​

Approver Policy Enterprise releases¶

​ Learn about current and past releases of Approver Policy Enterprise. ​

Latest release¶

​ The latest stable version of Approver Policy Enterprise is v0.17.2.

Downloads¶

Release 0.17.2¶

Approver Policy Enterprise 0.17.2 was released on July 11, 2024.

Key features¶

• This patch release fixes a Helm template call error introduced in release 0.17.1.

Release 0.17.1¶

Approver Policy Enterprise 0.17.1 was released on June 12, 2024.

Key features¶

• This patch release fixes an issue with an incorrect cert-manager-approver-policy ServiceAccount name in the Rego (Cluster)RoleBinding reference.

Release 0.17.0¶

Approver Policy Enterprise 0.17.0 was released on May 17, 2024.

Key features¶

• Approver Policy Enterprise has been updated in this release to use Approver Policy 0.14.1.
• This release has also been updated to use Venafi Connection 0.1.0.

Release 0.16.0¶

Approver Policy Enterprise 0.16.0 was released on April 26, 2024.

Key features¶

• Approver Policy Enterprise now accepts all external issuers by default. You can now remove approveSignerNames from your values.yaml file.This makes Approver Policy Enterprise easier to use with external issuers such as the AWS Private CA Issuer or the Venafi Enhanced Issuer. Previously, Approver Policy Enterprise required explicitly granted permission to use external issuers via the approveSignerNames Helm value.

  Approver Policy Enterprise can be used with all issuers. It's still possible to restrict the list if you want to, however doing so would only be helpful in niche scenarios. The scenarios in which you might want to take action are described below, but most users should take no action.

• When using TLS Protect Datacenter, you can now remove the revoke privilege from the API Integration that you use with Approver Policy Enterprise.

• The version of Venafi Connection was updated to v0.0.20.

• The version of Approver Policy was updated to v0.13.1.

Release 0.15.0¶

Approver Policy Enterprise 0.15.0 was released on March 26, 2024.

Key features¶

• You can now configure an HTTP proxy from the Helm chart by using the following values: http_proxy, https_proxy, and no_proxy. If you are using the upstream version of Approver Policy, this may not be useful to you. These variables are useful for projects building plugins on top of Approver Policy and make HTTP calls to the internet. For more information, see Approver Policy Helm values reference page.
• You can now also configure the priorityClassName field in the Helm chart. For more information, see Approver Policy Helm values reference page.
• The following vulnerability was fixed by upgrading to google.golang.org/protobuf@v1.33.0: GO-2024-2611 (CVE-2024-24786).

Release 0.14.0¶

Approver Policy Enterprise 0.14.0 was released on March 7th, 2024.

Key features¶

This releases incorporates the following Helm value updates to reflect changes made in Approver Policy 0.13.0:

• By default, the Helm chart now adds the helm.sh/resource-policy: keep annotation to all CRDs. This prevents accidental deletion of CRDs when uninstalling the component using Helm.

  Note

  This feature introduces an additional uninstall step:

  $ kubectl delete crd certificaterequestpolicies.policy.cert-manager.io
  

  To avoid using the annotation, add --set crds.keep=false to your installation. To exclude the CRD from the Helm installation use --set crds.enabled=false.

• This release also adds an optional PodDisruptionBudget helm value that can be used in your values.yaml file:

      podDisruptionBudget:
          enabled: true
  

• Platform engineers can now set Topology Spread Constraints using a Helm chart values. For more information see Topology Spread Constraints.

• All Approver Policy deployment-related Helm values have been made global in this release.

• The replicaCount Helm value can now be set to either an integer or a string.

For more information, see Approver Policy Enterprise Helm values.

Release 0.13.0¶

Approver Policy Enterprise 0.13.0 was released on November 29th, 2023.

Key features¶

• A new metric venaficonnection_status is now available. This metric lets you monitor connection or authentication problems to the Venafi Control Plane API and TPP.
• The existing HTTP metrics now include the HTTP path and host. The host label holds the hostname of the TPP or TLS Protect Cloud instance, for example tpp.example.com and api.venafi.cloud. The path label holds the HTTP path of the request. The UUID and names are stripped from the HTTP paths are stripped so that the cardinality of the metrics doesn't explode.
• The field clientId in thehashicorpVaultOAuth block in the Venafi Connection custom resource is deprecated. This field had been mistakenly introduced. This change should not affect existing users of Venafi Enhanced Issuer since this field was not effective and wasn't shown in any of the documentation pages.

• Approver Policy has been updated and now supports CEL-based validation rules.

  You can learn more by reading the document 20230726-cel-policy.md.

Release 0.12.0¶

​ Approver Policy Enterprise 0.12.0 was released on October 27th, 2023.

Key features¶

• Golang has been updated to mitigate CVE-2023-44487 and CVE-2023-39325.

• The Approver Policy Enterprise component exposes operational and usage telemetry metrics suitable for popular monitoring solutions, enabling alerts on important operational states. For more information, see Metrics for Approver Policy Enterprise.

Related links¶

• Installing Approver Policy Enterprise
• Configuring Approver Policy Enterprise
• Common scenarios
• Approver Policy Enterprise Venafi plugin
• Approver Policy Enterprise Rego plugin
• Approver Policy Enterprise administration
• Metrics for Policy Approver Enterprise
• Approver Policy Enterprise API reference
• Approver Policy Enterprise image flags