From 4eacc703e40a7ccadad7f78fac525782a85d1e54 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Thu, 25 Feb 2016 14:48:43 -0500 Subject: [PATCH] changelog++ --- CHANGELOG.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9da9ae4df..ee897414f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,10 @@ DEPRECATIONS/BREAKING CHANGES: mismatch between the Vault server and clients could result in a certificate that would not be considered expired by a client being removed from the CRL. The new `pki/tidy` endpoint can be used to trigger expirations. [GH-1129] + * The `cert` backend now performs a variant of channel binding at renewal time + for increased security. In order to not overly burden clients, a notion of + identity is used. This functionality can be disabled. See the 0.5.1 upgrade + guide for more specific information [GH-1127] FEATURES: @@ -35,15 +39,15 @@ IMPROVEMENTS: * deps: Use the standardized Go 1.6 vendoring system * secret/aws: Inform users of AWS-imposed policy restrictions around STS tokens if they attempt to use an invalid policy [GH-1113] - * secret/mysql: While configuring mysql backend, avoid verification of - connection_url by disabling it using verify_connection option [GH-1096] + * secret/mysql: The MySQL backend now allows disabling verification of the + `connection_url` [GH-1096] * secret/pki: Submitted CSRs are now verified to have the correct key type and minimum number of bits according to the role. The exception is intermediate CA signing and the `sign-verbatim` path [GH-1104] * secret/pki: New `tidy` endpoint to allow expunging expired certificates. [GH-1129] - * secret/postgresql: While configuring mysql backend, avoid verification of - connection_url by disabling it using verify_connection option [GH-1096] + * secret/postgresql: The PostgreSQL backend now allows disabling verification + of the `connection_url` [GH-1096] * secret/ssh: When verifying an OTP, return 400 if it is not valid instead of 204 [GH-1086] * credential/app-id: App ID backend will check the validity of app-id and user-id