[Backport 2.19] Add release notes for 2.19.0 release (opensearch-project#5074)

opensearch-trigger-bot[bot] · github-actions[bot] · web-flow · commit c50a90e04de3 · 2025-01-30T20:33:36.000-05:00
Signed-off-by: Craig Perkins &lt;cwperx@amazon.com&gt;
Signed-off-by: github-actions[bot] &lt;github-actions[bot]@users.noreply.github.com&gt;
Co-authored-by: github-actions[bot] &lt;github-actions[bot]@users.noreply.github.com&gt;
diff --git a/release-notes/opensearch-security.release-notes-2.19.0.0.md b/release-notes/opensearch-security.release-notes-2.19.0.0.md
@@ -0,0 +1,68 @@
+## Version 2.19.0 Release Notes
+
+Compatible with OpenSearch and OpenSearch Dashboards version 2.19.0
+
+### Enhancements
+* Allow skipping hot reload dn validation ([#4839](https://github.com/opensearch-project/security/pull/4839))
+* Add validation of authority certificates ([#4862](https://github.com/opensearch-project/security/pull/4862))
+* Add support for certificates hot reload ([#4880](https://github.com/opensearch-project/security/pull/4880))
+* Optimize privilege evaluation for index permissions across '*' index pattern (i.e. all_access role) ([#4926](https://github.com/opensearch-project/security/pull/4926))
+* Refactor SafeSerializationUtils for better performance ([#4977](https://github.com/opensearch-project/security/pull/4977))
+* Optimized Privilege Evaluation: Action privileges ONLY, with feature flag ([#4998](https://github.com/opensearch-project/security/pull/4998))
+* Implement new extension points in IdentityPlugin and add ContextProvidingPluginSubject ([#5028](https://github.com/opensearch-project/security/pull/5028))
+* Implement new extension points in IdentityPlugin and add ContextProvidingPluginSubject - legacy authz code path ([#5037](https://github.com/opensearch-project/security/pull/5037))
+* Ensure that plugin can search on system index when utilizing pluginSubject.runAs ([#5032](https://github.com/opensearch-project/security/pull/5032))
+* Ensure that plugin can update on system index when utilizing pluginSubject.runAs ([#5055](https://github.com/opensearch-project/security/pull/5055))
+* add ingest pipeline and indices related permissions for anomaly_full_access role ([#5069](https://github.com/opensearch-project/security/pull/5069))
+* Added roles for ltr read and full access ([#5070](https://github.com/opensearch-project/security/pull/5070))
+
+### Bug Fixes
+* Fix issue with jwt attribute parsing of lists ([#4885](https://github.com/opensearch-project/security/pull/4885))
+* Log io.netty.internal.tcnative.SSLContext availability warning only when OpenSSL is explicitly enabled but not available ([#4906](https://github.com/opensearch-project/security/pull/4906))
+* Reduce log level in HttpJwtAuthenticator if request cannot be authenticated ([#4917](https://github.com/opensearch-project/security/pull/4917))
+* Honor log_request_body setting in compliance audit log ([#4918](https://github.com/opensearch-project/security/pull/4918))
+* Change log level for log line in OBO Authenticator if OBO is disabled ([#4956](https://github.com/opensearch-project/security/pull/4956))
+* Set default value for key/trust store type as constant for JDK PKCS setup ([#5003](https://github.com/opensearch-project/security/pull/5003))
+* Fix SSL config for JDK PKCS setup ([#5033](https://github.com/opensearch-project/security/pull/5033))
+* Fix Netty4 header verifier inbound handler to deal with upgrade requests ([#5045](https://github.com/opensearch-project/security/pull/5045))
+* Generate jacoco report for integTestRemote task ([#5050](https://github.com/opensearch-project/security/pull/5050))
+
+### Maintenance
+* Bump org.junit.jupiter:junit-jupiter-api from 5.11.2 to 5.11.3 ([#4856](https://github.com/opensearch-project/security/pull/4856))
+* Bump ch.qos.logback:logback-classic from 1.5.11 to 1.5.12 ([#4857](https://github.com/opensearch-project/security/pull/4857))
+* Bump com.google.errorprone:error_prone_annotations from 2.34.0 to 2.35.1 ([#4850](https://github.com/opensearch-project/security/pull/4850))
+* Bump org.junit.jupiter:junit-jupiter from 5.11.2 to 5.11.3 ([#4861](https://github.com/opensearch-project/security/pull/4861))
+* Bump Wandalen/wretry.action from 3.5.0 to 3.7.0 ([#4874](https://github.com/opensearch-project/security/pull/4874))
+* Bump org.checkerframework:checker-qual from 3.48.1 to 3.48.2 ([#4875](https://github.com/opensearch-project/security/pull/4875))
+* Bump com.nimbusds:nimbus-jose-jwt from 9.41.2 to 9.45 ([#4876](https://github.com/opensearch-project/security/pull/4876))
+* Bump com.nimbusds:nimbus-jose-jwt from 9.45 to 9.46 ([#4890](https://github.com/opensearch-project/security/pull/4890))
+* Bump Wandalen/wretry.action from 3.7.0 to 3.7.2 ([#4891](https://github.com/opensearch-project/security/pull/4891))
+* Bump Zookeeper to 3.9.3 ([#4895](https://github.com/opensearch-project/security/pull/4895))
+* Bump com.nimbusds:nimbus-jose-jwt from 9.46 to 9.47 ([#4916](https://github.com/opensearch-project/security/pull/4916))
+* Update Gradle to 8.11 ([#4922](https://github.com/opensearch-project/security/pull/4922))
+* Update Gradle to 8.11.1 ([#4925](https://github.com/opensearch-project/security/pull/4925))
+* Bump com.google.googlejavaformat:google-java-format from 1.24.0 to 1.25.0 ([#4933](https://github.com/opensearch-project/security/pull/4933))
+* Bump Wandalen/wretry.action from 3.7.2 to 3.7.3 ([#4932](https://github.com/opensearch-project/security/pull/4932))
+* Bump commons-io:commons-io from 2.17.0 to 2.18.0 ([#4935](https://github.com/opensearch-project/security/pull/4935))
+* Bump io.dropwizard.metrics:metrics-core from 4.2.28 to 4.2.29 ([#4941](https://github.com/opensearch-project/security/pull/4941))
+* Fix typos ([#4951](https://github.com/opensearch-project/security/pull/4951))
+* Bump com.carrotsearch.randomizedtesting:randomizedtesting-runner from 2.8.1 to 2.8.2 ([#4962](https://github.com/opensearch-project/security/pull/4962))
+* Bump org.checkerframework:checker-qual from 3.48.2 to 3.48.3 ([#4958](https://github.com/opensearch-project/security/pull/4958))
+* Bump org.eclipse.platform:org.eclipse.core.runtime from 3.31.100 to 3.32.0 ([#4964](https://github.com/opensearch-project/security/pull/4964))
+* Bump org.apache.commons:commons-text from 1.12.0 to 1.13.0 ([#4971](https://github.com/opensearch-project/security/pull/4971))
+* Bump com.google.googlejavaformat:google-java-format from 1.25.0 to 1.25.2 ([#4972](https://github.com/opensearch-project/security/pull/4972))
+* Bump org.junit.jupiter:junit-jupiter from 5.11.3 to 5.11.4 ([#4985](https://github.com/opensearch-project/security/pull/4985))
+* Bump com.nimbusds:nimbus-jose-jwt from 9.47 to 9.48 ([#4986](https://github.com/opensearch-project/security/pull/4986))
+* Bump com.netflix.nebula.ospackage from 11.10.0 to 11.10.1 ([#4987](https://github.com/opensearch-project/security/pull/4987))
+* Bump ch.qos.logback:logback-classic from 1.5.12 to 1.5.15 ([#4989](https://github.com/opensearch-project/security/pull/4989))
+* Bump org.apache.camel:camel-xmlsecurity from 3.22.2 to 3.22.3 ([#4996](https://github.com/opensearch-project/security/pull/4996))
+* Bump org.apache.santuario:xmlsec from 2.3.4 to 2.3.5 ([#5008](https://github.com/opensearch-project/security/pull/5008))
+* Bump ch.qos.logback:logback-classic from 1.5.15 to 1.5.16 ([#5009](https://github.com/opensearch-project/security/pull/5009))
+* Update Gradle to 8.12 ([#5018](https://github.com/opensearch-project/security/pull/5018))
+* Bump commons-codec:commons-codec from 1.17.1 to 1.17.2 ([#5024](https://github.com/opensearch-project/security/pull/5024))
+* Bump org.scala-lang:scala-library from 2.13.15 to 2.13.16 ([#5026](https://github.com/opensearch-project/security/pull/5026))
+* Bump Wandalen/wretry.action from 3.7.3 to 3.8.0 ([#5025](https://github.com/opensearch-project/security/pull/5025))
+* Bumps guava to 33.4.0-jre ([#5041](https://github.com/opensearch-project/security/pull/5041))
+* Bump io.dropwizard.metrics:metrics-core from 4.2.29 to 4.2.30 ([#5043](https://github.com/opensearch-project/security/pull/5043))
+* Remove deprecation comment for protected indices settings ([#5059](https://github.com/opensearch-project/security/pull/5059))
+* Bump org.gradle.test-retry from 1.6.0 to 1.6.1 ([#5060](https://github.com/opensearch-project/security/pull/5060))
