On-Premises 0.4.2, only On-Premises users with stringent container security requirements can run containers with the following restrictions:

    • RunAsNonRoot.

    • The file /etc/shadow now has file permissions set to 000.

  • Encrypt communications between load balancer and DAS: Prior to On-Premises 0.4.2, the load balancer to Styra DAS public gateway connection could not be encrypted. This release allows you to load the certificate and private key into the gateway pod and use it to secure the load balancer connection with TLS.

Security

  • Signature support for Git datasource and bundle downloading: This release introduces limited support for OPA digital signatures to provide end-to-end policy and data integrity. The signatures are imported from Git and included in the downloaded bundles for OPA to verify.

Issues Fixed

This section describes the Issues Fixed in Styra DAS On-Premises 0.4.2.

GUI

  • The broken snippets in the mutating library that occurred due to nested decisions was fixed.

Systems

  • Fixed a bug for Kubernetes systems created in the On-Premises 0.4.0 release. The bug caused validation replay results to be incorrect and for some policy library rules to behave incorrectly.