Skip to content

Release: Java SDK v17.1.4 #897

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
stas-schaller wants to merge 15 commits into
base: master
Choose a base branch
from
Open

Release: Java SDK v17.1.4 #897

stas-schaller wants to merge 15 commits into from

Conversation

@stas-schaller
Copy link
Contributor

@stas-schaller stas-schaller commented Jan 8, 2026
edited
Loading

Summary

Release Java SDK v17.1.4 with security fix for file permissions, bug fixes for notation handling, and Gov Cloud Dev support.

Changes

Security Fixes

  • KSM-699: Fix file permissions for config.json and cache.dat
    • Config and cache files now created with 0600 permissions (owner read/write only)
    • Fixes vulnerability where sensitive data was world-readable
    • Existing config files retain permissions until SDK modifies them
    • New files created with owner-only permissions (0600 on Unix, equivalent on Windows)
    • Multi-user workflows sharing config files will need to manage permissions manually

Bug Fixes

  • KSM-733: Fix notation error with duplicate UIDs from shortcuts
    • Resolves error when an application has access to both an original record and its shortcut (same UID appears multiple times in getSecrets() response)
    • Implements deduplication by UID, keeping only the first occurrence
    • Preserves correct ambiguity detection for title-based lookups (multiple records with same title)
    • Follows pattern established in .NET SDK PR KSM-724 Fixed duplicate UID issue with GetNotation #883

Features

Maintenance

  • Upgrade gradle-build-action to setup-gradle@v4 in GitHub Actions workflows

Related PRs

Compatibility

Backward compatible with v17.1.3:

  • No API changes
  • Can read existing config files
  • Behavior change: New/modified config files get secure permissions (0600)
  • Multi-user workflows sharing config files will need manual permission management after upgrade

This is a patch release with security improvements and bug fixes.

maksimu and others added 15 commits December 29, 2025 12:22
@maksimu
KSM-738: Add missing PAM connection settings fields
3ddbf6d 
Add fields to match Vault VAUL-7662:
- PamSettingsConnection: RDP, Terminal, SSH, VNC, Kubernetes fields
- PamRbiConnection: audio and clipboard fields
- PamSettingsPortForward: local port fields
@stas-schaller
Merge pull request #889 from Keeper-Security/KSM-738-add-missing-pam-…
08dacc4 
…connection-settings-fields

KSM-738: Add missing PAM connection settings fields
@stas-schaller
feat(workflows): add automated Maven Central verification
4328ac2
@stas-schaller
chore: bump version to 17.1.3 and update CHANGELOG
8df0b04
@stas-schaller
test: add comprehensive tests for PAM connection fields
46f4ece
@stas-schaller
docs: add PAM field access example to hello-secret
439561f
@stas-schaller
chore: upgrade gradle-build-action to setup-gradle@v4
ea697b9
@stas-schaller
KSM-742: add transmission public key #18 for Gov Cloud Dev support
92f74bf
@stas-schaller
Merge pull request #896 from Keeper-Security/feature/KSM-742-add-key-…
9aedb25 
…18-java

KSM-742: add transmission public key #18 for Gov Cloud Dev support
@stas-schaller
KSM-733: fix notation error with duplicate UIDs from shortcuts
f0de769 
When a KSM application has access to both an original record and its shortcut, the same UID appears multiple times in getSecrets() response. Previously this threw an error. Now we deduplicate by UID to keep only the first occurrence, following the pattern from .NET PR #883. Title-based lookups still correctly detect genuine ambiguity (multiple records with same title).
@stas-schaller
Merge pull request #901 from Keeper-Security/KSM-733-fix-duplicate-ui…
77762d3 
…d-java

KSM-733: Fix notation lookup with record shortcuts (duplicate UID bug)
@stas-schaller
docs: update README with v17.1.4 changelog
44c868a
@stas-schaller
KSM-699: fix file permissions for config.json and cache.dat
8bb1e0f 
Set file permissions to 0600 (owner read/write only) for security.

Changes:
- saveCachedValue(): Set permissions on cache.dat after creation
- LocalConfigStorage.saveToFile(): Set permissions on config file after write
- Uses POSIX permissions on Unix/Linux/macOS (rw-------)
- Falls back to File.setReadable/setWritable on Windows

Fixes: https://keeper.atlassian.net/browse/KSM-699
@stas-schaller
Merge pull request #916 from Keeper-Security/KSM-699-secure-file-perm…
39084ee 
…issions

KSM-699: Fix file permissions for config.json and cache.dat
@stas-schaller
docs: update CHANGELOG for v17.1.4 with KSM-699 security fix
507b493
@stas-schaller stas-schaller marked this pull request as ready for review January 21, 2026 19:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@stas-schaller @maksimu