Releases: hashicorp/vault
Releases · hashicorp/vault
v1.10.6
Backport of UI/OIDC auth bug for hcp namespace flag into release/1.10…
v1.9.9
Backport of UI/OIDC auth bug for hcp namespace flag into release/1.9.…
v1.11.2
backport of commit ab1c8339274bd23ceadebb1b0513694693c20add (#16277) Co-authored-by: Lucy Davinhart || Strawb System <[email protected]> Co-authored-by: Loann Le <[email protected]>
v1.11.1
Revert "Backport of AutoMTLS for secrets/auth plugins into release/1.…
v1.10.5
backport of commit 3ca6036a4aa590f68c677790c5d5afe1d24f52e6 (#16373) Co-authored-by: Loann Le <[email protected]>
v1.9.8
backport of commit 10620260b14da90072077cda2ebb9e14b6cab5ce (#16361) Co-authored-by: Loïc Saint-Roch <[email protected]>
v1.11.0
1.11.0
Unreleased
CHANGES:
- auth/aws: Add RoleSession to DisplayName when using assumeRole for authentication [GH-14954]
- auth: Remove support for legacy MFA
(https://www.vaultproject.io/docs/v1.10.x/auth/mfa) [GH-14869] - core: A request that fails path validation due to relative path check will now be responded to with a 400 rather than 500. [GH-14328]
- core: Bump Go version to 1.17.9. [GH-go-ver-1110]
- licensing (enterprise): Remove support for stored licenses and associated
sys/license
andsys/license/signed
endpoints in favor of autoloaded licenses. - replication (enterprise): The
/sys/replication/performance/primary/mount-filter
endpoint has been removed. Please use Paths Filter instead. - ui: Upgrade Ember to version 3.28 [GH-14763]
FEATURES:
- Non-Disruptive Intermediate/Root Certificate Rotation: This allows
import, generation and configuration of any number of keys and/or issuers
within a PKI mount, providing operators the ability to rotate certificates
in place without affecting existing client configurations. [GH-15277] - api/command: Global -output-policy flag to determine minimum required policy HCL for a given operation [GH-14899]
- nomad: Bootstrap Nomad ACL system if no token is provided [GH-12451]
- storage/dynamodb: Added
AWS_DYNAMODB_REGION
environment variable. [GH-15054]
IMPROVEMENTS:
- agent/auto-auth: Add
min_backoff
to the method stanza for configuring initial backoff duration. [GH-15204] - agent: Update consult-template to v0.29.0 [GH-15293]
- agent: Upgrade hashicorp/consul-template version for sprig template functions and improved writeTo function [GH-15092]
- api: Add ability to pass certificate as PEM bytes to api.Client. [GH-14753]
- api: Add context-aware functions to vault/api for each API wrapper function. [GH-14388]
- api: Added MFALogin() for handling MFA flow when using login helpers. [GH-14900]
- api: If the parameters supplied over the API payload are ignored due to not
being what the endpoints were expecting, or if the parameters supplied get
replaced by the values in the endpoint's path itself, warnings will be added to
the non-empty responses listing all the ignored and replaced parameters. [GH-14962] - api: Provide a helper method WithNamespace to create a cloned client with a new NS [GH-14963]
- api: Use the context passed to the api/auth Login helpers. [GH-14775]
- auth/okta: Add support for Google provider TOTP type in the Okta auth method [GH-14985]
- auth: enforce a rate limit for TOTP passcode validation attempts [GH-14864]
- cli/debug: added support for retrieving metrics from DR clusters if
unauthenticated_metrics_access
is enabled [GH-15316] - cli/vault: warn when policy name contains upper-case letter [GH-14670]
- cli: Alternative flag-based syntax for KV to mitigate confusion from automatically appended /data [GH-14807]
- cockroachdb: add high-availability support [GH-12965]
- core (enterprise): Include
termination_time
insys/license/status
response - core (enterprise): Include termination time in
license inspect
command output - core : check uid and permissions of config dir, config file, plugin dir and plugin binaries [GH-14817]
- core,transit: Allow callers to choose random byte source including entropy augmentation sources for the sys/tools/random and transit/random endpoints. [GH-15213]
- core/activity: Order month data in ascending order of timestamps [GH-15259]
- core: Add new DB methods that do not prepare statements. [GH-15166]
- core: Fix some identity data races found by Go race detector (no known impact yet). [GH-15123]
- core: Include build date in
sys/seal-status
andsys/version-history
endpoints. [GH-14957] - core: Upgrade github.org/x/crypto/ssh [GH-15125]
- sdk: Change OpenAPI code generator to extract request objects into /components/schemas and reference them by name. [GH-14217]
- secrets/consul: Add support for Consul node-identities and service-identities [GH-15295]
- secrets/consul: Vault is now able to automatically bootstrap the Consul ACL system. [GH-10751]
- secrets/pki: Warn when
generate_lease
andno_store
are both set totrue
on requests. [GH-14292] - sentinel (enterprise): Upgrade sentinel to v0.18.5 to avoid potential naming collisions in the remote installer
- storage/raft: Use larger timeouts at startup to reduce likelihood of inducing elections. [GH-15042]
- ui: Parse schema refs from OpenAPI [GH-14508]
- ui: Remove storybook. [GH-15074]
- ui: Replaces the IvyCodemirror wrapper with a custom ember modifier. [GH-14659]
- website/docs: added a link to an Enigma secret plugin. [GH-14389]
BUG FIXES:
- Fixed panic when adding or modifying a Duo MFA Method in Enterprise
- agent: Fix log level mismatch between ERR and ERROR [GH-14424]
- api/sys/raft: Update RaftSnapshotRestore to use net/http client allowing bodies larger than allocated memory to be streamed [GH-14269]
- api: Fixes bug where OutputCurlString field was unintentionally being copied over during client cloning [GH-14968]
- api: Respect increment value in grace period calculations in LifetimeWatcher [GH-14836]
- auth/approle: Add maximum length for input values that result in SHA56 HMAC calculation [GH-14746]
- auth: forward requests subject to login MFA from perfStandby to Active node [GH-15009]
- auth: load login MFA configuration upon restart [GH-15261]
- cassandra: Update gocql Cassandra client to fix "no hosts available in the pool" error [GH-14973]
- cli: Fix panic caused by parsing key=value fields whose value is a single backslash [GH-14523]
- cli: kv get command now honors trailing spaces to retrieve secrets [GH-15188]
- core (enterprise): Allow local alias create RPCs to persist alias metadata
- core (enterprise): Fix some races in merkle index flushing code found in testing
- core/config: Only ask the system about network interfaces when address configs contain a template having the format: {{ ... }} [GH-15224]
- core/managed-keys (enterprise): Allow PKCS#11 managed keys to use 0 as a slot number
- core/metrics: Fix incorrect table size metric for local mounts [GH-14755]
- core: Fix double counting for "route" metrics [GH-12763]
- core: Fix panic caused by parsing JSON integers for fields defined as comma-delimited integers [GH-15072]
- core: Fix panic caused by parsing JSON integers for fields defined as comma-delimited strings [GH-14522]
- core: Fix panic caused by parsing policies with empty slice values. [GH-14501]
- core: Fix panic for help request URL paths without /v1/ prefix [GH-14704]
- core: fixed systemd reloading notification [GH-15041]
- core: fixing excessive unix file permissions [GH-14791]
- core: fixing excessive unix file permissions on dir, files and archive created by vault debug command [GH-14846]
- core: pre-calculate namespace specific paths when tainting...
v1.11.0-rc1
Backport: docs: Update CSI Provider command line arguments (#15810) (…
v1.10.4
api/monitor: Adding log format to monitor command and debug (#15536) …
v1.9.7
Update go bump changelog filename to new standard (#15827) Co-authored-by: Alexander Scheel <[email protected]>