0.7.0 (2021/11/17)
Deprecations/Changes
- tls: Boundary's support for TLS 1.0/1.1 on the API listener was broken. Rather
than fix this, we are simply not supporting TLS 1.0/1.1 as they are insecure.
New and Improved
- Boundary now supports dynamic discovery of host resources using our (currently
internal) new plugin system. See the
documentation for configuration
instructions. Currently, only Azure and AWS are supported, but more providers
will be following in future releases. - workers: The existing worker connection replay prevention logic has been
enhanced to be more robust against attackers that have decryption access to
the sharedworker-authKMS key
(PR)
Bug Fixes
- tls: Support TLS 1.2 for more clients. This was broken for some clients due to
a missing mandated cipher suite of the HTTP/2 (h2) specification that could
result in no shared cipher suites between the Boundary API listener and those
clients. (PR) - vault: Fix credential store support when using Vault namespaces
(Issue,
PR)