Immuta v2022.3.0 Release Notes

Immuta v2022.3.2

Immuta 2022.3.2 was released October 24, 2022.

v2022.3.2 Bug Fixes

• When configured with ADFS, the Redshift integration was not creating views for Immuta data sources properly.
• Vulnerability: CVE-2022-39299

v2022.3.2 Known Bugs

• Editing a schema project to a database that already exists fails.
• Users cannot create an S3 data source using an instance role using the UI; they must use the API.

Immuta v2022.3.1

Immuta 2022.3.1 was released October 4, 2022.

v2022.3.1 Bug Fix

• A migration issue prevented customers who were using an External Metadata Database from upgrading Immuta.

v2022.3.1 Known Bugs

• Editing a schema project to a database that already exists fails.
• Users cannot create an S3 data source using an instance role using the UI; they must use the API.

Immuta v2022.3.0

Immuta 2022.3.0 was released September 30, 2022.

v2022.3.0 New Features

General Availability

• Use the latest Databricks Runtime with Immuta. Databricks Runtime 11.0 is now supported in Immuta.
• Connect Snowflake data to Immuta without providing your account credentials. Immuta supports Snowflake External OAuth as a non-password authentication mechanism when configuring the Snowflake integration or creating Snowflake data sources.

Public Preview

• Let Immuta manage privileges on your Snowflake tables instead of manually granting table access to users. With Snowflake table grants enabled, Snowflake Administrators no longer have to manually grant table access to users; instead, Immuta manages privileges on Snowflake tables and views according to the subscription policies on the corresponding Immuta data sources.

• Ensure that policies are adequately reviewed and approved before they are eligible for production environments. Instead of creating policies directly in production, Approve to Promote allows policy authors to create, assess, and revise policies in a policy-authoring environment. Then, the policy must be approved by a configured number of users before it is promoted to the production environment and enforced on data sources.

v2022.3.0 Bug Fixes

• IAMs:
  • LDAP users with parentheses in their common name caused authentication to fail when group sync was enabled.
  • Okta/SCIM: When adding users to Okta to sync with Immuta, TypeError: attributeValues is not iterable appeared in the logs.
  • Azure Active Directory: When SCIM was enabled for Azure Active Directory, sometimes user attributes were removed from users in Immuta when they should not have been.
• Policies:
  • Automatic Subscription policies could cause out of memory issues if they added about 300 users to a data source.
  • Advanced Subscription Policies: If an advanced Subscription policy that did not contain special variables was created, customers with over 100,000 users could experience OOM issues.
  • Users were unable to edit Global policies that were not on the first page of results.
  • Global subscription policies that were applied “When selected by data owners” could not be deleted when using Approve to Promote.
  • If a Global Subscription policy was disabled for a data source, staging that Global policy on the policies page caused the Subscription policy to change on the data source.
  • Local policies using @columnTagged() were not properly applied to data in Databricks when the column was tagged.
• Projects:
  • Project owners could not edit projects with approved purposes and data sources.
  • The baseline percent null values could not be adjusted for k-anonymized columns on the Expert Determination tab in projects.
• Snowflake:
  • In the Snowflake Governance features integration, unmasked data was sometimes visible for a fraction of a second while data policies were being applied.
  • Instances that used the Snowflake integration without Snowflake Governance features were sometimes automatically migrated to using Snowflake Governance features when upgrading to Immuta v2022.3.0.
• Vulnerability:
  • CVE-2022-25647
• When adding an S3 data source using instance roles, the prefix set by the user was not added to the handler metadata.
• Sensitive Data Discovery and data source health checks did not run when the Query Engine was disabled.
• Tags sometimes did not update on data sources if those tags were quickly added or removed, which could cause policies to not be updated.
• The data source page sometimes took several minutes to load if there were over 100,000 data sources registered in Immuta.
• If a user was a member of a large number of groups (about 2,000), the UI search was sometimes slow.
• When searching for data sources on an instance with over 30,000 data sources and tables with complex struct columns, the search could take several minutes to return or freeze the Immuta instance.
• An Adobe Font requirement caused timeout issues in the Immuta UI.

v2022.3.0 Known Bugs

• Editing a schema project to a database that already exists fails.
• Users cannot create an S3 data source using an instance role using the UI; they must use the API.

Deprecations and Breaking Changes

Deprecated Databases

Deprecated items remain in the product with minimal support until their end of life date.

Breaking Change

• The undocumented deletedHandlerSubscribers attribute, which indicates a subscription policy changed, was removed from the data source notifications webhook payload. If you were depending on that attribute in your customized webhooks, that code won't work.

v2022.3.0 Migration Notes

• Upgrade to Helm 4.9.6 before upgrading to Immuta v2022.3.0.
• IAM Signing Certificate Required for SAML. If you are using SAML integrations, you are required to upload your IAM signing certificate to Immuta to accept patch and roll-up releases. Announced in 2022.1.0.
• All users must be on Immuta version 2020.2 or greater to migrate directly to 2022.3.