Conjur 4.4 Released


March 12, 2015 | DevOps | Kevin Gilpin


On March 5th, 2015 we released Conjur 4.4!  This replaces version 4.3.2 from November 2014.  There are a number of improvements and added features.  Please read on for more details.

Top-level overview of new features:

  1. Improved security:  Stronger encryption and tamper-proofing of secrets at rest. Third-party cryptographic audit report is available on request.

  2. Support for secondary groups in Conjur LDAP:  Facilitates granular SSHaccess management via custom sudoers, as well as expanded possibilities for searching Conjur LDAP.

  3. Simplified and extended HA server management:  New “evoke” tool provides unified server configuration for Conjur HA management, including:

  • Configuration of a VM or bare metal server into different roles (as a standalone appliance, or any component of HA architecture)

  • Replication-based, no-downtime upgrade of HA deployments

  • Generation of seed files, which are used to establish trust and connection between various servers in HA setup.

  • Server backup and restore

  • Re-issue of SSL certificates with new altnames

  • Conjur Audit Server:  This new server capability provides export of audit records to external data stores such as Amazon RDS, ElasticSearch, Splunk, SumoLogic, etc.

  • Available as a Docker image

  • LDAP synchronization:  Conjur users and groups can be synchronized from an upstream LDAP or ActiveDirectory server.

  • Synchronization is one-way from the LDAP to Conjur.

  • Specific upstream groups can be selected for synchronization.

  • uid number and gid numbers are synchronized from the upstream system into Conjur.

  • Enables “blended” group management combining the external directory (e.g. ActiveDirectory) and native Conjur groups.

  • Audit improvements:

  • Better audit of forbidden actions

  • Support for audit limits to cap the storage needs of Conjur servers

  • New appliance platforms:

  • Conjur now is available as an LXC container. Lightweight, fast and easy to setup!

  • Conjur in VirtualBox is available for use as a development sandbox.

  • Permissions directory:  Full role graph data can be efficiently retrieved, with full support for permissions rules and visibility

If you’d like to see how these new features work in your own environment, please sign up for a free 30 day trial or contact us and we’ll answer any questions you may have.





Keep up-to-date on security best practices, events and webinars.

Share This