Add 1.3.0 upgrade guide (#7881)

This commit is contained in:
Brian Kassouf 2019-11-14 09:10:39 -08:00 committed by GitHub
parent e3e35e7bc4
commit 23a22809fa
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 33 additions and 1 deletions

View file

@ -0,0 +1,31 @@
---
layout: "docs"
page_title: "Upgrading to Vault 1.3.0 - Guides"
sidebar_title: "Upgrade to 1.3.0"
sidebar_current: "docs-upgrading-to-1.3.0"
description: |-
This page contains the list of deprecations and important or breaking changes
for Vault 1.3.0. Please read it carefully.
---
# Overview
This page contains the list of deprecations and important or breaking changes
for Vault 1.3.0 compared to 1.2.4. Please read it carefully.
## Secondary cluster activation
There has been a change to the way that activating performance and DR secondary
clusters works when using public keys for encryption of the parameters rather
than a wrapping token. This flow was experimental and never documented. It is
now officially supported and documented but is not backwards compatible with
older Vault releases.
## Cluster cipher suites
On its cluster port, Vault will no longer advertise the full TLS 1.2 cipher
suite list by default. Although this port is only used for Vault-to-Vault
communication and would always pick a strong cipher, it could cause false flags
on port scanners and other security utilities that assumed insecure ciphers were
being used. The previous behavior can be achieved by setting the value of the
(undocumented) cluster_cipher_suites config flag to tls12.

View file

@ -376,7 +376,8 @@
'upgrade-to-1.1.2',
'upgrade-to-1.2.0',
'upgrade-to-1.2.1',
'upgrade-to-1.2.4'
'upgrade-to-1.2.4',
'upgrade-to-1.3.0'
]
},
'----------------',