open-vault/website/source/guides/upgrading/upgrade-to-0.6.3.html.md

---
layout: "guides"
page_title: "Upgrading to Vault 0.6.3 - Guides"
sidebar_current: "guides-upgrading-to-0.6.3"
description: |-
  This page contains the list of deprecations and important or breaking changes
  for Vault 0.6.3. Please read it carefully.
---

# Overview

This page contains the list of deprecations and important or breaking changes
for Vault 0.6.3. Please read it carefully.

## LDAP Null Binds Disabled By Default

When using the LDAP Auth Backend, `deny_null_bind` has a default value of
`true`, preventing a successful user authentication when an empty password
is provided. If you utilize passwordless LDAP binds, `deny_null_bind` must
be set to `false`. Upgrades will keep previous behavior until the LDAP
configuration information is rewritten, at which point the new behavior
will be utilized.

## Request Size Limitation

A maximum request size of 32MB is imposed to prevent a denial of service attack
with arbitrarily large requests.

## Any Audit Backend Successfully Activated Allows Active Duty

Previously, when a new Vault node was taking over service in an HA cluster, all
audit backends were required to be active successfully to take over active
duty. This behavior now matches the behavior of the audit logging system
itself: at least one audit backend must successfully be activated. The server
log contains an error when this occurs. This helps keep a Vault HA cluster
working when there is a misconfiguration on a standby node.
Disallow passwords LDAP binds by default (#2103) 2016-12-01 18:11:40 +00:00			`---`
Add rekeying guide & move guides to top-level (#2935) 2017-06-29 13:43:43 +00:00			`layout: "guides"`
Move upgrade into guides (#2460) * Move upgrades to guides * Make root token copy-pastable 2017-03-08 22:33:58 +00:00			`page_title: "Upgrading to Vault 0.6.3 - Guides"`
Add rekeying guide & move guides to top-level (#2935) 2017-06-29 13:43:43 +00:00			`sidebar_current: "guides-upgrading-to-0.6.3"`
Disallow passwords LDAP binds by default (#2103) 2016-12-01 18:11:40 +00:00			`description: \|-`
Move upgrade into guides (#2460) * Move upgrades to guides * Make root token copy-pastable 2017-03-08 22:33:58 +00:00			`This page contains the list of deprecations and important or breaking changes`
			`for Vault 0.6.3. Please read it carefully.`
Disallow passwords LDAP binds by default (#2103) 2016-12-01 18:11:40 +00:00			`---`

			`# Overview`

			`This page contains the list of deprecations and important or breaking changes`
			`for Vault 0.6.3. Please read it carefully.`

			`## LDAP Null Binds Disabled By Default`

			When using the LDAP Auth Backend, `deny_null_bind` has a default value of
			`true`, preventing a successful user authentication when an empty password
			is provided. If you utilize passwordless LDAP binds, `deny_null_bind` must
			be set to `false`. Upgrades will keep previous behavior until the LDAP
			`configuration information is rewritten, at which point the new behavior`
			`will be utilized.`
Prep for 0.6.3 2016-12-06 16:26:29 +00:00
			`## Request Size Limitation`

			`A maximum request size of 32MB is imposed to prevent a denial of service attack`
			`with arbitrarily large requests.`

			`## Any Audit Backend Successfully Activated Allows Active Duty`

			`Previously, when a new Vault node was taking over service in an HA cluster, all`
			`audit backends were required to be active successfully to take over active`
			`duty. This behavior now matches the behavior of the audit logging system`
			`itself: at least one audit backend must successfully be activated. The server`
			`log contains an error when this occurs. This helps keep a Vault HA cluster`
			`working when there is a misconfiguration on a standby node.`