Release Notes for Styra DAS On-Premises 0.4.2
Styra DAS On-premises version 0.4.2 was released on July 1, 2020.
Styra DAS On-premises 0.4.2 delivers the new features and enhancements, and the list of issues fixed in Styra DAS On-premises 0.4.2 for Documentation, GUI, Installation, on-premises, Security, and Systems sections.
New Features and Enhancements
This section describes the New Features and Enhancements in Styra DAS On-premises 0.4.2.
- This release documents the core requirements to install Styra DAS On-premises. The requirements are listed on the On-Premises Installation page.
- Support for Elasticsearch 7.x.
The End-of-Life (EOL) cycle for Elasticsearch 6.x will be on November 20, 2020. Therefore, starting from Styra DAS On-premises 0.4.2, Styra recommends that you use Elasticsearch 7.x or higher versions.
Prior to Styra DAS On-premises 0.4.2, some changes were not compatible with the code written for Elasticsearch 6.x. This release supports and deploys Elasticsearch 7.x. The changes are made to detect used Elasticsearch versions and adjust accordingly to support both 6.x and 7.x.
- Parameterize CPU and memory requirements, and limits in Helm chart.
Styra DAS On-premises now supports Elasticsearch versions 6.8.5 and 7.8.0.
This release enhances the parameterization in Helm chart to support user preferred requests/limits by allowing resource requests (environment specific customization of CPU and memory resource requirements) and limits per expected load.
Container security requirements: Starting from Styra DAS On-premises 0.4.2, only on-premises users with stringent container security requirements can run containers with the following restrictions:
/etc/shadownow has file permissions set to 000.
Encrypt communications between load balancer and DAS: Prior to Styra DAS On-premises 0.4.2, the load balancer to Styra DAS public gateway connection could not be encrypted. This release allows you to load the certificate and private key into the gateway pod and use it to secure the load balancer connection with TLS.
- Signature support for Git datasource and bundle downloading: This release introduces limited support for OPA digital signatures to provide end-to-end policy and data integrity. The signatures are imported from Git and included in the downloaded bundles for OPA to verify.
This section describes the Issues Fixed in Styra DAS On-premises 0.4.2.
- The broken snippets in the mutating library that occurred due to nested decisions was fixed.
- Fixed a bug for Kubernetes systems created in the Styra DAS On-premises 0.4.0 release. The bug caused validation replay results to be incorrect and for some policy library rules to behave incorrectly.