luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

changelog++ 

Security updates for 1.8.0
This commit is contained in:
Meggie 2021-08-16 11:40:54 -04:00 committed by GitHub
parent 3bb1c68996
commit 868315d1bb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGELOG.md
View File

@ -61,6 +61,11 @@ FEATURES:
* **MySQL Database UI**: The UI now supports adding and editing MySQL connections in the database secret engine [[GH-11532](https://github.com/hashicorp/vault/pull/11532)]
* **Vault Diagnose**: A new `vault operator` command to detect common issues with vault server setups.
SECURITY:
* storage/raft: When initializing Vaults Integrated Storage backend, excessively broad filesystem permissions may be set for the underlying Bolt database used by Vaults Raft implementation. This vulnerability, CVE-2021-38553, was fixed in Vault 1.8.0.
* ui: The Vault UI erroneously cached and exposed user-viewed secrets between authenticated sessions in a single shared browser, if the browser window / tab was not refreshed or closed between logout and a subsequent login. This vulnerability, CVE-2021-38554, was fixed in Vault 1.8.0 and will be addressed in pending 1.7.4 / 1.6.6 releases.
IMPROVEMENTS:
* agent/template: Added static_secret_render_interval to specify how often to fetch non-leased secrets [[GH-11934](https://github.com/hashicorp/vault/pull/11934)]