## 2023-08-31 Version 2.10.0.0

Compatible with OpenSearch 2.10.0

### Enhancements
* Add .plugins-ml-config to the demo configuration system indices ([#2993](https://github.com/opensearch-project/security/pull/2993))
* Add workflow cluster permissions to alerting roles ([#2994](https://github.com/opensearch-project/security/pull/2994))
* Include password regex for Dashboardsinfo to display to users ([#2999](https://github.com/opensearch-project/security/pull/2999))
* Add geospatial ip2geo to the demo configuration system indices and roles ([#3051](https://github.com/opensearch-project/security/pull/3051))
* Make invalid password message clearer ([#3057](https://github.com/opensearch-project/security/pull/3057))
* Service Accounts password is randomly generated ([#3077](https://github.com/opensearch-project/security/pull/3077))
* Exclude sensitive info from the jackson serialization stacktraces ([#3195](https://github.com/opensearch-project/security/pull/3195))
* Prevent raw request body as output in serialization error messages ([#3205](https://github.com/opensearch-project/security/pull/3205))
* Command cat/indices will filter results per the Do Not Fail On Forbidden setting ([#3236](https://github.com/opensearch-project/security/pull/3236))
* Generate new demo certs with IPv6 loopback added to SAN in node certificate ([#3268](https://github.com/opensearch-project/security/pull/3268))
* System index permissions ([#2887](https://github.com/opensearch-project/security/pull/2887))


### Bug Fixes
* Prevent raw request body as output in serialization error messages ([#3205](https://github.com/opensearch-project/security/pull/3205))
* Prevent flaky behavior when determining if an request will be executed on the current node. ([#3066](https://github.com/opensearch-project/security/pull/3066))
* Resolve a class of ConcurrentModificationException from during bulk requests ([#3094](https://github.com/opensearch-project/security/pull/3094))
* Fix Document GET with DLS terms query ([#3136](https://github.com/opensearch-project/security/pull/3136))
* Send log messages to log4j systems instead of system out / error ([#3231](https://github.com/opensearch-project/security/pull/3231))
* Fix roles verification for roles mapping and internal users ([#3278](https://github.com/opensearch-project/security/pull/3278))
* Prevent raw request body as output in serialization error messages ([#3205](https://github.com/opensearch-project/security/pull/3205))
* Fix permissions issues while reading keys in PKCS#1 format ([#3289](https://github.com/opensearch-project/security/pull/3289))

### Maintenance
* [Build Break] Update imports for files refactored in core PR #8157 ([#3003](https://github.com/opensearch-project/security/pull/3003))
* [Build Break] Fix build after Lucene upgrade and breaking XContentFactory changes ([#3069](https://github.com/opensearch-project/security/pull/3069))
* [Build Break] Update CircuitBreakerService and LifecycleComponent after core refactor in #9006 ([#3082](https://github.com/opensearch-project/security/pull/3082))
* [Build Break] React to changes in ActionListener and ActionResponse from #9082 ([#3153](https://github.com/opensearch-project/security/pull/3153))
* [Build Break] Disable gradlew build cache to ensure most up-to-date dependencies ([#3186](https://github.com/opensearch-project/security/pull/3186))
* Bump com.carrotsearch.randomizedtesting:randomizedtesting-runner from 2.7.1 to 2.8.1 ([#3109](https://github.com/opensearch-project/security/pull/3109))
* Bump com.diffplug.spotless from 6.19.0 to 6.21.0 ([#3108](https://github.com/opensearch-project/security/pull/3108))
* Bump com.fasterxml.woodstox:woodstox-core from 6.4.0 to 6.5.1 ([#3148](https://github.com/opensearch-project/security/pull/3148))
* Bump com.github.spotbugs from 5.0.14 to 5.1.3 ([#3251](https://github.com/opensearch-project/security/pull/3251))
* Bump com.github.wnameless.json:json-base from 2.4.0 to 2.4.2 ([#3062](https://github.com/opensearch-project/security/pull/3062))
* Bump com.github.wnameless.json:json-flattener from 0.16.4 to 0.16.5 ([#3296](https://github.com/opensearch-project/security/pull/3296))
* Bump com.google.errorprone:error_prone_annotations from 2.3.4 to 2.20.0 ([#3023](https://github.com/opensearch-project/security/pull/3023))
* Bump com.google.guava:guava from 32.1.1-jre to 32.1.2-jre ([#3149](https://github.com/opensearch-project/security/pull/3149))
* Bump commons-io:commons-io from 2.11.0 to 2.13.0 ([#3074](https://github.com/opensearch-project/security/pull/3074))
* Bump com.netflix.nebula.ospackage from 11.1.0 to 11.3.0 ([#3023](https://github.com/opensearch-project/security/pull/3023))
* Bump com.nulab-inc:zxcvbn from 1.7.0 to 1.8.0 ([#3023](https://github.com/opensearch-project/security/pull/3023))
* Bump com.unboundid:unboundid-ldapsdk from 4.0.9 to 4.0.14 ([#3143](https://github.com/opensearch-project/security/pull/3143))
* Bump io.dropwizard.metrics:metrics-core from 3.1.2 to 4.2.19 ([#3073](https://github.com/opensearch-project/security/pull/3073))
* Bump kafka_version from 3.5.0 to 3.5.1 ([#3041](https://github.com/opensearch-project/security/pull/3041))
* Bump net.minidev:json-smart from 2.4.11 to 2.5.0 ([#3120](https://github.com/opensearch-project/security/pull/3120))
* Bump org.apache.camel:camel-xmlsecurity from 3.14.2 to 3.21.0 ([#3023](https://github.com/opensearch-project/security/pull/3023))
* Bump org.apache.santuario:xmlsec from 2.2.3 to 2.3.3 ([#3210](https://github.com/opensearch-project/security/pull/3210))
* Bump org.checkerframework:checker-qual from 3.5.0 to 3.36.0 ([#3023](https://github.com/opensearch-project/security/pull/3023))
* Bump org.cryptacular:cryptacular from 1.2.4 to 1.2.5 ([#3071](https://github.com/opensearch-project/security/pull/3071))
* Bump org.gradle.test-retry from 1.5.2 to 1.5.4 ([#3072](https://github.com/opensearch-project/security/pull/3072))
* Bump org.junit.jupiter:junit-jupiter from 5.8.2 to 5.10.0 ([#3146](https://github.com/opensearch-project/security/pull/3146))
* Bump org.ow2.asm:asm from 9.1 to 9.5 ([#3121](https://github.com/opensearch-project/security/pull/3121))
* Bump org.scala-lang:scala-library from 2.13.9 to 2.13.11 ([#3119](https://github.com/opensearch-project/security/pull/3119))
* Bump org.slf4j:slf4j-api from 1.7.30 to 1.7.36 ([#3249](https://github.com/opensearch-project/security/pull/3249))
* Bump org.xerial.snappy:snappy-java from 1.1.10.1 to 1.1.10.3 ([#3106](https://github.com/opensearch-project/security/pull/3106))
* Bump actions/create-release from 1.0.0 to 1.1.4 ([#3141](https://github.com/opensearch-project/security/pull/3141))
* Bump actions/setup-java from 1 to 3 ([#3142](https://github.com/opensearch-project/security/pull/3142))
* Bump actions/upload-release-asset from 1.0.1 to 1.0.2 ([#3144](https://github.com/opensearch-project/security/pull/3144))
* Bump fernandrone/linelint from 0.0.4 to 0.0.6 ([#3211](https://github.com/opensearch-project/security/pull/3211))
* Bump tibdex/github-app-token from 1.5.0 to 1.8.0 ([#3147](https://github.com/opensearch-project/security/pull/3147))
* Remove log spam for files that are cleaned up ([#3118](https://github.com/opensearch-project/security/pull/3118))
* Updates integTestRemote task to dynamically fetch common-utils version from build.gradle ([#3122](https://github.com/opensearch-project/security/pull/3122))
* Switch CodeQL to assemble artifacts using the same build as the rest of CI ([#3132](https://github.com/opensearch-project/security/pull/3132))
* Only run the backport job on merged pull requests ([#3134](https://github.com/opensearch-project/security/pull/3134))
* Add code coverage exclusions on false positives ([#3196](https://github.com/opensearch-project/security/pull/3196))
* Enable jarhell check ([#3227](https://github.com/opensearch-project/security/pull/3227))
* Retry code coverage upload on failure ([#3242](https://github.com/opensearch-project/security/pull/3242))
* [Refactor] Adopt request builder patterns for SecurityRestApiActions for consistency and clarity ([#3123](https://github.com/opensearch-project/security/pull/3123))
* [Refactor] Remove json-path from deps and use JsonPointer instead ([#3262](https://github.com/opensearch-project/security/pull/3262))
* Use version of org.apache.commons:commons-lang3 defined in core ([#3306](https://github.com/opensearch-project/security/pull/3306))
* Fix checkstyle #3283
* Demo Configuration changes ([#3330](https://github.com/opensearch-project/security/pull/3330))