1.6.8

• Bumps Spring Boot to 1.5.14
• Bumps Jackson Databind to 2.9.6

1.9.3

Bug Fixes and Minor Improvements

• Reverts a change that prevented users from providing both encryption_key_name and encryption_password values for a given key.

1.7.5

Features

• Important: please read! CredHub has long had a known issue where it would fill up its database over time, due to the accumulation of audit events without truncation. This release enables CredHub to truncate audit events after a configurable amount of time. Set the credhub.audit_logs.days_retained property to the length of time you’d like to keep audit records in the database, and CredHub will cull any records older than that length of time, on a daily cadence. This value defaults to 30, so if you have records in your database older than 30 days that you'd like to retain, either increase the credhub.audit_logs.days_retained value in your deployment manifest, or take a BBR backup before deploying this update. If you don't care about audit events in the database, you can safely set the value to zero.
• Increases the max length for subject alternate names in x509 certificates from 64 to the RFC-defined 253 (h/t @ebeer).

Bug Fixes and Minor Improvements

• Updates dependencies.

1.6.7

Features

• Important: please read! CredHub has long had a known issue where it would fill up its database over time, due to the accumulation of audit events without truncation. This release enables CredHub to truncate audit events after a configurable amount of time. Set the credhub.audit_logs.days_retained property to the length of time you’d like to keep audit records in the database, and CredHub will cull any records older than that length of time, on a daily cadence. This value defaults to 30, so if you have records in your database older than 30 days that you'd like to retain, either increase the credhub.audit_logs.days_retained value in your deployment manifest, or take a BBR backup before deploying this update. If you don't care about audit events in the database, you can safely set the value to zero.

Bug Fixes and Minor Improvements

• Resolves an issue where BBR restore would often fail in clustered CredHub deployments.
• Updates dependencies.

1.9.2

Features

• Increases the range of characters acceptable in credential names. In addition to the existing character set of alphanumerics, /, _, and -, CredHub now allows ., :, (, ), [, ], and +.
• Increases the max length for subject alternate names in x509 certificates from 64 to the RFC-defined 253 (h/t @ebeer).
• Updates security event logs to include both credential guids and credential version guids.

Bug Fixes and Minor Improvements

• Resolves an error where audit events were being logged in the credhub.log file instead of credhub_security_events.log.
• Makes the security event logs less chatty. /info, /version, /health, and /key-usage endpoints no longer generate audit log entries.
• Resolves an issue where the credhub job was unable to consume a postgres db BOSH link (h/t @calebwashburn).
• Squashes some 500s.
• Updates dependencies.

1.3.6

Bug Fixes and Minor Improvements

• Updates dependencies

1.9.1

Features

• Replaced the internal (DB-only) audit tables with external log files. Previously, CredHub would write logs to an internal audit table that could only be read by connecting to the database directly. These records were prone to filling up databases, and were not read by the sample of users we asked. We replaced them with a credhub_security_events.log file that comes along with a BOSH log download, which contains details of every credential-related API request that reaches CredHub.

1.8.3

• Reverts a backwards-incompatible change that was made to CredHub's error responses to authorization endpoints. This regression was causing clients expecting the older JSON structure to fail to refresh their access tokens.

1.8.2

• API endpoints that accept JSON will now return errors if Content-Type headers are not correctly set to application/json. Previously they would return a 500. cloudfoundry/credhub@2450322
• Attempting to create credentials with names longer than 1024 characters will return an error. cloudfoundry/credhub@49816a3
• Providing database configuration on the CredHub job will take precedence over links. #20

1.8.1

• Fixed a bug where if both encryption_key_name and encryption_password are provided for an encryption key, only encryption_key_name would be used.