π₯Govern file transfers with policy
27 July 2022
zli v. 6.7.3
zli v. 6.7.3New
Distinguish
bzerotargets by environment.zli connectallows users to differentiate non-uniquebzerotarget names by adding its corresponding environment name or environment UUID to the command. Do this by appending a period and the environment name or UUID after the target you wish to connect to. This may look like:zli connect target-user@target-name.environment-namezli connect target-user@target-name.environment-idzli connect target-name.environment-id
Command logs now include target type, environment UUID, and environment name columns for clarity. Connection event logs also include environment name and UUID
BEST PRACTICES TIP
As part of this change, we strongly recommend that target names no longer contain periods. This will reduce the risk of conflict when trying to connect to a target containing periods in the name or a target that is distinguished by environment.
bzero v. 6.4.2
bzero v. 6.4.2Fixes
TCP connections. Resolved issue with certain TCP connections that caused data truncation and out-of-order writes
Kubectl execcommands. Resolved issue where daemon quit following akubectl execcommandSudousingssm-userandbzero-user. Resolved issue when using thebzeroagent as thebzero-userandssm-userthat required a password when executing asudocommand[Released 25 June] SSH tunneling on
bzero. Resolved issue with opening a tunnel using thebzeroagent
Web app & backend
New
Use policy to govern file upload/download. Policy manages if a user can upload/download to a
bzerotarget usingscpandstfpprotocols from their terminal. This capability allows administrators to remove a users' tunnel and/or shell access to abzerotarget and maintain their file transfer access. File transfers will continue to appear in the session logs as an SSH event. To take advantage of this new feature, make sure to upgrade tozli v.6.7.3,bzero v.6.4.2, and run a freshzli generate sshConfigfrom your terminal
Enhancements
Prompt for log in. Identity providers routinely rotate their keys. When this happens, BastionZero will prompt users for new log in
Fixes
Container autodiscovery script on AL2 machines. Resolved an issue where running the container autodiscovery script on AL2 machines produced an error when starting the
bzeroagentConnect to a non-unique target. Resolved an issue where naming conflicts between online and offline targets were not detected and blocked valid connection requests
zli connecterror message. Resolved typo in thezli connecterror message that displayed an erroneous$Sort on the admin's user management tab. Resolved issue with sorting columns in the user management tab
[Released 10 June] Connect to
bzerotarget using single-user policy. Resolved an issue where azli connectto abzerotarget, governed by a single-user policy, resulted in a handshake timeout[Released 15 June] In response to CVE-2022-1650. Upgraded
eventsourcedependency proactively based on potential vulnerability outlined in CVE-2022-1650[Released 17 June] User-specific registration keys. Resolved an issue where user-specific registration keys were being rejected as API keys when global registration keys were not enabled
[Released 27 June] Trouble accessing cloud.bastionzero.com. Resolved issue with intermittent 504s on the BastionZero web app
Last updated