opendistro-for-elasticsearch-security.release-notes-1.10.1.0.md

2020-09-09 Version 1.10.1.0

Support Elasticsearch version 7.9.1

Enhancements

• Remove cluster monitor check from audit transport check (#653)
• Enable or disable check for all audit REST and transport categories (#645)
• Add ability for plugins to inject roles (#560)

Bug fixes

• Remove exception details from responses (#667)
• Adding onelogin loadXML util helper to prevent XXE attacks (#659)
• Add non-null to store even non-default values in serialization (#652)
• Refactor opendistro_security_action_trace logger (#609)
• Fail on invalid rest and transport categories (#638)
• Correct a typo in the Readme file. (#607)
• Fix AccessControlException during HTTPSamlAuthenticator initialization. (#626)
• Remove unnecessary check of remote address for null (#616)
• Prevent hidden roles from being added via rolesmapping and internalusers API (#614)

Maintenance

• Support ES 7.9.1 (#706)
• Support ES 7.9.0 (#661)
• Close AuditLog while closing OpenDistroSecurityPlugin and unregister shutdown hook when closing AuditLogImpl. (#663)
• Fix unit tests failures in HTTPSamlAuthenticatorTest (#664)
• Add copyright headers for audit classes (#644)
• Clean up rest and transport header filtering (#637)
• Upgrade jackson-databind to 2.11.2 (#618)