luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

changelog++

This commit is contained in:
Jeff Mitchell 2017-10-30 16:08:18 -04:00
parent 7486df810c
commit 6680bab684
1 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
CHANGELOG.md
View File

@ -1,25 +1,32 @@
## 0.8.4 (Unreleased)
DEPRECATIONS/CHANGES:
* aws-ec2: The client nonce generated by the backend that gets returned along
with the authentication response will be audited in plaintext. If this is
undesired, the clients can choose to supply a custom nonce to the login
endpoint. The custom nonce set by the client will from now on, not be
returned back with the authentication response, and hence not audit logged.
* AWS EC2 client nonce behavior: The client nonce generated by the backend
that gets returned along with the authentication response will be audited in
plaintext. If this is undesired, the clients can choose to supply a custom
nonce to the login endpoint. The custom nonce set by the client will from
now on, not be returned back with the authentication response, and hence not
audit logged.
* SSH CA role read changes: When reading back a role from the `ssh` backend,
the TTL/max TTL values will now be an integer number of seconds rather than
a string. This better matches the API elsewhere in Vault.
IMPROVEMENTS:
* api: Add ability to set custom headers on each call [GH-3394]
* command/server: Add config option to disable requesting client certificates
[GH-3373]
* physical/file: Use `700` as permissions when creating directories. The files
themselves were `600` and are all encrypted, but this doesn't hurt.
* secret/cassandra: Work around Cassandra ignoring consistency levels for a
user listing query [GH-3469]
* secret/pki: Allow entering URLs for `pki` as both comma-separated strings and JSON
arrays [GH-3409]
* secret/ssh: Role TTL/max TTL can now be specified as either a string or an
integer [GH-3507]
* secret/transit: Sign and verify operations now support a `none` hash
algorithm to allow signing/verifying pre-hashed data [GH-3448]
* physical/file: Use `700` as permissions when creating directories. The files
themselves were `600` and are all encrypted, but this doesn't hurt.
BUG FIXES: