Releases: IABTechLab/uid2-operator
Releases · IABTechLab/uid2-operator
v5.70.159-r0
2026 H1 Operator Release
Update to all Private Operators on all cloud providers.
Integration Guides
AWS Marketplace
GCP Confidential Space
Microsoft Azure
Release Notes
Performance Improvements
This release includes a set of Operator performance optimizations, aimed at reducing CPU usage and tail latencies in mixed workloads.
- Moved compute-heavy endpoints off the event loop onto worker threads. Worker pool thread count defaults to the number of vCPUs
- Optimisations for per-request workloads like crypto and HTTP path filtering
Configuration / Deployment Changes
- Standardized enclave CPU and memory allocations across all cloud deployment templates to 6vCPU/24GB
service_instancesis now optional and defaults to the enclave's vCPU count- AWS: minimum enclave size (6vCPU/24GB) is now enforced at startup
- Azure: CCE policy generation is now registry-agnostic, supporting operator images served from an alternative container registry
- Azure: Upgrade SKR sidecar version
- GCP: default
max_replicasreduced to 1 in Terraform template
API Changes
- Removed the legacy
optout_checkfield
Bug Fixes
- Fixed clock/time drift seen in AWS private operators
Security Updates
- Upgraded base images and OS packages to address security vulnerabilities (gnutls, musl, libpng, OpenSSL, libexpat)
- Upgraded Netty to 4.1.135.Final
Full Changelog
All changes since v5.62.24-r2
Operator
- Moved compute-heavy endpoints off the event loop onto worker threads (#2310)
- Default worker thread pool count now matches vCPU count (#2431)
service_instancesdefaults to the enclave vCPU count when not configured (#2413), and was removed from private operator deployment manifests (#2418)- Removed the legacy
optout_checkfield (#2292) - Removed Special Feature 1 (precise geolocation) consent validation for EUID token generation (#2338)
- AES-GCM cipher caching optimization via uid2-shared (#2284)
- Switched ECDH key agreement to ACCP for client-side token generation (#2276)
- Optimized HTTP path metric filtering (#2270)
- Added null check to
getApiContact(#2374) - New metrics: opt-out record counts (#2255), salt effective-timestamp (#2397),
path/dii_typelabels on identity map metrics (#2429) - Updated salt bucket expiration handling (#2243)
- Aligned enclave CPU/memory standards across all cloud platforms (#2240)
AWS
- Enforce minimum enclave size (6 vCPU / 24 GB) at startup (#2580)
- Default
core_base_url/optout_base_urlinferred from identity scope + environment when missing from the operator secret (#2573) - Fixed enclave clock drift via periodic time sync (#2300)
- Updated dante SOCKS proxy to 1.4.4 (#2415) and fixed its download source (#2597)
- AMI build improvements (#2387, #2575)
Azure
- Upgraded SKR sidecar to 2.14 for Azure CC (#2559) and AKS (#2571)
- Operator now waits for the SKR sidecar to be ready before starting (#2561)
- CCE policy generation uses
--omit-id, making policies registry-agnostic (#2567)
GCP
- Default
max_replicasreduced to 1 in the Terraform template (#2588) - Restored full secret path for
API_TOKEN_SECRET_NAME(#2264)
Security & dependencies
- Netty upgraded to 4.1.132.Final (#2469) and then 4.1.135.Final (#2593)
- Base image updates: eclipse-temurin / JRE Alpine 3.23 (#2259, #2267, #2325, #2349)
- gnutls upgrades in Azure CC and GCP OIDC images (#2530, #2548)
- musl/musl-utils 1.2.5-r23 (#2494); libcrypto3/libssl3 (#2488); libpng (#2316); urllib3 in AWS scripts (#2536); zlib/libexpat/jackson-core and other non-exploitable findings triaged in
.trivyignore(#2401, #2405, #2426, #2457, #2473, #2516, #2526) - Enabled SLSA provenance attestation for published images (#2531); docs for verifying it (#2540)
v5.62.24-r2
2025 Q4 Operator Release
Update to all Private Operators on all cloud providers.
Integration Guides
AWS Marketplace
GCP Confidential Space
Microsoft Azure
Release Notes
New Features
- V4 UID Format: Introduced support for generating raw UIDs in the new V4 UID format
- Encrypted Files: Enabled encrypted file support for enhanced security of data in transit between Operator and Core
- Remote Config: Operators now retrieve environment configuration from Core
API Changes
/token/validatenow accepts any DII input (previously limited to test identities)
Operator Changes
- Added AWS r7i instance support
- Operators now shut down after 12 hours of refresh failure to prevent stale data
- Improved logging: reduced excessive logs, added E12 error code and status codes for download errors
Security Updates
- Updated dependencies to address security vulnerabilities
- Upgraded AWS Java SDK to v2
5.56.71
v5.55.9-r1
2025 Q2 Operator Release
Update to all Private Operators on all cloud providers.
Integration Guides
AWS Marketplace
GCP Confidential Space
Microsoft Azure
Installation
docker pull us-docker.pkg.dev/uid2-prod-project/iabtechlab/uid2-operator:5.55.9-r1-gcp-oidc
docker pull ghcr.io/iabtechlab/uid2-operator:5.55.9-r1-azure-cc
Release Notes
Identity Map API Improvements
- Added
/v3/identity/mapsupport in the Java SDK - Enabled binary payload support for V2 and V3 endpoints when the request includes the
Content-Type: application/octet-streamheader - Implemented the
/v3/identity/mapAPI in the backend
Operator Changes
- Disabled legacy v0/v1 API endpoints
Behavior Changes
- The
/token/generateendpoint no longer returns opt-out tokens
Changelog
📦 Uncategorized
v5.49.7
Integration Guides
AWS Marketplace
GCP Confidential Space
Microsoft Azure
Installation
docker pull us-docker.pkg.dev/uid2-prod-project/iabtechlab/uid2-operator:5.49.7-gcp-oidc
docker pull ghcr.io/iabtechlab/uid2-operator:5.49.7-azure-cc
Release Notes
- Private Operator Startup Troubleshooting and Debugging
- Added configuration validation before installation.
- Introduced debug_mode flag for private operator troubleshooting.
- Improved logging and documentation for troubleshooting startup issues.
- Operator Optimization
- For AWS, automatically set number of threads based on available cores:
Host (AMI): set vsock proxy thread count to half of available cores (rounded up).
Enclave (EIF): two thirds (rounded up) to operator service vertx request processing threads
one fourth (rounded up) to vsock proxy - Upgraded to Vert.x 4.5.11
- Operator now shuts down immediately only on actual attestation failure.
- EUID Generation
Enabled generation of EUIDs using phone numbers and hashed phone numbers.
- Other Updates
Various bug fixes to enhance system stability.
v5.49.1
Integration Guides
AWS Marketplace
GCP Confidential Space
Microsoft Azure
Installation
docker pull us-docker.pkg.dev/uid2-prod-project/iabtechlab/uid2-operator:5.49.1-gcp-oidc
docker pull ghcr.io/iabtechlab/uid2-operator:5.49.1-azure-cc
Changelog
📦 Uncategorized
-
Remove EKS from publish all operators - ( PR: #1510 )
-
[CI Pipeline] Released Minor version: 5.49.0 - ( PR: #1525 )
-
[CI Pipeline] Released Patch version: 5.49.1 - ( PR: #1526 )
-
Remove EKS from publish all operators - ( PR: #1510 )
-
[CI Pipeline] Released Minor version: 5.49.0 - ( PR: #1525 )
-
[CI Pipeline] Released Patch version: 5.49.1 - ( PR: #1526 )
v5.47.0
📦 Uncategorized
- [CI Pipeline] Released Minor version: 5.47.0
- PR: #1339
What's Changed
- [CI Pipeline] Released Minor version: 5.47.0 by @github-actions in #1339
Full Changelog: v5.46.2...v5.47.0
v5.41.15
What's Changed
- [CI Pipeline] Released Patch version: 5.41.8 by @github-actions in #1143
- find participants on old sdks by @Ian-Nara in #1145
- [CI Pipeline] Released Patch version: 5.41.15 by @github-actions in #1147
Full Changelog: v5.41.8...v5.41.15
Contributors
Ian-Nara
Assets 2
v5.41.8
v5.41.6
What's Changed
- [CI Pipeline] Released Snapshot version: 5.40.87-alpha-110-SNAPSHOT by @github-actions in #1087
- Removing assertions from code and replacing with relevant exceptions by @asloobq in #1085
- Change optout loading exception to a warning temporarily by @asloobq in #1125
- temporarily add back use metrics for the operator-served SDKs by @Ian-Nara in #1139
- [CI Pipeline] Released Patch version: 5.41.6 by @github-actions in #1140
Full Changelog: v5.41.0...v5.41.6
Contributors
asloobq and Ian-Nara