open-vault/website/source/guides/upgrading/upgrade-to-0.6.3.html.md

37 lines
1.4 KiB
Markdown
Raw Normal View History

---
layout: "guides"
page_title: "Upgrading to Vault 0.6.3 - Guides"
sidebar_current: "guides-upgrading-to-0.6.3"
description: |-
This page contains the list of deprecations and important or breaking changes
for Vault 0.6.3. Please read it carefully.
---
# Overview
This page contains the list of deprecations and important or breaking changes
for Vault 0.6.3. Please read it carefully.
## LDAP Null Binds Disabled By Default
When using the LDAP auth method, `deny_null_bind` has a default value of
`true`, preventing a successful user authentication when an empty password
is provided. If you utilize passwordless LDAP binds, `deny_null_bind` must
be set to `false`. Upgrades will keep previous behavior until the LDAP
configuration information is rewritten, at which point the new behavior
will be utilized.
2016-12-06 16:26:29 +00:00
## Request Size Limitation
A maximum request size of 32MB is imposed to prevent a denial of service attack
with arbitrarily large requests.
2017-09-21 21:14:40 +00:00
## Any Audit Device Successfully Activated Allows Active Duty
2016-12-06 16:26:29 +00:00
Previously, when a new Vault node was taking over service in an HA cluster, all
2017-09-21 21:14:40 +00:00
audit devices were required to be active successfully to take over active
2016-12-06 16:26:29 +00:00
duty. This behavior now matches the behavior of the audit logging system
2017-09-21 21:14:40 +00:00
itself: at least one audit device must successfully be activated. The server
2016-12-06 16:26:29 +00:00
log contains an error when this occurs. This helps keep a Vault HA cluster
working when there is a misconfiguration on a standby node.