Anjuna Policy Manager

Each version of the Anjuna Seaglass software is supported for a minimum of two years after release.

Version 2.4. Release Date - January 17th, 2025

Access the installer here.

What’s new?

In the apm-secure-deployments scripts, the resource requirements have been updated for the latest version of the Azure CLI.

Relevant security fixes

Bug number

Severity

Description

ANJ-11188

High, Medium

Upgraded dependencies in the product to address security vulnerabilities.

Version 2.3. Release Date - October 3rd, 2024

Access the installer here.

Relevant bug fixes

Bug number

Severity

Description

ANJ-10767

Medium

Fixed two Docker build warnings in the apm-secure-deployments scripts.

Relevant security fixes

Bug number

Severity

Description

ANJ-10769

Medium

Fixed several potential vulnerabilities by upgrading dependencies, addressing CVE-2024-6104, CVE-2024-24786, CVE-2023-39325, CVE-2023-44487, and CVE-2023-45288. There was no known way to exploit these vulnerabilities in the Anjuna Runtime.

Version 2.2. Release Date - May 16th, 2024

Access the installer here.

Relevant security fixes

Bug number

Severity

Description

ANJ-10048, ANJ-10333, ANJ-10397

Medium

Upgraded several dependencies to prevent potential denial-of-service (DoS) vulnerabilities.

ANJ-10048, ANJ-10333

Medium

Upgraded a networking library to a version that is unaffected by the "Rapid Reset" CVE-2023-44487 vulnerability. There was no known way to exploit this vulnerability in the Anjuna Runtime.

Version 2.1. Release Date - September 5th, 2023

Access the installer here.

What’s new?

The Anjuna Policy Manager added an additional layer of verification for AMD SEV-SNP instances on Microsoft Azure, by verifying the Azure signing key associated with the attestation report.
- Also added the ability to add new trusted Azure signing keys to a running APM instance.
Improved the deployment procedure for the Anjuna Policy Manager on Azure to require Contributor permissions rather than Owner permissions. This enables deployments with fewer privileges.

Version 2.0. Release Date - August 4th, 2023

Access the installer here.

What’s new?

Multi-platform attestation is now supported. In previous releases, the Anjuna Policy Manager (APM) was bundled with a particular hardware platform’s Anjuna Runtime, and it could only be used to verify attestations from the same hardware platform.

From version 2.0 and on, the APM can now be used with enclaves from any supported hardware platform: a single instance of the APM can provide secrets to Anjuna enclaves based on Intel® SGX and AMD SEV. The APM itself can also run on both Intel® SGX and AMD SEV on Azure.

As part of this release, the APM now has its own independent documentation.