open-vault/website/content/docs/upgrading/upgrade-to-1.1.0.mdx

47 lines
2.1 KiB
Plaintext

---
layout: docs
page_title: Upgrading to Vault 1.1.0 - Guides
description: |-
This page contains the list of deprecations and important or breaking changes
for Vault 1.1.0. Please read it carefully.
---
# Overview
This page contains the list of deprecations and important or breaking changes
for Vault 1.0.3 compared to 1.1.0. Please read it carefully.
## JWT backend changes
Specifying the group claims parameter has changed to use a standards based lookup. The groups_claim_delimiter_pattern
has been removed and if the groups claim is not at the top level, it can now be specified as a JSONPointer.
Additionally, roles now have a "role type" parameter with a default type of "oidc". To configure new JWT roles, a role
type of "jwt" must be explicitly specified.
## Deprecated CLI commands removed
CLI commands deprecated in 0.9.2 are now removed. Please see the CLI help output for updated commands.
## Additional changes
- Vault no longer automatically mounts a k/v backend at the "secret/" path when initializing Vault.
- Vault's cluster port will now be opened on HA standby nodes.
- Vault no longer supports running netRPC plugins. These were deprecated in favor of gRPC based plugins and any plugin built since 0.9.4 defaults to gRPC. Older plugins may need to be recompiled against the latest Vault dependencies.
## Known issues
-> **NOTE:** This is a known issue applicable to _Vault Enterprise_.
During upgrades to 1.1.0, 1.1.1 or 1.1.2, Vault replication secondaries may
require an automatically-triggered reindex, either if upgrading from a pre-0.8
version of Vault or if a previously-issued reindex operation has failed in the
past. In these reindex scenarios, the secondary cluster will perform a complete
WAL replay, which can take a long time and is a partially blocking operation.
This is fixed in [Vault
1.1.3](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md#113-june-5th-2019),
and we recommend upgrading to Vault 1.1.3+ rather than any prior 1.1.x version.
We also strongly recommend upgrading your Vault cluster to 1.1.3 if you are
running Vault Enterprise 1.1.0, 1.1.1 or 1.1.2.