diff --git a/website/content/docs/release-notes/1.13.0.mdx b/website/content/docs/release-notes/1.13.0.mdx index 8aa713085..eea72204d 100644 --- a/website/content/docs/release-notes/1.13.0.mdx +++ b/website/content/docs/release-notes/1.13.0.mdx @@ -124,6 +124,10 @@ The fix for this UI issue is coming in the Vault 1.13.1 release. @include 'known-issues/ephemeral-loggers-memory-leak.mdx' +@include 'known-issues/sublogger-levels-unchanged-on-reload.mdx' + +@include 'known-issues/expiration-metrics-fatal-error.mdx' + ## Feature deprecations and EOL Please refer to the [Deprecation Plans and Notice](/vault/docs/deprecation) page diff --git a/website/content/docs/release-notes/1.14.0.mdx b/website/content/docs/release-notes/1.14.0.mdx index 6ba6ff6f4..58c59acfc 100644 --- a/website/content/docs/release-notes/1.14.0.mdx +++ b/website/content/docs/release-notes/1.14.0.mdx @@ -18,8 +18,11 @@ Version | Issue 1.14.0+ | [Users limited by control groups can only access issuer detail from PKI overview page](/vault/docs/upgrading/upgrade-to-1.14.x#ui-pki-control-groups) All | [API calls to update-primary may lead to data loss](/vault/docs/upgrading/upgrade-to-1.14.x#update-primary-data-loss) 1.14.0+ | [AWS static roles ignore changes to rotation period](/vault/docs/upgrading/upgrade-to-1.14.x#aws-static-role-rotation) -1.14.3+ | [Vault storing references to ephemeral sub-loggers causing memory leak](/vault/docs/upgrading/upgrade-to-1.14.x#ephemeral-loggers-memory-leak) -1.14.4+ | [Internal error when vault policy in namespace does not exist](/vault/docs/upgrading/upgrade-to-1.14.x#internal-error-when-vault-policy-in-namespace-does-not-exist) +1.14.0+ | [UI Collapsed navbar does not allow certain click events](/vault/docs/upgrading/upgrade-to-1.14.x#ui-collapsed-navbar) +1.14.3 - 1.14.5 | [Vault storing references to ephemeral sub-loggers leading to unbounded memory consumption](/vault/docs/upgrading/upgrade-to-1.14.x#vault-is-storing-references-to-ephemeral-sub-loggers-leading-to-unbounded-memory-consumption) +1.14.4 - 1.14.5 | [Internal error when vault policy in namespace does not exist](/vault/docs/upgrading/upgrade-to-1.14.x#internal-error-when-vault-policy-in-namespace-does-not-exist) +1.14.0+ | [Sublogger levels not adjusted on reload](/vault/docs/upgrading/upgrade-to-1.14.x#sublogger-levels-unchanged-on-reload) +1.14.5 | [Fatal error during expiration metrics gathering causing Vault crash](/vault/docs/upgrading/upgrade-to-1.14.x#fatal-error-during-expiration-metrics-gathering-causing-vault-crash) ## Vault companion updates @@ -278,10 +281,6 @@ Follow the learn more links for more information, or browse the list of -@include 'known-issues/internal-error-namespace-missing-policy.mdx' - -@include 'known-issues/ephemeral-loggers-memory-leak.mdx' - ## Feature deprecations and EOL Deprecated in 1.14 | Retired in 1.14 diff --git a/website/content/docs/upgrading/upgrade-to-1.13.x.mdx b/website/content/docs/upgrading/upgrade-to-1.13.x.mdx index 37d2bb3e2..6b866410f 100644 --- a/website/content/docs/upgrading/upgrade-to-1.13.x.mdx +++ b/website/content/docs/upgrading/upgrade-to-1.13.x.mdx @@ -186,3 +186,7 @@ Affects Vault 1.13.0+ @include 'known-issues/internal-error-namespace-missing-policy.mdx' @include 'known-issues/ephemeral-loggers-memory-leak.mdx' + +@include 'known-issues/sublogger-levels-unchanged-on-reload.mdx' + +@include 'known-issues/expiration-metrics-fatal-error.mdx' diff --git a/website/content/docs/upgrading/upgrade-to-1.14.x.mdx b/website/content/docs/upgrading/upgrade-to-1.14.x.mdx index 0bc079f66..a04fd0f1f 100644 --- a/website/content/docs/upgrading/upgrade-to-1.14.x.mdx +++ b/website/content/docs/upgrading/upgrade-to-1.14.x.mdx @@ -51,6 +51,12 @@ is measuring cumulative time writing, and not the distribution of individual wri @include 'known-issues/transit-managed-keys-sign-fails.mdx' +@include 'known-issues/ui-collapsed-navbar.mdx' + @include 'known-issues/internal-error-namespace-missing-policy.mdx' @include 'known-issues/ephemeral-loggers-memory-leak.mdx' + +@include 'known-issues/sublogger-levels-unchanged-on-reload.mdx' + +@include 'known-issues/expiration-metrics-fatal-error.mdx' diff --git a/website/content/partials/known-issues/ephemeral-loggers-memory-leak.mdx b/website/content/partials/known-issues/ephemeral-loggers-memory-leak.mdx index 6f43b9e80..c45281560 100644 --- a/website/content/partials/known-issues/ephemeral-loggers-memory-leak.mdx +++ b/website/content/partials/known-issues/ephemeral-loggers-memory-leak.mdx @@ -1,14 +1,20 @@ -### Vault is storing references to ephemeral sub-loggers leading to a memory leak - -Vault is unexpectedly storing references to ephemeral sub-loggers which prevents them from being cleaned up, leading to -a memory leak. This impacts many areas of Vault, but primarily logins in Enterprise. -There is no workaround. +### Vault is storing references to ephemeral sub-loggers leading to unbounded memory consumption #### Affected versions -This issue affects Vault Community and Enterprise versions: -- 1.13.7+ -- 1.14.3+ -- 1.15.0+ +This memory consumption bug affects Vault Community and Enterprise versions: -A fix will be issued in the next release +- 1.13.7 - 1.13.9 +- 1.14.3 - 1.14.5 +- 1.15.0 - 1.15.1 + +This change that introduced this bug has been reverted as of 1.13.10, 1.14.6, and 1.15.2 + +#### Issue +Vault is unexpectedly storing references to ephemeral sub-loggers which prevents them from being cleaned up, leading to +unbound memory consumption for loggers. This came about from a change to address a previously known issue around +[sub-logger levels not being adjusted on reload](#sublogger-levels-unchanged-on-reload). +This impacts many areas of Vault, but primarily logins in Enterprise. + +#### Workaround +There is no workaround. diff --git a/website/content/partials/known-issues/expiration-metrics-fatal-error.mdx b/website/content/partials/known-issues/expiration-metrics-fatal-error.mdx new file mode 100644 index 000000000..2a539756f --- /dev/null +++ b/website/content/partials/known-issues/expiration-metrics-fatal-error.mdx @@ -0,0 +1,22 @@ +### Fatal error during expiration metrics gathering causing Vault crash + +#### Affected versions + +This issue affects Vault Community and Enterprise versions: +- 1.13.9 +- 1.14.5 +- 1.15.1 + +A fix has been issued in Vault 1.13.10, 1.14.6, and 1.15.2. + +#### Issue + +A recent change to Vault to improve state change speed (e.g. becoming active or standby) introduced a concurrency issue +which can lead to a concurrent iteration and write on a map, causing a fatal error and crashing Vault. This error occurs +when gathering lease and token metrics from the expiration manager. These metrics originate from the active node in a HA +cluster, as such a standby node will take over active duties and the cluster will remain functional should the original +active node encounter this bug. The new active node will be vulnerable to the same bug, but may not encounter it immediately. + +There is no workaround. + + diff --git a/website/content/partials/known-issues/sublogger-levels-unchanged-on-reload.mdx b/website/content/partials/known-issues/sublogger-levels-unchanged-on-reload.mdx new file mode 100644 index 000000000..33c72e2b7 --- /dev/null +++ b/website/content/partials/known-issues/sublogger-levels-unchanged-on-reload.mdx @@ -0,0 +1,32 @@ +### Sublogger levels not adjusted on reload ((#sublogger-levels-unchanged-on-reload)) + +#### Affected versions + +This issue affects all Vault Community and Vault Enterprise versions. + +#### Issue + +Vault does not honor a modified `log_level` configuration for certain subsystem +loggers on SIGHUP. + +The issue is known to specifically affect `resolver.watcher` and +`replication.index.*` subloggers. + +After modifying the `log_level` and issuing a reload (SIGHUP), some loggers are +updated to reflect the new configuration, while some subsystem logger levels +remain unchanged. + +For example, after starting a server with `log_level: "trace"` and modifying it +to `log_level: "info"` the following lines appear after reload: + +``` +[TRACE] resolver.watcher: dr mode doesn't have failover support, returning +... +[DEBUG] replication.index.perf: saved checkpoint: num_dirty=5 +[DEBUG] replication.index.local: saved checkpoint: num_dirty=0 +[DEBUG] replication.index.periodic: starting WAL GC: from=2531280 to=2531280 last=2531536 +``` + +#### Workaround + +The workaround is to restart the Vault server. diff --git a/website/content/partials/known-issues/ui-collapsed-navbar.mdx b/website/content/partials/known-issues/ui-collapsed-navbar.mdx new file mode 100644 index 000000000..08d28f137 --- /dev/null +++ b/website/content/partials/known-issues/ui-collapsed-navbar.mdx @@ -0,0 +1,16 @@ +### Collapsed navbar does not allow you to click inside the console or namespace picker + +#### Affected versions + +The UI issue affects Vault versions 1.14.0+ and 1.15.0+. +A fix is expected for Vault 1.16.0. + +#### Issue + +The Vauil UI currently uses a version of HDS that does not allow users to click +within collapsed elements. In particular, the dev console or namespace picker +become inaccessible when viewing the components in smaller viewports. + +#### Workaround + +Expand the width of the screen until you deactivate the collapsed view. Once the full navbar is displayed, click the desired components. \ No newline at end of file