Anjuna Policy Manager

Version 3.0. Release Date - February 2, 2026

Access the installer here.

What’s new?

  • To ease the deployment on existing HashiCorp Vault instances, from this version and going forward, the Anjuna Policy Manager is delivered as a plugin for HashiCorp Vault.

  • Added support for forward compatibility and future-backward compatibility between the Anjuna Policy Manager and its Anjuna Seaglass clients. This support will start with the Anjuna Policy Manager in version 3.0 and the Anjuna Seaglass for SEV version 1.17.

  • Updated the Anjuna Policy Manager to support new AMD-SEV SNP launch measurements from Azure.

End-of-support date

  • The end-of-support date for Version 3.0 will be two years from the release of the next version.

  • To see the entire end-of-support list, see the End-of-support dates section.

Version 2.4. Release Date - January 17, 2025

Access the installer here.

What’s new?

Relevant security fixes

Bug number

Severity

Description

ANJ-11188

High, Medium

Upgraded dependencies in the product to address security vulnerabilities.

End-of-support date

  • The end-of-support date for Version 2.4 is February 2, 2028.

  • To see the entire end-of-support list, see the End-of-support dates section.

Version 2.3. Release Date - October 3, 2024

Access the installer here.

Relevant bug fixes

Bug number

Severity

Description

ANJ-10767

Medium

Fixed two Docker build warnings in the apm-secure-deployments scripts.

Relevant security fixes

Bug number

Severity

Description

ANJ-10769

Medium

Fixed several potential vulnerabilities by upgrading dependencies, addressing CVE-2024-6104, CVE-2024-24786, CVE-2023-39325, CVE-2023-44487, and CVE-2023-45288. There was no known way to exploit these vulnerabilities in the Anjuna Runtime.

End-of-support date

  • The end-of-support date for Version 2.3 is January 17, 2027.

  • To see the entire end-of-support list, see the End-of-support dates section.

Version 2.2. Release Date - May 16, 2024

Access the installer here.

Relevant security fixes

Bug number

Severity

Description

ANJ-10048, ANJ-10333, ANJ-10397

Medium

Upgraded several dependencies to prevent potential denial-of-service (DoS) vulnerabilities.

ANJ-10048, ANJ-10333

Medium

Upgraded a networking library to a version that is unaffected by the "Rapid Reset" CVE-2023-44487 vulnerability. There was no known way to exploit this vulnerability in the Anjuna Runtime.

End-of-support date

  • The end-of-support date for Version 2.2 is October 3, 2026.

  • To see the entire end-of-support list, see the End-of-support dates section.

Version 2.1. Release Date - September 5, 2023

Access the installer here.

What’s new?

  • The Anjuna Policy Manager added an additional layer of verification for AMD SEV-SNP instances on Microsoft Azure, by verifying the Azure signing key associated with the attestation report.

  • Improved the deployment procedure for the Anjuna Policy Manager on Azure to require Contributor permissions rather than Owner permissions. This enables deployments with fewer privileges.

End-of-support date

  • The end-of-support date for Version 2.1 is May 16, 2026.

  • To see the entire end-of-support list, see the End-of-support dates section.

Version 2.0. Release Date - August 4, 2023

This version is no longer supported, as of September 5, 2025.

What’s new?

Multi-platform attestation is now supported. In previous releases, the Anjuna Policy Manager (APM) was bundled with a particular hardware platform’s Anjuna Runtime, and it could only be used to verify attestations from the same hardware platform.

From version 2.0 and on, the APM can now be used with enclaves from any supported hardware platform: a single instance of the APM can provide secrets to Anjuna enclaves based on Intel® SGX and AMD SEV. The APM itself can also run on both Intel® SGX and AMD SEV on Azure.

As part of this release, the APM now has its own independent documentation.