Skip to content

Immuta v2022.5.0 Release Notes

Immuta v2022.5.2

Immuta 2022.5.2 was released January 23, 2023.

v2022.5.2 Bug Fixes

  • Snowflake, Redshift, and Azure Synapse integrations:

    • If a combined global subscription policy was applied to a data source and a user updated a global data policy (create, update, delete) that also applied to that data source, the data policy was not applied to the data source. Consequently, a user querying that table could see values of masked columns in plaintext.
    • If an existing global subscription policy and an existing global data policy applied to the same data source, then modifications to that data source (or the creation of a new data source targeted by those policies), only the global subscription policy was applied to the data source. Consequently, a user querying that table could see values of masked columns in plaintext.
  • Vulnerability: CVE-2022-40899

Immuta v2022.5.1

Immuta 2022.5.1 was released January 16, 2023.

v2022.5.1 Bug Fixes

  • Data source governance report failed to generate in environments with over 2,300 data sources and 2,000 users.
  • Unity Catalog token sync job caused ERR_INVALID_ARG_TYPE error.
  • When Unity Catalog was enabled, users couldn't register data sources from the legacy hive_metastore.
  • Vulnerability: CVE-2022-23529

Immuta v2022.5.0

Immuta 2022.5.0 was released December 15, 2022.

v2022.5.0 Features and Changes

  • Databricks Spark Integration with Unity Catalog Support: Enable Unity Catalog support on Immuta clusters to use the Metastore across your Databricks workspaces and enforce Immuta policies on your data. This integration provides a migration pathway for you to add your tables in Unity Catalog while using Immuta policies. Consequently, when additional Unity Catalog features are available, you will be ready to use them. Databricks SQL policies will continue to be enforced through a view-based method, and interactive cluster policies through the Immuta plugin method.
  • Databricks Runtime 11.2 support.
  • Write Fewer, Simpler ABAC Policies. Enhanced Subscription Policy Variables (Public Preview) empower users to write fewer, simpler ABAC (Users with Specific Groups/Attributes) policies. Previously, policy writers had to specify groups in separate policies to grant access. With Enhanced Subscription Policy Variables, Immuta's policy engine compares users' groups with data source or column tags in a single policy to determine if there is a match. Users who have a group that matches a tag on a data source or column will be subscribed to that data source.
  • Tag Enhancements (Public Preview): Tag enhancements include various UI updates that improve user experience.
  • Immuta supports registering data sources that exceed 1600 columns. However, users will not be able to run data source health checks or Sensitive Data Discovery on these data sources because of Postgres limitations.
  • The maximum length for the Snowflake role prefix when using Snowflake Table Grants is 50 characters.
  • Users cannot enable or disable native impersonation when editing a previously configured integration.
  • Collibra integration performance improvements.
  • Collibra integration recognizes the implicit relationship between the Database View in Collibra and Immuta data source columns so that tags are properly applied to those columns in Immuta.
  • The Immuta V1 API /dataSource endpoint returns the remote table name so that users can get the schema and table name of a data source in one API call.

v2022.5.0 Bug Fixes

  • The data source Relationships tab only displayed up to 10 associated projects.
  • If creating the Immuta database failed in the Snowflake without Snowflake Governance Controls or Databricks SQL integration, the error returned was incorrect.
  • Removed historical schema monitoring metrics that contained database connection strings.
  • Subqueries that referenced a table that didn't exist never resolved.
  • Policies:
    • Disabling a Global conditional masking policy on a data source could sometimes disable all policies or none of the policies on the data source.
    • If users submitted a Global Policy payload to the API that was missing the subscriptionType from the actions, the Global Policies page broke when trying to display Subscription Policies.
    • Global Subscription Policies that contained the @hasTagAsAttribute variable caused errors and degraded performance.
    • Snowflake with Snowflake Governance Features: Changing a column's masking policy type resulted in errors until users manually synced the policy in Immuta.
  • Azure Synapse Analytics: If a user was granted access to around 1300 data sources, access to those tables was delayed.
  • Deleting an integration on the App Settings page and saving the configuration caused the Immuta UI to crash.
  • Redshift:
    • Users were unable to query tables that had a policy with a Limit usage to purpose(s) <ANY PURPOSE> applied to them.
    • There were error-handling inconsistencies between the Immuta UI and the database logs.
    • When configured with ADFS, the Redshift integration was not creating views for Immuta data sources properly.
  • Alternative owners of data sources were not included in the subscription audit records if the data source was created using the Immuta V2 API.
  • Snowflake Table Grants: If a user who was added to a Snowflake data source through a group Subscription Policy was removed from a data source, that user could see the columns (without any data) of the table when they queried that data in Snowflake.
  • When users edited a Snowflake integration configuration and changed the authentication type to Snowflake External OAuth, the configuration was still saved as Username and Password for the authentication type.
  • Users could not create an S3 data source in the Immuta UI when they selected override host in the data source creation workflow. Doing so caused an Invalid S3 URL error.
  • Vulnerabilities:
    • CVE-2022-3517
    • CVE-2022-37616
    • CVE-2022-39299
    • CVE-2022-39353

v2022.5.0 Known Bugs

  • Editing a schema project to a database that already exists fails.
  • Users cannot create an S3 data source using an instance role using the UI; they must use the API.

v2022.5.0 Deprecations and Breaking Changes

CentOS Upgrade

Immuta's upgrade to CentOS 9 has the potential to impact your environment. See the changes described below for guidance.

ODBC Drivers

Your ODBC drivers should use a driver compatible with Enterprise Linux 9 or Red Hat Enterprise Linux 9.

Container Runtimes

You must run a supported version of Kubernetes (or a recent version of Docker for SND installations). See Supported Software Versions for details.

  • Single Node Docker Customers: Use at least Docker v20.10.10.

  • Kubernetes Customers:

OpenSSL 3.0

CentOS Stream 9 uses OpenSSL 3.0, which has deprecated support for older insecure hashes and TLS versions, such as TLS 1.0 and TLS 1.1. This shouldn't impact you unless you are using an old, insecure certificate. In that case, the certificate will no longer work. See the OpenSSL migration guide for more information.

FIPS Environments

If you run Immuta 2022.5.x containers in a FIPS-enabled environment, they will now fail. Helm Chart 4.11 contains a feature for you to override the openssl.cnf file, which can be used to allow Immuta to run in your environment, mimicking the CentOS 7 behavior.

Removed Databases

The following databases have been removed from the product.

Database Deprecation Notice End of Life (EOL)
Custom 2022.3 2022.5
KDB 2022.3 2022.5
MariaDB 2022.3 2022.5
Persisted 2022.3 2022.5

Deprecated Features

Deprecated items remain in the product with minimal support until their end of life date.

Feature Deprecation Notice End of Life (EOL)
Apache Hive 2022.5 2023.1
SAP Hana 2022.5 2023.1
Teradata Native Lite 2022.5 2023.1
Vertica 2022.5 2023.1

v2022.5.0 Migration Notes

  • All users must be on Immuta version 2020.2 or greater to migrate directly to 2022.5.