Releases: hashicorp/vault
Releases · hashicorp/vault
v1.15.1
1.15.1
October 25, 2023
CHANGES:
- core: Bump Go version to 1.21.3.
IMPROVEMENTS:
- api/plugins: add
tls-server-name
arg for plugin registration [GH-23549] - auto-auth/azure: Support setting the
authenticate_from_environment
variable to "true" and "false" string literals, too. [GH-22996] - secrets-sync (enterprise): Added telemetry on number of destinations and associations per type.
- ui: Adds a warning when whitespace is detected in a key of a KV secret [GH-23702]
- ui: Adds toggle to KV secrets engine value download modal to optionally stringify value in downloaded file [GH-23747]
- ui: Surface warning banner if UI has stopped auto-refreshing token [GH-23143]
- ui: show banner when resultant-acl check fails due to permissions or wrong namespace. [GH-23503]
- website/docs: fix inaccuracies with unauthenticated_in_flight_requests_access parameter [GH-23287]
BUG FIXES:
- Seal HA (enterprise/beta): Fix rejection of a seal configuration change
from two to one auto seal due to persistence of the previous seal type being
"multiseal". [GH-23573] - audit: Fix bug reopening 'file' audit devices on SIGHUP. [GH-23598]
- auth/aws: Fixes a panic that can occur in IAM-based login when a client config does not exist. [GH-23555]
- command/server: Fix bug with sigusr2 where pprof files were not closed correctly [GH-23636]
- events: Ignore sending context to give more time for events to send [GH-23500]
- expiration: Prevent large lease loads from delaying state changes, e.g. becoming active or standby. [GH-23282]
- kmip (enterprise): Improve handling of failures due to storage replication issues.
- kmip (enterprise): Return a structure in the response for query function Query Server Information.
- mongo-db: allow non-admin database for root credential rotation [GH-23240]
- replication (enterprise): Fix a bug where undo logs would only get enabled on the initial node in a cluster.
- replication (enterprise): Fix a missing unlock when changing replication state
- secrets-sync (enterprise): Fixed issue where we could sync a deleted secret
- secrets/aws: update credential rotation deadline when static role rotation period is updated [GH-23528]
- secrets/consul: Fix revocations when Vault has an access token using specific namespace and admin partition policies [GH-23010]
- secrets/pki: Stop processing in-flight ACME verifications when an active node steps down [GH-23278]
- secrets/transit (enterprise): Address an issue using sign/verify operations with managed keys returning an error about it not containing a private key
- secrets/transit (enterprise): Address panic when using GCP,AWS,Azure managed keys for encryption operations. At this time all encryption operations for the cloud providers have been disabled, only signing operations are supported.
- secrets/transit (enterprise): Apply hashing arguments and defaults to managed key sign/verify operations
- secrets/transit: Do not allow auto rotation on managed_key key types [GH-23723]
- storage/consul: fix a bug where an active node in a specific sort of network
partition could continue to write data to Consul after a new leader is elected
potentially causing data loss or corruption for keys with many concurrent
writers. For Enterprise clusters this could cause corruption of the merkle trees
leading to failure to complete merkle sync without a full re-index. [GH-23013] - ui: Assumes version 1 for kv engines when options are null because no version is specified [GH-23585]
- ui: Decode the connection url for display on the connection details page [GH-23695]
- ui: Fix AWS secret engine to allow empty policy_document field. [GH-23470]
- ui: Fix bug where auth items were not listed when within a namespace. [GH-23446]
- ui: Fix regression that broke the oktaNumberChallenge on the ui. [GH-23565]
- ui: Fix the copy token button in the sidebar navigation window when in a collapsed state. [GH-23331]
- ui: Fixes issue where you could not share the list view URL from the KV v2 secrets engine. [GH-23620]
- ui: Fixes issue with sidebar navigation links disappearing when navigating to policies when a user is not authorized [GH-23516]
- ui: Fixes issues displaying accurate TLS state in dashboard configuration details [GH-23726]
v1.14.5
1.14.5
October 25, 2023
CHANGES:
- core: Bump Go version to 1.20.10.
- replication (enterprise): Switch to non-deprecated gRPC field for resolver target host
IMPROVEMENTS:
- api/plugins: add
tls-server-name
arg for plugin registration [GH-23549] - core: Use a worker pool for the rollback manager. Add new metrics for the rollback manager to track the queued tasks. [GH-22567]
- ui: Adds toggle to KV secrets engine value download modal to optionally stringify value in downloaded file [GH-23747]
- website/docs: fix inaccuracies with unauthenticated_in_flight_requests_access parameter [GH-23287]
BUG FIXES:
- command/server: Fix bug with sigusr2 where pprof files were not closed correctly [GH-23636]
- events: Ignore sending context to give more time for events to send [GH-23500]
- expiration: Prevent large lease loads from delaying state changes, e.g. becoming active or standby. [GH-23282]
- kmip (enterprise): Improve handling of failures due to storage replication issues.
- kmip (enterprise): Return a structure in the response for query function Query Server Information.
- mongo-db: allow non-admin database for root credential rotation [GH-23240]
- replication (enterprise): Fix a bug where undo logs would only get enabled on the initial node in a cluster.
- replication (enterprise): Fix a missing unlock when changing replication state
- secrets/consul: Fix revocations when Vault has an access token using specific namespace and admin partition policies [GH-23010]
- secrets/pki: Stop processing in-flight ACME verifications when an active node steps down [GH-23278]
- secrets/transit (enterprise): Address an issue using sign/verify operations with managed keys returning an error about it not containing a private key
- secrets/transit (enterprise): Address panic when using GCP,AWS,Azure managed keys for encryption operations. At this time all encryption operations for the cloud providers have been disabled, only signing operations are supported.
- secrets/transit (enterprise): Apply hashing arguments and defaults to managed key sign/verify operations
- secrets/transit: Do not allow auto rotation on managed_key key types [GH-23723]
- storage/consul: fix a bug where an active node in a specific sort of network
partition could continue to write data to Consul after a new leader is elected
potentially causing data loss or corruption for keys with many concurrent
writers. For Enterprise clusters this could cause corruption of the merkle trees
leading to failure to complete merkle sync without a full re-index. [GH-23013] - ui: Decode the connection url for display on the connection details page [GH-23695]
- ui: Fix AWS secret engine to allow empty policy_document field. [GH-23470]
- ui: Fix the copy token button in the sidebar navigation window when in a collapsed state. [GH-23331]
- ui: Fixes issue with sidebar navigation links disappearing when navigating to policies when a user is not authorized [GH-23516]
v1.13.9
1.13.9
October 25, 2023
CHANGES:
- core: Bump Go version to 1.20.10.
- replication (enterprise): Switch to non-deprecated gRPC field for resolver target host
IMPROVEMENTS:
- api/plugins: add
tls-server-name
arg for plugin registration [GH-23549] - core: Use a worker pool for the rollback manager. Add new metrics for the rollback manager to track the queued tasks. [GH-22567]
BUG FIXES:
- command/server: Fix bug with sigusr2 where pprof files were not closed correctly [GH-23636]
- events: Ignore sending context to give more time for events to send [GH-23500]
- expiration: Prevent large lease loads from delaying state changes, e.g. becoming active or standby. [GH-23282]
- kmip (enterprise): Improve handling of failures due to storage replication issues.
- kmip (enterprise): Return a structure in the response for query function Query Server Information.
- mongo-db: allow non-admin database for root credential rotation [GH-23240]
- replication (enterprise): Fix a bug where undo logs would only get enabled on the initial node in a cluster.
- replication (enterprise): Fix a missing unlock when changing replication state
- secrets/transit (enterprise): Address an issue using sign/verify operations with managed keys returning an error about it not containing a private key
- secrets/transit (enterprise): Address panic when using GCP,AWS,Azure managed keys for encryption operations. At this time all encryption operations for the cloud providers have been disabled, only signing operations are supported.
- secrets/transit (enterprise): Apply hashing arguments and defaults to managed key sign/verify operations
- secrets/transit: Do not allow auto rotation on managed_key key types [GH-23723]
v1.15.0
1.15.0
September 27, 2023
SECURITY:
- secrets/transit: fix a regression that was honoring nonces provided in non-convergent modes during encryption. [GH-22852]
CHANGES:
- auth/alicloud: Update plugin to v0.16.0 [GH-22646]
- auth/azure: Update plugin to v0.16.0 [GH-22277]
- auth/azure: Update plugin to v0.16.1 [GH-22795]
- auth/azure: Update plugin to v0.16.2 [GH-23060]
- auth/cf: Update plugin to v0.15.1 [GH-22758]
- auth/gcp: Update plugin to v0.16.1 [GH-22612]
- auth/jwt: Update plugin to v0.17.0 [GH-22678]
- auth/kerberos: Update plugin to v0.10.1 [GH-22797]
- auth/kubernetes: Update plugin to v0.17.0 [GH-22709]
- auth/kubernetes: Update plugin to v0.17.1 [GH-22879]
- auth/ldap: Normalize HTTP response codes when invalid credentials are provided [GH-21282]
- auth/oci: Update plugin to v0.14.2 [GH-22805]
- core (enterprise): Ensure Role Governing Policies are only applied down the namespace hierarchy
- core/namespace (enterprise): Introduce the concept of high-privilege namespace (administrative namespace),
which will have access to some system backend paths that were previously only accessible in the root namespace. [GH-21215] - core: Bump Go version to 1.21.1.
- database/couchbase: Update plugin to v0.9.3 [GH-22854]
- database/couchbase: Update plugin to v0.9.4 [GH-22871]
- database/elasticsearch: Update plugin to v0.13.3 [GH-22696]
- database/mongodbatlas: Update plugin to v0.10.1 [GH-22655]
- database/redis-elasticache: Update plugin to v0.2.2 [GH-22584]
- database/redis-elasticache: Update plugin to v0.2.3 [GH-22598]
- database/redis: Update plugin to v0.2.2 [GH-22654]
- database/snowflake: Update plugin to v0.9.0 [GH-22516]
- events: Log level for processing an event dropped from info to debug. [GH-22997]
- events:
data_path
will include full data path of secret, including name. [GH-22487] - replication (enterprise): Switch to non-deprecated gRPC field for resolver target host
- sdk/logical/events:
EventSender
interface method is nowSendEvent
instead ofSend
. [GH-22487] - secrets/ad: Update plugin to v0.16.1 [GH-22856]
- secrets/alicloud: Update plugin to v0.15.1 [GH-22533]
- secrets/azure: Update plugin to v0.16.2 [GH-22799]
- secrets/azure: Update plugin to v0.16.3 [GH-22824]
- secrets/gcp: Update plugin to v0.17.0 [GH-22746]
- secrets/gcpkms: Update plugin to v0.15.1 [GH-22757]
- secrets/keymgmt: Update plugin to v0.9.3
- secrets/kubernetes: Update plugin to v0.6.0 [GH-22823]
- secrets/kv: Update plugin to v0.16.1 [GH-22716]
- secrets/mongodbatlas: Update plugin to v0.10.1 [GH-22748]
- secrets/openldap: Update plugin to v0.11.2 [GH-22734]
- secrets/terraform: Update plugin to v0.7.3 [GH-22907]
- secrets/transform (enterprise): Enforce a transformation role's max_ttl setting on encode requests, a warning will be returned if max_ttl was applied.
- storage/aerospike: Aerospike storage shouldn't be used on 32-bit architectures and is now unsupported on them. [GH-20825]
- telemetry: Replace
vault.rollback.attempt.{MOUNT_POINT}
andvault.route.rollback.{MOUNT_POINT}
metrics withvault.rollback.attempt
andvault.route.rollback metrics
by default. Added a telemetry configurationadd_mount_point_rollback_metrics
which, when set to true, causes vault to emit the metrics with mount points in their names. [GH-22400]
FEATURES:
- Certificate Issuance External Policy Service (CIEPS) (enterprise): Allow highly-customizable operator control of certificate validation and generation through the PKI Secrets Engine.
- Copyable KV v2 paths in UI: KV v2 secret paths are copyable for use in CLI commands or API calls [GH-22551]
- Dashboard UI: Dashboard is now available in the UI as the new landing page. [GH-21057]
- Database Static Role Advanced TTL Management: Adds the ability to rotate
- Event System: Add subscribe capability and subscribe_event_types to policies for events. [GH-22474]
static roles on a defined schedule. [GH-22484] - GCP IAM Support: Adds support for IAM-based authentication to MySQL and PostgreSQL backends using Google Cloud SQL. [GH-22445]
- Improved KV V2 UI: Updated and restructured secret engine for KV (version 2 only) [GH-22559]
- Merkle Tree Corruption Detection (enterprise): Add a new endpoint to check merkle tree corruption.
- Plugin Containers: Vault supports registering, managing, and running plugins inside a container on Linux. [GH-22712]
- SAML Auth Method (enterprise): Enable users to authenticate with Vault using their identity in a SAML Identity Provider.
- Seal High Availability Beta (enterprise): operators can try out configuring more than one automatic seal for resilience against seal provider outages. Not for production use at this time.
- Secrets Sync (enterprise): Add the ability to synchronize KVv2 secret with external secrets manager solutions.
- UI LDAP secrets engine: Add LDAP secrets engine to the UI. [GH-20790]
IMPROVEMENTS:
- Bump github.com/hashicorp/go-plugin version v1.4.9 -> v1.4.10 [GH-20966]
- api: add support for cloning a Client's tls.Config. [GH-21424]
- api: adding a new api sys method for replication status [GH-20995]
- audit: add core audit events experiment [GH-21628]
- auth/aws: Added support for signed GET requests for authenticating to vault using the aws iam method. [GH-10961]
- auth/azure: Add support for azure workload identity authentication (see issue
#18257). Update go-kms-wrapping dependency to include PR
#155 [GH-22994] - auth/azure: Added Azure API configurable retry options [GH-23059]
- auth/cert: Adds support for requiring hexadecimal-encoded non-string certificate extension values [GH-21830]
- auth/ldap: improved login speed by adding concurrency to LDAP token group searches [GH-22659]
- auto-auth/azure: Added Azure Workload Identity Federation support to auto-auth (for Vault Agent and Vault Proxy). [GH-22264]
- auto-auth: added support for LDAP auto-auth [GH-21641]
- aws/auth: Adds a new config field
use_sts_region_from_client
which allows for using dynamic regional sts endpoints based on Authorization header when using IAM-based authentication. [GH-21960] - command/server: add
-dev-tls-san
flag to configure subject alternative names for the certificate generated when using-dev-tls
. [GH-22657] - core (ent) : Add field that allows lease-count namespace quotas to be inherited by child namespaces.
- core : Add field that allows rate-limit namespace quotas to be inherited by child namespaces. [GH-22452]
- core/fips: Add RPM, DEB packages of FIPS 140-2 and HSM+FIPS 140-2 Vault Enterprise.
- core/quotas: Add configuration to allow skipping of expensive role calculations [GH-22651]
- core: Add a new periodic metric to track the number of available policies,
vault.policy.configured.count
. [GH-21010] - core: Fix OpenAPI representatio...
v1.14.4
1.14.4
September 27, 2023
CHANGES:
- core (enterprise): Ensure Role Governing Policies are only applied down the namespace hierarchy
IMPROVEMENTS:
- ui: Add pagination to PKI roles, keys, issuers, and certificates list pages [GH-23193]
- ui: Added allowed_domains_template field for CA type role in SSH engine [GH-23119]
- ui: Adds tidy_revoked_certs to PKI tidy status page [GH-23232]
- ui: Adds warning before downloading KV v2 secret values [GH-23260]
BUG FIXES:
- core: Fixes list password policy to include those with names containing / characters. [GH-23155]
- docs: fix wrong api path for ldap secrets cli-commands [GH-23225]
- secrets/pki: Fix removal of issuers to clean up unreferenced CRLs. [GH-23007]
- ui (enterprise): Fix error message when generating SSH credential with control group [GH-23025]
- ui: Fix the issue where confirm delete dropdown is being cut off [GH-23066]
- ui: Fixes filter and search bug in secrets engines [GH-23123]
- ui: don't exclude features present on license [GH-22855]
v1.13.8
1.13.8
September 27, 2023
CHANGES:
- core (enterprise): Ensure Role Governing Policies are only applied down the namespace hierarchy
IMPROVEMENTS:
- ui: Added allowed_domains_template field for CA type role in SSH engine [GH-23119]
BUG FIXES:
- core: Fixes list password policy to include those with names containing / characters. [GH-23155]
- docs: fix wrong api path for ldap secrets cli-commands [GH-23225]
- secrets/pki: Fix removal of issuers to clean up unreferenced CRLs. [GH-23007]
- ui (enterprise): Fix error message when generating SSH credential with control group [GH-23025]
- ui: Fixes old pki's filter and search roles page bug [GH-22810]
- ui: don't exclude features present on license [GH-22855]
v1.15.0-rc1
1.15.0-rc1
September 13, 2023
SECURITY:
- secrets/transit: fix a regression that was honoring nonces provided in non-convergent modes during encryption. [GH-22852]
CHANGES:
- auth/alicloud: Update plugin to v0.16.0 [GH-22646]
- auth/azure: Update plugin to v0.16.0 [GH-22277]
- auth/azure: Update plugin to v0.16.1 [GH-22795]
- auth/cf: Update plugin to v0.15.1 [GH-22758]
- auth/gcp: Update plugin to v0.16.1 [GH-22612]
- auth/jwt: Update plugin to v0.17.0 [GH-22678]
- auth/kerberos: Update plugin to v0.10.1 [GH-22797]
- auth/kubernetes: Update plugin to v0.17.0 [GH-22709]
- auth/kubernetes: Update plugin to v0.17.1 [GH-22879]
- auth/ldap: Normalize HTTP response codes when invalid credentials are provided [GH-21282]
- auth/oci: Update plugin to v0.14.2 [GH-22805]
- core/namespace (enterprise): Introduce the concept of high-privilege namespace (administrative namespace),
which will have access to some system backend paths that were previously only accessible in the root namespace. [GH-21215] - core: Bump Go version to 1.21.1.
- database/couchbase: Update plugin to v0.9.3 [GH-22854]
- database/couchbase: Update plugin to v0.9.4 [GH-22871]
- database/elasticsearch: Update plugin to v0.13.3 [GH-22696]
- database/mongodbatlas: Update plugin to v0.10.1 [GH-22655]
- database/redis-elasticache: Update plugin to v0.2.2 [GH-22584]
- database/redis-elasticache: Update plugin to v0.2.3 [GH-22598]
- database/redis: Update plugin to v0.2.2 [GH-22654]
- database/snowflake: Update plugin to v0.9.0 [GH-22516]
- events:
data_path
will include full data path of secret, including name. [GH-22487] - replication (enterprise): Switch to non-deprecated gRPC field for resolver target host
- sdk/logical/events:
EventSender
interface method is nowSendEvent
instead ofSend
. [GH-22487] - secrets/ad: Update plugin to v0.16.1 [GH-22856]
- secrets/alicloud: Update plugin to v0.15.1 [GH-22533]
- secrets/azure: Update plugin to v0.16.2 [GH-22799]
- secrets/azure: Update plugin to v0.16.3 [GH-22824]
- secrets/gcp: Update plugin to v0.17.0 [GH-22746]
- secrets/gcpkms: Update plugin to v0.15.1 [GH-22757]
- secrets/keymgmt: Update plugin to v0.9.3
- secrets/kubernetes: Update plugin to v0.6.0 [GH-22823]
- secrets/kv: Update plugin to v0.16.1 [GH-22716]
- secrets/mongodbatlas: Update plugin to v0.10.1 [GH-22748]
- secrets/openldap: Update plugin to v0.11.2 [GH-22734]
- secrets/terraform: Update plugin to v0.7.3 [GH-22907]
- secrets/transform (enterprise): Enforce a transformation role's max_ttl setting on encode requests, a warning will be returned if max_ttl was applied.
- storage/aerospike: Aerospike storage shouldn't be used on 32-bit architectures and is now unsupported on them. [GH-20825]
- telemetry: Replace
vault.rollback.attempt.{MOUNT_POINT}
andvault.route.rollback.{MOUNT_POINT}
metrics withvault.rollback.attempt
andvault.route.rollback metrics
by default. Added a telemetry configurationadd_mount_point_rollback_metrics
which, when set to true, causes vault to emit the metrics with mount points in their names. [GH-22400]
FEATURES:
- Merkle Tree Corruption Detection (enterprise): Add a new endpoint to check merkle tree corruption.
- Copyable KV v2 paths in UI: KV v2 secret paths are copyable for use in CLI commands or API calls [GH-22551]
- Dashboard UI: Dashboard is now available in the UI as the new landing page. [GH-21057]
- Database Static Role Advanced TTL Management: Adds the ability to rotate
static roles on a defined schedule. [GH-22484] - GCP IAM Support: Adds support for IAM-based authentication to MySQL and PostgreSQL backends using Google Cloud SQL. [GH-22445]
- Improved KV V2 UI: Updated and restructured secret engine for KV (version 2 only) [GH-22559]
- Plugin Containers: Vault supports registering, managing, and running plugins inside a container on Linux. [GH-22712]
- SAML Auth Method (enterprise): Enable users to authenticate with Vault using their identity in a SAML Identity Provider.
- UI LDAP secrets engine: Add LDAP secrets engine to the UI. [GH-20790]
- Event System: Add subscribe capability and subscribe_event_types to policies for events. [GH-22474]
- Certificate Issuance External Policy Service (CIEPS): Allow highly-customizable operator control of certificate validation and generation through the PKI Secrets Engine.
- Agent auto-auth: support ldap auth [GH-21641]
- Seal High Availability Beta (enterprise): operators can try out configuring more than one automatic seal for resilience against seal provider outages. Not for production use at this time.
- Secrets Sync (enterprise): Add the ability to synchronize KVv2 secret with external secrets manager solutions.```
IMPROVEMENTS:
- Bump github.com/hashicorp/go-plugin version v1.4.9 -> v1.4.10 [GH-20966]
- api: add support for cloning a Client's tls.Config. [GH-21424]
- api: adding a new api sys method for replication status [GH-20995]
- audit: add core audit events experiment [GH-21628]
- auth/aws: Added support for signed GET requests for authenticating to vault using the aws iam method. [GH-10961]
- auth/cert: Adds support for requiring hexadecimal-encoded non-string certificate extension values [GH-21830]
- auth/ldap: improved login speed by adding concurrency to LDAP token group searches [GH-22659]
- auto-auth/azure: Added Azure Workload Identity Federation support to auto-auth (for Vault Agent and Vault Proxy). [GH-22264]
- aws/auth: Adds a new config field
use_sts_region_from_client
which allows for using dynamic regional sts endpoints based on Authorization header when using IAM-based authentication. [GH-21960] - command/server: add
-dev-tls-san
flag to configure subject alternative names for the certificate generated when using-dev-tls
. [GH-22657] - core (ent) : Add field that allows lease-count namespace quotas to be inherited by child namespaces.
- core : Add field that allows rate-limit namespace quotas to be inherited by child namespaces. [GH-22452]
- core/fips: Add RPM, DEB packages of FIPS 140-2 and HSM+FIPS 140-2 Vault Enterprise.
- core/quotas: Add configuration to allow skipping of expensive role calculations [GH-22651]
- core: Add a new periodic metric to track the number of available policies,
vault.policy.configured.count
. [GH-21010] - core: Fix OpenAPI representation and
-output-policy
recognition of some non-standard sudo paths [GH-21772] - core: Fix regexes for
sys/raw/
andsys/leases/lookup/
to match prevailing conventions [GH-21760] - core: Log rollback manager failures during unmount, remount to prevent replication failures on secondary clusters. [GH-22235]
- core: Use a worker pool for the rollback manager. Add new metrics for the rollback manager to track the queued tasks. [GH-22567]
- core: add a listener configuration "chroot_namespace" that forces requests to use...
v1.14.3
1.14.3
September 13, 2023
SECURITY:
- secrets/transit: fix a regression that was honoring nonces provided in non-convergent modes during encryption. [GH-22852]
CHANGES:
- core: Bump Go version to 1.20.8.
FEATURES:
- Merkle Tree Corruption Detection (enterprise): Add a new endpoint to check merkle tree corruption.
IMPROVEMENTS:
- auth/ldap: improved login speed by adding concurrency to LDAP token group searches [GH-22659]
- core/quotas: Add configuration to allow skipping of expensive role calculations [GH-22651]
- kmip (enterprise): reduce latency of KMIP operation handling
BUG FIXES:
- cli: Fix the CLI failing to return wrapping information for KV PUT and PATCH operations when format is set to
table
. [GH-22818] - core/quotas: Only perform ResolveRoleOperation for role-based quotas and lease creation. [GH-22597]
- core/quotas: Reduce overhead for role calculation when using cloud auth methods. [GH-22583]
- core/seal: add a workaround for potential connection [hangs] in Azure autoseals. [GH-22760]
- core: All subloggers now reflect configured log level on reload. [GH-22038]
- kmip (enterprise): fix date handling error with some re-key operations
- raft/autopilot: Add dr-token flag for raft autopilot cli commands [GH-21165]
- replication (enterprise): Fix discovery of bad primary cluster addresses to be more reliable
- secrets/transit: fix panic when providing non-PEM formatted public key for import [GH-22753]
- ui: fixes long namespace names overflow in the sidebar
v1.13.7
1.13.7
September 13, 2023
SECURITY:
- secrets/transit: fix a regression that was honoring nonces provided in non-convergent modes during encryption. [GH-22852]
CHANGES:
- core: Bump Go version to 1.20.8.
- database/snowflake: Update plugin to v0.7.3 [GH-22591]
FEATURES:
- Merkle Tree Corruption Detection (enterprise): Add a new endpoint to check merkle tree corruption.
IMPROVEMENTS:
- auth/ldap: improved login speed by adding concurrency to LDAP token group searches [GH-22659]
- core/quotas: Add configuration to allow skipping of expensive role calculations [GH-22651]
- kmip (enterprise): reduce latency of KMIP operation handling
BUG FIXES:
- cli: Fix the CLI failing to return wrapping information for KV PUT and PATCH operations when format is set to
table
. [GH-22818] - core/quotas: Only perform ResolveRoleOperation for role-based quotas and lease creation. [GH-22597]
- core/quotas: Reduce overhead for role calculation when using cloud auth methods. [GH-22583]
- core/seal: add a workaround for potential connection [hangs] in Azure autoseals. [GH-22760]
- core: All subloggers now reflect configured log level on reload. [GH-22038]
- kmip (enterprise): fix date handling error with some re-key operations
- raft/autopilot: Add dr-token flag for raft autopilot cli commands [GH-21165]
- replication (enterprise): Fix discovery of bad primary cluster addresses to be more reliable
v1.12.11
1.12.11
September 13, 2023
SECURITY:
- secrets/transit: fix a regression that was honoring nonces provided in non-convergent modes during encryption. [GH-22852]
IMPROVEMENTS:
- auth/ldap: improved login speed by adding concurrency to LDAP token group searches [GH-22659]
- kmip (enterprise): reduce latency of KMIP operation handling
BUG FIXES:
- cli: Fix the CLI failing to return wrapping information for KV PUT and PATCH operations when format is set to
table
. [GH-22818] - core/quotas: Reduce overhead for role calculation when using cloud auth methods. [GH-22583]
- core/seal: add a workaround for potential connection [hangs] in Azure autoseals. [GH-22760]
- raft/autopilot: Add dr-token flag for raft autopilot cli commands [GH-21165]
- replication (enterprise): Fix discovery of bad primary cluster addresses to be more reliable