Skip to content

You are viewing documentation for Immuta version 2023.3.

For the latest version, view our documentation for Immuta SaaS or the latest self-hosted version.

cancel

Immuta v2023.3 Release Notes

Immuta v2023.3.1

Immuta v2023.3.1 was released October 26, 2023.

Bug fixes

  • Creating a governance report on all data sources failed for instances with more than 10,000 data sources.
  • Fixes to address a Snowflake table grants issue that caused data source background jobs to fail.
  • Users encountered this error when disabling Snowflake table grants: Error: Query timed out. The connection information may be incorrect. Please double check and try again.
  • If a user created a Redshift impersonation group with uppercase letters in a manual Redshift setup, Redshift created that group with lowercase letters and the impersonation role failed the validation check.
  • Attempting to GRANT SELECT on a shared view in Snowflake failed with the following error: UDF IMMUTA_PROD.IMMUTA_SYSTEM.GET_ALLOW_LIST is not secure.
  • Vulnerability: CVE-2023-45133

Immuta v2023.3.0

Immuta v2023.3.0 was released September 28, 2023.

New features

  • Databricks Unity Catalog integration: Write your policies in Immuta and have them enforced automatically by Databricks across data in your Unity Catalog metastore.
  • Users can view license usage via the Immuta API to track the number of licensed users.

Enhancements and UI changes

  • Immuta allows masked columns to be used in row-level policies in the Snowflake and Databricks Unity Catalog integrations. This feature is currently in public preview and available to all accounts.
  • Immuta can pass a client secret to obtain token credentials in the Snowflake External OAuth authentication method.
  • The data source details tab UI has been redesigned to consolidate data source connection information and remove the query editor button, the SQL connection snippets, and the copy schema button.
  • The local subscription policy builder and project subscription policy builder now align with the format of the global subscription policy builder.

Deprecations

Deprecated items remain in the product with minimal support until their end of life date.

Feature Deprecation notice End of life (EOL)
Azure Data Lake Storage 2023.3 2024.2 LTS
Legacy Amazon S3 proxy 2023.3 2024.2 LTS
Legacy audit UI and /audit API (Pull audit logs from Kubernetes and push them to your SIEM instead.) 2023.3 TBD
Azure SQL 2023.3 2024.2 LTS
Legacy Databricks SQL integration (Use the Unity Catalog integration instead.) 2023.3 2024.2 LTS
Discussions tab on projects and data sources 2023.3 2024.2 LTS
HIPAA Expert Determination 2023.3 2024.2 LTS
Query editor 2023.3 2024.2 LTS
Legacy sensitive data discovery 2023.3 2024.2 LTS
Snowflake integration with low row access policy mode disabled (Follow this Snowflake guide to enable low row access policy mode. You must also enable table grants.) 2023.3 2024.2 LTS
Tableau connector 2023.3 2024.2 LTS
Teradata 2023.3 2024.2 LTS

Bug fixes

  • The data source members tab did not display all subscribed users when a subscription policy that used advanced DSL rules with special subscription variables was enforced on the data source.
  • Global subscription policies that used the @hasTagAsGroup or @hasTagAsAttribute variable were not granting and revoking users' access to tables properly.
  • The schema evolution owner was unset when data sources were removed from a schema project.
  • Fixes to address Immuta UI performance issues.
  • Fix to prevent enabling column detection on derived data sources, as column detection is unsupported for derived data sources.
  • Users were able to change a schema project owner's role, which could leave Immuta in a state where the schema project could not be deleted.
  • If OAuth was used as the authentication method, users encountered an error when creating a data source with schema monitoring enabled or enabling schema monitoring for an existing data source.
  • If a user other than the data owner navigated to the policies page of a Snowflake or Redshift data source, the activity panel displayed that "undefined" created the data source.
  • Redshift integration fixes:
    • Fixes to the Redshift integration configuration to address the impact of a change in the Okta Redshift application, which now requires usernames to have the prefix IAM.
    • Redshift validation tests required CREATE ON PUBLIC for the Immuta system account, and it should not have been a requirement.
  • Snowflake integration fixes:
    • Immuta data sources were inconsistently linked to the Snowflake external catalog when automatically ingesting Snowflake object tags.
    • Fix to address column detection error on Snowflake data sources: TypeError: Cannot read properties of null.
    • Fix to re-sync automatic subscription policies after schema detection runs on Snowflake tables that use CREATE OR REPLACE.
    • Sensitive data discovery failed to run on data sources that were registered using Snowflake External Oauth.
    • Fix to address a validate connection error with Snowflake External OAuth.
    • Syncing a Snowflake external catalog failed on data sources with more than 300 tagged columns.
  • Vulnerabilities addressed:
    • CVE-2021-46708: Immuta no longer publishes the Swagger API, which removes the ability to exploit this vulnerability. Although the affected library is a downstream dependency of a package Immuta uses, the library that contains the vulnerability is not used by Immuta.
    • CVE-2022-25883
    • CVE-2023-37466
    • CVE-2023-37920
    • CVE-2023-38704
    • CVE-2023-41037
    • CVE-2023-41419

v2023.3 migration note

All users must be on Immuta version 2022.5 or newer to migrate directly to 2023.3.