Backport of Remove duplicate partial reference from release-notes into release/1.14.x (#24087)

* Remove duplicate partial reference from release-notes (#24081)

* remove partial references from release-notes that link to upgrade guides, and change link in partial to anchor

* Clarify leak is memory consumption

There is no leak of information.

* update references in table

* update table to include range for affected versions

---------

Co-authored-by: Meggie Ladlow <meggie@hashicorp.com>

* update link in known issues table

---------

Co-authored-by: davidadeleon <56207066+davidadeleon@users.noreply.github.com>
Co-authored-by: Meggie Ladlow <meggie@hashicorp.com>
This commit is contained in:
hc-github-team-secure-vault-core 2023-11-09 15:42:53 -05:00 committed by GitHub
parent 73b3bd3d61
commit 2eff100d5d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 105 additions and 16 deletions

View File

@ -124,6 +124,10 @@ The fix for this UI issue is coming in the Vault 1.13.1 release.
@include 'known-issues/ephemeral-loggers-memory-leak.mdx' @include 'known-issues/ephemeral-loggers-memory-leak.mdx'
@include 'known-issues/sublogger-levels-unchanged-on-reload.mdx'
@include 'known-issues/expiration-metrics-fatal-error.mdx'
## Feature deprecations and EOL ## Feature deprecations and EOL
Please refer to the [Deprecation Plans and Notice](/vault/docs/deprecation) page Please refer to the [Deprecation Plans and Notice](/vault/docs/deprecation) page

View File

@ -18,8 +18,11 @@ Version | Issue
1.14.0+ | [Users limited by control groups can only access issuer detail from PKI overview page](/vault/docs/upgrading/upgrade-to-1.14.x#ui-pki-control-groups) 1.14.0+ | [Users limited by control groups can only access issuer detail from PKI overview page](/vault/docs/upgrading/upgrade-to-1.14.x#ui-pki-control-groups)
All | [API calls to update-primary may lead to data loss](/vault/docs/upgrading/upgrade-to-1.14.x#update-primary-data-loss) All | [API calls to update-primary may lead to data loss](/vault/docs/upgrading/upgrade-to-1.14.x#update-primary-data-loss)
1.14.0+ | [AWS static roles ignore changes to rotation period](/vault/docs/upgrading/upgrade-to-1.14.x#aws-static-role-rotation) 1.14.0+ | [AWS static roles ignore changes to rotation period](/vault/docs/upgrading/upgrade-to-1.14.x#aws-static-role-rotation)
1.14.3+ | [Vault storing references to ephemeral sub-loggers causing memory leak](/vault/docs/upgrading/upgrade-to-1.14.x#ephemeral-loggers-memory-leak) 1.14.0+ | [UI Collapsed navbar does not allow certain click events](/vault/docs/upgrading/upgrade-to-1.14.x#ui-collapsed-navbar)
1.14.4+ | [Internal error when vault policy in namespace does not exist](/vault/docs/upgrading/upgrade-to-1.14.x#internal-error-when-vault-policy-in-namespace-does-not-exist) 1.14.3 - 1.14.5 | [Vault storing references to ephemeral sub-loggers leading to unbounded memory consumption](/vault/docs/upgrading/upgrade-to-1.14.x#vault-is-storing-references-to-ephemeral-sub-loggers-leading-to-unbounded-memory-consumption)
1.14.4 - 1.14.5 | [Internal error when vault policy in namespace does not exist](/vault/docs/upgrading/upgrade-to-1.14.x#internal-error-when-vault-policy-in-namespace-does-not-exist)
1.14.0+ | [Sublogger levels not adjusted on reload](/vault/docs/upgrading/upgrade-to-1.14.x#sublogger-levels-unchanged-on-reload)
1.14.5 | [Fatal error during expiration metrics gathering causing Vault crash](/vault/docs/upgrading/upgrade-to-1.14.x#fatal-error-during-expiration-metrics-gathering-causing-vault-crash)
## Vault companion updates ## Vault companion updates
@ -278,10 +281,6 @@ Follow the learn more links for more information, or browse the list of
</tbody> </tbody>
</table> </table>
@include 'known-issues/internal-error-namespace-missing-policy.mdx'
@include 'known-issues/ephemeral-loggers-memory-leak.mdx'
## Feature deprecations and EOL ## Feature deprecations and EOL
Deprecated in 1.14 | Retired in 1.14 Deprecated in 1.14 | Retired in 1.14

View File

@ -186,3 +186,7 @@ Affects Vault 1.13.0+
@include 'known-issues/internal-error-namespace-missing-policy.mdx' @include 'known-issues/internal-error-namespace-missing-policy.mdx'
@include 'known-issues/ephemeral-loggers-memory-leak.mdx' @include 'known-issues/ephemeral-loggers-memory-leak.mdx'
@include 'known-issues/sublogger-levels-unchanged-on-reload.mdx'
@include 'known-issues/expiration-metrics-fatal-error.mdx'

View File

@ -51,6 +51,12 @@ is measuring cumulative time writing, and not the distribution of individual wri
@include 'known-issues/transit-managed-keys-sign-fails.mdx' @include 'known-issues/transit-managed-keys-sign-fails.mdx'
@include 'known-issues/ui-collapsed-navbar.mdx'
@include 'known-issues/internal-error-namespace-missing-policy.mdx' @include 'known-issues/internal-error-namespace-missing-policy.mdx'
@include 'known-issues/ephemeral-loggers-memory-leak.mdx' @include 'known-issues/ephemeral-loggers-memory-leak.mdx'
@include 'known-issues/sublogger-levels-unchanged-on-reload.mdx'
@include 'known-issues/expiration-metrics-fatal-error.mdx'

View File

@ -1,14 +1,20 @@
### Vault is storing references to ephemeral sub-loggers leading to a memory leak ### Vault is storing references to ephemeral sub-loggers leading to unbounded memory consumption
Vault is unexpectedly storing references to ephemeral sub-loggers which prevents them from being cleaned up, leading to
a memory leak. This impacts many areas of Vault, but primarily logins in Enterprise.
There is no workaround.
#### Affected versions #### Affected versions
This issue affects Vault Community and Enterprise versions: This memory consumption bug affects Vault Community and Enterprise versions:
- 1.13.7+
- 1.14.3+
- 1.15.0+
A fix will be issued in the next release - 1.13.7 - 1.13.9
- 1.14.3 - 1.14.5
- 1.15.0 - 1.15.1
This change that introduced this bug has been reverted as of 1.13.10, 1.14.6, and 1.15.2
#### Issue
Vault is unexpectedly storing references to ephemeral sub-loggers which prevents them from being cleaned up, leading to
unbound memory consumption for loggers. This came about from a change to address a previously known issue around
[sub-logger levels not being adjusted on reload](#sublogger-levels-unchanged-on-reload).
This impacts many areas of Vault, but primarily logins in Enterprise.
#### Workaround
There is no workaround.

View File

@ -0,0 +1,22 @@
### Fatal error during expiration metrics gathering causing Vault crash
#### Affected versions
This issue affects Vault Community and Enterprise versions:
- 1.13.9
- 1.14.5
- 1.15.1
A fix has been issued in Vault 1.13.10, 1.14.6, and 1.15.2.
#### Issue
A recent change to Vault to improve state change speed (e.g. becoming active or standby) introduced a concurrency issue
which can lead to a concurrent iteration and write on a map, causing a fatal error and crashing Vault. This error occurs
when gathering lease and token metrics from the expiration manager. These metrics originate from the active node in a HA
cluster, as such a standby node will take over active duties and the cluster will remain functional should the original
active node encounter this bug. The new active node will be vulnerable to the same bug, but may not encounter it immediately.
There is no workaround.

View File

@ -0,0 +1,32 @@
### Sublogger levels not adjusted on reload ((#sublogger-levels-unchanged-on-reload))
#### Affected versions
This issue affects all Vault Community and Vault Enterprise versions.
#### Issue
Vault does not honor a modified `log_level` configuration for certain subsystem
loggers on SIGHUP.
The issue is known to specifically affect `resolver.watcher` and
`replication.index.*` subloggers.
After modifying the `log_level` and issuing a reload (SIGHUP), some loggers are
updated to reflect the new configuration, while some subsystem logger levels
remain unchanged.
For example, after starting a server with `log_level: "trace"` and modifying it
to `log_level: "info"` the following lines appear after reload:
```
[TRACE] resolver.watcher: dr mode doesn't have failover support, returning
...
[DEBUG] replication.index.perf: saved checkpoint: num_dirty=5
[DEBUG] replication.index.local: saved checkpoint: num_dirty=0
[DEBUG] replication.index.periodic: starting WAL GC: from=2531280 to=2531280 last=2531536
```
#### Workaround
The workaround is to restart the Vault server.

View File

@ -0,0 +1,16 @@
### Collapsed navbar does not allow you to click inside the console or namespace picker
#### Affected versions
The UI issue affects Vault versions 1.14.0+ and 1.15.0+.
A fix is expected for Vault 1.16.0.
#### Issue
The Vauil UI currently uses a version of HDS that does not allow users to click
within collapsed elements. In particular, the dev console or namespace picker
become inaccessible when viewing the components in smaller viewports.
#### Workaround
Expand the width of the screen until you deactivate the collapsed view. Once the full navbar is displayed, click the desired components.