v0.19.0

0.19.0 (2025/01/31)

New and Improved

• Introduces soft-delete for users within the client cache.
  (PR).

• GCP dynamic host catalog: Add dynamic host catalog support for
  discovering GCP Compute Engine VM Instances.
  (PR).

• The worker domain has been refactored to create clear domain functions for worker operations, improve readability and
  maintainability of worker queries, and improve DB performance. (PR).

• Adds support for dual-stack networking for AWS operations.
  (PR)

  • Note: As a consequence of updating AWS SDK dependencies to enable
    dual-stack support, this Boundary release may consume more memory. From our
    testing, the increase seems to be around 1.6x, however this
    may vary depending on your deployment architecture.

• The worker <-> controller communications have been refactored to improve performance
  and reliability at large scale. Workers older than v0.19.0 will remain supported
  until the release of v0.20.0, in accordance with
  our worker/controller compatiblity policy.

• Add concurrency limit on the password hashing of all password auth methods.
  (PR).

  This avoids bursty memory and CPU use during concurrent password auth method
  authentication attempts. The number of concurrent hashing operations
  can be set with the new concurrent_password_hash_workers configuration
  value in the controller stanza, or the new
  BOUNDARY_CONTROLLER_CONCURRENT_PASSWORD_HASH_WORKERS environment variable.
  The default limit is 1.

• ui: Improve worker filter workflow for targets, vault credential-stores, and storage-buckets. (PR).

Bug fixes

• Fix bug in applying BOUNDARY_MAX_RETRIES for boundary cli. Previously
  setting this environment variable would result in a max retries of 2,
  regardless of the value set.
  (PR).
• Fix bug in parsing IPv6 addresses. Previously setting a target address or the
  initial upstream address in the config file would result in a malformed value.
  (PR).
• Fix an issue where, when starting a session, the connection limit always displays 0.
  (PR).
• Fix bug which caused the children keyword not to apply the appropriate
  permissions for a number of resources.
  (PR).

v0.18.2

Merge pull request #5353 from hashicorp/backport/judith/edu-web-codeo…

v0.18.1

0.18.1 (2024/11/21)

New and Improved

• Delete terminated sessions in batches to avoid long running jobs.
  (PR)

Bug fixes

• Fix an issue where users would lose access to managed groups if
  there are more than 10,000 managed groups in the auth method used.
  (PR)
• Fix an issue where only the first 10,000 members of a managed group
  are returned when getting the managed group, and a similar issue where
  only the first 10,000 managed groups an account is part of is included
  when getting the account.
  (PR)

v0.18.0

0.18.0 (2024/10/01)

New and Improved

• Add support for dynamic host catalog plugins running in Boundary workers:
  Boundary plugins that handle dynamic host catalog operations (such as the
  AWS
  and Azure plugins) can
  now run on workers. (PR)

• Dynamic host catalogs worker filter support (Enterprise and HCP Boundary
  only): Operators can now set a worker filter when creating a dynamic host
  catalog. When set, all of the plugin requests will be sent to the matching
  worker for processing. (PR)

• AWS dynamic host catalogs AssumeRole authentication support: Operators can
  now set-up AWS dynamic host catalogs using Amazon's AssumeRole
  authentication paradigm by providing a valid Role ARN when creating the host
  catalog. (PR and
  PR)

• Improved MinIO storage plugin compatibility with other services by dropping
  the checksum headers in PutObject.
  (PR)

• ui: Add UI support for searching and pagination of aliases.
  (PR)

• ui: Add UI support for filtering and pagination of session recordings.
  (PR)

• ui: Improve multi-scope grants select/deselect process.
  (PR)

Bug Fixes

• Prevented a data-race in Boundary's event logging system.
  (PR)

• Update Storage Bucket type icon in Target view.
  (PR)

• Allow user to retry with authentication is pending with OIDC.
  (PR)

Deprecations/Changes

• Remove deprecated controllers field from the worker config, which was deprecated in 0.9.0 for
  initial_upstreams(PR)

v0.17.2

0.17.2 (2024/09/25)

Changes

• The Go API properly uses the passed in value for WithRecursive and
  WithSkipCurlOutput instead of always setting to true regardless of the
  passed-in value. (PR)

v0.16.3

Revert "backport of commit 7c483e3c518c2f83ecc396caa80b1cd9bdb35d1d"

This reverts commit c706adffad7d0b0508518a91385dbe0e1fe79bd7.

v0.17.1

Merge pull request #5022 from hashicorp/backport/moduli-e2e-worker-ta…

v0.17.0

0.17.0 (2024/07/17)

v0.15.5

test(asciicast): Update expected value due to encoding change (#4979)

v0.16.2

0.16.2 (2024/06/10)

New and Improved

• Updated Minio plugin to allow for potential use with other S3-compatible storage providers.
  (PR) and (PR)

Bug Fixes

• Fixed a bug where a worker credential rotation request suceeded on the controller but the response to the worker was lost.
  This resulted in the controller using a separate set of credentials than the worker, causing the worker to be unable to connect
  to the controller. The fix implements the new nodeenrollment library NodeIdLoader interface, which ensures that on store,
  if worker NodeInformation has a previous key set, the worker will check and correct its stored credential set to match.
  LodeNodeInformation was also updated to fix a bug where in this split credential scenario, the current credential key was
  assumed to be the incoming worker key, which caused the wrong key information to be populated for the key id.
  (PR)