Backport of Remove duplicate partial reference from release-notes into release/1.14.x (#24087)

* Remove duplicate partial reference from release-notes (#24081) * remove partial references from release-notes that link to upgrade guides, and change link in partial to anchor * Clarify leak is memory consumption There is no leak of information. * update references in table * update table to include range for affected versions --------- Co-authored-by: Meggie Ladlow <meggie@hashicorp.com> * update link in known issues table --------- Co-authored-by: davidadeleon <56207066+davidadeleon@users.noreply.github.com> Co-authored-by: Meggie Ladlow <meggie@hashicorp.com>
2023-11-09 15:42:53 -05:00 · 2023-11-09 15:42:53 -05:00 · 2eff100d5d
parent 73b3bd3d61
commit 2eff100d5d
8 changed files with 105 additions and 16 deletions
--- a/website/content/docs/release-notes/1.13.0.mdx
+++ b/website/content/docs/release-notes/1.13.0.mdx
@ -124,6 +124,10 @@ The fix for this UI issue is coming in the Vault 1.13.1 release.

@include 'known-issues/ephemeral-loggers-memory-leak.mdx'

+@include 'known-issues/sublogger-levels-unchanged-on-reload.mdx'
+
+@include 'known-issues/expiration-metrics-fatal-error.mdx'
+
 ## Feature deprecations and EOL

 Please refer to the [Deprecation Plans and Notice](/vault/docs/deprecation) page
--- a/website/content/docs/release-notes/1.14.0.mdx
+++ b/website/content/docs/release-notes/1.14.0.mdx
@ -18,8 +18,11 @@ Version | Issue
 1.14.0+ | [Users limited by control groups can only access issuer detail from PKI overview page](/vault/docs/upgrading/upgrade-to-1.14.x#ui-pki-control-groups)
 All     | [API calls to update-primary may lead to data loss](/vault/docs/upgrading/upgrade-to-1.14.x#update-primary-data-loss)
 1.14.0+ | [AWS static roles ignore changes to rotation period](/vault/docs/upgrading/upgrade-to-1.14.x#aws-static-role-rotation)
-1.14.3+ | [Vault storing references to ephemeral sub-loggers causing memory leak](/vault/docs/upgrading/upgrade-to-1.14.x#ephemeral-loggers-memory-leak)
-1.14.4+ | [Internal error when vault policy in namespace does not exist](/vault/docs/upgrading/upgrade-to-1.14.x#internal-error-when-vault-policy-in-namespace-does-not-exist)
+1.14.0+ | [UI Collapsed navbar does not allow certain click events](/vault/docs/upgrading/upgrade-to-1.14.x#ui-collapsed-navbar)
+1.14.3 - 1.14.5 | [Vault storing references to ephemeral sub-loggers leading to unbounded memory consumption](/vault/docs/upgrading/upgrade-to-1.14.x#vault-is-storing-references-to-ephemeral-sub-loggers-leading-to-unbounded-memory-consumption)
+1.14.4 - 1.14.5 | [Internal error when vault policy in namespace does not exist](/vault/docs/upgrading/upgrade-to-1.14.x#internal-error-when-vault-policy-in-namespace-does-not-exist)
+1.14.0+ | [Sublogger levels not adjusted on reload](/vault/docs/upgrading/upgrade-to-1.14.x#sublogger-levels-unchanged-on-reload)
+1.14.5  | [Fatal error during expiration metrics gathering causing Vault crash](/vault/docs/upgrading/upgrade-to-1.14.x#fatal-error-during-expiration-metrics-gathering-causing-vault-crash)

 ## Vault companion updates

@ -278,10 +281,6 @@ Follow the learn more links for more information, or browse the list of
  </tbody>
 </table>

-@include 'known-issues/internal-error-namespace-missing-policy.mdx'
-
-@include 'known-issues/ephemeral-loggers-memory-leak.mdx'
-
 ## Feature deprecations and EOL

 Deprecated in 1.14 | Retired in 1.14
--- a/website/content/docs/upgrading/upgrade-to-1.13.x.mdx
+++ b/website/content/docs/upgrading/upgrade-to-1.13.x.mdx
@ -186,3 +186,7 @@ Affects Vault 1.13.0+
@include 'known-issues/internal-error-namespace-missing-policy.mdx'

@include 'known-issues/ephemeral-loggers-memory-leak.mdx'
+
+@include 'known-issues/sublogger-levels-unchanged-on-reload.mdx'
+
+@include 'known-issues/expiration-metrics-fatal-error.mdx'
--- a/website/content/docs/upgrading/upgrade-to-1.14.x.mdx
+++ b/website/content/docs/upgrading/upgrade-to-1.14.x.mdx
@ -51,6 +51,12 @@ is measuring cumulative time writing, and not the distribution of individual wri

@include 'known-issues/transit-managed-keys-sign-fails.mdx'

+@include 'known-issues/ui-collapsed-navbar.mdx'
+
@include 'known-issues/internal-error-namespace-missing-policy.mdx'

@include 'known-issues/ephemeral-loggers-memory-leak.mdx'
+
+@include 'known-issues/sublogger-levels-unchanged-on-reload.mdx'
+
+@include 'known-issues/expiration-metrics-fatal-error.mdx'
--- a/website/content/partials/known-issues/ephemeral-loggers-memory-leak.mdx
+++ b/website/content/partials/known-issues/ephemeral-loggers-memory-leak.mdx
@ -1,14 +1,20 @@
-### Vault is storing references to ephemeral sub-loggers leading to a memory leak
-
-Vault is unexpectedly storing references to ephemeral sub-loggers which prevents them from being cleaned up, leading to
-a memory leak. This impacts many areas of Vault, but primarily logins in Enterprise.
-There is no workaround.
+### Vault is storing references to ephemeral sub-loggers leading to unbounded memory consumption

 #### Affected versions

-This issue affects Vault Community and Enterprise versions:
- 1.13.7+
- 1.14.3+
- 1.15.0+
+This memory consumption bug affects Vault Community and Enterprise versions:

-A fix will be issued in the next release
+- 1.13.7 - 1.13.9
+- 1.14.3 - 1.14.5
+- 1.15.0 - 1.15.1
+
+This change that introduced this bug has been reverted as of 1.13.10, 1.14.6, and 1.15.2
+
+#### Issue
+Vault is unexpectedly storing references to ephemeral sub-loggers which prevents them from being cleaned up, leading to
+unbound memory consumption for loggers. This came about from a change to address a previously known issue around
+[sub-logger levels not being adjusted on reload](#sublogger-levels-unchanged-on-reload).
+This impacts many areas of Vault, but primarily logins in Enterprise.
+
+#### Workaround
+There is no workaround.
--- a/website/content/partials/known-issues/expiration-metrics-fatal-error.mdx
+++ b/website/content/partials/known-issues/expiration-metrics-fatal-error.mdx
@ -0,0 +1,22 @@
+### Fatal error during expiration metrics gathering causing Vault crash
+
+#### Affected versions
+
+This issue affects Vault Community and Enterprise versions:
+- 1.13.9
+- 1.14.5
+- 1.15.1
+
+A fix has been issued in Vault 1.13.10, 1.14.6, and 1.15.2.
+
+#### Issue
+
+A recent change to Vault to improve state change speed (e.g. becoming active or standby) introduced a concurrency issue
+which can lead to a concurrent iteration and write on a map, causing a fatal error and crashing Vault. This error occurs
+when gathering lease and token metrics from the expiration manager. These metrics originate from the active node in a HA
+cluster, as such a standby node will take over active duties and the cluster will remain functional should the original
+active node encounter this bug. The new active node will be vulnerable to the same bug, but may not encounter it immediately.
+
+There is no workaround.
+
+
--- a/website/content/partials/known-issues/sublogger-levels-unchanged-on-reload.mdx
+++ b/website/content/partials/known-issues/sublogger-levels-unchanged-on-reload.mdx
@ -0,0 +1,32 @@
+### Sublogger levels not adjusted on reload ((#sublogger-levels-unchanged-on-reload))
+
+#### Affected versions
+
+This issue affects all Vault Community and Vault Enterprise versions.
+
+#### Issue
+
+Vault does not honor a modified `log_level` configuration for certain subsystem
+loggers on SIGHUP.
+
+The issue is known to specifically affect `resolver.watcher` and
+`replication.index.*` subloggers.
+
+After modifying the `log_level` and issuing a reload (SIGHUP), some loggers are
+updated to reflect the new configuration, while some subsystem logger levels
+remain unchanged.
+
+For example, after starting a server with `log_level: "trace"` and modifying it
+to `log_level: "info"` the following lines appear after reload:
+
+```
+[TRACE] resolver.watcher: dr mode doesn't have failover support, returning
+...
+[DEBUG] replication.index.perf: saved checkpoint: num_dirty=5
+[DEBUG] replication.index.local: saved checkpoint: num_dirty=0
+[DEBUG] replication.index.periodic: starting WAL GC: from=2531280 to=2531280 last=2531536
+```
+
+#### Workaround
+
+The workaround is to restart the Vault server.
--- a/website/content/partials/known-issues/ui-collapsed-navbar.mdx
+++ b/website/content/partials/known-issues/ui-collapsed-navbar.mdx
@ -0,0 +1,16 @@
+### Collapsed navbar does not allow you to click inside the console or namespace picker
+
+#### Affected versions
+
+The UI issue affects Vault versions 1.14.0+ and 1.15.0+.
+A fix is expected for Vault 1.16.0.
+
+#### Issue
+
+The Vauil UI currently uses a version of HDS that does not allow users to click
+within collapsed elements. In particular, the dev console or namespace picker
+become inaccessible when viewing the components in smaller viewports.
+
+#### Workaround
+
+Expand the width of the screen until you deactivate the collapsed view. Once the full navbar is displayed, click the desired components.