v5.38.104

2024 Q3 Operator Release

Update to all Private Operators on all cloud providers.

Integration Guides - UID2

AWS Marketplace
GCP Confidential Space
Microsoft Azure

Integration Guides - EUID

AWS Marketplace

Installation

docker pull us-docker.pkg.dev/uid2-prod-project/iabtechlab/uid2-operator:5.38.104-gcp-oidc
docker pull ghcr.io/iabtechlab/uid2-operator:5.38.104-azure-cc

Release Notes

Advertising Token Format Change

• Advertising token format has changed from v2 to v4.
• This impacts the advertising_token JSON response field in the /token/generate and /token/refresh endpoints, or the SDKs which consume these endpoints.
• There is no impact to participants that are correctly treating these tokens as opaque strings.
• The following information is provided as informational only, as these details will change in future token versions:
  • v2 tokens are 180 characters long and base64 encoded (alphanumeric characters and =, +, /).
    • Example v2 token: AgAACbZaXQwHNgkLuMHhc6QUdAddC5rFTw0ln+nh6fzMmEd+18U2X7bCxoA1YU1TxW8SA2MnX7vct4Lwku3nKAN/Z1d7I+bTO6W99ZYdJ8Dmc111+BqfPg9cCFtSW510lJuMm4IgN5UCskarj2P6ckHRBkBfkaX6QcervMT+imJKKGm/BA=
  • v4 tokens are 218 characters long and base64url encoded (alphanumeric characters and _, -).
    • Example v4 token: A4AAABG4juxqlIbJn8hFe3bWRFwe2DWAcxA-Pwa9a69Kodg4AsxWxIzGE-arhwG0_9VM6vSMNjbc1SR2pZ3jB4tKio6wy1rjPPb0wnYCOD_cgjAejQyZzKoHYmgHfacQ02tKpSBwG6GpmJ-Var2ZGHRKOSFkxiTI1bCDP_X0KM3WPolQzNm-Yy3_FzESugv6jfOrn6LqcAskqwoDxuCOw0yk1w

/optout/status endpoint enabled by default:

• The endpoint POST /optout/status is now enabled by default.
• See https://unifiedid.com/docs/endpoints/post-optout-status for more information.

GCP and Azure exposes metrics endpoint:

• GCP and Azure exposes Prometheus-formatted metrics on port 9080 through the /metrics endpoint.
• See documentation for more information:
  • GCP: https://unifiedid.com/docs/guides/operator-private-gcp-confidential-space#scraping-metrics
  • Azure: https://unifiedid.com/docs/guides/operator-guide-azure-enclave#scraping-metrics

AWS base AMI upgrade

AWS base AMI has been upgraded from Amazon Linux 2 to Amazon Linux 2023.

Base Docker Images:

• Azure and GCP has been upgraded to Java 21.
• Azure and GCP are now using eclipse-temurin 21.0.4_7-jre-alpine.

Other changes:

• Added information about refresh token version in the logs.
• Various bug fixes to improve system stability.

Full Changelog: v5.37.12...v5.38.104

v5.37.12

2024 Q2 Operator Release

Update to all Private Operators on all cloud providers.

Integration Guides - UID2

AWS Marketplace
GCP Confidential Space
Microsoft Azure

Integration Guides - EUID

AWS Marketplace

Installation

docker pull us-docker.pkg.dev/uid2-prod-project/iabtechlab/uid2-operator:5.37.12-gcp-oidc
docker pull ghcr.io/iabtechlab/uid2-operator:5.37.12-azure-cc

Release Notes

Enclave logs are available

This will enhance the monitoring and troubleshooting of enclaves.

1. AWS: See https://unifiedid.com/docs/guides/operator-guide-aws-marketplace.
   • Log rotation is enabled by default and can be configured by participants if necessary.
2. Azure: the logs are written to the container log for the uid2-operator container.
3. GCP: container log redirection has been enabled. The logs will be available in Logs Explorer.

Attestation Process

The URLs for the core services now form part of the attestation process, which enhances the security of the enclaves and attestation process.

Base Docker Images

The base docker image for both GCP and Azure has been updated to eclipse-temurin 11.0.22_7-jre-alpine.

Other Changes

1. The handling of expired salts has been improved.
2. The Azure container resource allocation has changed to give more resources to the skr container. This resolved an issue where the Azure Operator would fail to start.

Full Changelog: v5.26.19-56899dc0d7...v5.37.12

v5.32.16

What's Changed

• Gave the skr container more cpu and memory by @thomasm-ttd in #551
• [CI Pipeline] Released Patch version: 5.32.16 by @github-actions in #552

Full Changelog: v5.32.10...v5.32.16

v5.32.10

What's Changed

• enable tls 1.3 by @Ian-Nara in #532
• [CI Pipeline] Released Minor version: 5.31.0 by @github-actions in #533
• enable tls 1.3 by @Ian-Nara in #534
• [CI Pipeline] Released Minor version: 5.32.0 by @github-actions in #535
• revert tls enable by @Ian-Nara in #542
• [CI Pipeline] Released Patch version: 5.32.4 by @github-actions in #543
• Add a delay container start by @thomasm-ttd in #540
• [CI Pipeline] Released Patch version: 5.32.10 by @github-actions in #544

Full Changelog: v5.30.0...v5.32.10

v5.30.0

What's Changed

• Update action versions to remove warnings by @thomasm-ttd in #522
• Bug Fix, Initialize Shutdown Handler For Local Run by @Ian-Nara in #525
• Removed pre-commit and trivy-secret.yaml by @gmsdelmundo in #526
• [UID2-2831] Send Site's app name in key/sharing and key/bidstream endpoints by @asloobq in #508
• [CI Pipeline] Released Minor version: 5.30.0 by @github-actions in #527

Full Changelog: v5.29.2...v5.30.0

v5.29.2

What's Changed

• CSTG: Validate app name by @mcollins-ttd in #515
• Add a validation for Azure build by @thomasm-ttd in #521
• generate with expired salts, shutdown after 12 hours by @Ian-Nara in #478

Full Changelog: v5.28.156...v5.29.2

v5.28.156

📦 Uncategorized

• Use latest version for version_number
  • PR: #517

What's Changed

• Use latest version for version_number by @thomasm-ttd in #517

Full Changelog: v5.28.152-20c315dfc7...v5.28.156

v5.28.152-20c315dfc7

📦 Uncategorized

• UID2-2071 Enable log redirect
  • PR: #486
• UID2-3216 Set core and optout base url based on var.uid_deployment_env
  • PR: #504
• Install and configure syslog-ng on both the host and enclave
  • PR: #502

v5.26.19-56899dc0d7

2024 Q1 Operator Release

Update to all Private Operators on all cloud providers.

Integration Guides

AWS Marketplace
GCP Confidential Space
Microsoft Azure

Installation

docker pull us-docker.pkg.dev/uid2-prod-project/iabtechlab/uid2-operator:5.26.19-56899dc0d7-gcp-oidc
docker pull ghcr.io/iabtechlab/uid2-operator:5.26.19-56899dc0d7-azure-cc

Release Notes

UID2 Sharing:

• In UID2, sharing is a process for distributing raw UID2s securely between UID2 participants.
• With this round of updates, UID2 sharing is now supported for Private Operators.
• For more details, please visit: https://unifiedid.com/docs/sharing/sharing-overview.

Attestation:

• The attestation token has been replaced with an industry-standard JWT token.
• The attestation process has changed to randomize the time between attestation requests to reduce the load spikes on the UID2 Core service. This has no impact on participants running Private Operators.

Logging:

• To protect confidential data, logging has been reduced and logs are redacted where necessary.

Improvements:

• The vsock proxy used by AWS Private Operators has been updated to fix a small memory leak issue.
• Client API keys are now stored as salted hashes instead of in plaintext, for better security.

Other changes:

• The POST /token/generate and POST /token/refresh responses no longer contain user_token.

Full Changelog: v5.25.56-5cb84da6f1...v5.26.19-56899dc0d7

v5.25.56-5cb84da6f1

What's Changed

• UID2-2283 - Fixed draft release creation by @gmsdelmundo in #320
• Add ENFORCE_HTTPS environment variable by @cYKatherine in #321
• Change allowed env override to enforce_https by @cYKatherine in #323
• Only add env override for ENABLE_HTTPS by @cYKatherine in #324
• UID2-2339 create test pipeline for gcp by @cYKatherine in #315
• Add E2E test as a part of the gcp publish pipeline by @cYKatherine in #326
• Enable CSTG domain name check for E2E public operators by @mcollins-ttd in #330
• UID2-2340 Add test pipeline for Azure by @cYKatherine in #328
• Set ad token v4 percentage to 0 for private operators by @mcollins-ttd in #336
• Update shared to allow enforce jwt by @thomasm-ttd in #338

Full Changelog: v5.25.24-84ab4e3a86...v5.25.56-5cb84da6f1