Immuta v2024.2.20
Immuta v2024.2.20 was released June 27, 2025.
When a table was changed to or recreated as a view (or vice versa), schema detection did not track those changes. This issue caused policy application failures, since statements such as ALTER TABLE would fail when applied to a view.
Immuta v2024.2.19
Immuta v2024.2.19 was released May 16, 2025.
When users attempted to apply tags to data source columns that contained a | character in their column name, they received an error stating that the specified column didn't exist.
The version badge on the Immuta login page for this release displays 2024.2.18 instead of 2024.2.19.
Immuta v2024.2.18
This release was skipped.
Immuta v2024.2.17
Immuta v2024.2.17 was released May 9, 2025.
Behavior change
Disabled data source behavior for Azure Synapse Analytics, Databricks Unity Catalog, Google BigQuery, Redshift, and Snowflake integrations: Immuta will remove all policies on disabled data sources for these integrations.
Previous behavior: Disabling a data source triggered a lockdown policy, which revoked all users’ access until the data source was either deleted from Immuta or re-enabled.
New behavior: Disabling a data source will remove existing Immuta policies and prevent Immuta from adding new policies until the data source is re-enabled. Immuta policies will be removed from currently disabled data sources. For view-based integrations (Azure Synapse Analytics, Google BigQuery, and Redshift), if a user disables an object in Immuta, the Immuta-created view will be deleted.
To enable this behavior for your tenant, add the following snippet to the Advanced Settings section on the app settings page:
Databricks Unity Catalog integration: Users encountered the following error when applying a data policy on a data source after setting up the integration: [INSUFFICIENT_PERMISSIONS] Insufficient privileges: Table '__immuta_user' does not have sufficient privilege to execute because the owner of one of the underlying resources failed an authorization check. This release includes an update to the integration configuration script to grant the Immuta service principal the required privilege.
Fixes to address a race condition in the V1 API DELETE /dataSource/{dataSourceId} endpoint that caused Snowflake policies to be out-of-sync.
Immuta v2024.2.16
Immuta v2024.2.16 was released March 27, 2025.
Snowflake integration upgrade: Fixed issue that caused validation failures when the casing of the IMMUTA_SYSTEM_ACCOUNT login name was different from the credentials provided.
Vulnerabilities addressed:
Immuta v2024.2.15
Immuta v2024.2.15 was released March 17, 2025.
Users could not delete a tag that had been associated with a framework unless they deleted the framework.
After an Immuta upgrade, there were discrepancies between Impala FeatherLite hashing data policies.
In Databricks Unity Catalog, policies were not being properly applied to columns with names that included special characters.
Immuta v2024.2.14
Immuta v2024.2.14 was released January 31, 2025.
Schema monitoring failed in Snowflake integrations that used an Okta proxy in the additional connection string options field.
Fixes to reduce the file size of the system status bundles.
Vulnerability addressed: CVE-2025-22150
Immuta v2024.2.13
Immuta v2024.2.13 was released January 22, 2025.
Databricks Unity Catalog integration: This release includes updates to the Databricks Unity Catalog integration to use Databricks paginated APIs, since Databricks will deprecate all unpaginated APIs in February 2025.
In versions older than 2024.2.13, Immuta uses many unpaginated Databricks APIs for policy enforcement. Performance will be impacted for customers on self-managed versions that still rely on those deprecated APIs, as they will be severely rate limited.
The Immuta Enterprise Helm Chart was not correctly deploying a load balancer for the right service.
Immuta v2024.2.12
Immuta v2024.2.12 was released December 19, 2024.
Data source health status was updated with the wrong handler.
Fixes to address Snowflake integration validation errors that occurred after an upgrade.
The exclude query text advanced configuration option failed when using the Starburst (Trino) integration without Elasticsearch.
Immuta v2024.2.11
Immuta v2024.2.11 was released December 12, 2024.
Data source health status was updated with the wrong handler.
Vulnerabilities addressed:
Immuta v2024.2.10
Immuta v2024.2.10 was released November 21, 2024.
Performance improvements to the policy page.
The /api/v2/data endpoint was not properly adding a data source to the domain specified by the domainCollectionId attribute.
Vulnerability addressed: CVE-2024-21534
Immuta v2024.2.9
Immuta v2024.2.9 was released October 31, 2024.
The /api/v2/data endpoint was not properly adding a data source to the domain specified by the domainCollectionId attribute.
OpenID Connect identity providers that had HTTP_PROXY, HTTPS_PROXY, or NO_PROXY environment variables configured failed with connection errors.
Immuta v2024.2.8
Immuta v2024.2.8 was released September 27, 2024.
Various SCIM API calls returned a 404 status, even though the updates were successful.
Immuta v2024.2.7
Immuta v2024.2.7 was released September 26, 2024.
New features and enhancements
Authentication change to accommodate Snowflake moving away from password-only authentication: This release includes updates to our integration setup script to accommodate Snowflake beginning to transition away from password-only authentication for new accounts. When configuring an integration manually for a new Snowflake account, Immuta provides an updated manual setup script that permits password-only authentication by differentiating it as a legacy service with an additional parameter. Existing integrations will continue to function as-is.
Users on Immuta versions 2024.2.6 and older must use the manual setup option to configure the Snowflake integration. To use the automatic setup option to configure the Snowflake integration, users must upgrade to 2024.2.7.
The authorizations attribute will now be excluded from the if the requesting user does not have the USER_ADMIN Immuta permission.
Users could not select Immuta as their IAM on the login screen and were only able to see their LDAP IAM in the dropdown menu.
Fixes to remove orphaned handler objects.
Immuta v2024.2.6
Immuta v2024.2.6 was released September 11, 2024.
Resolved an issue that prevented users from being able to subscribe to Redshift data sources.
The following attributes will now be excluded from the if the requesting user does not have the USER_ADMIN Immuta permission:
Immuta v2024.2.5
Immuta v2024.2.5 was released September 6, 2024.
Updated encryption of information related to REST catalog passwords in the system bundle.
Existing Snowflake and Redshift integrations did not migrate properly after an upgrade.
Users encountered a JSON parsing error when querying Redshift data sources if policies were applied that contained backslashes in user attributes.
Bug fix with breaking API change
Only users with the permission are authorized to use the endpoint; users without that permission will be blocked and get a 403 status returned.
Immuta v2024.2.4
Immuta v2024.2.4 was released August 9, 2024.
Databricks Unity Catalog ARRAY, MAP, and STRUCT type columns support masking with NULL.
In some instances, data and subscription policies remained in a pending state and were not applied to data in the remote platform.
Addressed issues that prevented Starburst (Trino) from working properly with the query engine disabled.
Fix to address the New tag being incorrectly applied to data sources and locking down access to data.
Immuta v2024.2.3
Immuta v2024.2.3 was released July 26, 2024.
Previously, data source tasks were created for all events discovered by schema monitoring. Now, the following events will only have data source tasks created if there is a policy targeting the auto-applied New tag:
Immuta would allow for the data dictionary to be updated to empty, but this empty state was not supported by backend functions.
External user IDs failed to save if the username contained a psql slash command ("\e", "\t", "\q", etc.).
Data sources in view-based integrations were sometimes locked down and inaccessible to users after being registered in Immuta, even if no policies applied to them.
Immuta v2024.2.2
Immuta v2024.2.2 was released June 25, 2024.
Comply with column length and precision in a Snowflake masking policy: Snowflake is soon requiring the outputs of masked columns to comply with the length, scale, and precision of what the Snowflake columns require. To comply with this Snowflake behavior change, Immuta truncates the output values in masked columns to match the Snowflake column requirements so that users' queries continue to complete successfully.
Vulnerabilities addressed:
Immuta v2024.2.1
Immuta v2024.2.1 was released June 7, 2024.
Trino universal audit model available with Trino 435 using the Immuta Trino plugin 435.1: For customers that are using EMR 7.1 with Trino 435.1, and have audit requirements, the Immuta Trino 435.1 plugin now supports audit in universal audit model. The Immuta Trino 435.1 plugin audit information is on par with Immuta Trino 443 plugin. The Immuta Trino 435.1 plugin is supported on SaaS and 2024.2 and later.
Data owners can now see audit events for the data sources that they own without having the AUDIT Immuta permission: Data owners can see query events for their data sources on the audit page, data overview page, data source pages, and the data source activity tab. They can also inspect Immuta audit events on the audit page and activity tab for the data sources they own. This enhancement gives data owners full visibility of activity in the data sources they own.
Fixes to address issues that caused Immuta to fail passing the SSL cert supplied by customers using an external metadata database.
IAM integrations that had SCIM enabled did not support backslashes \ in usernames.
Immuta v2024.2.0
Immuta v2024.2.0 was released May 10, 2024.
Immuta Detect is a tool that monitors your data environment and provides analytic dashboards in the Immuta UI based on audit information of your data use.
: Immuta Detect monitors help you surface non-compliant data combinations and maintain data availability through data platform configuration changes. Monitors can notify you when user activity metrics exceed your intended operating thresholds. Monitors work with query tags, query execution outcomes, and Immuta Discover classification sensitivities when enabled.
: For a query that joins tables, Immuta uses the same classification rules applied to tables and applies those rules to columns of the query. Immuta applies a new set of classification tags to the query columns and calculates sensitivity for the query event in the audit record. These query classification tags are not included on the table's data dictionary.
: Over 90 audit events are captured and can be exported to S3 or ADLS Gen2. See the full list of supported events on the
Immuta Discover
: Native SDD is available for Snowflake and Databricks in general availability, and Starburst (Trino) and Redshift in private preview. Native SDD automatically discovers and tags your data based on the identifiers it matches but, unlike non-native SDD, it does not persist or move any of your data. It is enabled by default.
SDD tag context: Native SDD leaves legacy SDD tags in place when they are not found upon a subsequent re-scan of a data source. Customers who begin using native SDD can see results with no impact to prior legacy SDD tags. See the .
: In addition to read operations, Immuta's Starburst (Trino) and Amazon S3 integrations now support fine-grained access permissions for write operations.
: Row- and column-level policies can now account for purposes and projects for additional security. With this policy configuration, a user will only be able to view the data the policy applied to if they are acting under a certain purpose and that data is within their current project. Purpose exception policies ensure data is only being used for the intended purposes.
Support protecting more than 10,000 objects with Unity Catalog row- and column- level policies: Users can now mask more than 10,000 columns or tables with row filters, removing the previous limitation in the Unity Catalog integration. This enhancement provides greater flexibility and scalability for data masking operations, allowing users to effectively secure sensitive data across larger datasets.
User experience updates
Improved user experience for managing users, data sources, and policies in public preview: This deployment includes significant user experience updates focused on enhancing Immuta's key entities: users, data sources, and policies.
The People section has a more intuitive experience with notable changes. Users and groups have been split into two separate tabs. The first tab provides an overview of a user or group, while the second tab contains detailed settings, such as permissions, attributes, and associated groups.
Another enhancement in the People section is the new Attributes page, which centralizes all information about an attribute, including the users or groups it applies to.
Dark mode and other usability updates
The new user profile page separates information better and makes it easier to understand.
Keyboard shortcuts are now available for some common functions. Keep an eye out for in-app guidance that helps with how to use them.
The account menu is wider for better readability and now has an option to toggle between light and dark mode. By default, Immuta still uses your browser settings.
Deprecations and breaking changes
Deprecation announcements
Deprecated items remain in the product with minimal support until their end of life date.
Feature
Deprecation notice
End of life (EOL)
Removed features (EOL)
Feature
Deprecation notice
End of life (EOL)
Breaking changes
Change to POST /tag/{modelType}/{modelId} endpoint: The POST /tag/{modelType}/{modelId} endpoint (which adds tags to models that can be tagged, such as data sources and projects) can only apply tags that exist to these models. This update presents one breaking change: A 404 status will now be returned with the tag(s) that were not valid instead of a 200 status, and no tags will be processed if any invalid tags are found.
v2024.2 migration notes
You must be on Immuta version 2022.5 or newer to migrate directly to 2024.2.
Integrations API: If you did not have integrations API turned on prior to 2024.2.0, when the tenants are restarted after upgrading, the system will perform a short migration of the integrations from the global configuration to the new integrations bometadata tables in support of integrations API.
