diff --git a/content/enterprise_influxdb/v1/about-the-project/release-notes.md b/content/enterprise_influxdb/v1/about-the-project/release-notes.md index 1595ac5f4..79c7ec968 100644 --- a/content/enterprise_influxdb/v1/about-the-project/release-notes.md +++ b/content/enterprise_influxdb/v1/about-the-project/release-notes.md @@ -19,6 +19,30 @@ InfluxDB Enterprise builds are available. For more information, see [FIPS-compliant InfluxDB Enterprise builds](/enterprise_influxdb/v1/introduction/installation/fips-compliant/). {{% /note %}} +## v1.11.7 {date"2024-09-19"} + +### Bug Fixes + +- Log errors when RPC calls fail for `MetaExecutor` operations like + `SHOW TAG VALUES` and `SHOW TAG KEYS`. +- Prevent `GROUP BY` queries with an offset that crossed a DST boundary from failing. +- Ensure `range()` filters correctly for all years. + +### Features + +- Run the `FIPS POST` if available and log the result. +- Add support for LDAP over SSL (LDAPS). +- Improve performance of `SHOW TAG VALUES` when using FGA by optimizing queries + to be limited to only tag values the user has permission to access. + +### Other + +- Upgrade to Go 1.22.7. +- Upgrade `jwt-go`. +- Upgrade `dvsekhvalnov/jose2go` to v1.6.0. + +--- + ## v1.11.6 {date="2024-08-02"} ### Bug Fixes diff --git a/content/enterprise_influxdb/v1/administration/configure/security/ldap.md b/content/enterprise_influxdb/v1/administration/configure/security/ldap.md index 506060ece..d8830e403 100644 --- a/content/enterprise_influxdb/v1/administration/configure/security/ldap.md +++ b/content/enterprise_influxdb/v1/administration/configure/security/ldap.md @@ -164,12 +164,35 @@ enabled = true port = 389 # Security mode for LDAP connection to this server. - # The recommended security is set "starttls" by default. This uses an initial unencrypted connection - # and upgrades to TLS as the first action against the server, - # per the LDAPv3 standard. - # Other options are "starttls+insecure" to behave the same as starttls - # but skip server certificate verification, or "none" to use an unencrypted connection. + # Valid settings: none, starttls, starttls+insecure, ldaps, ldaps+insecure. + # The recommended security is "starttls", which is the default. This uses + # an initial unencrypted connection and upgrades to TLS as the first action + # against the server, per the LDAPv3 standard. + # Another secure option is "ldaps", which starts the connection over + # TLS instead of upgrading like "starttls". This generally requires a + # dedicated port (usually 636). "starttls" is generally preferred + # to "ldaps". + # Other options are "starttls+insecure" and "ldaps+insecure" which behave + # the same as "starttls" and and "ldaps" respectively, except they ignore + # server certificate verification errors. + # Finally, "none" does not use TLS. This is not recommended for + # production systems. security = "starttls" + + # Client certificates to present to the LDAP server are supported with + # "client-tls-certificate" and "client-tls-private-key" configurations. + # These are paths to the X.509 client certificate and corresponding private + # key, respectively. If "client-tls-certificate" is set but + # "client-tls-private-key" is not, then "client-tls-certificate" is assumed + # to bundle both the certificate and private key. + # The LDAP server may request and require valid client certificates + # even when InfluxDB is configured with an insecure TLS mode that ignores + # LDAP server certificate errors. + # Not all LDAP servers will request a client certificate. It is not + # necessary to set "client-tls-certificate" and "client-tls-private-key" + # if the LDAP server does not require client certificates. + client-tls-certificate = "/var/run/secrets/ldapClient.pem" + client-tls-private-key = "/var/run/secrets/ldapClient.key" # Credentials to use when searching for a user or group. bind-dn = "cn=read-only-admin,dc=example,dc=com" diff --git a/data/products.yml b/data/products.yml index bb1b7a24e..4c4920347 100644 --- a/data/products.yml +++ b/data/products.yml @@ -113,7 +113,7 @@ enterprise_influxdb: - v1.7 latest: v1.11 latest_patches: - v1: 1.11.6 + v1: 1.11.7 flux: name: Flux