changelog++

This commit is contained in:
Brian Kassouf 2020-01-22 10:57:37 -08:00 committed by GitHub
parent b473086af2
commit a9aaba8adb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -18,7 +18,13 @@ BUG FIXES:
* ui: Update headless Chrome flag to fix `yarn run test:oss` [GH-8035] * ui: Update headless Chrome flag to fix `yarn run test:oss` [GH-8035]
## 1.3.2 (Unreleased) ## 1.3.2 (January 22nd, 2020)
SECURITY:
* When deleting a namespace on Vault Enterprise, in certain circumstances, the deletion
process will fail to revoke dynamic secrets for a mount in that namespace. This will
leave any dynamic secrets in remote systems alive and will fail to clean them up. This
vulnerability, CVE-2020-7220, affects Vault Enterprise 0.11.0 and newer.
IMPROVEMENTS: IMPROVEMENTS:
* auth/aws: Add aws metadata to identity alias [GH-7975] * auth/aws: Add aws metadata to identity alias [GH-7975]