Changelog

1

Client Libraries

2

Dashboard

3

Documentation

4

Integrations

1

Client Libraries

2

Dashboard

• Increased visibility into request throttling for all SDK and UI interactions by logging all throttle activity. • Enhanced access to long-term usage data with summarized views, ensuring manageable data visualization in charts, tables, and exports.

3

Documentation

• Updated SDK and Integration documentation for consistency, covering key caching, structured encryption, error handling, and best practices for key usage.

4

Integrations

• Improved Apigee integration with consistent key caching and encryption configuration, standardized terminology, custom metadata reporting, and improved error documentation.

5

Platform

• Enhanced security and performance.

1

Client Libraries

• Updated the Python SDK to support configurable caching, more robust error handling and more clear documentation examples for implementation. • Improved customer transparency by re-enabling GitHub mirroring for Python and Java SDKs. • Improved NodeJS and Node SDKs with more robust error handling and improved documentation.

2

Dashboard

• Improved customer readability of graphical elements by making the display of status information consistent across Dashboard panels. • Improved reporting for customers with large volumes by enabling aggregated data (roll-ups) for encrypt/decrypt events in the Events UI. • UI Improvement to reduce customer confusion related to MFA settings when creating a dataset.

3

Documentation

• Updated customer documentation for Snowflake, BigQuery, Postgres, Python, NodeJS and JAVA to have more clarity and be more consistent.

4

Integrations

• Improved the Ubiq Snowflake, BigQuery and Postgres integrations with more native integrations, robust error handling and improved customer implementation documentation.

5

Platform

• Improved system resiliency with additional error handling of events when there is system maintenance causing database connectivity failovers.

1

Client Libraries

• Added EncryptforSearch customer documentation for the Go Client Library • Re-enabled GitHub Repository Mirroring of GitLab Repositories by correcting a bug that affected the .NET and NodeJS Client Libraries when running large chunk test files > 100mb • Improved usability of all SDKs by updating error handling of event-reporting errors (non-cryptographic errors) to be non-blocking to encrypt/decrypt activity

2

Dashboard

• Improved customer transparency by logging rate limit events in the Security History where they can be viewed by the affected user • Improved customer awareness of rate limit activity by being transparent about rate limit rules - documentation published here • Added additional security history logging of events for billing contact and account name changes for improved customer transparency; we also corrected security history language to be more clear about affected datasets or keys in various logs • Resolved a bug where certain account users could not be removed from the customer’s team

3

Documentation

• Released updated community sample and documentation for Java that allows for ad-hoc encryption or decryption of structured data from a command line interface. We published a sample at Files · master · ubiqsecurity / ubiq-java · GitLab • Released an update to the java database community sample to improve functionality and clarify customer instructions at Files · master · ubiqsecurity / Ubiq Java Community Samples · GitLab

4

Platform

• Improved customer experience by consolidating & reducing email encouragement communications to a monthly email and enabling regular email communications about usage, library updates, and account status (Stay tuned as we will be rolling this communication feature out over the next couple of months) • Various Security and Performance Improvements

1

Client Libraries

• Added Partial Encryption support for the following current version Client Libraries (2.0.0+): C/C++, Go, Python, Java, C#.NET, and NodeJS allowing customers to mask or partially encrypt Structured Data • Added a wrapper capability for the Python Client Library which enables customer defined metadata in the billing records. Also updated the Python GitLab repository to improve supportability and maintainability by removing the FPE sub-library dependency; also reducing customer confusion of “structured data” vs “FPE” naming in the documentation

2

Dashboard

• Added a Partial Encryption option for Structured Datasets to enable customers to mask or partially encrypt Structured Data • Added a Failed Key Retrieval Attempt error to the security history log to ensure customers are informed of failed attempts to use Partial Encryption from an unsupported Client Library (versions< 2.2.0+) • Fixed a bug that prevented the password reset confirmation dialog from appearing after a password reset was completed

3

Documentation

• Updated the Dataset Creation Guide with instructions for how customers can easily enable, and simulate,Partial Encryption for Structured Datasets • Updated the How to Partially Encrypt (Mask) Data While Preserving Format customer how-to guide with more clear Structured Data Partial Encryption examples and new implementation instructions

4

Integrations

• Added Partial Encryption support for Apigee, BigQuery and Snowflake integrations • Updated the Google BigQuery language version to improve customer reliability by adhering to current software versions and supported platforms

5

Platform

Improved response to customer API call demand scaling by optimizing Ubiq platform backend server sizing, multithreading, worker configuration, and queuing under heavy loads

1

Documentation

• Added an Account Administration Panel guide to assist customers in managing Ubiq account controls, options and settings. A description is provided to customers for each control and what it enables or changes. • Corrected the Snowflake Integration instructions for when a ubiq_begin_session call expected the fetching of ubiq_creds table for two creates, which is not supported. Corrected ubiquser_data_fetch_data_key to _ubiq_fetch_data_key.

2

Platform

• Implemented flexible customer-level throttling limits to improve resiliency and availability of Ubiq services for all customers. Throttles are set on the number of requests/sec for the Ubiq Dashboard and Client Library API endpoints to ensure that errant traffic from a single customer does not adversely impact other users. • Improved security of Ubiq’s Dashboard with additional Auth0, access and identity management, sub-processor bot and brute force detection. • Implemented a Web Application Firewall (WAF) to monitor, filter, and help block unauthorized HTTP traffic to and from Ubiq services. This WAF enhances security, resilience, and availability by protecting Ubiq from attacks like cross-site scripting (XSS), cross-site forgery, file inclusion, and SQL injection.

1

Dashboard

• Added the ability for account administrators to require all account users to use Multi-Factor-Authentication (MFA) for increasing security • Added user selectable dashboard “dark-mode” to improve aesthetics and help reduce glare, eye strain and blue-light exposure • Improved user experience on all pages with tables by allowing for customization of grid views with column selection and other features

2

Documentation

Improved the Snowflake integration guide

3

Platform

• Updated Ubiq backend for creating SCIM-compliant user/group endpoints for storing information in preparation for upcoming support for third-party Identity Provider (IdP) integrations to replace API keys. This upcoming feature will allow customers to eliminate the need to manage identities in Ubiq • Improved code consistency and handling of event processing data • Improved maintainability by putting AG-Grid keys in the Ubiq CI/CD process and not relying on manual key management • Improved observability by capturing logging of unhandled 503/504s errors • Increased data availability and consistency in the reporting of user_last_sign_in logging • Improved security by protecting against authenticated replay role escalation for logged-in user within an account, and by addressing IDOR vulnerabilities with replay attacks on a known UUID

1

Client Libraries

• Added a customer metric improvement that enables users of the C Client Library (v2.1.1.1) to add custom metadata to billing events for correlation to their own environment / processes. Additionally improved performance by allowing configurability of time granularity of billing events and removing unnecessary structured data event billing calls plus pooling unstructured usage calls
• Improve supportability and maintainability of C and C++ Client Libraries (v2.1.1.1) by removing the FPE sub-library dependencies. also reduced confusion of FPE naming of the repo and allows for a simpler path forward for new features
• Improved performance of the .NET Client Library (v2.0.3) by allowing configurability of time granularity of billing events

2

Dashboard

Added a pop-up warning to inform users of impending UI auto log-out for inactivity. Allows users to continue in the UI if desired

3

Documentation

• Published BigQuery integration instructions and overview
• Improved Snowflake integration overview
• Published Ubiq Library / SDK Versioning and Support Policy

4

Integrations

General Availability release of native BigQuery integration to enable BigQuery users to encrypt and decrypt data with Ubiq without leaving BigQuery

5

Platform

• GitHub improvements for repository visibility and security
• Improved availability and resiliency by syncing timeouts between Ubiq’s Elastic Load Balancers and Backend thereby avoiding potential system race conditions

1

Client Libraries

• Enhanced the performance of the Java Client Library by optimizing event tracking calls in our infrastructure, improving pooling of event reporting. We also enhanced usage tracking visibility by deriving usage metrics from bad/malformed Java 1.x library logging
• Added the ability to augment event reporting with customer metadata for tracking custom metrics. Furthermore, we enhanced the supportability and maintainability of the .NET Library by removing the FPE sub-library dependency. This also reduces confusion regarding FPE naming in the library repository and allows for a simpler path forward to integrating new features in the SDKs. Finally, we automated load testing for builds to better detect impacts on performance
• Improved the maintainability of the Python Client Library by enhancing regular automated testing for performance and compatibility
• Upgraded the Node.JS Client Library to achieve feature parity with other libraries, including the ability to control the time granularity at which billing records are submitted. Additionally, we added a feature to attach metadata to usage/billing records

2

Platform

• Improved observability across platform components by implementing source-specific archiving rules for more efficient logging and improving ingress logs for troubleshooting
• Implemented various security, capacity, availability, resilience, health-check monitoring, logging, reporting, and performance enhancements

1

Client Libraries

GA release of Apigee integration and associated docs

2

Dashboard

• Improved key rotation functionality by showing number of days between rotations (not months/years) and allowing custom interval (based on days) up to 10yrs
• Improved security and awareness by showing what team members have MFA enabled on the Teams Page
• Added the ability to provide a billing contact that will be used when sending usage reports/emails
• Improved UI experience to ensure button state when editing an entity matches the state (changed or not)
• Enhanced usage reporting on primary dashboard homepage to better reflect potential subscription entitlement overages

3

Documentation

Added a configuration file/readme example to the Node Client Library documentation

4

Platform

Various security, availability, resilience, health-check monitoring, logging, reporting and performance enhancements

1

Client Libraries

• Improved capabilities of the Snowflake library to include EncryptForSearch for exact-match searches • Added Typescript/ESM support for the Node.js Client Library to support customer environments • Improved security of the Java Client Library by upgrading the cypher to Bouncy Castle 1.76 and JDK 1.8 and later • Added automated email notifications when new Client Library releases are available and when Client Libraries are deprecated

2

Dashboard

• Improvement to show Datasets in Dataset tables that are no longer associated with active groups to reduce confusion • Added an email warning notification if users have not yet enabled MFA

3

Documentation

• Added EncryptForSearch example for the Python Client Library and for Snowflake integrations • Added Typescript/ESM examples to Node.js community repository to show how to load via ES modules and configure a typescript lambda using the Node.js Client Library • Added an EncryptForSearch example to Snowflake Integration documentation

4

Platform

• Improved user communication with automated emails based on account activity • Various security, capacity, availability, resilience, observability, health-check monitoring, logging, reporting and performance enhancements

1

Client Libraries

Updated C and C++ Client Libraries to work with Debian 12 (bookworm) to support Debian OS 12 builds

2

Dashboard

• Enabled traditional wildcard table searching of Security History and Events pages • When downloading large CSV reports, a warning is displayed if there are more than 100k rows in the data being downloaded • For reports, added the ability to add or remove columns, customize columns and have them persist so that users can find the data they're looking for with fewer clicks • Improved tree selectors for Datasets and Dataset Groups to make it more clear which trees are showing • Added Dataset and Dataset Group to Events log details screen

3

Documentation

Added EncryptForSearch Examples for C, C++, Node.js, and Java Client Libraries

4

Platform

• Improvements to ensure that if Data Keys have rolled over for Structured Datasets, then the API returns all Keys to ensure that any EncryptForSearch keys include only the relevant ones that have been used (or all Keys if they've rotated back to key rotation #1) • Various security, availability, resilience, health-check monitoring, logging, reporting and performance enhancements

1

Client Libraries

• Improved testing and performance benchmark availability by codifying load tests that run automatically at .NET Client Library update build times • Reduced dead code and improved community .NET Client Library examples • Added EncryptForSearch cability to the .NET Client Library – Allows .NET Library users to get possible ciphertext values for a structured dataset value to assist in doing database-type searching

2

Dashboard

• Added the ability for users to view what the most recent Client Library to be used by an API Key is, and will get notified in the UI if that version is current, out of date or deprecated • Added the ability for a user to delete a Primary Key that is no longer associated to any datasets • Improved User experience to avoid confusion when downloading table data to CSV if the result set is empty • Added the ability for users to add several API key IP allowed entries/values (support for multiple CIDR ranges when IP-restricting) • Added the ability for users to rename Primary Keys • Added Datasets to the Events table – allows users to see what dataset an event was related to • Improved UX error handling during Primary Key deletion • Updated confirmations when deleting a Dataset or Dataset Group to avoid accidental deletions • Added last accessed and warnings to API Keys table so users can see when an API key was most recently used and is prompted to improve security by taking action on stale API keys

3

Documentation

Simplified and cleaned-up community samples for the Ubiq C Client Library

4

Platform

Various security, availability, resilience, health-check monitoring, logging, reporting and performance enhancements

1

Client Libraries

• Added support for Snowflake on AWS • Added EncryptForSearch capabilities for Python, C and C++ Client Libraries to allow users to retrieve ciphertext values for structured Dataset values to assist in doing database-type searching • Improvements to allow the C Client Library to be run on Red Hat Enterprise Linux (RHEL)

2

Dashboard

• Added the ability for users to view usage by Dataset and Dataset Group on the Dashboard chart (Client Libraries version 2.0+) • Added the ability to collapse the left-side Dashboard menu • Added the ability for users to edit API Key permissions. Previously, a user would need to first delete and recreate an API key if they wanted to change permissions (encrypt vs decrypt); now it can be done on an existing API key, saving time • Improved the user interface to avoid confusion while selecting options from dropdown lists (for example: changing a Dataset Algorithm) to indicate, and not allow, selection of a currently-selected option • Added visibility to display expired keys, and indicate when they will expire. Previously, expired keys were not shown which led to confusion while trying to rename a key that conflicted with an expired one (renaming wouldn't be allowed on expired keys, but the expired key(s) would not be shown to indicate why)

3

Documentation

• Added a Snowflake Integration Overview and updated the Snowflake Integration documentation to support AWS integration • Added a Key Encryption Key (KEK) section to the Concepts document

4

Platform

Various security, availability, resilience, health-check monitoring, logging, reporting and performance enhancements

1

Client Libraries

• Added Python Client Library Structured Data setup documentation and example • Added Go Client Library Structured Data support and cross-language compatibility • Added EncryptForSearch method for Java and NodeJS Client Libraries that provides all possible ciphertexts for a given Structured Field Format Specification (FFS)

2

Dashboard

• Enhanced Security History Filtering by Category, Action, Log, IP address, User and Timestamp • Enhanced Events iltering by Type, ID, Count API Key and Library • Disallow spaces at beginning or end and trim dataset, API Key, Primary Key and group names to ensure name uniqueness and reduce user confusion • Added security warning message prior to user creating a new API key and related credentials • Added the ability to allow users to edit API key IP allowed values including IP addresses. Includes added validation of input to be valid IPs to prevent accidental IP blocking • Improved action button labels to be more consistent and accurate throughout the UI • Improved timestamp format and to be consistent throughout the UI • Improved Dataset group and api key name editing check validations • Added the ability to export to CSV up to 100K rows of table data for Datasets, Dataset Groups, API Keys, Primary Keys, Team, Events and Security History

3

Documentation

• Added the following new sections: -What is Ubiq -Data Protection Techniques -Concepts -Use Cases -How to Choose a Data Protection Type: Datasets & Encryption -How to Encrypt Structured Data -How to Partially Encrypt (Mask) Data While Preserving Format -Snowflake Integration

• Improved navigation and consolidated Client Library and Sample Application documentation

4

Platform

Various security, resilience, health-check monitoring and performance enhancements

1

Dashboard

• Added a link to developer documentation on the navigation bar • Updated cancel button placement on the Dataset wizard data type, definition, and review step panels • Updated security history log entries for created, rolled, and deleted API keys • Resolved MFA one-time-password (OTP) requirements for user accounts that do not have MFA enabled • Deleted validation requirements in the Dataset detail view-only mode when validating key-rotations • Prevent users from “escaping” from the wizard during the creation of Datasets • Added a visible ASCII space for output characters when using the wizard to create a structured Dataset that includes a space

2

Platform

Various security, resilience, health-check monitoring and performance enhancements