Releases: IABTechLab/uid2-operator
Releases · IABTechLab/uid2-operator
v5.70.159-r0
2026 H1 Operator Release
Update to all Private Operators on all cloud providers.
Integration Guides
AWS Marketplace
GCP Confidential Space
Microsoft Azure
Microsoft AKS
Release Notes
Performance Improvements
This release includes per-request optimizations that reduce CPU usage on common workloads:
- Crypto optimization: AES-GCM encryption/decryption now caches cipher instances and pre-allocates buffers
- Reduced overhead in HTTP path metric filtering and log masking
Bug Fixes
- Fixed clock/time drift seen in AWS private operators
Configuration / Deployment Changes
- Standardized minimum enclave CPU and memory allocations across all cloud deployment templates to 6vCPU/24GB
- AWS: minimum enclave size (6vCPU/24GB) is now enforced at startup
- Azure: CCE policy generation is now registry-agnostic, supporting operator images served from an alternative container registry
- Azure: Upgrade SKR sidecar version
- GCP: default
max_replicasreduced to 1 in Terraform template
API Changes
- Removed the legacy
optout_checkfield from/token/generate. Opted-out users now always receive an opt-out response.
Security Updates
- Upgraded base images and OS packages to address security vulnerabilities (gnutls, musl, libpng, OpenSSL, libexpat)
- Upgraded Netty to 4.1.135.Final
Full Changelog
All changes since v5.62.24-r2
Operator
service_instances, which controls the number of Verticle instances, now defaults to the vCPU count (#2413)- Removed the legacy
optout_checkfield (#2292) - Removed Special Feature 1 (precise geolocation) consent validation for EUID token generation (#2338)
- AES-GCM cipher caching optimization via uid2-shared (#2284)
- Switched ECDH key agreement to ACCP for client-side token generation (#2276)
- Optimized HTTP path metric filtering (#2270)
- Added null check to
getApiContact(#2374) - New metrics: opt-out record counts (#2255), salt effective-timestamp (#2397),
path/dii_typelabels on identity map metrics (#2429) - Updated salt bucket expiration handling (#2243)
- Aligned enclave CPU/memory standards across all cloud platforms (#2240)
AWS
- Enforce minimum enclave size (6 vCPU / 24 GB) at startup (#2580)
- Default
core_base_url/optout_base_urlinferred from identity scope + environment when missing from the operator secret (#2573) - Fixed enclave clock drift via periodic time sync (#2300)
- Updated dante SOCKS proxy to 1.4.4 (#2415)
Azure
- Upgraded SKR sidecar to 2.14 for Azure CC (#2559) and AKS (#2571)
- Operator now waits for the SKR sidecar to be ready before starting (#2561)
- CCE policy generation uses
--omit-id, making policies registry-agnostic (#2567)
GCP
- Default
max_replicasreduced to 1 in the Terraform template (#2588)
Security & dependencies
- Netty upgraded to 4.1.132.Final (#2469) and then 4.1.135.Final (#2593)
- Base image updates: eclipse-temurin / JRE Alpine 3.23 (#2259, #2267, #2325, #2349)
- gnutls upgrades in Azure CC and GCP OIDC images (#2530, #2548)
- musl/musl-utils 1.2.5-r23 (#2494); libcrypto3/libssl3 (#2488); libpng (#2316); urllib3 in AWS scripts (#2536); zlib/libexpat/jackson-core and other non-exploitable findings triaged in
.trivyignore(#2401, #2405, #2426, #2457, #2473, #2516, #2526)
v5.62.24-r2
2025 Q4 Operator Release
Update to all Private Operators on all cloud providers.
Integration Guides
AWS Marketplace
GCP Confidential Space
Microsoft Azure
Release Notes
New Features
- V4 UID Format: Introduced support for generating raw UIDs in the new V4 UID format
- Encrypted Files: Enabled encrypted file support for enhanced security of data in transit between Operator and Core
- Remote Config: Operators now retrieve environment configuration from Core
API Changes
/token/validatenow accepts any DII input (previously limited to test identities)
Operator Changes
- Added AWS r7i instance support
- Operators now shut down after 12 hours of refresh failure to prevent stale data
- Improved logging: reduced excessive logs, added E12 error code and status codes for download errors
Security Updates
- Updated dependencies to address security vulnerabilities
- Upgraded AWS Java SDK to v2
5.56.71
v5.55.9-r1
2025 Q2 Operator Release
Update to all Private Operators on all cloud providers.
Integration Guides
AWS Marketplace
GCP Confidential Space
Microsoft Azure
Installation
docker pull us-docker.pkg.dev/uid2-prod-project/iabtechlab/uid2-operator:5.55.9-r1-gcp-oidc
docker pull ghcr.io/iabtechlab/uid2-operator:5.55.9-r1-azure-cc
Release Notes
Identity Map API Improvements
- Added
/v3/identity/mapsupport in the Java SDK - Enabled binary payload support for V2 and V3 endpoints when the request includes the
Content-Type: application/octet-streamheader - Implemented the
/v3/identity/mapAPI in the backend
Operator Changes
- Disabled legacy v0/v1 API endpoints
Behavior Changes
- The
/token/generateendpoint no longer returns opt-out tokens
Changelog
📦 Uncategorized
v5.49.7
Integration Guides
AWS Marketplace
GCP Confidential Space
Microsoft Azure
Installation
docker pull us-docker.pkg.dev/uid2-prod-project/iabtechlab/uid2-operator:5.49.7-gcp-oidc
docker pull ghcr.io/iabtechlab/uid2-operator:5.49.7-azure-cc
Release Notes
- Private Operator Startup Troubleshooting and Debugging
- Added configuration validation before installation.
- Introduced debug_mode flag for private operator troubleshooting.
- Improved logging and documentation for troubleshooting startup issues.
- Operator Optimization
- For AWS, automatically set number of threads based on available cores:
Host (AMI): set vsock proxy thread count to half of available cores (rounded up).
Enclave (EIF): two thirds (rounded up) to operator service vertx request processing threads
one fourth (rounded up) to vsock proxy - Upgraded to Vert.x 4.5.11
- Operator now shuts down immediately only on actual attestation failure.
- EUID Generation
Enabled generation of EUIDs using phone numbers and hashed phone numbers.
- Other Updates
Various bug fixes to enhance system stability.
v5.49.1
Integration Guides
AWS Marketplace
GCP Confidential Space
Microsoft Azure
Installation
docker pull us-docker.pkg.dev/uid2-prod-project/iabtechlab/uid2-operator:5.49.1-gcp-oidc
docker pull ghcr.io/iabtechlab/uid2-operator:5.49.1-azure-cc
Changelog
📦 Uncategorized
-
Remove EKS from publish all operators - ( PR: #1510 )
-
[CI Pipeline] Released Minor version: 5.49.0 - ( PR: #1525 )
-
[CI Pipeline] Released Patch version: 5.49.1 - ( PR: #1526 )
-
Remove EKS from publish all operators - ( PR: #1510 )
-
[CI Pipeline] Released Minor version: 5.49.0 - ( PR: #1525 )
-
[CI Pipeline] Released Patch version: 5.49.1 - ( PR: #1526 )
v5.47.0
📦 Uncategorized
- [CI Pipeline] Released Minor version: 5.47.0
- PR: #1339
What's Changed
- [CI Pipeline] Released Minor version: 5.47.0 by @github-actions in #1339
Full Changelog: v5.46.2...v5.47.0
v5.41.15
What's Changed
- [CI Pipeline] Released Patch version: 5.41.8 by @github-actions in #1143
- find participants on old sdks by @Ian-Nara in #1145
- [CI Pipeline] Released Patch version: 5.41.15 by @github-actions in #1147
Full Changelog: v5.41.8...v5.41.15
Contributors
Ian-Nara
Assets 2
v5.41.8
v5.41.6
What's Changed
- [CI Pipeline] Released Snapshot version: 5.40.87-alpha-110-SNAPSHOT by @github-actions in #1087
- Removing assertions from code and replacing with relevant exceptions by @asloobq in #1085
- Change optout loading exception to a warning temporarily by @asloobq in #1125
- temporarily add back use metrics for the operator-served SDKs by @Ian-Nara in #1139
- [CI Pipeline] Released Patch version: 5.41.6 by @github-actions in #1140
Full Changelog: v5.41.0...v5.41.6
Contributors
asloobq and Ian-Nara