2015-05-02 20:37:26 +00:00
|
|
|
## 0.1.2 (unreleased)
|
|
|
|
|
|
2015-05-11 17:14:36 +00:00
|
|
|
FEATURES:
|
|
|
|
|
|
|
|
|
|
* **New physical backend: `zookeeper`**: store physical data in Zookeeper.
|
|
|
|
|
HA not supported yet.
|
2015-05-11 17:56:41 +00:00
|
|
|
* **New credential backend: `ldap`**: authenticate using LDAP credentials.
|
2015-05-11 17:14:36 +00:00
|
|
|
|
2015-05-11 17:06:36 +00:00
|
|
|
IMPROVEMENTS:
|
2015-05-02 20:37:26 +00:00
|
|
|
|
2015-05-11 17:06:36 +00:00
|
|
|
* core: Auth backends can store internal data about auth creds
|
2015-05-11 17:46:03 +00:00
|
|
|
* audit: display name for auth is shown in logs [GH-176]
|
2015-05-11 18:01:48 +00:00
|
|
|
* command/*: `-insecure` has been renamed to `-tls-skip-verify` [GH-130]
|
2015-05-11 17:31:47 +00:00
|
|
|
* command/*: `VAULT_TOKEN` overrides local stored auth [GH-162]
|
2015-05-11 17:09:21 +00:00
|
|
|
* command/server: environment variables are copy-pastable
|
2015-05-11 17:46:03 +00:00
|
|
|
* credential/app-id: hash of app and user ID are in metadata [GH-176]
|
2015-05-11 17:56:41 +00:00
|
|
|
* http: HTTP API accepts `X-Vault-Token` as auth header [GH-124]
|
2015-05-11 17:09:21 +00:00
|
|
|
* logical/*: Generate help output even if no synopsis specified
|
2015-05-11 17:06:36 +00:00
|
|
|
|
|
|
|
|
BUG FIXES:
|
|
|
|
|
|
|
|
|
|
* core: login endpoints should never return secrets
|
|
|
|
|
* core: Internal data should never be returned from core endpoints
|
2015-05-11 17:09:21 +00:00
|
|
|
* core: defer barrier initialization to as late as possible to avoid
|
|
|
|
|
error cases during init that corrupt data (no data loss)
|
|
|
|
|
* core: guard against invalid init config earlier
|
2015-05-11 17:10:56 +00:00
|
|
|
* audit/file: create file if it doesn't exist [GH-148]
|
2015-05-11 18:28:22 +00:00
|
|
|
* command/*: ignore directories when traversing CA paths [GH-181]
|
2015-05-11 17:28:11 +00:00
|
|
|
* credential/*: all policy mapping keys are case insensitive [GH-163]
|
2015-05-11 17:09:21 +00:00
|
|
|
* physical/consul: Fixing path for locking so HA works in every case
|
2015-05-02 20:37:26 +00:00
|
|
|
|
2015-05-02 20:29:32 +00:00
|
|
|
## 0.1.1 (May 2, 2015)
|
2015-04-28 21:45:38 +00:00
|
|
|
|
2015-05-02 20:34:01 +00:00
|
|
|
SECURITY CHANGES:
|
|
|
|
|
|
2015-05-02 20:34:39 +00:00
|
|
|
* physical/file: create the storge with 0600 permissions [GH-102]
|
2015-05-02 20:34:01 +00:00
|
|
|
* token/disk: write the token to disk with 0600 perms
|
|
|
|
|
|
2015-04-28 22:12:20 +00:00
|
|
|
IMPROVEMENTS:
|
|
|
|
|
|
2015-04-29 01:56:44 +00:00
|
|
|
* core: Very verbose error if mlock fails [GH-59]
|
2015-05-02 20:08:35 +00:00
|
|
|
* command/*: On error with TLS oversized record, show more human-friendly
|
|
|
|
|
error message. [GH-123]
|
2015-05-02 20:12:09 +00:00
|
|
|
* command/read: `lease_renewable` is now outputed along with the secret
|
|
|
|
|
to show whether it is renewable or not
|
2015-04-28 22:12:20 +00:00
|
|
|
* command/server: Add configuration option to disable mlock
|
|
|
|
|
* command/server: Disable mlock for dev mode so it works on more systems
|
|
|
|
|
|
2015-04-28 21:54:14 +00:00
|
|
|
BUG FIXES:
|
2015-04-28 21:45:38 +00:00
|
|
|
|
2015-04-28 21:54:14 +00:00
|
|
|
* core: if token helper isn't absolute, prepend with path to Vault
|
|
|
|
|
executable, not "vault" (which requires PATH) [GH-60]
|
2015-05-02 20:17:42 +00:00
|
|
|
* core: Any "mapping" routes allow hyphens in keys [GH-119]
|
2015-05-02 20:28:33 +00:00
|
|
|
* core: Validate `advertise_addr` is a valid URL with scheme [GH-106]
|
2015-05-02 20:21:51 +00:00
|
|
|
* command/auth: Using an invalid token won't crash [GH-75]
|
2015-05-02 20:17:42 +00:00
|
|
|
* credential/app-id: app and user IDs can have hyphens in keys [GH-119]
|
2015-04-29 16:59:05 +00:00
|
|
|
* helper/password: import proper DLL for Windows to ask password [GH-83]
|
2015-04-28 21:45:38 +00:00
|
|
|
|
2015-04-28 16:12:09 +00:00
|
|
|
## 0.1.0 (April 28, 2015)
|
|
|
|
|
|
|
|
|
|
* Initial release
|
