changelog++
This commit is contained in:
Meggie
GitHub
parent
2adef1f878
commit
3d6be40073
170
CHANGELOG.md
170
CHANGELOG.md
|
|
@ -1,5 +1,127 @@
|
|||
## 1.8.0 (Unreleased)
|
||||
|
||||
CHANGES:
|
||||
|
||||
* agent: Update to use IAM Service Account Credentials endpoint for signing JWTs
|
||||
when using GCP Auto-Auth method [[GH-11473](https://github.com/hashicorp/vault/pull/11473)]
|
||||
|
||||
FEATURES:
|
||||
|
||||
* **MySQL Database UI**: The UI now supports adding and editing MySQL connections in the database secret engine [[GH-11532 | MySQL Database UI](https://github.com/hashicorp/vault/pull/11532 | MySQL Database UI)]
|
||||
* cli/api: Add lease lookup command [[GH-11129](https://github.com/hashicorp/vault/pull/11129)]
|
||||
* ssh: add support for templated values in SSH CA DefaultExtensions [[GH-11495](https://github.com/hashicorp/vault/pull/11495)]
|
||||
* ui: Add database secret engine support for MSSQL [[GH-11231](https://github.com/hashicorp/vault/pull/11231)]
|
||||
|
||||
IMPROVEMENTS:
|
||||
|
||||
* auth/aws: Underlying error included in validation failure message. [[GH-11638](https://github.com/hashicorp/vault/pull/11638)]
|
||||
* core: Add a small (<1s) exponential backoff to failed TCP listener Accept failures. [[GH-11588](https://github.com/hashicorp/vault/pull/11588)]
|
||||
* core: Add metrics for standby node forwarding. [[GH-11366](https://github.com/hashicorp/vault/pull/11366)]
|
||||
* core: Add metrics to report if a node is a perf standby, if a node is a dr
|
||||
secondary or primary, and if a node is a perf secondary or primary. Also allow
|
||||
DR secondaries to serve metrics requests when using unauthenticated_metrics_access. [[GH-1844](https://github.com/hashicorp/vault/pull/1844)]
|
||||
* core: Send notifications to systemd on start, stop, and configuration reload. [[GH-11517](https://github.com/hashicorp/vault/pull/11517)]
|
||||
* core: allow arbitrary length stack traces upon receiving SIGUSR2 (was 32MB) [[GH-11364](https://github.com/hashicorp/vault/pull/11364)]
|
||||
* replication (enterprise): The log shipper is now memory
|
||||
as well as length bound, and length and size can be
|
||||
separately configured.
|
||||
* secrets/aws: add ability to provide a role session name when generating STS credentials [[GH-11345](https://github.com/hashicorp/vault/pull/11345)]
|
||||
* secrets/database/mongodb: Add ability to customize `SocketTimeout`, `ConnectTimeout`, and `ServerSelectionTimeout` [[GH-11600](https://github.com/hashicorp/vault/pull/11600)]
|
||||
* secrets/database/mongodb: Increased throughput by allowing for multiple request threads to simultaneously update users in MongoDB [[GH-11600](https://github.com/hashicorp/vault/pull/11600)]
|
||||
* storage/raft: Support autopilot for HA only raft storage. [[GH-11260](https://github.com/hashicorp/vault/pull/11260)]
|
||||
* ui: Add push notification message when selecting okta auth. [[GH-11442](https://github.com/hashicorp/vault/pull/11442)]
|
||||
* ui: Add regex validation to Transform Template pattern input [[GH-11586](https://github.com/hashicorp/vault/pull/11586)]
|
||||
* ui: Obscure secret values on input and displayOnly fields like certificates. [[GH-11284](https://github.com/hashicorp/vault/pull/11284)]
|
||||
* ui: Redesign of KV 2 Delete toolbar. [[GH-11530](https://github.com/hashicorp/vault/pull/11530)]
|
||||
* ui: Update ember to latest LTS and upgrade UI dependencies [[GH-11447](https://github.com/hashicorp/vault/pull/11447)]
|
||||
* ui: Updated ivy code mirror component for consistency [[GH-11500](https://github.com/hashicorp/vault/pull/11500)]
|
||||
* ui: Updated search select component styling [[GH-11360](https://github.com/hashicorp/vault/pull/11360)]
|
||||
|
||||
BUG FIXES:
|
||||
|
||||
* agent/cert: Fix issue where the API client on agent was not honoring certificate
|
||||
information from the auto-auth config map on renewals or retries. [[GH-11576](https://github.com/hashicorp/vault/pull/11576)]
|
||||
* agent: Fixed agent templating to use configured tls servername values [[GH-11288](https://github.com/hashicorp/vault/pull/11288)]
|
||||
* core (enterprise): Fix orphan return value from auth methods executed on performance standby nodes.
|
||||
* core (enterprise): Fix plugins mounted in namespaces being unable to use password policies [[GH-11596](https://github.com/hashicorp/vault/pull/11596)]
|
||||
* core: Fix cleanup of storage entries from cubbyholes within namespaces. [[GH-11408](https://github.com/hashicorp/vault/pull/11408)]
|
||||
* core: Fix edge cases in the configuration endpoint for barrier key autorotation. [[GH-11541](https://github.com/hashicorp/vault/pull/11541)]
|
||||
* core: Fix goroutine leak when updating rate limit quota [[GH-11371](https://github.com/hashicorp/vault/pull/11371)]
|
||||
* core: Fix race that allowed remounting on path used by another mount [[GH-11453](https://github.com/hashicorp/vault/pull/11453)]
|
||||
* core: Fix storage entry leak when revoking leases created with non-orphan batch tokens. [[GH-11377](https://github.com/hashicorp/vault/pull/11377)]
|
||||
* core: correct logic for renewal of leases nearing their expiration time. [[GH-11650](https://github.com/hashicorp/vault/pull/11650)]
|
||||
* identity: Use correct mount accessor when refreshing external group memberships. [[GH-11506](https://github.com/hashicorp/vault/pull/11506)]
|
||||
* pki: Only remove revoked entry for certificates during tidy if they are past their NotAfter value [[GH-11367](https://github.com/hashicorp/vault/pull/11367)]
|
||||
* replication: Fix panic trying to update walState during identity group invalidation. [[GH-1865](https://github.com/hashicorp/vault/pull/1865)]
|
||||
* replication: Fix: mounts created within a namespace that was part of an Allow
|
||||
filtering rule would not appear on performance secondary if created after rule
|
||||
was defined. [[GH-1807](https://github.com/hashicorp/vault/pull/1807)]
|
||||
* secret/pki: use case insensitive domain name comparison as per RFC1035 section 2.3.3
|
||||
* secrets/database/cassandra: Fixed issue where hostnames were not being validated when using TLS [[GH-11365](https://github.com/hashicorp/vault/pull/11365)]
|
||||
* secrets/database/cassandra: Updated default statement for password rotation to allow for special characters. This applies to root and static credentials. [[GH-11262](https://github.com/hashicorp/vault/pull/11262)]
|
||||
* secrets/database: Fix marshalling to allow providing numeric arguments to external database plugins. [[GH-11451](https://github.com/hashicorp/vault/pull/11451)]
|
||||
* secrets/database: Fixed minor race condition when rotate-root is called [[GH-11600](https://github.com/hashicorp/vault/pull/11600)]
|
||||
* secrets/database: Fixes issue for V4 database interface where `SetCredentials` wasn't falling back to using `RotateRootCredentials` if `SetCredentials` is `Unimplemented` [[GH-11585](https://github.com/hashicorp/vault/pull/11585)]
|
||||
* storage/dynamodb: Handle throttled batch write requests by retrying, without which writes could be lost. [[GH-10181](https://github.com/hashicorp/vault/pull/10181)]
|
||||
* storage/raft: Support cluster address change for nodes in a cluster managed by autopilot [[GH-11247](https://github.com/hashicorp/vault/pull/11247)]
|
||||
* storage/raft: leader_tls_servername wasn't used unless leader_ca_cert_file and/or mTLS were configured. [[GH-11252](https://github.com/hashicorp/vault/pull/11252)]
|
||||
* tokenutil: Perform the num uses check before token type. [[GH-11647](https://github.com/hashicorp/vault/pull/11647)]
|
||||
* transform (enterprise): Fix an issue with malformed transform configuration
|
||||
storage when upgrading from 1.5 to 1.6. See Upgrade Notes for 1.6.x.
|
||||
* ui: Add root rotation statements support to appropriate database secret engine plugins [[GH-11404](https://github.com/hashicorp/vault/pull/11404)]
|
||||
* ui: Fix bug where the UI does not recognize version 2 KV until refresh, and fix [object Object] error message [[GH-11258](https://github.com/hashicorp/vault/pull/11258)]
|
||||
* ui: Fix entity group membership and metadata not showing [[GH-11641](https://github.com/hashicorp/vault/pull/11641)]
|
||||
* ui: Fix error message caused by control group [[GH-11143](https://github.com/hashicorp/vault/pull/11143)]
|
||||
* ui: Fix footer URL linking to the correct version changelog. [[GH-11283](https://github.com/hashicorp/vault/pull/11283)]
|
||||
* ui: Fix namespace-bug on login [[GH-11182](https://github.com/hashicorp/vault/pull/11182)]
|
||||
* ui: Fix status menu no showing on login [[GH-11213](https://github.com/hashicorp/vault/pull/11213)]
|
||||
* ui: Fix text link URL on database roles list [[GH-11597](https://github.com/hashicorp/vault/pull/11597)]
|
||||
* ui: Fixed and updated lease renewal picker [[GH-11256](https://github.com/hashicorp/vault/pull/11256)]
|
||||
* ui: fix issue where select-one option was not showing in secrets database role creation [[GH-11294](https://github.com/hashicorp/vault/pull/11294)]
|
||||
|
||||
## 1.7.2
|
||||
### May 20th, 2021
|
||||
|
||||
SECURITY:
|
||||
|
||||
* Non-Expiring Leases: Vault and Vault Enterprise renewed nearly-expiring token
|
||||
leases and dynamic secret leases with a zero-second TTL, causing them to be
|
||||
treated as non-expiring, and never revoked. This issue affects Vault and Vault
|
||||
Enterprise versions 0.10.0 through 1.7.1, and is fixed in 1.5.9, 1.6.5, and
|
||||
1.7.2 (CVE-2021-32923).
|
||||
|
||||
CHANGES:
|
||||
|
||||
* agent: Update to use IAM Service Account Credentials endpoint for signing JWTs
|
||||
when using GCP Auto-Auth method [[GH-11473](https://github.com/hashicorp/vault/pull/11473)]
|
||||
* auth/gcp: Update to v0.9.1 to use IAM Service Account Credentials API for
|
||||
signing JWTs [[GH-11494](https://github.com/hashicorp/vault/pull/11494)]
|
||||
|
||||
IMPROVEMENTS:
|
||||
|
||||
* api, agent: LifetimeWatcher now does more retries when renewal failures occur. This also impacts Agent auto-auth and leases managed via Agent caching. [[GH-11445](https://github.com/hashicorp/vault/pull/11445)]
|
||||
* auth/aws: Underlying error included in validation failure message. [[GH-11638](https://github.com/hashicorp/vault/pull/11638)]
|
||||
* secrets/aws: add ability to provide a role session name when generating STS credentials [[GH-11345](https://github.com/hashicorp/vault/pull/11345)]
|
||||
* secrets/database/mongodb: Add ability to customize `SocketTimeout`, `ConnectTimeout`, and `ServerSelectionTimeout` [[GH-11600](https://github.com/hashicorp/vault/pull/11600)]
|
||||
* secrets/database/mongodb: Increased throughput by allowing for multiple request threads to simultaneously update users in MongoDB [[GH-11600](https://github.com/hashicorp/vault/pull/11600)]
|
||||
|
||||
BUG FIXES:
|
||||
|
||||
* agent/cert: Fix issue where the API client on agent was not honoring certificate
|
||||
information from the auto-auth config map on renewals or retries. [[GH-11576](https://github.com/hashicorp/vault/pull/11576)]
|
||||
* agent: Fixed agent templating to use configured tls servername values [[GH-11288](https://github.com/hashicorp/vault/pull/11288)]
|
||||
* core (enterprise): Fix plugins mounted in namespaces being unable to use password policies [[GH-11596](https://github.com/hashicorp/vault/pull/11596)]
|
||||
* core: correct logic for renewal of leases nearing their expiration time. [[GH-11650](https://github.com/hashicorp/vault/pull/11650)]
|
||||
* identity: Use correct mount accessor when refreshing external group memberships. [[GH-11506](https://github.com/hashicorp/vault/pull/11506)]
|
||||
* replication: Fix panic trying to update walState during identity group invalidation. [[GH-1865](https://github.com/hashicorp/vault/pull/1865)]
|
||||
* secrets/database: Fix marshalling to allow providing numeric arguments to external database plugins. [[GH-11451](https://github.com/hashicorp/vault/pull/11451)]
|
||||
* secrets/database: Fixed minor race condition when rotate-root is called [[GH-11600](https://github.com/hashicorp/vault/pull/11600)]
|
||||
* secrets/database: Fixes issue for V4 database interface where `SetCredentials` wasn't falling back to using `RotateRootCredentials` if `SetCredentials` is `Unimplemented` [[GH-11585](https://github.com/hashicorp/vault/pull/11585)]
|
||||
* secrets/keymgmt (enterprise): Fixes audit logging for the read key response.
|
||||
* storage/raft: Support cluster address change for nodes in a cluster managed by autopilot [[GH-11247](https://github.com/hashicorp/vault/pull/11247)]
|
||||
* ui: Fix entity group membership and metadata not showing [[GH-11641](https://github.com/hashicorp/vault/pull/11641)]
|
||||
* ui: Fix text link URL on database roles list [[GH-11597](https://github.com/hashicorp/vault/pull/11597)]
|
||||
|
||||
## 1.7.1
|
||||
### 21 April 2021
|
||||
|
||||
|
|
@ -184,6 +306,32 @@ the given key will be used to encrypt the snapshot using AWS KMS.
|
|||
DEPRECATIONS:
|
||||
* aws/auth: AWS Auth endpoints that use the "whitelist" and "blacklist" terms have been deprecated.
|
||||
Refer to the CHANGES section for additional details.
|
||||
|
||||
## 1.6.5
|
||||
### May 20th, 2021
|
||||
|
||||
SECURITY:
|
||||
|
||||
* Non-Expiring Leases: Vault and Vault Enterprise renewed nearly-expiring token
|
||||
leases and dynamic secret leases with a zero-second TTL, causing them to be
|
||||
treated as non-expiring, and never revoked. This issue affects Vault and Vault
|
||||
Enterprise versions 0.10.0 through 1.7.1, and is fixed in 1.5.9, 1.6.5, and
|
||||
1.7.2 (CVE-2021-32923).
|
||||
|
||||
CHANGES:
|
||||
|
||||
* agent: Update to use IAM Service Account Credentials endpoint for signing JWTs
|
||||
when using GCP Auto-Auth method [[GH-11473](https://github.com/hashicorp/vault/pull/11473)]
|
||||
* auth/gcp: Update to v0.8.1 to use IAM Service Account Credentials API for
|
||||
signing JWTs [[GH-11498](https://github.com/hashicorp/vault/pull/11498)]
|
||||
|
||||
BUG FIXES:
|
||||
|
||||
* core (enterprise): Fix plugins mounted in namespaces being unable to use password policies [[GH-11596](https://github.com/hashicorp/vault/pull/11596)]
|
||||
* core: correct logic for renewal of leases nearing their expiration time. [[GH-11650](https://github.com/hashicorp/vault/pull/11650)]
|
||||
* secrets/database: Fix marshalling to allow providing numeric arguments to external database plugins. [[GH-11451](https://github.com/hashicorp/vault/pull/11451)]
|
||||
* secrets/database: Fixes issue for V4 database interface where `SetCredentials` wasn't falling back to using `RotateRootCredentials` if `SetCredentials` is `Unimplemented` [[GH-11585](https://github.com/hashicorp/vault/pull/11585)]
|
||||
* ui: Fix namespace-bug on login [[GH-11182](https://github.com/hashicorp/vault/pull/11182)]
|
||||
|
||||
## 1.6.4
|
||||
### 21 April 2021
|
||||
|
|
@ -415,6 +563,28 @@ BUG FIXES:
|
|||
* ui: Update language on replication primary dashboard for clarity [[GH-10205](https://github.com/hashicorp/vault/pull/10217)]
|
||||
* core: Fix bug where updating an existing path quota could introduce a conflict. [[GH-10285](https://github.com/hashicorp/vault/pull/10285)]
|
||||
|
||||
## 1.5.9
|
||||
### May 20th, 2021
|
||||
|
||||
SECURITY:
|
||||
|
||||
* Non-Expiring Leases: Vault and Vault Enterprise renewed nearly-expiring token
|
||||
leases and dynamic secret leases with a zero-second TTL, causing them to be
|
||||
treated as non-expiring, and never revoked. This issue affects Vault and Vault
|
||||
Enterprise versions 0.10.0 through 1.7.1, and is fixed in 1.5.9, 1.6.5, and
|
||||
1.7.2 (CVE-2021-32923).
|
||||
|
||||
CHANGES:
|
||||
|
||||
* agent: Update to use IAM Service Account Credentials endpoint for signing JWTs
|
||||
when using GCP Auto-Auth method [[GH-11473](https://github.com/hashicorp/vault/pull/11473)]
|
||||
* auth/gcp: Update to v0.7.2 to use IAM Service Account Credentials API for
|
||||
signing JWTs [[GH-11499](https://github.com/hashicorp/vault/pull/11499)]
|
||||
|
||||
BUG FIXES:
|
||||
|
||||
* core: correct logic for renewal of leases nearing their expiration time. [[GH-11650](https://github.com/hashicorp/vault/pull/11650)]
|
||||
|
||||
## 1.5.8
|
||||
### 21 April 2021
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue