changelog++
This commit is contained in:
parent
6b96bd639c
commit
8fd9c9df0d
134
CHANGELOG.md
134
CHANGELOG.md
|
@ -121,6 +121,64 @@ BUG FIXES:
|
||||||
* ui: Remove default value of 30 to TtlPicker2 if no value is passed in. [[GH-17376](https://github.com/hashicorp/vault/pull/17376)]
|
* ui: Remove default value of 30 to TtlPicker2 if no value is passed in. [[GH-17376](https://github.com/hashicorp/vault/pull/17376)]
|
||||||
* ui: fix entity policies list link to policy show page [[GH-17950](https://github.com/hashicorp/vault/pull/17950)]
|
* ui: fix entity policies list link to policy show page [[GH-17950](https://github.com/hashicorp/vault/pull/17950)]
|
||||||
|
|
||||||
|
## 1.12.3
|
||||||
|
### February 6, 2023
|
||||||
|
|
||||||
|
CHANGES:
|
||||||
|
|
||||||
|
* core: Bump Go version to 1.19.4.
|
||||||
|
|
||||||
|
IMPROVEMENTS:
|
||||||
|
|
||||||
|
* audit: Include stack trace when audit logging recovers from a panic. [[GH-18121](https://github.com/hashicorp/vault/pull/18121)]
|
||||||
|
* command/server: Environment variable keys are now logged at startup. [[GH-18125](https://github.com/hashicorp/vault/pull/18125)]
|
||||||
|
* core/fips: use upstream toolchain for FIPS 140-2 compliance again; this will appear as X=boringcrypto on the Go version in Vault server logs.
|
||||||
|
* core: Add read support to `sys/loggers` and `sys/loggers/:name` endpoints [[GH-17979](https://github.com/hashicorp/vault/pull/17979)]
|
||||||
|
* plugins: Let Vault unseal and mount deprecated builtin plugins in a
|
||||||
|
deactivated state if this is not the first unseal after an upgrade. [[GH-17879](https://github.com/hashicorp/vault/pull/17879)]
|
||||||
|
* secrets/db/mysql: Add `tls_server_name` and `tls_skip_verify` parameters [[GH-18799](https://github.com/hashicorp/vault/pull/18799)]
|
||||||
|
* secrets/kv: new KVv2 mounts and KVv1 mounts without any keys will upgrade synchronously, allowing for instant use [[GH-17406](https://github.com/hashicorp/vault/pull/17406)]
|
||||||
|
* storage/raft: add additional raft metrics relating to applied index and heartbeating; also ensure OSS standbys emit periodic metrics. [[GH-12166](https://github.com/hashicorp/vault/pull/12166)]
|
||||||
|
* ui: Added JWT authentication warning message about blocked pop-up windows and web browser settings. [[GH-18787](https://github.com/hashicorp/vault/pull/18787)]
|
||||||
|
* ui: Prepends "passcode=" if not provided in user input for duo totp mfa method authentication [[GH-18342](https://github.com/hashicorp/vault/pull/18342)]
|
||||||
|
* ui: Update language on database role to "Connection name" [[GH-18261](https://github.com/hashicorp/vault/issues/18261)] [[GH-18350](https://github.com/hashicorp/vault/pull/18350)]
|
||||||
|
|
||||||
|
BUG FIXES:
|
||||||
|
|
||||||
|
* auth/approle: Fix `token_bound_cidrs` validation when using /32 blocks for role and secret ID [[GH-18145](https://github.com/hashicorp/vault/pull/18145)]
|
||||||
|
* auth/cert: Address a race condition accessing the loaded crls without a lock [[GH-18945](https://github.com/hashicorp/vault/pull/18945)]
|
||||||
|
* auth/kubernetes: Ensure a consistent TLS configuration for all k8s API requests [[#173](https://github.com/hashicorp/vault-plugin-auth-kubernetes/pull/173)] [[GH-18716](https://github.com/hashicorp/vault/pull/18716)]
|
||||||
|
* cli/kv: skip formatting of nil secrets for patch and put with field parameter set [[GH-18163](https://github.com/hashicorp/vault/pull/18163)]
|
||||||
|
* command/namespace: Fix vault cli namespace patch examples in help text. [[GH-18143](https://github.com/hashicorp/vault/pull/18143)]
|
||||||
|
* core (enterprise): Fix a race condition resulting in login errors to PKCS#11 modules under high concurrency.
|
||||||
|
* core/managed-keys (enterprise): Limit verification checks to mounts in a key's namespace
|
||||||
|
* core/quotas (enterprise): Fix a potential deadlock that could occur when using lease count quotas.
|
||||||
|
* core/quotas: Fix issue with improper application of default rate limit quota exempt paths [[GH-18273](https://github.com/hashicorp/vault/pull/18273)]
|
||||||
|
* core/seal: Fix regression handling of the key_id parameter in seal configuration HCL. [[GH-17612](https://github.com/hashicorp/vault/pull/17612)]
|
||||||
|
* core: fix bug where context cancellations weren't forwarded to active node from performance standbys.
|
||||||
|
* core: prevent panic in login mfa enforcement delete after enforcement's namespace is deleted [[GH-18923](https://github.com/hashicorp/vault/pull/18923)]
|
||||||
|
* database/mongodb: Fix writeConcern set to be applied to any query made on the database [[GH-18546](https://github.com/hashicorp/vault/pull/18546)]
|
||||||
|
* expiration: Prevent panics on perf standbys when an irrevocable release gets deleted. [[GH-18401](https://github.com/hashicorp/vault/pull/18401)]
|
||||||
|
* kmip (enterprise): Fix Destroy operation response that omitted Unique Identifier on some batched responses.
|
||||||
|
* kmip (enterprise): Fix Locate operation response incompatibility with clients using KMIP versions prior to 1.3.
|
||||||
|
* kmip (enterprise): Fix Query operation response that omitted streaming capability and supported profiles.
|
||||||
|
* licensing (enterprise): update autoloaded license cache after reload
|
||||||
|
* plugins: Allow running external plugins which override deprecated builtins. [[GH-17879](https://github.com/hashicorp/vault/pull/17879)]
|
||||||
|
* plugins: Listing all plugins while audit logging is enabled will no longer result in an internal server error. [[GH-18173](https://github.com/hashicorp/vault/pull/18173)]
|
||||||
|
* plugins: Skip loading but still mount data associated with missing plugins on unseal. [[GH-18189](https://github.com/hashicorp/vault/pull/18189)]
|
||||||
|
* sdk: Don't panic if system view or storage methods called during plugin setup. [[GH-18210](https://github.com/hashicorp/vault/pull/18210)]
|
||||||
|
* secrets/pki: Address nil panic when an empty POST request is sent to the OCSP handler [[GH-18184](https://github.com/hashicorp/vault/pull/18184)]
|
||||||
|
* secrets/pki: Allow patching issuer to set an empty issuer name. [[GH-18466](https://github.com/hashicorp/vault/pull/18466)]
|
||||||
|
* secrets/pki: OCSP GET request parameter was not being URL unescaped before processing. [[GH-18938](https://github.com/hashicorp/vault/pull/18938)]
|
||||||
|
* secrets/pki: fix race between tidy's cert counting and tidy status reporting. [[GH-18899](https://github.com/hashicorp/vault/pull/18899)]
|
||||||
|
* secrets/transit: Do not warn about unrecognized parameter 'batch_input' [[GH-18299](https://github.com/hashicorp/vault/pull/18299)]
|
||||||
|
* secrets/transit: Honor `partial_success_response_code` on decryption failures. [[GH-18310](https://github.com/hashicorp/vault/pull/18310)]
|
||||||
|
* storage/raft (enterprise): An already joined node can rejoin by wiping storage
|
||||||
|
and re-issueing a join request, but in doing so could transiently become a
|
||||||
|
non-voter. In some scenarios this resulted in loss of quorum. [[GH-18263](https://github.com/hashicorp/vault/pull/18263)]
|
||||||
|
* storage/raft: Don't panic on unknown raft ops [[GH-17732](https://github.com/hashicorp/vault/pull/17732)]
|
||||||
|
* ui: cleanup unsaved auth method ember data record when navigating away from mount backend form [[GH-18651](https://github.com/hashicorp/vault/pull/18651)]
|
||||||
|
* ui: fixes query parameters not passed in api explorer test requests [[GH-18743](https://github.com/hashicorp/vault/pull/18743)]
|
||||||
## 1.12.2
|
## 1.12.2
|
||||||
### November 30, 2022
|
### November 30, 2022
|
||||||
|
|
||||||
|
@ -222,7 +280,7 @@ FEATURES:
|
||||||
|
|
||||||
IMPROVEMENTS:
|
IMPROVEMENTS:
|
||||||
|
|
||||||
* :core/managed-keys (enterprise): Allow operators to specify PSS signatures and/or hash algorithm for the test/sign api
|
* core/managed-keys (enterprise): Allow operators to specify PSS signatures and/or hash algorithm for the test/sign api
|
||||||
* activity (enterprise): Added new clients unit tests to test accuracy of estimates
|
* activity (enterprise): Added new clients unit tests to test accuracy of estimates
|
||||||
* agent/auto-auth: Add `exit_on_err` which when set to true, will cause Agent to exit if any errors are encountered during authentication. [[GH-17091](https://github.com/hashicorp/vault/pull/17091)]
|
* agent/auto-auth: Add `exit_on_err` which when set to true, will cause Agent to exit if any errors are encountered during authentication. [[GH-17091](https://github.com/hashicorp/vault/pull/17091)]
|
||||||
* agent: Added `disable_idle_connections` configuration to disable leaving idle connections open in auto-auth, caching and templating. [[GH-15986](https://github.com/hashicorp/vault/pull/15986)]
|
* agent: Added `disable_idle_connections` configuration to disable leaving idle connections open in auto-auth, caching and templating. [[GH-15986](https://github.com/hashicorp/vault/pull/15986)]
|
||||||
|
@ -403,6 +461,46 @@ BUG FIXES:
|
||||||
* ui: OIDC login type uses localStorage instead of sessionStorage [[GH-16170](https://github.com/hashicorp/vault/pull/16170)]
|
* ui: OIDC login type uses localStorage instead of sessionStorage [[GH-16170](https://github.com/hashicorp/vault/pull/16170)]
|
||||||
* vault: Fix a bug where duplicate policies could be added to an identity group. [[GH-15638](https://github.com/hashicorp/vault/pull/15638)]
|
* vault: Fix a bug where duplicate policies could be added to an identity group. [[GH-15638](https://github.com/hashicorp/vault/pull/15638)]
|
||||||
|
|
||||||
|
## 1.11.7
|
||||||
|
### February 6, 2023
|
||||||
|
|
||||||
|
CHANGES:
|
||||||
|
|
||||||
|
* core: Bump Go version to 1.19.4.
|
||||||
|
|
||||||
|
IMPROVEMENTS:
|
||||||
|
|
||||||
|
* command/server: Environment variable keys are now logged at startup. [[GH-18125](https://github.com/hashicorp/vault/pull/18125)]
|
||||||
|
* core/fips: use upstream toolchain for FIPS 140-2 compliance again; this will appear as X=boringcrypto on the Go version in Vault server logs.
|
||||||
|
* secrets/db/mysql: Add `tls_server_name` and `tls_skip_verify` parameters [[GH-18799](https://github.com/hashicorp/vault/pull/18799)]
|
||||||
|
* ui: Prepends "passcode=" if not provided in user input for duo totp mfa method authentication [[GH-18342](https://github.com/hashicorp/vault/pull/18342)]
|
||||||
|
* ui: Update language on database role to "Connection name" [[GH-18261](https://github.com/hashicorp/vault/issues/18261)] [[GH-18350](https://github.com/hashicorp/vault/pull/18350)]
|
||||||
|
|
||||||
|
BUG FIXES:
|
||||||
|
|
||||||
|
* auth/approle: Fix `token_bound_cidrs` validation when using /32 blocks for role and secret ID [[GH-18145](https://github.com/hashicorp/vault/pull/18145)]
|
||||||
|
* cli/kv: skip formatting of nil secrets for patch and put with field parameter set [[GH-18163](https://github.com/hashicorp/vault/pull/18163)]
|
||||||
|
* core (enterprise): Fix a race condition resulting in login errors to PKCS#11 modules under high concurrency.
|
||||||
|
* core/managed-keys (enterprise): Limit verification checks to mounts in a key's namespace
|
||||||
|
* core/quotas (enterprise): Fix a potential deadlock that could occur when using lease count quotas.
|
||||||
|
* core/quotas: Fix issue with improper application of default rate limit quota exempt paths [[GH-18273](https://github.com/hashicorp/vault/pull/18273)]
|
||||||
|
* core: fix bug where context cancellations weren't forwarded to active node from performance standbys.
|
||||||
|
* core: prevent panic in login mfa enforcement delete after enforcement's namespace is deleted [[GH-18923](https://github.com/hashicorp/vault/pull/18923)]
|
||||||
|
* database/mongodb: Fix writeConcern set to be applied to any query made on the database [[GH-18546](https://github.com/hashicorp/vault/pull/18546)]
|
||||||
|
* identity (enterprise): Fix a data race when creating an entity for a local alias.
|
||||||
|
* kmip (enterprise): Fix Destroy operation response that omitted Unique Identifier on some batched responses.
|
||||||
|
* kmip (enterprise): Fix Locate operation response incompatibility with clients using KMIP versions prior to 1.3.
|
||||||
|
* kmip (enterprise): Fix Query operation response that omitted streaming capability and supported profiles.
|
||||||
|
* licensing (enterprise): update autoloaded license cache after reload
|
||||||
|
* secrets/pki: Allow patching issuer to set an empty issuer name. [[GH-18466](https://github.com/hashicorp/vault/pull/18466)]
|
||||||
|
* secrets/transit: Do not warn about unrecognized parameter 'batch_input' [[GH-18299](https://github.com/hashicorp/vault/pull/18299)]
|
||||||
|
* storage/raft (enterprise): An already joined node can rejoin by wiping storage
|
||||||
|
and re-issueing a join request, but in doing so could transiently become a
|
||||||
|
non-voter. In some scenarios this resulted in loss of quorum. [[GH-18263](https://github.com/hashicorp/vault/pull/18263)]
|
||||||
|
* storage/raft (enterprise): Fix some storage-modifying RPCs used by perf standbys that weren't returning the resulting WAL state.
|
||||||
|
* storage/raft: Don't panic on unknown raft ops [[GH-17732](https://github.com/hashicorp/vault/pull/17732)]
|
||||||
|
* ui: fixes query parameters not passed in api explorer test requests [[GH-18743](https://github.com/hashicorp/vault/pull/18743)]
|
||||||
|
|
||||||
## 1.11.6
|
## 1.11.6
|
||||||
### November 30, 2022
|
### November 30, 2022
|
||||||
|
|
||||||
|
@ -780,6 +878,40 @@ rebuilt upon changes to the list of issuers. [[GH-15179](https://github.com/hash
|
||||||
* ui: fix search-select component showing blank selections when editing group member entity [[GH-15058](https://github.com/hashicorp/vault/pull/15058)]
|
* ui: fix search-select component showing blank selections when editing group member entity [[GH-15058](https://github.com/hashicorp/vault/pull/15058)]
|
||||||
* ui: masked values no longer give away length or location of special characters [[GH-15025](https://github.com/hashicorp/vault/pull/15025)]
|
* ui: masked values no longer give away length or location of special characters [[GH-15025](https://github.com/hashicorp/vault/pull/15025)]
|
||||||
|
|
||||||
|
## 1.10.10
|
||||||
|
### February 6, 2023
|
||||||
|
|
||||||
|
CHANGES:
|
||||||
|
|
||||||
|
* core: Bump Go version to 1.19.4.
|
||||||
|
|
||||||
|
IMPROVEMENTS:
|
||||||
|
|
||||||
|
* command/server: Environment variable keys are now logged at startup. [[GH-18125](https://github.com/hashicorp/vault/pull/18125)]
|
||||||
|
* core/fips: use upstream toolchain for FIPS 140-2 compliance again; this will appear as X=boringcrypto on the Go version in Vault server logs.
|
||||||
|
* secrets/db/mysql: Add `tls_server_name` and `tls_skip_verify` parameters [[GH-18799](https://github.com/hashicorp/vault/pull/18799)]
|
||||||
|
* ui: Prepends "passcode=" if not provided in user input for duo totp mfa method authentication [[GH-18342](https://github.com/hashicorp/vault/pull/18342)]
|
||||||
|
* ui: Update language on database role to "Connection name" [[GH-18261](https://github.com/hashicorp/vault/issues/18261)] [[GH-18350](https://github.com/hashicorp/vault/pull/18350)]
|
||||||
|
|
||||||
|
BUG FIXES:
|
||||||
|
|
||||||
|
* auth/approle: Fix `token_bound_cidrs` validation when using /32 blocks for role and secret ID [[GH-18145](https://github.com/hashicorp/vault/pull/18145)]
|
||||||
|
* auth/token: Fix ignored parameter warnings for valid parameters on token create [[GH-16938](https://github.com/hashicorp/vault/pull/16938)]
|
||||||
|
* cli/kv: skip formatting of nil secrets for patch and put with field parameter set [[GH-18163](https://github.com/hashicorp/vault/pull/18163)]
|
||||||
|
* core (enterprise): Fix a race condition resulting in login errors to PKCS#11 modules under high concurrency.
|
||||||
|
* core/managed-keys (enterprise): Limit verification checks to mounts in a key's namespace
|
||||||
|
* core/quotas (enterprise): Fix a potential deadlock that could occur when using lease count quotas.
|
||||||
|
* core/quotas: Fix issue with improper application of default rate limit quota exempt paths [[GH-18273](https://github.com/hashicorp/vault/pull/18273)]
|
||||||
|
* core: fix bug where context cancellations weren't forwarded to active node from performance standbys.
|
||||||
|
* core: prevent panic in login mfa enforcement delete after enforcement's namespace is deleted [[GH-18923](https://github.com/hashicorp/vault/pull/18923)]
|
||||||
|
* database/mongodb: Fix writeConcern set to be applied to any query made on the database [[GH-18546](https://github.com/hashicorp/vault/pull/18546)]
|
||||||
|
* identity (enterprise): Fix a data race when creating an entity for a local alias.
|
||||||
|
* kmip (enterprise): Fix Destroy operation response that omitted Unique Identifier on some batched responses.
|
||||||
|
* kmip (enterprise): Fix Locate operation response incompatibility with clients using KMIP versions prior to 1.3.
|
||||||
|
* licensing (enterprise): update autoloaded license cache after reload
|
||||||
|
* storage/raft (enterprise): Fix some storage-modifying RPCs used by perf standbys that weren't returning the resulting WAL state.
|
||||||
|
* ui: fixes query parameters not passed in api explorer test requests [[GH-18743](https://github.com/hashicorp/vault/pull/18743)]
|
||||||
|
|
||||||
## 1.10.9
|
## 1.10.9
|
||||||
### November 30, 2022
|
### November 30, 2022
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue