ACRA 0.80.0 RELEASE
This release is dedicated to usability and unification. Many components of Acra have been renamed. We believe that the updated names will decrease confusion about the components' functions and will make Acra's setup and usage process easier. The new names also align better with the common package naming practices.
We couldn’t find a day inauspicious enough to release Acra 0.80.0, but decided that that last day of spring is still quite special :) Here are the changes in the new release:
● Renaming — global renaming of Acra’s components and their configuration parameters.
|Old name||New name||Function|
|AcraServer||AcraServer||decrypts data from the database|
|AcraWriter||AcraWriter||encrypts data on the client side|
|AcraProxy||AcraConnector||encrypts traffic between the client and the server using Themis Secure Session|
|AcraCensor||AcraCensor||firewall, part of AcraServer, blocks suspicious SQL requests to the database|
|AcraConfigUI||AcraWebConfig||lightweight HTTP web server for managing AcraServer's certain configuration options|
|Old name||New name||Function|
|acra_rollback||AcraRollback||decrypts the whole database|
|acra_genkeys||AcraKeymaker||generates encryption keys for storage and transport of the Acra components|
|acra_genauth||AcraAuthmanager||generates user accounts for AcraWebConfig|
|acra_genpoisonrecord||AcraPoisonRecordMaker||generates poison records for databases|
|acra_addzone||AcraAddzone||generates Zones' header for AcraWriter|
We’ve Improved SSL/TLS connections between AcraServer <-> AcraConnector and AcraServer <-> database. Added TLS authentication mode (tls_auth) argument to the AcraServer/AcraConnector configuration files:
- for AcraConnector it indicates how to authenticate AcraServer during a TLS connection;
- for AcraServer it indicates how to authenticate database during a TLS connection.
We’ve updated TLS configuration to provide other less strict authentication methods (do not authenticate client from server, ask for any certificate, ask and check) (#171).
● SQL requests filtering
- Added support of filtering SQL requests for PostgreSQL databases. Now you can setup AcraCensor rules for both MySQL and PostgreSQL databases (#177).
- Improved QueryCapture: AcraCensor writes allowed/blocked queries into a separate log file without blocking the main process (#176, #172). Please see a detailed description of AcraCensor on the corresponding AcraCensor documentation page.
● AcraWriter in Ruby
● Key Handling
Added `make keys` target in the Makefile: one command now generates keys and places them into correct folders for all Acra components (#182, #181). Also we’ve improved handling of master key length longer than 32 bytes (#183).
- Updated notification when AcraConnector is launched in an environment without `netstat` (#167).
● Even better Docker support!
Added more ready-to-use Docker Containers: acra-keymaker, acra-authmanager. As a result, each Acra component is wrapped into a Docker container, allowing you to try Acra into your infrastructures easily.
Added easy-to-use docker-compose files for setting up the whole Acra-based environment connected to MySQL database. Possible configurations include setup with/without SSL, with/without AcraConnector, with/without Zones (#180). Check out the instructions and examples in the /docker folder: we have examples for both MySQL and PostgreSQL databases.
Updated descriptions for official Cossack Labs packages on Docker Hub.
Updated Getting started with Docker guide to make starting out with Acra even easier.
Every single document, code line, and image are updated using the new naming.
Significant parts of the README have been rewritten.
Added support of Ubuntu Xenial, Ubuntu Bionic (added precompiled binaries and tests to make sure that Acra is compiling/building/working well on 16.04/18.04).
Lose no time, go get the new version of Acra now!