36 lines
1.4 KiB
Plaintext
36 lines
1.4 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: Upgrading to Vault 0.6.3 - Guides
|
|
description: |-
|
|
This page contains the list of deprecations and important or breaking changes
|
|
for Vault 0.6.3. Please read it carefully.
|
|
---
|
|
|
|
# Overview
|
|
|
|
This page contains the list of deprecations and important or breaking changes
|
|
for Vault 0.6.3. Please read it carefully.
|
|
|
|
## LDAP null binds disabled by default
|
|
|
|
When using the LDAP auth method, `deny_null_bind` has a default value of
|
|
`true`, preventing a successful user authentication when an empty password
|
|
is provided. If you utilize passwordless LDAP binds, `deny_null_bind` must
|
|
be set to `false`. Upgrades will keep previous behavior until the LDAP
|
|
configuration information is rewritten, at which point the new behavior
|
|
will be utilized.
|
|
|
|
## Request size limitation
|
|
|
|
A maximum request size of 32MB is imposed to prevent a denial of service attack
|
|
with arbitrarily large requests.
|
|
|
|
## Any audit device successfully activated allows active duty
|
|
|
|
Previously, when a new Vault node was taking over service in an HA cluster, all
|
|
audit devices were required to be active successfully to take over active
|
|
duty. This behavior now matches the behavior of the audit logging system
|
|
itself: at least one audit device must successfully be activated. The server
|
|
log contains an error when this occurs. This helps keep a Vault HA cluster
|
|
working when there is a misconfiguration on a standby node.
|