Release notes

Important Information for nevisAdmin 3 Users

nevisAdmin 4 is the completely overhauled configuration and deployment solution for the Nevis Identity Suite.

nevisAdmin 3 configurations cannot be automatically migrated to nevisAdmin 4.

Contact your integration partner, if you need assistance to migrate from nevisAdmin 3 to nevisAdmin 4.

If you are looking for updates to nevisAdmin 3, check the nevisAdmin 3 documentation.

Pattern Release Notes

The pattern release notes can now be found here.

nevisAdmin 8.2505.4 Release Notes - 2025-06-26

Release information

• RPM: nevisadmin4-8.2505.4.2-1.noarch.rpm
• GUI Version: FE 8.2505.4-1509 - BE 8.2505.4.2

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

Notable changes and bug fixes

• NEW: The Kubernetes database migration job and the corresponding pod(s) can now be assigned additional custom labels via the kubernetes.database.labels option in the inventory. (NEVISADMV4-9932)

nevisAdmin 8.2505.3 Release Notes - 2025-05-21

Release information

• RPM: nevisadmin4-8.2505.3.16-1.noarch.rpm
• GUI Version: FE 8.2505.3-1502 - BE 8.2505.3.16

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

• UPGRADED: nevisAdmin 4 is now compiled and run with Java 21. Using Java 17 is no longer supported. (NEVISADMV4-10440)
• CHANGED: The nevisadmin.yaml.literal-block-style.enabled property’s default value is now set to true. This feature may cause false changes on the publish screen, as the visualization of multi-line strings appears identical on the UI. See the documentation for more details on this property.
  For Helm-based installations, to opt out, use --set nevisAdmin4.yaml.literalBlockStyle.enabled=false or configure it in the values.yml file.
• DEPRECATED: The Generation Engine has been discontinued and is no longer supported. We recommend to use NevisAdmin4 instead, which also offers Kubernetes resource generation and automated key generation—features not available in the Generation Engine. (NEVISADMV4-10411)
• CHANGED: The promotion of canary deployments now run asynchronously, without blocking the UI. Refer to the Kubernetes Status screen to monitor its progress. The HTTP response code for PUT /api/inventories/{inventoryKey}/promote was changed from 200 to 202. (NEVISADMV4-10220).

Main improvement

• NEW: Support REST API calls with a JWT token when SAML is enabled. (NEVISADMV4-10387)
• NEW: Supporting PostgreSQL version 17. (NEVISADMV4-10439)
• NEW: Supporting MariaDB version 11.4. (NEVISADMV4-10438)
• NEW: Canary deployments now support custom replica counts and resource settings, independent of their primary counterparts. During promotion, the canary will automatically scale up to match the primary’s current replica count before traffic is switched over. (NEVISADMV4-10220).

Notable changes and bug fixes

• NEW: The X-Frame-Options header is disabled when the platform spring profile is enabled. (IP-658)
• IMPROVED: The Inventory help now has a section describing the usage of secrets and files. (NEVISADMV4-10384)
• FIXED: We fixed a GUI issue on the Kubernetes Status page which allowed the deletion, promotion and rollback of deployments even if the user had not have permission to do that, only to receive an error message (still no deployments were changed). Now the GUI correctly enforces the permissions on these buttons. (NEVISADMV4-9091)
• FIXED: We are skipping class loading for the nevisadmin-plugin-marketplace to avoid exceptions in the log. Furthermore, the nevisadmin-plugin-marketplace is not set as a default library for new projects. (NEVISADMV4-10423)
• FIXED: Fixed in inventory help (Kubernetes and Classic) the url of the Product-Analytics page. (NEVISADMV4-10434)
• FIXED: We resolved an issue where setting nevisadmin.http.header.content-security-policy would incorrectly set the value of nevisadmin.http.header.x-frame-options. (NEVISADMV4-10513)

Dependency upgrades

• jsch 0.2.24 (NEVISADMV4-10369)
• jackson 2.18.3 (NEVISADMV4-10369)
• jetty 12.0.18 (NEVISADMV4-10369)
• groovy 4.0.26 (NEVISADMV4-10369)
• snakeyaml 2.4 (NEVISADMV4-10369)
• aspectj 1.9.23 (NEVISADMV4-10369)
• slf4j 2.0.17 (NEVISADMV4-10369)
• logback-classic 1.5.18 (NEVISADMV4-10369)
• guava 33.4.6-jre (NEVISADMV4-10369)
• commonmark 0.24.0 (NEVISADMV4-10369)
• spring-boot 3.3.11 (NEVISADMV4-10524)
• spring-dependency-management 1.1.7 (NEVISADMV4-10369)
• mariadb-java-client 3.5.3 (NEVISADMV4-10369)
• postgres 42.7.5 (NEVISADMV4-10369)
• shiro 2.0.2 (NEVISADMV4-10369)
• nimbus-jose-jwt 10.1 (NEVISADMV4-10369)
• bcprov-jdk18on 1.80 (NEVISADMV4-10369)
• bcpkix-jdk18on 1.80 (NEVISADMV4-10369)
• bcpg-jdk18on 1.80 (NEVISADMV4-10369)
• bcutil-jdk18on 1.80 (NEVISADMV4-10369)
• kubernetes-java-client 23.0.0 (NEVISADMV4-10369)

nevisAdmin 8.2411.1 Release Notes - 2025-01-30

Release information

• RPM: nevisadmin4-8.2411.1.5-1.noarch.rpm
• GUI Version: FE 8.2411.0-1459 - BE 8.2411.1.5

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

Notable changes and bug fixes

• FIXED: Resolved an issue with CSRF protection when SAML is enabled that could cause POST and PUT requests to return a 403 response due to incorrect extraction of the CSRF token from the request header. (NEVISADMV4-10379)
• FIXED: Resolved an issue with CSRF protection when SAML is enabled that could cause POST and PUT requests to return a 403 response due to the missing CSRF token in the cookie. (NEVISADMV4-10422)

nevisAdmin 8.2411.0 Release Notes - 2024-11-20

Release information

• RPM: nevisadmin4-8.2411.0.17-1.noarch.rpm
• GUI Version: FE 8.2411.0-1459 - BE 8.2411.0.17

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

• CHANGED: The nevisadmin-plugin-nevisadapt has been separated from the nevisadmin-plugin-nevisdetect. The nevisAdapt Patterns, which were previously part of the nevisDetect plugin, have now been moved to the new nevisAdapt plugin. (NEVISADMV4-10229)

Main improvement

• NEW: It is now possible to delete plugin libraries on the Resources / Pattern Libraries page. (NEVISADMV4-9761)
• NEW: You can now add a git tag to the commit that is created when publishing a project, both on the GUI in the publishing dialog, and also using the REST API. (PRODROAD-597)
• NEW: Project variables now can have default values. Compared to the existing sample values, if a default value is not overridden in the inventory, it will not cause an error during deployment, and instead the default value of the project variable will be directly used. (NEVISADMV4-10185)
• NEW: We've introduced a new feature that automatically migrates the project when the nevisadmin-plugin-base-generation version is upgraded. This feature attempts to handle breaking changes by updating most project data automatically, reducing the need for manual adjustments, but some cases cannot be handled automatically, and manual intervention may still be required. (NEVISADMV4-10104)

Notable changes and bug fixes

• NEW: Deployments can now be performed using the legacy checkout method by setting the configuration property nevisadmin.git.shallow-checkout to false. (NEVISADMV4-10252)
• NEW: We added two new properties, nevisadmin.pki.root-certificate-validity and nevisadmin.pki.end-certificate-validity, to configure certificate validity for automatic key management in classic deployments. (NEVISADMV4-10268)
• IMPROVED: When publishing a project containing attachment properties where the attached files were changed, the changes can be reviewed in the publish dialog with a new diff view. (NEVISADMV4-10067)
• IMPROVED: The inventory editor has received a number of improvements (NEVISADMV4-10074)
  • Errors that are not related to a specific line are shown on the first line.
  • Folding controls are now always shown, not only when the gutter (i.e. the line numbers) is hovered.
  • When the inventory yaml has issues, an inline peek view pops up showing the details. This can also be triggered from the new menu left to the inventory resource actions, which also has controls to fold/unfold all regions of the yaml file.
  • Tooltips in the editor are no longer clipped if they extend beyond the editor.
• IMPROVED: When editing a pattern attachment file, now you can toggle the editor to Fullscreen mode. (NEVISADMV4-10071)
• IMPROVED: Pattern fields of type key-value can now be sorted alphabetically. This helps in finding them when there are many of them, and also, in reviewing the diff during publishing. (NEVISADMV4-10084)
• IMPROVED: If an attachment is renamed in a way that the only difference from the original name is in letter casing, it may cause errors. The errors now include explanations and workarounds for resolving these issues. (NEVISADMV4-10102)
• IMPROVED: Addressed some performance issues that happened when there were a lot of plugin libraries uploaded. (NEVISADMV4-10073)
• CHANGED: The REST endpoints at /api/v1/jobs now include the creationTime field in their returned data. (NEVISADMV4-10011)
• FIXED: The variables screen now also considers ${var.<name>} references when listing the usages of variables. (NEVISADMV4-10024)
• FIXED: Renaming a variable now also updates all references to it that use the ${var.<name>} format. (NEVISADMV4-10085)
• FIXED: When using the main pattern list in grouped by labels mode, the expanded state of the groups was not restored when navigating away and coming back. They are now correctly saved and restored when needed. (NEVISADMV4-10072)
• FIXED: In some rare cases, newly created tenant scoped secrets were not available in the inventory editor to be inserted, until another inventory was opened first. They are now available immediately. (NEVISADMV4-9969)
• FIXED: We fixed a GUI issue, which caused the project validation spinner to sometimes stay spinning even after the project validation has finished, especially if there were new edits before the previous validation has finished. (NEVISADMV4-8559)
• FIXED: We fixed a GUI issue which allowed both the Delete and the Connect to Git actions for projects and inventories to be available, even when the user did not have permission to modify the selected project or inventory, which led to a permission error. These buttons are now disabled if the user does not have the required permission. (NEVISADMV4-8854)
• FIXED: We fixed a GUI issue in the inventory editor, where inserting a secret in the middle of a line replaced the rest of the line instead of inserting the secret at the caret's location. Highlighting secrets in the editor is also fixed. (NEVISADMV4-8441)
• FIXED: The default values for cors.allowed.methods, cors.allowed.headers, and cors.max.age now align with what is stated in the documentation. (NEVISADMV-10128)
• FIXED: We fixed a GUI issue which caused project variables to be imported with an invalid value. (NEVISADMV4-9090)
• FIXED: We fixed a GUI issue in the pattern editor, which caused the navigation to be canceled when clicking through a pattern reference link while having unsaved changes. (NEVISADMV4-10308)

Dependency upgrades

• shiro 2.0.1 (NEVISADMV4-9164)
• org.eclipse.jgit 6.10.0.202406032230-r (NEVISADMV4-10027)
• jsch 0.2.20 (NEVISADMV4-10273)
• jackson 2.18.0 (NEVISADMV4-10273)
• jetty-rewrite 12.0.14 (NEVISADMV4-10273)
• groovy 4.0.23 (NEVISADMV4-10273)
• snakeyaml 2.3 (NEVISADMV4-10273)
• aspectjweaver 1.9.22.1 (NEVISADMV4-10027)
• jakarta-annotation-api 3.0.0 (NEVISADMV4-10027)
• slf4j-api 2.0.16 (NEVISADMV4-10027)
• logback-classic 1.5.9 (NEVISADMV4-10273)
• guava 33.3.1-jre (NEVISADMV4-10273)
• opensaml 4.3.2 (NEVISADMV4-10027)
• spring-boot 3.3.5 (NEVISADMV4-10307)
• spring-dependency-management-plugin 1.1.6 (NEVISADMV4-10027)
• springdoc-openapi-starter-webmvc-ui 2.6.0 (NEVISADMV4-10027)
• mustache 0.9.14 (NEVISADMV4-10027)
• mariadb-java-client 3.4.1 (NEVISADMV4-10027)
• postgresql 42.7.4 (NEVISADMV4-10027)
• nimbus-jose-jwt 9.41.2 (NEVISADMV4-10273)
• bcprov-jdk18on 1.78.1 (NEVISADMV4-10027)
• bcpkix-jdk18on 1.78.1 (NEVISADMV4-10027)
• bcpg-jdk18on 1.78.1 (NEVISADMV4-10027)
• bcutil-jdk18on 1.78.1 (NEVISADMV4-10027)
• kubernetes-java-client 21.0.1 (NEVISADMV4-10027)

nevisAdmin 8.2405.1 Release Notes - 2024-06-26

Release information

• RPM: nevisadmin4-8.2405.1.0-1.noarch.rpm
• GUI Version: FE 8.2405.0-1300 - BE 8.2405.1.0

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

Notable changes and bug fixes

• FIXED: CORS preflight requests are no longer rejected. (NEVISADMV4-10021)

nevisAdmin 8.2405.0 Release Notes - 2024-05-15

Release information

• RPM: nevisadmin4-8.2405.0.7-1.noarch.rpm
• GUI Version: FE 8.2405.0-1300 - BE 8.2405.0.7

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

• CHANGED: Due to the shallow checkout feature, Kubernetes deployments no longer work with uninitialized repositories. (NEVISADMV4-10018)

Main improvement

• NEW: Inventory scoped secrets, secret files, and files can now be converted into global scoped secrets, secret files, and files respectively, on the Secrets & Files screen. (NEVISADMV4-9746)
• NEW: nevisAdmin 4 now collects anonymized analytics data. This helps us understand better how nevisAdmin 4 is used. (PRODROAD-402)
  note

  nevisAdmin 4 only collects data, it does not send it to us without explicit user interaction. For more information, see product-analytics.

Notable changes and bug fixes

• IMPROVED: Issues with INFO severity are now logged at DEBUG log level instead of INFO log level, for better log readability. This change only affects issues (mostly the ones created during the validation of configurations), not all log messages. (NEVISADMV4-9878)
• IMPROVED: The deployment process now creates a shallow clone of the deployment repository. (NEVISADMV4-9293)
• IMPROVED: In the Inventory Editor, validation errors that can be traced to specific lines are now displayed inline in the editor instead of only in the page header. (NEVISADMV4-9481)
• IMPROVED: The log viewer dialog (for pod's or nevisAdmin 4's logs) now lets you turn on line wrapping. The preference is sticky among logs. (NEVISADMV4-9890)
• FIXED: Using REST requests, it used to be possible to deploy projects with inventories that are not in the same tenant as the project. Such requests are now rejected. (NEVISADMV4-9556)
• FIXED: We fixed a GUI issue in the pattern editor where an error was thrown when a variable was assigned to a multi-select type of pattern field. (NEVISADMV4-8774)
• FIXED: The file tree in the Generation Results in the Deployment Wizard no longer throws errors or become unresponsive when the tree has a lot of items. Moving the divider between the file tree and the file content previewer also became easier. (NEVISADMV4-9519)
• FIXED: The authentication flow tree (in the right sidebar of the pattern editor) mixed up multiple occurrences of the same pattern when navigating using the links in the tree. Now those links correctly select the expected pattern in the tree. (NEVISADMV4-9778)

Dependency upgrades

• org.eclipse.jgit 6.9.0.202403050737-r (NEVISADMV4-9293)
• jsch 0.2.17 (NEVISADMV4-9812)
• jackson 2.17.0 (NEVISADMV4-9922)
• jetty-rewrite 12.0.8 (NEVISADMV4-9922)
• groovy 4.0.20 (NEVISADMV4-9922)
• aspectjweaver 1.9.22 (NEVISADMV4-9922)
• jakarta-activation-api 2.1.3 (NEVISADMV4-9922)
• jakarta-xml-bind-api 4.0.2 (NEVISADMV4-9922)
• jaxb-runtime 4.0.5 (NEVISADMV4-9922)
• slf4j-api 2.0.12 (NEVISADMV4-9812)
• logback-classic 1.5.3 (NEVISADMV4-9922)
• guava 33.1.0-jre (NEVISADMV4-9922)
• commonmark 0.22.0 (NEVISADMV4-9922)
• opensaml 4.3.1 (NEVISADMV4-9922)
• spring-boot 3.2.5 (NEVISADMV4-9942)
• springdoc-openapi-starter-webmvc-ui 2.5.0 (NEVISADMV4-9922)
• mariadb-java-client 3.3.3 (NEVISADMV4-9812)
• postgresql 42.7.3 (NEVISADMV4-9922)
• nimbus-jose-jwt 9.37.3 (NEVISADMV4-9812)
• bcprov-jdk18on 1.78 (NEVISADMV4-9922)
• bcpkix-jdk18on 1.78 (NEVISADMV4-9922)
• bcpg-jdk18on 1.78 (NEVISADMV4-9922)
• bcutil-jdk18on 1.78 (NEVISADMV4-9922)
• kubernetes-java-client 20.0.1 (NEVISADMV4-9922)
• micrometer 1.12.4 (NEVISADMV4-9922)

nevisAdmin 7.2402.0 Release Notes - 2024-02-21

Release information

• RPM: nevisadmin4-7.2402.0.30-1.noarch.rpm
• GUI Version: FE 7.2402.0-1163 - BE 7.2402.0.30

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

Main improvement

• NEW: Inactivity timeout can now be set with the jwt.token.inactivity.timeout property. Users who are inactive for the amount of time specified by this property, are logged out. (NEVISADMV4-9611)
• NEW: Product analytic reports can now be downloaded from the top right context menu. (NEVISADMV4-9729)
• NEW: Local changes to version controlled inventories can now be reverted. (NEVISADMV4-9769)
• NEW: The search feature is extended to content of inventory yamls, and the description and file names of secrets, inventory secret files, and inventory files. (NEVISADMV4-9697)
• NEW: Passkey project template (PRODROAD-431)

Notable changes and bug fixes

• IMPROVED: When viewing logs of Kubernetes pods (also the logs of nevisAdmin4 itself when it is running on Kubernetes), the dialog for that is now bigger, shows up to 100000 lines, and uses the same advanced editor as the inventory editor. This allows for more thorough log inspection without having to download and open them in an external editor. (NEVISADMV4-9187)
• IMPROVED: When using the recently released Search feature, the search term is now highlighted in the result snippets, making it easier to identify the correct search result. (NEVISADMV4-9648)
• IMPROVED: Validation messages in multiple places (Pattern Editor, Deployment Wizard) now force wrap their content if it is long without spaces thus making it readable without scrolling, but keep the normal wrapping for non-technical messages. (NEVISADMV4-9291)
• IMPROVED: The pattern category filter buttons above the pattern list are now ordered alphabetically. When there are many of them, it is easier to find the correct one. (NEVISADMV4-9501)
• IMPROVED: It is now possible to use percentage based autoscaling for Kubernetes deployments. For more information see: Inventory YAML file format (NEVISADMV4-9792)

Dependency upgrades

• org.eclipse.jgit 6.8.0.202311291450-r (NEVISADMV4-9675)
• jsch 0.2.13 (NEVISADMV4-9675)
• jackson 2.16.0 (NEVISADMV4-9675)
• jetty-rewrite 11.0.18 (NEVISADMV4-9675)
• groovy 4.0.16 (NEVISADMV4-9675)
• jaxb-runtime 4.0.4 (NEVISADMV4-9675)
• logback-classic 1.4.14 (NEVISADMV4-9675)
• spring-boot 3.1.6 (NEVISADMV4-9675)
• spring-dependency-management-plugin 1.1.4 (NEVISADMV4-9675)
• springdoc-openapi-starter-webmvc-ui 2.3.0 (NEVISADMV4-9675)
• mariadb-java-client 3.3.1 (NEVISADMV4-9675)
• postgresql 42.7.1 (NEVISADMV4-9675)
• shiro 1.13.0 (NEVISADMV4-9675)
• nimbus-jose-jwt 9.37.2 (NEVISADMV4-9675)
• bcprov-jdk18on 1.77 (NEVISADMV4-9675)
• bcpkix-jdk18on 1.77 (NEVISADMV4-9675)
• bcpg-jdk18on 1.77 (NEVISADMV4-9675)
• bcutil-jdk18on 1.77 (NEVISADMV4-9675)
• kubernetes-java-client 19.0.0 (NEVISADMV4-9675)
• micrometer 1.12.0 (NEVISADMV4-9675)

nevisAdmin 7.2311.1 Release Notes - 2024-01-16

Release information

• RPM: nevisadmin4-7.2311.1.0-1.noarch.rpm
• GUI Version: FE 7.2311.1-1116 - BE 7.2311.1.0

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

Notable changes and bug fixes

• FIXED: We fixed an issue with the Authentication Flow Graph that caused the graph to crash and not display. (NEVISADMV4-9678)

nevisAdmin 7.2311.0 Release Notes - 2023-11-15

Release information

• RPM: nevisadmin4-7.2311.0.10-1.noarch.rpm
• GUI Version: FE 7.2311.0-1066 - BE 7.2311.0.10

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

• CHANGED: We upgraded to java 17 and groovy 4 so the old plugins version are not compatible with this version. The usual one version backward compatibility can not be provided. (PRODROAD-321) (PRODROAD-322)
• CHANGED: New Jetty version used in nevisAdmin 4 performs more strict validation for TLS connections. The SNI will be checked for matching the hostname in the configured certificate. (NEVISADMV4-9142)
• CHANGED: The Git deployment repository is now seperated to namespace folders when using Git deployments. (NEVISADMV4-9506)

Main improvement

• NEW: The GUI editor of the attachment property now displays line numbers, and also applies syntax highlight to some common file types if it can identify the file type based on the extension. (NEVISADMV4-9403)
• NEW: We added a new search window. You can use it to search in all patterns, attachments, and more. (NEVISADMV4-9465)
• NEW: We added the possibility to compare inventories, which makes it easier to work with multiple stages of infrastructure, like dev, QA, prod. (NEVISADMV4-9457)
• NEW: We added multiple ways to get informed about how others work on the same resource. On the configuration tab near the project name, a user icon signals if others changed the project since you worked on, and it also notifies with a subtle real-time animation if there's a change in the same project. The Deploy button and the deployment wizard now signals in real-time with spinners when a deployment is going on. (NEVISADMV4-9488)
• NEW: Git deployments can now be performed with side-by-side deployment strategy. (NEVISADMV4-9506)
• NEW: Git deployments can now be deleted. (NEVISADMV4-9593)

Notable changes and bug fixes

• IMPROVED: The inventory validation now detects invalid characters in the kubernetes token. (NEVISADMV4-9444)
• IMPROVED: Pod affinity settings will now apply to the migration jobs when using Kubernetes deployment. (NEVISADMV4-9595)
• IMPROVED: The default imagePullPolicy can now be configured in the inventory for Kubernetes deployments.(NEVISADMV4-9446)
• FIXED: The deployment preview no longer considers all nevisComponents unchanged if the git tag for the upstream is not found. Now these components are considered new. (NEVISADMV4-9244)
• FIXED: We fixed a bug that sometimes caused patterns with attachments to have an inaccurate timestamp. (NEVISADMV4-9436)
• FIXED: Hibernate ddl validation is now disabled by default for PostgreSQL because it does not work when the schema username contains uppercase letters. (NEVISADMV4-9443)
• FIXED: Improved validation on operations that can create project variables, to better prevent inconsistent states. (NEVISADMV4-9485)
• FIXED: The name of the remote temporary upload directory is randomized for classic deployments to avoid naming conflicts.(NEVISADMV4-9587)

Dependency upgrades

• jaxb-runtime 4.0.3 (NEVISADMV4-9406)
• jsch 0.2.11 (NEVISADMV4-9406)
• jetty-rewrite 11.0.16 (NEVISADMV4-9533)
• groovy 4.0.15 (NEVISADMV4-9533)
• jakarta-annotation-api 2.1.1 (NEVISADMV4-9142)
• jakarta-activation-api 2.1.2 (NEVISADMV4-9172)
• jakarta-xml-bind-api 4.0.1 (NEVISADMV4-9533)
• spring-boot 3.1.4 (NEVISADMV4-9533)
• spring-dependency-management-plugin 1.1.3 (NEVISADMV4-9406)
• opensaml 4.3.0 (NEVISADMV4-9126)
• apache-el is removed (NEVISADMV4-9126)
• springdoc-openapi-starter-webmvc-ui 2.2.0 (replacing springdoc-openapi-ui) (NEVISADMV4-9406)
• org.eclipse.jgit 6.6.0.202305301015-r (NEVISADMV4-9406)
• jackson 2.15.3 (NEVISADMV4-9533)
• logback-classic 1.4.11 (NEVISADMV4-9406)
• guava 32.1.3-jre (NEVISADMV4-9533)
• snakeyaml 2.2 (NEVISADMV4-9533)
• aspectjweaver 1.9.20.1 (NEVISADMV4-9533)
• postgresql 42.6.0 (NEVISADMV4-9406)
• shiro 1.12.0 (NEVISADMV4-9406)
• bcprov-jdk18on 1.76 (NEVISADMV4-9406)
• bcpkix-jdk18on 1.76 (NEVISADMV4-9406)
• bcpg-jdk18on 1.76 (NEVISADMV4-9406)
• bcutil-jdk18on 1.76 (NEVISADMV4-9406)
• slf4j-api 2.0.9 (NEVISADMV4-9533)
• mustache 0.9.11 (NEVISADMV4-9533)
• mariadb-java-client 3.2.0 (NEVISADMV4-9533)
• nimbus-jose-jwt 9.37 (NEVISADMV4-9533)
• spring-security 5.8.7 (NEVISADMV4-9533)
• jetty 9.4.53.v20231009 (NEVISADMV4-9552)

nevisAdmin 4.20.0 Release Notes - 2023-08-16

Release information

• RPM: nevisadmin4-4.20.0.13-1.noarch.rpm
• GUI Version: FE 4.20.0-995 - BE 4.20.0.13

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

• CHANGED: The REST endpoint GET /api/v1/tenants/{tenantKey}/constants does not return the usedIn field anymore by default, due to its computational complexity. If you need this field, call the API with ?usedIn=true query parameter. (NEVISADMV4-9332)

• CHANGED: The RSA/SHA1 signature algorithm is disabled by default for the ssh connection used for classic deployments and git. (NEVISADMV4-9136)

  If you still need this unsecure signature algorithm you have to either:

  • Edit the var/opt/nevisadmin4/conf/env.conf and add these system properties:

    -Djsch.server_host_key=ssh-rsa,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256
    -Djsch.client_pubkey=ssh-rsa,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256
  • Or edit the ssh config of the user, typically ~/.ssh/config, see more details.

    Host {old-host}      
        HostkeyAlgorithms +ssh-rsa
        PubkeyAcceptedAlgorithms +ssh-rsa

• CHANGED: During kubernetes deployments, git metadata and the list of secret references used are now added to nevis components. This will show up as a change in the deployment preview screen when they are deployed for the first time after upgrading to this version. (NEVISADMV4-9354)

Main improvement

• NEW: Projects can now be jumpstarted from predefined project templates in the newly added marketplace tab. (NEVISADMV4-8522)
• NEW: You can also define your own custom project templates. (NEVISADMV4-9003)
• NEW: In the pattern editor, on the Usage tab on the right, you can now see which other projects the currently selected pattern was copied to. (NEVISADMV4-9074)
• NEW: After the validation phase of a deployment completes, the generation results can be downloaded as a zip file. (NEVISADMV4-9355)
• NEW: Added experimental support for PostgreSQL database. (NEVISADMV4-9118)
• NEW: During deployment, the git configuration can now be saved to a persistent volume using the kubernetes.git-init.mirror attribute in the inventory. This can be used as a fallback source for pods when they restart, in case the connection to git is down. (NEVISADMV4-9276)
• NEW: Git deployments have been introduced. During git deployments, the generated configuration is uploaded to the specified git repository without performing any furthers steps. This can be used to integrate nevisAdmin 4 with GitOps continuous delivery tools. (NEVISADMV4-9354)

Notable changes and bug fixes

• NEW: Added a new property nevisadmin.git.commit.name-format for changing the format of the username on commits made by nevisAdmin 4. (NEVISADMV4-9325)
• NEW: The ssh connection for classic deployment and git now supports Ed25519 keys. (NEVISADMV4-9136)
• NEW: The default imagePullPolicy can now be configured for Kubernetes deployments. For more information see: Configuration Properties in the nevisoperator.yml file (NEVISADMV4-9378)
• NEW: The used time zone can now be configured for Kubernetes deployments. For more information see: Inventory YAML file format (NEVISADMV4-9071)
• CHANGED: On the GUI, attachment properties now only allow variables to be assigned if there are no attachments. This is to prevent some edge cases, where attachments could unexpectedly disappear and re-appear when you assign or unassign a variable to the property. (NEVISADMV4-9188)
• IMPROVED: Secrets are now only mounted to pods that actually need them. (NEVISADMV4-9292)
• IMPROVED: We improved the loading time of the inventory GUI and decreased the load this screen puts on the backend. This will be more noticeable if you have many inventories that reference a lot of resources, secrets and global constants. (NEVISADMV4-9185)
• FIXED: We fixed a GUI issue in the pattern editor that in certain cases caused a KeyValue property to request an empty string to be migrated instead of displaying an empty value. (NEVISADMV4-9351)
• FIXED: We fixed a GUI issue that caused the project or the inventory selector to be out of sync from the actually selected project or inventory, if you tried to switch project/inventory when there were unsaved changes, and you selected Cancel in the confirmation dialog. (NEVISADMV4-8761)
• FIXED: We fixed a GUI issue that happened sometimes when the validation data was being loaded after a pattern change. Now pattern items' version info tooltip and the filters above the pattern list are more robust. (NEVISADMV4-8985)
• FIXED: We fixed a GUI issue related to multiline text pattern properties that occurred when un-assigning a variable and caused a technical pattern reference (var://) to be displayed as the value, instead of the actual value of the unassigned variable. (NEVISADMV4-9304)
• FIXED: We fixed a GUI issue that could cause deleted Kubernetes deployments to be shown on the Kubernetes Status page. (NEVISADMV4-9169)
• FIXED: We fixed a GUI issue that caused the secondary deployment option to be visible even when there was no primary deployment. (NEVISADMV4-9169)
• FIXED: We fixed a GUI issue, where deleted variables were still shown as a link in the pattern editor, instead of a text label. (NEVISADMV4-9223)
• FIXED: Pressing the Validate button quickly no longer causes the deployment Preview page to be empty. (NEVISADMV4-9000)
• FIXED: We fixed a GUI issue on the Managed Kubernetes Certificates screen that caused some columns to permanently disappear from the dropdown list, if any change was made to the selected columns. (NEVISADMV4-9296)
• FIXED: We fixed a GUI issue that allowed users with usernames containing invalid characters to be created. In such cases, now a validation message is displayed and the user is not created. (NEVISADMV4-9215)
• FIXED: We improved the performance of the REST API for listing inventories (GET inventories?tenantKey={tenantKey}). (NEVISADMV4-9257)
• FIXED: We improved the performance of the REST APIs for listing secrets, resources, secret-resources, and global constants. (NEVISADMV4-9257)
• FIXED: On the validation step of deployments, an incorrect warning was shown for each k8s-secret in the inventory that had a key that was at least 24 characters long. These warnings are no longer shown. (NEVISADMV4-9245)
• FIXED: Global constants no longer have their scalar values double-quoted upon being saved. The error message shown when the submitted global constant has invalid yaml syntax is also improved. (NEVISADMV4-9327)
• FIXED: Files that had no extensions when uploaded to patterns as attachments used to be given a .json extension upon being downloaded. Now, they are downloaded without an extension. (NEVISADMV4-9275)
• FIXED: We fixed an issue that errors during the Ingress creation did not cause the Deployment to fail. (NEVISADMV4-8982)

Dependency upgrades

• jackson 2.15.0 (NEVISADMV4-9199)
• jetty-rewrite 9.4.51.v2023021 (NEVISADMV4-9199)
• springdoc-openapi-ui 1.7.0 (NEVISADMV4-9199)
• groovy 3.0.17 (NEVISADMV4-9199)
• snakeyaml 2.0 (NEVISADMV4-9199)
• slf4j-api 2.0.7 (NEVISADMV4-9199)
• Logback-classic 1.3.7 (NEVISADMV4-9199)
• mariadb-java-client 3.1.4 (NEVISADMV4-9199)
• apache-el was removed (NEVISADMV4-9199)
• kubernetes-java-client 18.0.1 (NEVISADMV4-9368)
• spring-boot 2.7.14 (NEVISADMV4-9368)
• guava 32.0.1-jre (NEVISADMV4-9311)
• bcprov-jdk18on 1.75 (NEVISADMV4-9311)
• bcpkix-jdk18on 1.75 (NEVISADMV4-9311)
• spring-security 5.8.5 (NEVISADMV4-9368)
• shiro 1.12.0 (NEVISADMV4-9368)

nevisAdmin 4.19.1 Release Notes - 2023-06-05

Release information

• RPM: nevisadmin4-4.19.1.0-1.noarch.rpm
• GUI Version: FE 4.19.0-910 - BE 4.19.1.0

Notable changes and bug fixes

• FIXED: The report generation no longer fails when the project has a variable that references a secret, secret file, or file attachment.
• FIXED: Wrong autoscaling API version in nevisOperator caused deployments to fail on Kubernetes v1.26+ unless autoscaling was enabled.

nevisAdmin 4.19.0 Release Notes - 2023-05-17

Release information

• RPM: nevisadmin4-4.19.0.14-1.noarch.rpm
• GUI Version: FE 4.19.0-910 - BE 4.19.0.14

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

• CHANGED: When updating a user with PUT /api/v1/users/{userKey}, sending the user type is now mandatory. (NEVISADMV4-8956)
• CHANGED: The database connector no longer enables autocommit automatically. If you are using a custom database and need this feature, ensure that your database has autocommit enabled. (NEVISADMV4-8689)
• CHANGED: The database driver will now only accept jdbc:mariadb: by default in the connection url string. If your connection string is required to be jdbc:mysql:, add the ?permitMysqlScheme parameter. (NEVISADMV4-8689)
• REMOVED: We removed the kubernetes mode from the Generation Engine. (NEVISADMV4-8829)

Main improvement

• NEW: You can now read the logs of nevisAdmin 4 on the UI, if your nevisAdmin 4 instance is running in kubernetes. You can access the feature from the top right context menu by selecting the View Logs option. (NEVISADMV4-9087)

Notable changes and bug fixes

• NEW: MariaDB 10.6 is now officially supported. (NEVISADMV4-8689)
• NEW: Inventory and global constants can now contain yaml maps and sequences. (NEVISADMV4-8973)
• IMPROVED: In kubernetes inventories, specifying service names is now optional, if you do not override any of the default kubernetes attributes. (NEVISADMV4-8617)
• IMPROVED: The inventory editor now warns you if you set a kubernetes version attribute without quoting it. Not quoting these versions may result in unexpected behaviour. (NEVISADMV4-9094)
• IMPROVED: Patterns in the Testing category are no longer hidden by default. (NEVISADMV4-9148)
• IMPROVED: If nevisAdmin 4 runs on kubernetes, it is no longer mandatory to set the kubernetes-cluster.token and kubernetes-cluster.url attributes in inventories. (NEVISADMV4-8829)
• IMPROVED: Kubernetes pods can now be given additional custom labels. For more information see: Inventory YAML file format (NEVISADMV4-9103)
• IMPROVED: We extended the pod security options for Kubernetes deployments. For more information see: Inventory YAML file format (NEVISADMV4-9104)
• IMPROVED: Editing Global Constants is now done with a rich text editor, which helps in editing structured constants. (NEVISADMV4-9015)
• IMPROVED: It is now possible to delete kubernetes deployment from the nevisAdmin 4 GUI, on the Kubernetes Status screen.
• IMPROVED: The Project Overview is now easier to access on the nevisAdmin 4 GUI, as now it has a top level navigation item on the Configuration tab.
• IMPROVED: Displaying the variable sample value on the Project Variables screen is now not blocked when the usages take longer to load. (NEVISADMV4-9144)
• IMPROVED: On the first screen of the Deployment Wizard, the selected Project and the selected Inventory are scrolled into view if there are many items in these lists, so that you don't need to search for them in the list. (NEVISADMV4-9145)
• IMPROVED: In the Attachment Property, you can now directly create a new file by entering the file name and its content, without having to upload an existing file first. (NEVISADMV4-9107)
• FIXED: Previously, kubernetes database migration failed if the database name contained special characters.
• FIXED: Deploying to a Kubernetes cluster that uses cgroups v2 such as AKS 1.25 could result in increased memory consumption for all Java based Nevis components.
• FIXED: We fixed an issue where updating saml or ldap users could change their type to local. (NEVISADMV4-8956)
• FIXED: The Generation Engine no longer ignores the specified log level. (NEVISADMV4-8994)
• FIXED: We fixed a bug that prevented key stores from having two certificates with the same CN. (NEVISADMV4-9041)
• FIXED: Global constants are now automatically deleted if the tenant they are scoped to is deleted. (NEVISADMV4-9045)
• FIXED: The nevisadmin4 db-migration helper commands now run successfully. (NEVISADMV4-9033)
• FIXED: We improved the performance of the REST APIs for listing resources and secret-resources by optimizing the DB queries. (NEVISADMV4-9182)
• FIXED: We fixed multiple smaller GUI issues related to user and group management: adjusted table ordering, linking to users and groups from the tables, made some labels and messages more intuitive, improved search for permissions, and more. (NEVISADMV4-8980, NEVISADMV4-8979)
• FIXED: We fixed the documentation link in the dialog which notifies if a new version of nevisAdmin 4 is available. (NEVISADMV4-8849)
• FIXED: On the Kubernetes Status screen, when a secondary deployment is in progress, there was an incorrect2 warning message about some possible issues. This warning is now only shown in the correct cases. (NEVISADMV4-9080)

Dependency upgrades

• jackson 2.14.2 (NEVISADMV4-8968)
• jetty-rewrite 9.4.50.v20221201 (NEVISADMV4-8968)
• springdoc-openapi-ui 1.6.14 (NEVISADMV4-8968)
• groovy 3.0.15 (NEVISADMV4-8968)
• aspectjweaver 1.9.19 (NEVISADMV4-8968)
• jaxb-runtime 2.3.8 (NEVISADMV4-8968)
• slf4j-api 2.0.6 (NEVISADMV4-8968)
• spring-security 5.8.3 (NEVISADMV4-9137)
• spring-boot 2.7.11 (NEVISADMV4-9137)
• mariadb-java-client 3.1.2 (NEVISADMV4-8968)
• apache-el 10.1.5 (NEVISADMV4-8968)
• nimbus-jose-jwt 9.31 (NEVISADMV4-8968)
• kubernetes-java-client 17.0.1 (NEVISADMV4-8968)
• micrometer 1.10.4 (NEVISADMV4-8968)
• replaced bcprov-jdk15on:1.70 with bcprov-jdk18on:1.73 (NEVISADMV4-9129)
• replaced bcpkix-jdk15on:1.70 with bcpkix-jdk18on:1.73 (NEVISADMV4-9129)

nevisAdmin 4.18.0 Release Notes - 2023-02-15

Release information

• RPM: nevisadmin4-4.18.0.10-1.noarch.rpm
• GUI Version: FE 4.18.0-869 - BE 4.18.0.10

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

Main improvement

• NEW: Managing users, user permissions and groups is now possible in nevisAdmin 4 UI. (NEVISADMV4-8014)
• NEW: New info filter option is added to filter the patterns with info messages. (NEVISADMV4-8563)
• NEW: Added an option to comply with the restricted Pod Security Standard when deploying to Kubernetes. For more information see: Inventory YAML file format (NEVISADMV4-8905)

Notable changes and bug fixes

• NEW: We added an optional force parameter to the REST endpoint that performs inventory updates from Git. When set to true, the inventory is updated to match the remote, even in cases where the remote git history was overwritten by force. (NEVISADMV4-8820)
• IMPROVED: Project and Inventory settings screens are improved with standard project and inventory selector. (NEVISADMV4-8795)
• IMPROVED: nevisAdmin 4 will no longer apply any default pod resource limits to resources that have a custom resource block defined for them in the inventory. (NEVISADMV4-8782)
• IMPROVED: Publishing projects is now faster. (NEVISADMV4-8819)
• IMPROVED: Improved performance of the Kubernetes deployment preview by optimizing git checkouts. (NEVISADMV4-8822)
• IMPROVED: Improved the capabilities of the PUT /api/v1/permissions endpoint. Now it can assign project/inventory permissions globally, or on tenants. It can also assign tenant permissions globally. (NEVISADMV4-8858)
• IMPROVED: Bulk deleting patterns is now faster. (NEVISADMV4-8864)
• IMPROVED: Reduced the size of the database migration docker image by removing unused drivers. (NEVISADMV4-8874)
• IMPROVED: Inventory constants and global constants can now also be used in the YAML keys of inventories. (NEVISADMV4-8901)
• FIXED: If an LDAP user was not a member of any LDAP groups, then the group synchronization did not run upon user login. This issue is now fixed. (NEVISADMV4-4800)
• FIXED: Projects can no longer be deleted when they are being deployed. (NEVISADMV4-8440)
• FIXED: Project validation was sometimes skipped after deleting pattern(s) or uploading/modifying files in attachment input fields, if the related pattern's type could not be loaded. This no longer happens. (NEVISADMV4-8791)
• FIXED: Fixed an issue that the VIEW_SECRET_CONTENT_INVENTORY operation were not automatically granted for the inventory creator. (NEVISADMV4-8856)
• FIXED: Fixed an issue where you could create multiple users with the same ID by sending the user creation requests very quickly in succession. (NEVISADMV4-8868)
• FIXED: Using a private key with a passphrase caused the Kubernetes deployment to fail. (NEVISADMV4-8853)
• FIXED: Fixed an issue causing key-values defined in the inventory to be displayed as [object Object] on the variables page.
• FIXED: Changed PUT /api/v1/groups/{groupKey} API to take the groupKey from the path variable instead of the request body. (NEVISADMV4-8937)

Dependency upgrades

• Jackson 2.14.1 (NEVISADMV4-8690)
• Springdoc-openapi-ui 1.6.13 (NEVISADMV4-8690)
• Snakeyaml 1.33 (NEVISADMV4-8690)
• Jaxb-runtime 2.3.7 (NEVISADMV4-8690)
• Slf4j-api 2.0.4 (NEVISADMV4-8690)
• Logback-classic 1.3.5 (NEVISADMV4-8690)
• Commonmark 0.21.0 (NEVISADMV4-8690)
• Spring dependency-management-plugin 1.1.0 (NEVISADMV4-8690)
• Spring-security 5.8.0 (NEVISADMV4-8690)
• Mariadb-java-client 2.7.7 (NEVISADMV4-8690)
• Apache-el 10.1.1 (NEVISADMV4-8690)
• Shiro 1.11.0 (NEVISADMV4-8912)
• Nimbus-jose-jwt 9.25.6 (NEVISADMV4-8690)
• Kubernetes-java-client 16.0.2 (NEVISADMV4-8690)
• Micrometer 1.10.1 (NEVISADMV4-8690)

nevisAdmin 4.17.1 Release Notes - 2023-03-09

Release information

• RPM: nevisadmin4-4.17.1.0-1.noarch.rpm
• GUI Version: FE 4.17.0-805 - BE 4.17.1.0

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

Notable changes and bug fixes

• FIXED: We ensured, that generated JKS/PKCS12 contains all provided PEM certificates. (NEVISADMV4-9041)

nevisAdmin 4.17.0 Release Notes - 2022-11-16

Release information

• RPM: nevisadmin4-4.17.0.14-1.noarch.rpm
• GUI Version: FE 4.17.0-805 - BE 4.17.0.14

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

• The pattern key-value property is changed to separate key-value pair fields, and no longer supports separators, that is = , : , ->. If the legacy property already contains a value, you have to migrate it to a new format. For more details, see Editing Pattern Fields (NEVISADMV4-6823)

Main improvement

• NEW: You can now initiate a nevisAdmin 4 upgrade on Azure from nevisAdmin 4 UI. This is only available for new installations using the November version of the Azure deployment automation. See Azure deployment automation for detailed instructions. (NEVISADMV4-8543)
• NEW: We improved the UX of the screen navigation and actions menu. You can now access the screens from the navigation menu and the settings of the projects, and inventories from the Configuration and Infrastructure tabs. The Resources tab is introduced, which contains the global resources. (NEVISADMV4-8538)
• NEW: The pattern key-value property is changed to separate key-value pair fields. For more details, see Editing Pattern Fields. (NEVISADMV4-8630)
• NEW: We added Helm chart for installing nevisAdmin 4 on Kubernetes. (NEVISADMV4-6823)

Notable changes and bug fixes

• NEW: We added an optional force parameter to the REST endpoint that performs project updates from Git. When set to true, the project is updated to match the remote, even in cases where the remote git history was overwritten by force. (NEVISADMV4-8610)
• NEW: Pod topology spread constraints can now be configured for Kubernetes deployments. For more information see: Inventory YAML file format (NEVISADMV4-8613)
• NEW: Memory based autoscaling can now be configured for Kubernetes deployments. For more information see: Inventory YAML file format (NEVISADMV4-8614)
• NEW: We added the command line argument --enable-leader-election to nevisOperator. If leader election is enabled, nevisOperator can be used with multiple replicas. (NEVISADMV4-8764)
• IMPROVED: In case one or more custom resources failed to deploy during Kubernetes deployments, only those will be reported as failed, instead of all custom resources that were deployed to the given service. (NEVISADMV4-7853)
• IMPROVED: NevisAdmin 4 no longer leaves the deployment targets in an inconsistent state if it is shut down when a deployment is still in progress. (NEVISADMV4-8224)
• IMPROVED: You can now disable Generic Deployment patterns in Kubernetes deployments. (NEVISADMV4-8503)
• IMPROVED: We added support for secret references in the GitCredentials resource. For more information see: GitCredentials file format (NEVISADMV4-8686)
• FIXED: The publish modal could run into an error when publishing the deletion of a pattern copied into this project. The issue is now fixed. (NEVISADMV4-8488)
• FIXED: Creating an empty inventory sometimes resulted in a stacktrace being logged. This no longer happens. (NEVISADMV4-8707)
• FIXED: The REST endpoint for listing patterns now correctly includes meta information when the meta parameter is set to true. (NEVISADMV4-8709)
• FIXED: The CertificateRequest is now created by nevisOperator in the same namespace where the cert-manager Issuer resides. This makes it possible to use an Issuer from a different namespace. (NEVISADMV4-8737)
• FIXED: NullPointerException is caused by unrelated README.md changes during project update. (NEVISADMV4-8776)

nevisAdmin 4.16.1 Release Notes - 2022-10-14

Release information

• nevisAppliance: 2.202208.1010
• RPM: nevisadmin4-4.16.1.0-1.noarch.rpm
• GUI Version: FE 4.16.1-758 - BE 4.16.1.0

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

Notable changes and bug fixes

• FIXED: Updating the value of a binary global secret or global file, such as a ZIP in Secret and Files resulted in no change. (NEVISADMV4-8597)

nevisAdmin 4.16.0 Release Notes - 2022-08-17

Release information

• nevisAppliance: 2.202208.1005
• RPM: nevisadmin4-4.16.0.6-1.noarch.rpm
• GUI Version: FE 4.16.0-714 - BE 4.16.0.6

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

Notable changes and bug fixes

• NEW: Nevisadmin4 now supports login with SAML. (NEVISADMV4-8011)
• NEW: You can now edit the content of an uploaded file from the pattern property, or in the Secret & Files and Certificates screens. (NEVISADMV4-8015)
• NEW: You can now enter multi-line values when creating a global constant. (NEVISADMV4-8421)
• NEW: Patterns to set up FIDO2 are available with the standard pattern libraries. (NEVISADMV4-8439)
• IMPROVED: The deployment of a deleted project is better visualized, with more details in the Deployment History and Kubernetes Status screens. (NEVISADMV4-8324)
• IMPROVED: You can now see who promoted or rolled-back the secondary deployment. (NEVISADMV4-8075)
• IMPROVED: Ongoing deployments are now visualized better in the Deployment History and Kubernetes Status screens. (NEVISADMV4-8390)
• IMPROVED: Improved the issue tooltip which is shown when hovering over the project status. (NEVISADMV4-7892)
• IMPROVED: Display of the date and time format is improved, and shown as such: only time for today, date and time for the current year and full date format for the past year.
• IMPROVED: We improved the Git HTTPS support for Kubernetes deployments. (NEVISADMV4-8409)
• CHANGED: The SUPER_ADMIN permission no longer grants permission to create or modify users. Two new permissions are added for these purposes: CREATE_USER and MODIFY_USER. These new permissions are automatically granted to existing users with SUPER_ADMIN permission. (NEVISADMV4-8146)
• FIXED: Wrong version number of the deployed services was displayed for the promoted deployment in case the secondary deployed version was higher than the primary version. This issue is now fixed. (NEVISADMV4-8396)
• FIXED: Secrets were displayed as Unlinked in Secret and Files, if they were used in a global constant. (NEVISADMV4-8268)
• FIXED: It is no longer possible to delete the local admin user though REST. (NEVISADMV4-8408)
• FIXED: Kubernetes deployment failed if Azure DevOps repository was used. (NEVISADMV4-8377)
• FIXED: The verify client option was always set to on when enabling client certificate authentication with Kubernetes deployment. (NEVISADMV4-8459)
• UPGRADED: Various dependencies are upgraded.

nevisAdmin 4.15.0 Release Notes - 2022-05-18

Release information

• nevisAppliance: 2.202205.973
• RPM: nevisadmin4-4.15.0.10-1.noarch.rpm
• GUI Version: FE 4.15.0-660 - BE 4.15.0.10

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

Notable changes and bug fixes

• NEW: You can now add descriptions to projects in the Project Overview screen. (NEVISADMV4-8042)
• NEW: When upgrading plugin versions, in case breaking changes were introduced in patterns currently in your project, clear instructions are shown on the pattern's fields about how to adapt your configuration. (NEVISADMV4-8084)
• NEW: We introduced Global constants. They are similar to inventory constants, but they can be referenced from multiple inventories. (NEVISADMV4-8097)
• NEW: You can now view details about nevisOperator and logs on the Kubernetes Status Screen. (NEVISADMV4-8065)
• NEW: YAML literal block style format can be enabled. For details see the nevisadmin.yaml.literal-block-style.enabled property at 'Configuration Properties in the nevisadmin4.yml File' (NEVISADMV4-7813)
• IMPROVED: We improved the audit logs of many REST endpoints. (NEVISADMV4-8033)
• IMPROVED: Dates are now displayed in full format instead of friendly format. (NEVISADMV4-8134)
• IMPROVED: Project and inventory revision updates are now performed directly to head. Previously, this feature iterated through each commit until the head, but this may not be possible if there are problems with the git history. (NEVISADMV4-8045)
• IMPROVED: The generated Kubernetes resources such as Deployments, Services etc. now use the Kubernetes Recommended Labels. This causes the components to restart when nevisOperator is upgraded. (NEVISADMV4-8026)
• FIXED: We fixed an issue where some Kubernetes certificates were sometimes missing from the managed certificates screen. (NEVISADMV4-7851)
• FIXED: An unexpected error message was shown on the inventory host status screen in case a connection error occurred. This issue is now fixed. (NEVISADMV4-8024)
• FIXED: Kubernetes deployments no longer perform queries across all namespaces. This change fixes errors in namespace-restricted scenarios. (NEVISADMV4-8132)
• FIXED: If there was an error in the Managed Kubernetes Certificates screen, for example, connection to Kubernetes cluster failed, the table was not refreshed even if another inventory was selected from the drop-down. The issue is now fixed. (NEVISADMV4-7963).
• FIXED: The Category tab was still shown in the pattern even if there was no visible property. The issue is now fixed. (NEVISADMV4-7992).
• FIXED: Incorrect expiration date was displayed in Attach certificate screen when an existing certificate was selected to insert into an inventory. The issue is now fixed. (NEVISADMV4-8100)
• FIXED: Random ArrayIndexOutOfBoundsException occurred on Inventory edit, caused by a bug in SnakeYAML library. The issue is now fixed. (NEVISADMV4-8114)
• UPGRADED: Various dependencies are upgraded.

nevisAdmin 4.14.0 Release Notes - 2022-02-16

Release information

• nevisAppliance: 2.202202.963
• RPM: nevisadmin4-4.14.0.5-1.noarch.rpm
• GUI Version: FE 4.14.0-614 - BE 4.14.0.5

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

Notable changes and bug fixes

• NEW: Version controlled projects can now be reverted to a previous commit. Unlike using the deployment history rollback feature, reverting projects are not imported as read-only. (NEVISADMV4-7779)
• NEW: On the REST API, project and inventory revision updates can now also be performed directly to head. Normally, this feature iterates through each commit until the head, but this may not be possible if there are problems with the git history. Skipping straight to the head can alleviate such issues. (NEVISADMV4-7785)
• NEW: Patterns can now be deleted in batch. (NEVISADMV4-7780)
• NEW: You can now edit the descriptions of files and secret files in the Secret & Files screen. (NEVISADMV4-7786)
• NEW: Kubernetes auto-generated certificates can now be accessed under Global Settings. (NEVISADMV4-7781)
• NEW: Date and time format changed from friendly to full format in Deployment History and Kubernetes Status screens. (NEVISADMV4-7881)
• NEW: A new REST API endpoint was added for temporarily disabling project validation. (NEVISADMV4-7980)
• IMPROVED: Improved the visualization performance of the authentication flow. (NEVISADMV4-7856)
• IMPROVED: Improved the content of the error message about the Kubernetes invalid token. (NEVISADMV4-7678)
• IMPROVED: In case an instance pattern was removed, or if the same instance pattern has already been deployed from a different project, the user is warned during the validation of the deployment. (NEVISADMV4-7784)
• IMPROVED: The validation phase of deployments now warns the user if they are using the mixed versions of plugin libraries. (NEVISADMV4-7791)
• IMPROVED: A warning is now displayed during the validation phase of Kubernetes deployments if there are disabled instance patterns in the project. (NEVISADMV4-7879)
• IMPROVED: A warning is now displayed during the validation phase of Kubernetes deployments if the namespace was changed in the inventory since the last successful deployment. (NEVISADMV4-7802)
• IMPROVED: It is no longer possible to create projects, inventories or tenants with lowercase letters in their keys. (NEVISADMV4-7871)
• IMPROVED: Tenant key is no longer added in project name in Deployment History, Host Status and Kubernetes Status screens. (NEVISADMV4-7298)
• FIXED: Fixed compatibility issue with newer nginx versions when using side-by-side deployment. (NEVISADMV4-7901)
• FIXED: The details of the deployed services were not shown properly in Kubernetes Status screen after the service version reached ten (v10). This issue is now fixed. (NEVISADMV4-7871)
• FIXED: Corrected the info text in the Usage section of Variables screen, that is displayed when a variable is not referenced by a pattern. (NEVISADMV4-7841)
• FIXED: The issue on inventory color highlights in Deployment Wizard is fixed. (NEVISADMV4-7852)
• FIXED: The Service object used in the Ingress could be temporary deleted when promoting the canary deployment. (NEVISADMV4-7957)

Deprecations

• DEPRECATED: Using the Kubernetes cluster to sign the certificates when using automatic key management is now deprecated and does not work with Kubernetes 1.22. This feature is to be removed in a future release. It is recommended to use cert-manager for this purpose, for more information, see Migrating to cert-manager.

nevisAdmin 4.13.1 Release Notes - 2021-12-03

Release information

• nevisAppliance: 2.202111.950
• RPM: nevisadmin4-4.13.1.0-1.noarch.rpm
• GUI Version: FE 4.13.0-559 - BE 4.13.1.0

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

Notable changes and bug fixes

• FIXED: The nevisadmin4 rpm package integrity was wrong by default. The issue is now fixed.

nevisAdmin 4.13.0 Release Notes - 2021-11-17

Release information

• nevisAppliance: 2.202111.948
• RPM: nevisadmin4-4.13.0.6-1.noarch.rpm
• GUI Version: FE 4.13.0-559 - BE 4.13.0.6

Upgrade instructions and breaking changes

Check the upgrade instructions for nevisAppliance, RPM, or Kubernetes usage.

Notable changes and bug fixes

• NEW: Patterns are now marked as unused, if they do not contribute anything to the project's configuration. Having unused patterns usually indicates that the project is incomplete, or it contains unnecessary patterns which can be deleted.
• NEW: While making a classic deployment, you can now specify which pattern instances you want to deploy on the Deployment Wizard screen. In addition, we also display the deployed instance pattern ids in the Deployment History.
• NEW: The authentication flow of the projects can now be viewed in a full graph. The animated graph can be opened in a full screen and provides a better overview of the whole authentication flow. For more information, see the "Authentication Graph" section of the Navigating Patterns chapter in the nevisAdmin 4 technical documentation.
• NEW: The authentication graph can be accessed from the Realms in Project Overview screen.
• NEW: Patterns can now be copied as unlinked to the source pattern. With this, the same pattern can be copied multiple times without affecting the content of the already existing pattern. For more information, see the Copying Patterns chapter in the nevisAdmin 4 technical documentation.
• NEW: When copying patterns, you can now copy them with variables.
• NEW: On the REST API, secrets and inventory file attachments can now be created with custom IDs.
• NEW: When you are making a Kubernetes Secondary deployment, you can now split the traffic based on the percentage. For more information, see the Side-by-side Deployment chapter in the nevisAdmin 4 technical documentation.
• NEW: When there is a newer version of the pattern libraries for the project, an indicator icon is displayed next to the project name from where the update can be initiated.
• NEW: Data porter patterns are now available with the standard pattern libraries.
• IMPROVED: Added a new property nevisadmin.generation.engine.smart-error-recovery to make the Generation Engine continue the generation on errors. With this property turned on, the error output of the Generation Engine and the Deployment Wizard will be the same for the same project.
• IMPROVED: The authentication flow tree now loads faster.
• IMPROVED: The authentication flow tree is now generated with breadth-first algorithm instead of depth-first. Once a limit is reached, a warning indicator is displayed next to the patterns which has incomplete steps.
• IMPROVED: On Kubernetes component containers will now start with the runAsNonRoot option, instead of specifying a random UID. This is to improve compatibility with OpenShift.
• IMPROVED: While loading an authentication flow tree, an information message is displayed about the loading tree.
• IMPROVED: The inventory colour and background highlights are improved. The change is affected in Inventory Editor, Deployment wizard and inventory icon colours.
• IMPROVED: Importing a project from zip is improved with a warning message when the user tries to import the existing project. In such case, the project will be overwritten and this has to be confirmed by the user.
• FIXED: There was a flickering issue while scrolling the patterns in Pattern Master List. This issue is now fixed.
• FIXED: The details in Kubernetes Status screen were not displayed properly in a smaller screen size. This issue is now fixed.
• FIXED: The display of error messages is improved on Deployment Wizard and Pattern property editor.
• REMOVED: Patterns to set up monitoring are no longer available in the standard pattern libraries.

Deprecations

• DEPRECATED: Using the Kubernetes cluster to sign the certificates when using automatic key management is now deprecated, and the feature will be removed in a future release. It is recommended to use cert-manager for this purpose, for more information see: Migrating to cert-manager

Known issues and limitations

See also:

• Restrictions in Kubernetes-Setups
• Sizing and Usage Recommendations

nevisAdmin 4

Since 8.2411

• If you initiate a library upgrade using the update icon in the project selector bar, the upgrade notes dialog might not open. As a workaround, downgrade the library back to the old version, and initiate the upgrade from the Project Settings page.

Since 8.2405

• On startup, nevisAdmin 4 produces warning messages, such as

  Bean 'shiroConfig' of type [ch.nevis.admin.v4.infra.spring.rest.ShiroConfig$$SpringCGLIB$$0] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). The currently created BeanPostProcessor [lifecycleBeanPostProcessor] is declared through a non-static factory method on that class; consider declaring it as static instead. 
  These can be ignored.

Since 4.19:

• After deleting a deployment from the Kubernetes Status screen, the overall status of the deployment is not updated automatically, only the pods' status.
• On the Configuration tab, if a library upgrade is available for the selected Project, the upgrade icon should open the upgrade dialog, but if you are on the Project Settings screen, the dialog does not open. As a workaround, you can open the dialog from the Overview or Patterns screens.

Since 4.18:

• When managing users and groups, in some cases the nevisAdmin 4 GUI incorrectly allows assigning permissions for which the currently logged-in user does not have permission to assign. In these cases, an error dialog will be shown and the permission assignment will not be executed.

• The 4.18.0.0 flyway script could fail if the database contains a duplicated user that has groups assigned. To fix this problem, execute these scripts manually.

  1. Remove failed migration history.

     delete from flyway_schema_history where version='4.18.0.0';

  2. Delete group assigments of the duplicated users.

     delete from `group_member` where user_id not in (select min(u.id) from `user` u group by u.user_id);

  3. Restart nevisAdmin 4, the 4.18.0.0 migration script will be executed again.

Since 4.12:

• Updating an inventory attachment with a file that has a new name, does not update the reference in the inventory. This results in an outdated file name shown in the reference (inv-res-secret://<id>#fileName>).
• If there are multiple RPM nevisAdmin 4 installations on a server, the command nevisadmin4 status lists the versions of all installations under the Component field in the nevisAdmin 4 GUI, not only the currently used one.
• You cannot change the case of a letter of an already published variable. This bug does not affect unpublished variables.
• The Project summary report tab can take several seconds to load in case of very large projects.
• Loading the Pattern list can take several seconds in the case of very large projects. In such cases, the Label view or Filters function is a more convenient way to view the patterns.
• The deployment preview phase reports an error if the automatic key management setting is enabled during classic deployments. This issue does not occur if the deployment is initiated by the root user.

Fixed Issues

4.18 only:

• Deploying to a Kubernetes cluster that uses cgroups v2 such as AKS 1.25 could result in increased memory consumption for all Java based Nevis components. This is caused by a bug in the used Java version(JDK-8230305). As a workaround it's recommended to use Generic Instance Setting patterns and set the maximum heap size directly with the -Xmx option.

4.16 only:

• Updating the value of a binary global secret or global file, such as a zip in Secret and Files results in no change. As a workaround, update the value through the Swagger endpoint reachable at /nevisadmin/swagger-ui/index.html#/tenant-secret-resource-resource/update_2 for global secrets, and /nevisadmin/swagger-ui/index.html#/tenant-resource-resource/update_3 for global files.

4.15 only:

• The Used in column on Secret & Files does not contain inventories that use a secret through a global constant.
• The label of the link to access pod logs on the Kubernetes Status screen was mistakenly changed to "view operator logs" though it shows only pod logs.

4.14 only:

• If there is an error in the Managed Kubernetes Certificates screen (for example, connection to Kubernetes cluster fails), the table is not refreshed even if another inventory is selected from the drop-down. If the selected inventory is not default, by refreshing the page the issue can be resolved. Otherwise, the error needs to be fixed first.
• The Project summary report tab can take several seconds to load in case of very large projects.
• The Groovy Script Step pattern script validation does not work with 4.13.x plugins. As a workaround, you can disable the validation under Advanced Settings, or update the plugins version to 4.14+.

4.13 only:

• You can now choose the instance patterns in the Deployment Wizard for Classic deployment. By default, the last selected instance patterns will be deployed in the next deployment. If a new instance pattern is added in the meantime, that pattern is not selected automatically since the last selected option is selected by default. This behaviour will be improved in a future release.

Patterns

Automatic key management - Kubernetes deployment

In Kubernetes deployments, automatic keystores are scoped to a Kubernetes service.

To support side-by-side deployment, a post-fix is appended to Kubernetes service names.

As the service name is included in the certificate subject, it is required to generate new keystores when a service is renamed.

This can be problematic for keystores used to sign a token, because all truststores used to validate the token signature have to be updated as well.

This means that tokens signed by the previous signer are no longer accepted.

For instance, a previous signer may have used to sign a SecToken for the user, which is then stored in the session.

To avoid this problem, the following keystores are not scoped to the Kubernetes service, this applies even if side-by-side deployment is not being used:

• The internal SecToken that nevisAuth issues for itself to access nevisIDM and nevisMeta APIs.
• Application access tokens issued to the user to access applications protected by nevisProxy.

This works when no key management patterns are assigned, but it may fail when assigning an Automatic Key Store pattern. If you use Automatic Key Store patterns to sign tokens, make sure the pattern name ends with -signer.

HTTP error codes cause session loss

By default, the Virtual Host maps an ErrorFilter that handles HTTP error codes.

For security reasons, the filter is configured to remove response headers.

This behavior can lead to the loss of the nevisProxy session when an HTTP error occurs, for example while the session cookie is being renewed after a successful authentication.

For status codes 404 and 502, the headers are not reset, which makes session loss less likely.

You can opt out by adding your own HTTP Error Handling pattern.

This pattern allows you to define which status codes are handled, and for which codes the headers are kept.

You can do this using the property Keep Header Status Codes.

Assign the HTTP Error Handling pattern to relevant locations, for example, the entire Virtual Host or in applications.

Fixed Issues

Up to 4.19:

• When the folder /var/opt/keys/ is completely removed on target hosts in VM deployments, two deployments are required to recreate the key material. This is an exceptional case which occurs only during disaster recovery or nevisAdmin 4 CA renewal.