microsoft/AzureTRE v0.20.0

0.20.0

on GitHub

BREAKING CHANGES & MIGRATIONS:

• InnerEye and MLFlow bundles depreciated and removed from main. If you wish to update and deploy these worksapce services they can be retrieved from release 0.19.1. (#4127)
• This release removed support for Porter v0.*. If you're upgrading from a much earlier verion you can't go directly to this one. (#4228)

FEATURES:

• Add support for customer-managed keys encryption. Core support (#4141, #4144), Base workspace (#4161), other templates (#4145)

ENHANCEMENTS:

• Disable storage account cross tenant replication (#4116)
• Key Vaults should use RBAC instead of access policies for access control (#4000)
• Split log entries with [Log chunk X of Y] for better readability. (#3992)
• Expose APP_SERVICE_SKU build variable to allow enablement of App Gateway WAF (#4111)
• Update Terraform to use Azure AD authentication rather than storage account keys (#4103)
• Consolidate Terraform upgrade scripts (#4099)
• Storage accounts should use infrastructure encryption (#4001)
• Update obsolete Terraform properties (#4136)
• Update Guacamole version and dependencies (#4140)
• Update the Azure CLI version to 2.67.0 in dev container and vmss (#4157)
• Move Github PR bot commands into main documentation (#4167)
• Block Authentication with keys to CosmosDB SQL account (#4175)
• Change the way "inherited" workspaces retrieve the base workspace code (#4162)
• Add option to configure auto shutdown for Linux VM (#4186)
• Add ability to download VSCode Extensions ([#4187])
• Update Windows VM Images (#4198)
• Enhance DPI of Linux display ([#4200])
• Update Admin VM versions ([#4217])
• Update devcontainer/RP/API package versions: base image, docker, az cli, YQ (#4225)
• Purge container repos individually in when using make tre-destroy (#4230)
• Upgrade Python version from 3.8 to 3.12 (#3949)Upgrade Python version from 3.8 to 3.12 (#3949)
• Disable storage account key usage ([#4227])
• Update Guacamole dependencies ([#4232])
• Add option to force tunnel TRE's Firewall (#4237)
• Add EventGrid diagnostics to identify airlock issues (#4258)
• Disable local authentication in ServiceBus (#4259)
• Allow enablement of Secure Boot and vTPM for Guacamole VMs (#4235)
• Surface the server-layout parameter of Guacamole server-layout (#4234)
• Add encryption at host for VMs (#4263)
• Downgrade certs shared service App Gateway to Basic SKU (#4300)
• Airlock function host storage to use the user-assigned managed identity (#4276)
• Disable local authentication in EventGrid (#4254)

BUG FIXES:

• Update KeyVault references in API to use the version so Terraform cascades the update (#4112)
• Template images are showing CVEs (#4153)
• Fix Dockerfile 'as' casting (#4170)
• Create policy to allow all user to configure color profiles to remove auth dialog. (#4184)
• Pre configure VS code option to prevent script failure (#4185)
• Increase size of Nexus VM, and derive Java VM memory limits from machine size (#4074)
• Enable symlinks to work on Linux VM shared storage (#4180)
• Upgrade aiohttp version for security fixes (#4197)
• Fix failing tests, .env missing and storage logs (#4207)
• Unable to delete virtual machines, add skip_shutdown_and_force_delete = true (#4135)
• Bump terraform version in windows VM template (#4212)
• Upgrade azurerm terraform provider from v3.112.0 to v3.117.0 to mitigate storage account deployment issue (#4004)
• Fix VM actions where Workspace shared storage doesn't allow shared key access (#4222)
• Fix public exposure in Guacamole service ([#4199])
• Fix Azure ML network tags to use name rather than ID ([#4151])
• Windows R version must be 4.1.2 otherwise post install script doesn't update package mirror URL (#4288)
• Recreate tre_output.json if empty. ([#4292])
• Ensure R directory is present before attempting to update package mirror URL (#4332)

COMPONENTS:

Full Changelog: v0.19.1...v0.20.0