open-vault/changelog
Alexander Scheel ffa4825693
PKI - Fix order of chain building writes (#17772)
* Ensure correct write ordering in rebuildIssuersChains

When troubleshooting a recent migration failure from 1.10->1.11, it was
noted that some PKI mounts had bad chain construction despite having
valid, chaining issuers. Due to the cluster's leadership trashing
between nodes, the migration logic was re-executed several times,
partially succeeding each time. While the legacy CA bundle migration
logic was written with this in mind, one shortcoming in the chain
building code lead us to truncate the ca_chain: by sorting the list of
issuers after including non-written issuers (with random IDs), these
issuers would occasionally be persisted prior to storage _prior_ to
existing CAs with modified chains.

The migration code carefully imported the active issuer prior to its
parents. However, due to this bug, there was a chance that, if write to
the pending parent succeeded but updating the active issuer didn't, the
active issuer's ca_chain field would only contain the self-reference and
not the parent's reference as well. Ultimately, a workaround of setting
and subsequently unsetting a manual chain would force a chain
regeneration.

In this patch, we simply fix the write ordering: because we need to
ensure a stable chain sorting, we leave the sort location in the same
place, but delay writing the provided referenceCert to the last
position. This is because the reference is meant to be the user-facing
action: without transactional write capabilities, other chains may
succeed, but if the last user-facing action fails, the user will
hopefully retry the action. This will also correct migration, by
ensuring the subsequent issuer import will be attempted again,
triggering another chain build and only persisting this issuer when
all other issuers have also been updated.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Remigrate ca_chains to fix any missing issuers

In the previous commit, we identified an issue that would occur on
legacy issuer migration to the new storage format. This is easy enough
to detect for any given mount (by an operator), but automating scanning
and remediating all PKI mounts in large deployments might be difficult.

Write a new storage migration version to regenerate all chains on
upgrade, once.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add issue to PKI considerations documentation

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Correct %v -> %w in chain building errs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-11-03 11:50:03 -04:00
..
7277.txt Allow globbing dis/allowed_policies_glob in token roles (#7277) 2021-09-21 08:25:06 -07:00
9081.txt updated usage example (#9081) 2022-08-24 09:03:30 -04:00
9109.txt Add support for go-sockaddr templated addresses in config. (#9109) 2021-10-21 10:10:48 -04:00
9802.txt Add systemd notify support to Agent. Resolves: #7028 (#9802) 2022-08-29 08:18:47 -04:00
9972.txt
10072.txt
10077.txt
10085.txt Fix entity group associations (#10085) 2021-10-01 10:22:52 -04:00
10101.txt Dedup from_entity_ids when merging two entities (#10101) 2021-10-12 15:35:19 -04:00
10131.txt
10181.txt
10231.txt
10249.txt Add allowed_uri_sans_template (#10249) 2021-12-15 09:18:28 -06:00
10365.txt
10375.txt
10384.txt
10386.txt
10416.txt
10417.txt
10424.txt
10433.txt
10444.txt
10456.txt
10467.txt Add retry policy and fix documentation for Cassandra storage backend (#10467) 2022-08-30 11:00:48 -07:00
10487.txt
10489.txt
10490.txt
10491.txt
10498.txt
10505.txt Add helper for encoding/decoding root tokens and OTP generation in SDK module (#10504) (#10505) 2021-12-01 08:05:49 -05:00
10514.txt
10520.txt
10536.txt
10537.txt
10546.txt
10556.txt
10558.txt
10579.txt
10588.txt
10596.txt
10603.txt
10609.txt
10613.txt
10650.txt
10653.txt
10655.txt
10677.txt
10684.txt
10689.txt
10705.txt
10708.txt
10725.txt
10726.txt
10730.txt
10743.txt
10744.txt
10751.txt secrets/consul: Add support to auto-bootstrap Consul ACL system (#10751) 2022-04-20 17:16:15 -05:00
10756.txt
10757.txt
10758.txt
10759.txt
10766.txt
10767.txt
10812.txt
10826.txt
10833.txt
10834.txt
10848.txt
10850.txt
10855.txt
10858.txt
10877.txt
10886.txt Let allowed_users template mix templated and non-templated parts (#10886) 2021-10-19 15:00:15 -07:00
10901.txt
10904.txt
10906.txt
10919.txt
10927.txt
10931.txt
10938.txt
10942.txt
10948.txt Adds "raw(/pem)" format to individual cert routes (#10947) (#10948) 2022-02-07 09:47:13 -05:00
10949.txt
10951.txt
10952.txt
10953.txt
10964.txt
10980.txt
10982.txt
10992.txt
10995.txt
10996.txt
10997.txt
11000.txt Fix missing changelog (#13230) 2021-11-19 12:59:00 -08:00
11011.txt
11015.txt
11018.txt
11022.txt
11094.txt
11113.txt
11119.txt
11127.txt
11129.txt
11142.txt
11143.txt
11182.txt
11208.txt Replace go-bindata-assetfs build dependency with native go:embed (#11208) 2021-08-18 11:05:11 -04:00
11213.txt
11216.txt certutil: select appropriate hash algorithm for ECDSA signature (#11216) 2021-11-04 16:33:01 -04:00
11218.txt pki: calculate Subject Key Identifier according to RFC 5280 (#11218) 2022-01-28 10:46:51 -05:00
11226.txt
11231.txt
11245.txt improvement: add signature_bits field to CA and signers (#11245) 2021-09-10 14:39:05 -07:00
11247.txt Autopilot: Return leader info via delegate (#11247) 2021-04-27 15:54:26 -04:00
11252.txt Add CL for #11252. (#11368) 2021-04-16 09:33:47 -04:00
11256.txt
11258.txt
11259.txt
11260.txt
11262.txt Cassandra DB plugin: Allow special chars in usernames (#11262) 2021-04-16 14:01:15 -06:00
11269.txt Switch to shared raft-boltdb library and add metrics (#11269) 2021-04-26 16:01:26 -07:00
11283.txt
11284.txt UI/obscure secret on input (#11284) 2021-04-22 08:58:37 -06:00
11288.txt Add ServerName to Vault Agent template config (#11288) 2021-05-13 07:18:15 -07:00
11289.txt Add HTTP response headers for hostname and raft node ID (if applicable) (#11289) 2021-04-20 15:25:04 -07:00
11294.txt
11324.txt Add support for unauthenticated pprof access on a per-listener basis,… (#11324) 2021-04-19 14:30:59 -04:00
11345.txt feat(aws): add ability to provide a role session name when generating STS credentials (#11345) 2021-05-17 11:03:09 -07:00
11360.txt Updated search select component styling (#11360) 2021-04-19 15:40:18 -07:00
11364.txt Don't cut off stack traces at 32MB. (#11364) 2021-04-16 15:55:05 -04:00
11365.txt Validate hostnames when using TLS in Cassandra (#11365) 2021-04-16 15:52:35 -06:00
11366.txt Add metrics for requests forwarded by standbys. (#11366) 2021-04-16 14:02:20 -04:00
11367.txt pki: fix tidy removal on revoked entries (#11367) 2021-04-19 09:40:40 -07:00
11371.txt Fix goroutine leak caused by updating rate quotas (#11371) 2021-04-16 14:00:01 -04:00
11377.txt On lease deletion, also delete non-orphan batch token parent index (#11377) 2021-04-16 17:03:22 -04:00
11388.txt Updates the JWT/OIDC auth plugin to v0.9.3 (#11388) 2021-04-19 09:14:17 -07:00
11404.txt Add root rotation statement support to mongoDB (#11404) 2021-04-19 15:40:44 -05:00
11408.txt Make cubbyhole revocation/tidying compatible with cubbys in namespaces. (#11408) 2021-04-19 17:28:04 -04:00
11442.txt UI/okta duo push notification (#11442) 2021-05-06 12:29:39 -06:00
11447.txt UI/update UI deps (#11447) 2021-04-26 11:23:57 -05:00
11451.txt secrets/database: Fixes marshalling bug for json.Number types (#11451) 2021-04-23 14:07:26 -07:00
11453.txt [VAULT-1441] Fix race that allowed remounting on path used by another mount (#11453) 2021-04-24 09:05:41 -07:00
11473.txt Update Agent Auth with GCP to use new SignJWT endpoint (#11473) 2021-04-30 15:45:06 -05:00
11495.txt Add support for templated values in SSH CA DefaultExtensions. (#11495) 2021-05-13 14:37:22 -07:00
11500.txt Updated code mirror component for consistency (#11500) 2021-05-06 09:59:15 -07:00
11502.txt Adding changelog for #11502 (#11944) 2021-06-25 15:41:08 -07:00
11506.txt Use correct mount accessor when refreshing external group memberships (#11506) 2021-05-03 08:23:59 -04:00
11517.txt When running under systemd, send notifications about server startup, shutdown, and config reload (#11517) 2021-05-04 14:47:16 -05:00
11530.txt KV 2 Toolbar delete redesign (#11530) 2021-05-19 10:43:55 -06:00
11532.txt Fixes #11914. (#11915) 2021-06-22 12:39:23 -04:00
11541.txt Fix barrier key autoration config edge cases (#11541) 2021-05-05 14:39:04 -05:00
11562.txt changelog: add changelog for #11562 (#11564) 2021-05-07 11:43:09 -07:00
11576.txt agent/cert: properly return the cached client on AuthClient (#11576) 2021-05-12 14:59:07 -07:00
11585.txt DB engine: Check ErrPluginStaticUnsupported in rollback code (#11601) 2021-05-12 17:09:56 -06:00
11586.txt UI: Regex validation on transform templates (#11586) 2021-05-12 10:12:33 -05:00
11588.txt Add an exponential backoff to TCP listeners to avoid fast loops in error scenarios (#11588) 2021-05-12 10:47:38 -05:00
11596.txt core: updates to password policy generator (#11596) 2021-05-13 09:55:46 -04:00
11597.txt Fix: link on database role item goes to correct URL (#11597) 2021-05-12 14:33:35 -05:00
11600.txt Add ability to customize some timeouts in MongoDB database plugin (#11600) 2021-05-17 11:40:35 -06:00
11607.txt Vault 1979: Query API for Irrevocable Leases (#11607) 2021-06-02 10:11:30 -06:00
11628.txt Fix: Transit encrypt batch does not honor key_version (#11628) 2021-05-27 14:05:20 -05:00
11638.txt AWS Auth: Update error message to include underlying error (#11638) 2021-05-17 13:56:35 -06:00
11641.txt UI/fix identity model (#11641) 2021-05-17 16:41:39 -05:00
11647.txt Tokenutil: Perform num uses check earlier (#11647) 2021-05-19 14:06:08 -04:00
11650.txt Patch expiration fix over from ENT (#11650) 2021-05-18 14:55:38 -07:00
11672.txt UI/tools partial (#11672) 2021-05-24 10:45:35 -06:00
11680.txt Update cluster status partial to component (#11680) 2021-05-27 09:52:51 -07:00
11696.txt changelog: add entry for #11696 (#11715) 2021-05-27 10:57:59 -07:00
11705.txt UI unseal screen updates (#11705) 2021-05-26 13:59:11 -05:00
11708.txt UI: allow reset on database json fields (#11708) 2021-05-27 16:25:58 -05:00
11759.txt UI/license banners (#11759) 2021-06-03 15:30:26 -05:00
11775.txt agent: restart template runner on retry for unlimited retries (#11775) 2021-06-21 16:10:15 -07:00
11778.txt UI/license page with autoload (#11778) 2021-06-07 12:44:39 -05:00
11780.txt Add support for ed25519 (#11780) 2021-10-05 11:28:49 -04:00
11784.txt Updates the JWT/OIDC auth plugin to v0.9.4 (#11784) 2021-06-07 16:02:57 -07:00
11785.txt Implement ember-cp-validations on KV secret engine (#11785) 2021-06-15 09:21:54 -06:00
11795.txt Displays Auth Method description on Vault UI login page (#11795) 2021-06-14 13:03:49 -07:00
11796.txt add changelog to influxdb (#11896) 2021-06-18 14:56:41 -05:00
11802.txt Udate to Go 1.16.5 (#11802) 2021-06-09 10:38:52 -04:00
11820.txt db/cassandra: Adding changelog and documentation (#11822) 2021-06-10 19:06:40 -04:00
11826.txt Omit wrapping tokens and control groups from client counts (#11826) 2021-06-10 15:57:51 -07:00
11836.txt mod: update vault-plugin-secrets-ad@v0.9.1 (#11837) 2021-06-11 13:40:51 -04:00
11838.txt dep: update consul-template to v0.26.0 (#11838) 2021-06-11 10:29:40 -07:00
11861.txt Cassandra: Refactor PEM parsing logic (#11861) 2021-06-21 11:38:08 -06:00
11864.txt Fix for Issue 11863 - Panic when creating/updating approle role with token_type (#11864) 2021-06-24 13:03:41 -04:00
11872.txt Mongo doesnt allow periods in usernames (#11872) 2021-06-24 13:26:31 -04:00
11878.txt UI/cp validations kv duplicate path (#11878) 2021-06-22 10:34:00 -06:00
11884.txt UI/fix safari oidc login (#11884) 2021-06-17 15:56:04 -05:00
11887.txt base32.DecodeString expects length 8 for the buffer (#11887) 2021-07-14 07:38:10 -04:00
11895.txt Add new boltdb options (#11895) 2021-06-21 11:35:40 -07:00
11899.txt RabbitMQ - Add username customization (#11899) 2021-06-22 14:50:46 -05:00
11904.txt Improving Handling of Unix Domain Socket Addresses (#11904) 2022-06-21 15:16:58 -07:00
11907.txt raft: Set BatchApplyCh for more consistent batch sizes (#11907) 2021-06-21 12:00:41 -07:00
11934.txt agent/template: add static_secret_render_interval configurable (#11934) 2021-06-24 15:40:31 -04:00
11942.txt secrets/ad: change improvement to feature in changelog (#12095) 2021-07-15 15:55:40 -04:00
11956.txt mongodbatlas: update changelog for username customization (#12098) 2021-07-15 15:44:03 -05:00
11957.txt Update ElasticSearch DB plugin to v0.8.0 (#11957) 2021-06-29 08:07:00 -05:00
11958.txt changelog: update feature formatting for gcp and key management secrets (#12120) 2021-07-19 12:16:27 -07:00
11963.txt Handle form validation for open api form (#11963) 2021-07-13 15:50:27 -07:00
11969.txt Agent JWT auto auth `remove_jwt_after_reading` config option (#11969) 2022-07-25 07:42:09 -06:00
11970.txt [VAULT-708] Zero out request counter on preSeal (#11970) 2021-07-07 14:03:39 -05:00
11975.txt [ldap] auth method fix request_timeout (#11975) 2021-07-01 13:33:01 -05:00
11980.txt Update Go client libraries for etcd (#11980) 2021-09-29 14:28:13 -04:00
11984.txt UI: Show day of month instead of day of year in the expiration warning dialog (#11984) 2021-09-02 18:06:55 -04:00
11992.txt `vault delete` should allow the same output options as `vault write`,… (#11992) 2021-07-06 10:36:07 -04:00
11995.txt Truncate Secret Engine Description Text (#11995) 2021-07-08 08:21:10 -07:00
11997.txt Update SnowflakeDB plugin to v0.2.0 (#11997) 2021-07-06 13:23:03 -05:00
12003.txt Adds transform secrets engine to feature (#12003) 2021-07-07 16:14:54 -07:00
12008.txt Docfix: "Fix" is not a valid release-note type (#12676) 2021-09-29 14:54:58 -06:00
12016.txt Redshift - Add username customization (#12016) 2021-07-08 10:29:12 -05:00
12019.txt Change changelog type for openldap bug fix (#12112) 2021-07-16 16:37:21 -04:00
12020.txt [VAULT-1836] Support kv-v1 generic mounts for vault.kv.secret.count metric (#12020) 2021-07-09 11:05:05 -04:00
12023.txt changelog: update feature formatting for gcp and key management secrets (#12120) 2021-07-19 12:16:27 -07:00
12024.txt UI/control group db cred (#12024) 2021-07-12 12:50:30 -05:00
12025.txt [VAULT-2776] Add prefix_filter option to Vault (#12025) 2021-07-09 14:49:53 -05:00
12026.txt [VAULT-1986] Cap AWS Token TTL based on Default Lease TTL (#12026) 2021-07-15 10:05:38 -07:00
12031.txt Make the `list` and `kv list` commands work with wrapping, e.g. for controlgroups (#12031) 2021-07-09 12:08:58 -04:00
12034.txt VAULT-2809: Tweak creation of vault.db file (#12034) 2021-07-09 14:45:50 -04:00
12035.txt UI: Automatically refresh page on logout (#12035) 2021-07-14 10:01:14 -05:00
12042.txt [VAULT-2825] Fix erroneous 500 resp for field validation errors (#12042) 2021-07-12 13:39:28 -04:00
12049.txt Update node to latest stable version (#12049) 2021-07-22 14:09:12 -07:00
12066.txt [VAULT-1969] Add support for custom IAM usernames based on templates (#12066) 2021-07-20 09:48:29 -07:00
12071.txt Enable building darwin arm64 for 1.8.x (#11855) (#12071) 2021-07-14 09:26:37 -05:00
12073.txt Update kubernetes auth plugin with AliasLookahead fix (#12073) 2021-07-15 14:35:40 +01:00
12079.txt Fix KV Version History queryParams on the component LinkedBlock (#12079) 2021-07-14 15:38:55 -06:00
12084.txt Improve Secret Empty States (#12084) 2021-07-21 12:47:52 -07:00
12087.txt secrets/database: fixes external plugin reconnect after shutdown for v4 and v5 interface (#12087) 2021-07-15 13:41:04 -07:00
12111.txt UI/database cg read role (#12111) 2021-07-20 11:28:44 -05:00
12115.txt fix: print consul svc addr in debug log (#12115) 2021-07-21 13:12:49 -07:00
12117.txt Add ability to optionally clone an api.Client's headers (#12117) 2021-07-19 17:15:31 -04:00
12126.txt VAULT-2285 adding capability to accept comma separated entries for au… (#12126) 2021-08-09 15:37:03 -04:00
12151.txt identity: do not allow a role's token_ttl to be longer than verification_ttl (#12151) 2021-07-28 20:34:52 -05:00
12162.txt Check to make sure context isn't expired before doing a raft operation. (#12162) 2021-08-19 12:03:56 -04:00
12163.txt serviceregistration: add external-source meta value (#12163) 2021-08-03 09:31:01 -07:00
12165.txt Aerospike backend update (#12165) 2021-11-29 11:09:12 -08:00
12166.txt Add more raft metrics, emit more metrics on non-perf standbys (#12166) 2022-10-07 09:09:08 -07:00
12169.txt UI add custom metadata to KV2 (#12169) 2021-08-31 09:41:41 -06:00
12175.txt Fix `vault debug` so that captured logs include newlines. (#12175) 2021-07-27 09:15:24 -04:00
12185.txt Update genUsername to cap STS usernames at 32 chars (#12185) 2021-08-09 09:40:47 -07:00
12196.txt VAULT-1303 when a request to vault fails, show namespace if set (#12196) 2021-07-30 12:32:05 -04:00
12208.txt identity: enforce key param and key existence on role creation (#12208) 2021-09-08 10:46:58 -05:00
12212.txt UI/TTL helperEnabled/DisabledText fix (#12212) 2021-08-03 15:50:49 -07:00
12229.txt Fix Diagnose Formatting In Disk Usage Checks (#12229) 2021-08-02 10:06:04 -07:00
12245.txt Updating go version to 1.16.6 for security fix (#12245) 2021-08-04 11:30:43 -04:00
12253.txt Update github.com/ulikunitz/xz (#12253) 2021-09-17 09:48:38 -07:00
12255.txt Update github.com/gogo/protobuf (#12255) 2021-09-07 11:40:14 -07:00
12262.txt Switch/upgrade to influxdata/influxdb1-client (#12262) 2022-01-25 13:30:24 -05:00
12265.txt Updates vault-plugin-auth-jwt to v0.10.1 (#12265) 2021-08-04 13:13:02 -07:00
12295.txt UI/StatText Component (#12295) 2021-08-16 11:55:12 -07:00
12301.txt dep: update database-couchbase plugin to v0.4.1 (#12301) 2021-08-12 11:54:19 -07:00
12317.txt Vault 2176 snapshot config issue (#12317) 2021-08-16 10:12:00 -07:00
12320.txt Send x-forwarded-for in Okta Push Factor request (#12320) 2021-09-03 13:09:11 -07:00
12338.txt api: return parse errors if any for storage endpoints (#12338) 2021-08-17 13:19:39 -04:00
12339.txt (OSS Port) Restrict Quota Deletion to Primary Cluster [vault-2399] (#12339) 2021-08-17 15:34:43 -07:00
12340.txt creds/aws: Add support for DSA signature verification for EC2 (#12340) 2021-08-19 09:16:31 -04:00
12348.txt UI: Allow metrics view without config read (#12348) 2021-08-18 15:33:39 -05:00
12351.txt dbplugin: fix error message in DeleteUser (#12351) 2021-08-18 16:12:40 -07:00
12354.txt Handle api explorer routing error (#12354) 2021-08-19 14:32:02 -07:00
12357.txt Fixed overflowing text of flash message container (#12357) 2021-08-19 14:27:22 -07:00
12366.txt Auto-join support for IPv6 discovery (#12366) 2021-09-07 11:55:07 -07:00
12371.txt Upgrade snappy to fix panic with identity/packer on Go 1.16+arm64. (#12371) 2021-08-19 15:51:06 -04:00
12372.txt [MAR-3131] Set grace to 0 on non-positive lease duration (#12372) 2021-08-24 19:06:40 -07:00
12377.txt [VAULT-3226] Use os.rename on windows os (#12377) 2021-08-19 16:05:53 -07:00
12378.txt plugin/snowflake: update gosnowflake to v1.6.1 (#12378) 2021-08-20 11:52:31 -04:00
12379.txt Updates vault-plugin-secrets-gcp to v0.10.2 (#12379) 2021-08-19 16:33:34 -07:00
12388.txt Add code to api.RaftSnapshot to detect incomplete snapshots (#12388) 2021-09-07 11:16:37 -04:00
12393.txt Vault 2823 cc namespace (#12393) 2021-09-07 09:16:12 -07:00
12408.txt bump go to 1.16.7 (#12408) 2021-08-24 09:54:26 -07:00
12409.txt Bug Fix: tab on MaskedInput for GeneratedItems it was clearing the value (#12409) 2021-08-24 08:59:37 -06:00
12413.txt Upgrade pq to fix connection failure cleanup bug (v1.8.0 => v1.10.3) (#12413) 2021-10-01 14:35:51 -07:00
12414.txt Identity: prepublish jwt signing keys (#12414) 2021-09-09 13:47:42 -05:00
12418.txt Add missing read unlock calls in transit backend code (#12652) 2021-09-28 11:59:30 -05:00
12422.txt Client count config view (#12422) 2021-08-25 14:22:15 -07:00
12425.txt Expose secret_id_accessor as WrappedAccessor when wrapping secret-id creation. (#12425) 2021-09-16 10:47:49 -07:00
12428.txt Add PutAutoPilotRaftConfiguration to api (#12428) 2021-11-10 12:10:15 -05:00
12437.txt UI/bar chart horizontal (#12437) 2021-09-07 12:54:33 -07:00
12443.txt change cassandra db plugin timeout to 5s as in docs (#12443) 2022-02-15 07:35:44 -08:00
12451.txt Bootstrap Nomad ACL system if no token is given (#12451) 2022-04-20 11:06:25 -07:00
12473.txt Fail alias rename if the resulting (name,accessor) exists already (#12473) 2021-09-21 08:19:44 -04:00
12478.txt Docfix: "Fix" is not a valid release-note type (#12676) 2021-09-29 14:54:58 -06:00
12483.txt update couchbase plugin version (#12483) 2021-09-07 11:48:10 -05:00
12485.txt Customizing HTTP headers in the config file (#12485) 2021-10-13 11:06:33 -04:00
12502.txt Add Custom metadata field to alias (#12502) 2021-09-17 11:03:47 -07:00
12505.txt dep: update consul-template to v0.27.0 (#12505) 2021-09-09 09:12:42 -07:00
12508.txt CLI: add new -header option to be able to add headers to all cli requests #8754 (#12508) 2021-10-27 11:04:04 -04:00
12514.txt Allow signing self issued certs with a different public key algorithm. (#12514) 2021-09-14 10:07:27 -05:00
12519.txt Fix pkcs7 parsing in some cases (#12519) 2021-09-10 12:17:03 -04:00
12534.txt vault-agent: copy values retrieved from bolt (#12534) 2021-09-13 11:06:08 -07:00
12541.txt UI/ PKI UI Redesign (#12541) 2021-10-04 14:31:36 -07:00
12550.txt Bug fix: allow forward slash in paths for delete menu (#12550) 2021-09-14 12:30:01 -06:00
12554.txt Client count updates (#12554) 2021-09-16 15:28:03 -07:00
12559.txt Use the system rand reader for CA root and intermediate generation (#12559) 2021-09-15 11:59:12 -05:00
12560.txt Use the system rand reader for SSH keypair generation (#12560) 2021-09-15 11:59:28 -05:00
12563.txt Port: Premature Rotation For autorotate (#12563) 2021-09-21 17:45:04 -07:00
12565.txt [VAULT-3519] Return no_default_policy on token role read (#12565) 2021-09-21 09:53:08 -07:00
12577.txt Added namespace search to client count (#12577) 2021-09-22 12:50:59 -07:00
12581.txt Update plugin proto to send tls.ConnectionState (Op.2) (#12581) 2021-10-07 08:06:09 -04:00
12582.txt Patch to support VAULT_HTTP_PROXY variable (#12582) 2021-10-06 09:40:31 -07:00
12600.txt dep: update vault-plugin-secrets-openldap to latest (#12600) 2021-09-21 15:30:19 -07:00
12621.txt update changelog/12621.txt (#13117) 2021-11-10 16:39:27 -08:00
12622.txt UI/bar chart updates (#12622) 2021-09-27 13:48:44 -07:00
12626.txt KV search box when no list access to metadata (#12626) 2021-09-29 14:35:00 -06:00
12629.txt Update Azure secrets engine to use MS Graph (#12629) 2021-09-29 11:28:13 -06:00
12633.txt fix: upgrade vault-plugin-auth-kubernetes (#12633) 2021-09-27 13:10:55 -04:00
12635.txt core: set namespace within GeneratePasswordFromPolicy (#12635) 2021-09-27 09:08:07 -07:00
12646.txt Auth method role edit form should be valid by default (#12646) 2021-10-04 11:53:24 -06:00
12663.txt UI/kv creation time (#12663) 2021-09-28 13:15:43 -06:00
12668.txt Add support to parameterize unauthenticated paths (#12668) 2021-10-13 11:51:20 -05:00
12672.txt UI/Add Elasticsearch DB (#12672) 2021-10-07 14:00:42 -07:00
12687.txt Add HTTP PATCH support to KV (#12687) 2021-10-13 15:24:31 -04:00
12688.txt agent: tolerate partial restore failure from persistent cache (#12718) 2021-10-08 11:30:04 +01:00
12691.txt Fix a Deadlock on HA leadership transfer (#12691) 2021-10-04 13:55:15 -04:00
12713.txt Removed unpublished:true for sys/internal/* endpoints (#12713) 2021-10-15 14:50:14 -04:00
12715.txt Fix auth/aws so that config/rotate-root saves new key pair to vault (#12715) 2021-10-19 10:26:47 -04:00
12716.txt Fix 1.8 regression preventing email addresses being used as common name within pki certificates (#12336) (#12716) 2021-10-04 14:02:47 -04:00
12718.txt agent: tolerate partial restore failure from persistent cache (#12718) 2021-10-08 11:30:04 +01:00
12720.txt CLI request when namespace is in argument and part of the path (#12720) 2021-10-21 22:35:13 -04:00
12724.txt Upgrade go-kms-wrapping to pickup oci-go-sdk update (#12724) 2021-10-04 16:21:38 -05:00
12731.txt [VAULT-3157] Move `mergeStates` utils from Agent to api module (#12731) 2021-10-06 10:57:06 -07:00
12747.txt [VAULT-3252] Disallow alias creation if entity/accessor combination exists (#12747) 2021-10-14 09:52:07 -07:00
12752.txt Added support for Oracle db connection (#12752) 2021-10-11 09:20:23 -07:00
12762.txt agent: Use an in-process listener with cache (#12762) 2021-10-15 17:22:19 -07:00
12763.txt Skip metric increment during existence check (#12763) 2022-05-05 10:22:19 -07:00
12770.txt UI/Serialize DB Connection Attributes (#12770) 2021-10-11 16:42:11 -07:00
12780.txt Filter identity token keys (#12780) 2021-10-12 11:14:03 -05:00
12787.txt Add LIST support to sys/policies/password (#12787) 2022-01-24 13:42:14 -08:00
12788.txt Return 404 response when looking for a secret_id_accessor that does not exist (#12788) 2021-10-11 15:07:51 +01:00
12790.txt Add remote_port in the audit logs when it is available (#12790) 2022-01-26 15:47:15 -08:00
12791.txt Return num_uses during authentication (#12791) 2022-01-25 18:59:53 -08:00
12792.txt Some changelog tidying for 1.10 preview (#13385) 2021-12-10 16:23:20 -05:00
12793.txt cl update (#13798) 2022-02-03 16:52:45 -08:00
12795.txt Some changelog tidying for 1.10 preview (#13385) 2021-12-10 16:23:20 -05:00
12796.txt Native Login method for Go client (#12796) 2021-10-26 16:48:48 -07:00
12800.txt UI/OIDC provider (#12800) 2021-10-13 15:04:39 -05:00
12802.txt Diagnose partial/missing telemetry configuration (#12802) 2021-10-20 16:47:59 -05:00
12812.txt Entities may have duplicate policies (#12812) 2021-10-22 19:28:31 -04:00
12814.txt api.Client: support isolated read-after-write (#12814) 2021-10-14 14:51:31 -04:00
12819.txt UI/remove empty rows from DB config pages (#12819) 2021-10-14 13:14:33 -07:00
12820.txt Port: add client ID to TWEs in activity log [vault-3136] (#12820) 2021-10-14 09:10:59 -07:00
12834.txt Fix entity alias deletion (#12834) 2021-10-19 15:05:06 -04:00
12839.txt [VAULT-3379] Add support for contained DBs in MSSQL root rotation and lease revocation (#12839) 2021-10-19 14:11:47 -07:00
12843.txt agent/cache: Store leases in-order in persistent cache so that restore respects dependencies (#12843) 2021-10-27 11:36:48 +01:00
12847.txt Forbid ssh key signing with specified extensions when role allowed_extensions is not set (#12847) 2021-10-15 17:55:18 -04:00
12868.txt Move to go 1.17 (#12868) 2021-10-21 09:32:03 -04:00
12872.txt Restrict ECDSA/NIST P-Curve hash function sizes for cert signing (#12872) 2021-11-12 12:18:38 -05:00
12876.txt Updates vault-plugin-auth-jwt to v0.11.0 (#12876) 2021-10-19 15:22:52 -07:00
12877.txt [VAULT-3008] Update RabbitMQ dependency and fix regression in UserInfo.Tags in v3.9 (#12877) 2021-10-20 09:46:37 -07:00
12881.txt operator generate-root -decode: allow token from stdin (#12881) 2021-10-20 12:29:17 -04:00
12885.txt VAULT-444: Add PKI tidy-status endpoint. (#12885) 2021-11-02 11:12:49 -04:00
12887.txt UI/Remove spinner after token renew (#12887) 2021-10-21 09:05:45 -05:00
12888.txt fix 12888 release note format (#13016) 2021-11-02 16:54:46 -06:00
12890.txt UI Conditionally Copy Tooltips (#12890) 2021-10-21 09:26:56 -06:00
12895.txt adds divider to toolbars with destructive actions (#12895) 2021-10-22 08:11:14 -06:00
12903.txt Set Cassandra connect timeout, not just regular timeout (#12903) 2021-10-22 11:02:28 -04:00
12904.txt UI/Remove token_type field from token auth method (#12904) 2021-10-29 13:00:34 -07:00
12906.txt Vertical resize on .cm-s-hashi.CodeMirror (#12906) 2021-10-22 14:58:04 -06:00
12907.txt Extend kv metadata to get, put, and patch (#12907) 2021-10-26 15:38:56 -04:00
12908.txt Info table row typography (#12908) 2021-10-22 15:16:02 -06:00
12911.txt fixing a bug for cli when namespace is in both arg and path (#12911) 2021-10-22 17:47:16 -04:00
12916.txt Adds missing unlock of RWMutex in OIDC delete key (#12916) 2021-10-25 09:59:26 -07:00
12921.txt KV alert banner for white space in KV path (#12921) 2021-10-28 10:50:33 -06:00
12932.txt Use mutex in OIDC configuration handlers (#12932) 2021-10-27 08:23:05 -07:00
12934.txt go-kms-wrapping update for Azure Key Vault's Managed HSM offering (#12934) 2021-10-27 12:07:18 -04:00
12945.txt UI/ Add PostgreSQL DB (#12945) 2021-10-29 09:58:56 -07:00
12965.txt cockroachdb: add high-availability support (#12965) 2022-03-29 13:12:06 -04:00
12976.txt Incorporate Ember Flight Icons (#12976) 2021-12-07 10:05:14 -07:00
13000.txt UI/kv codemirror diff (#13000) 2021-12-01 11:41:49 -07:00
13015.txt Secrets header version badge (#13015) 2021-11-08 14:29:00 -07:00
13022.txt Some changelog tidying for 1.10 preview (#13385) 2021-12-10 16:23:20 -05:00
13024.txt Fiddling with changelog formatting (#13496) 2021-12-21 18:32:08 -05:00
13032.txt UI/Truncate long secret names (#13032) 2021-11-04 16:57:08 -07:00
13033.txt Add changelog for couchbase plugin bug fix (#13033) 2021-11-03 15:39:19 -05:00
13034.txt secrets/azure: add changelog for rotate-root (#13034) 2021-11-03 16:38:45 -04:00
13038.txt PGP key list input fix (#13038) 2021-11-04 14:25:15 -06:00
13042.txt Fix errors logged on standbys when we try to write versions to storage (#13042) 2021-11-08 10:04:17 -05:00
13044.txt Allowing Unwrap w/ Newline files (#13044) 2021-11-24 10:13:45 -08:00
13054.txt UI/Adds pagination to auth methods list (#13054) 2021-11-04 16:35:20 -07:00
13078.txt Add a periodic test of the autoseal to detect loss of connectivity. (#13078) 2021-11-10 14:46:07 -06:00
13080.txt Add universal default key_bits value for PKI endpoints (#13080) 2021-12-13 15:26:42 -05:00
13086.txt Port: Allow Routing to Partial Monthly Client Count From Namespaces (#13086) 2021-11-08 15:38:35 -08:00
13090.txt UI/Custom empty state messages for transit and transform (#13090) 2021-11-11 16:53:53 -08:00
13093.txt Add missing changelog for pr #13093 (#13095) 2021-11-09 11:03:59 -05:00
13098.txt Raft peer removal bug (#13098) 2021-11-09 15:05:25 -07:00
13107.txt Raft Snapshot Restore Bug (#13107) 2021-11-17 10:30:59 -07:00
13111.txt Return non-retryable errors on transit encrypt and decrypt failures (#13111) 2021-11-15 15:53:22 -06:00
13133.txt OIDC Auth Bug (#13133) 2021-11-15 08:48:11 -07:00
13146.txt sdk/queue: move lock before checking queue length (#13146) 2021-11-29 14:54:00 -05:00
13149.txt UI/Update blueprints to glimmer components (#13149) 2021-11-16 13:14:16 -08:00
13152.txt Hide verify-connection attribute on connection config show page (#13152) 2021-11-16 12:56:42 -06:00
13162.txt Authenticate to "login" endpoint for non-existent mount path bug (#13162) 2021-11-22 17:06:59 -08:00
13165.txt Fix 1.9 regression with raft and stored time values (#13165) 2021-11-16 14:43:00 -05:00
13166.txt KV automatic delete state issue in UI (#13166) 2021-11-23 14:17:37 -07:00
13168.txt Revert more downgrades from #12975. (#13168) 2021-11-16 15:07:03 -05:00
13169.txt Fix startup failures when aliases from a pre-1.9 vault version exist (#13169) 2021-11-16 14:56:34 -05:00
13177.txt Form field component ttl picker not initially enabling (#13177) 2021-11-17 10:21:17 -07:00
13178.txt Some changelog tidying for 1.10 preview (#13385) 2021-12-10 16:23:20 -05:00
13195.txt Add pagination to namespace list view (#13195) 2021-11-29 13:11:14 -08:00
13200.txt Update 13200.txt changelog (#13263) 2021-11-24 13:38:15 -05:00
13215.txt Add HTTP PATCH support for KV key metadata (#13215) 2022-01-12 12:05:27 -05:00
13231.txt identity/oidc: optional nonce parameter for authorize request (#13231) 2021-11-22 09:42:22 -08:00
13233.txt Fixed null token panic from 'v1/auth/token/' endpoints and returned p… (#13233) 2021-12-21 09:46:56 -08:00
13235.txt Fix regression in returning empty value for approle cidrlist. (#13235) 2021-11-23 12:13:47 -05:00
13236.txt Fix null token type bug (#13236) 2021-12-06 09:38:53 -08:00
13238.txt UI/Fix node-forge EC error (#13238) 2021-11-23 13:51:02 -05:00
13241.txt Respect WithWrappingToken for all secret ID's in approle auth (#13241) 2021-11-23 15:53:48 -08:00
13254.txt skip hash bits verification for ed25519 (#13254) 2021-11-23 15:28:18 -05:00
13257.txt recognize ed25519 key type and return PKCS8 format (#13257) 2021-11-24 14:24:06 -05:00
13277.txt secrets/azure: Update plugin to v0.11.2 (#13277) 2021-11-29 09:05:23 -08:00
13282.txt Return an error when trying to store a too-large key with Raft (#13282) 2021-11-25 14:07:03 -05:00
13286.txt Prevent raft transactions from containing overlarge keys. (#13286) 2021-11-26 08:38:39 -05:00
13292.txt Add "operator members" command to list nodes in the cluster. (#13292) 2021-11-30 14:49:58 -05:00
13298.txt Identity: check NextSigningKey existence during key rotation (#13298) 2021-11-29 15:10:58 -06:00
13318.txt Fix possible nil pointer dereference (#13318) 2021-12-02 08:23:41 -05:00
13324.txt Rename master key to root key (#13324) 2021-12-06 17:12:20 -08:00
13332.txt github auth: use org id to verify creds (#13332) 2021-12-14 16:37:19 -06:00
13348.txt auth/cert: Add certificate extensions as metadata (#13348) 2022-01-03 13:38:16 -08:00
13365.txt auth/jwt: update changelog for pkce improvement (#13392) 2021-12-10 11:15:22 -06:00
13367.txt Fiddling with changelog formatting (#13496) 2021-12-21 18:32:08 -05:00
13395.txt Support clearing an identity alias' custom_metadata (#13395) 2021-12-10 18:07:47 -05:00
13396.txt UI/fix client count partial (#13396) 2021-12-10 16:14:57 -06:00
13408.txt Main go version bump (#13408) 2021-12-14 11:11:13 -05:00
13414.txt secrets/database: Add parameter to disable escaping username and password chars for DB connections (#13414) 2022-01-10 12:05:17 -06:00
13439.txt update okta-sdk-golang to v2.9.1 (#13439) 2022-01-06 09:42:51 -05:00
13443.txt Ember Upgrade to 3.24 (#13443) 2021-12-16 20:44:29 -07:00
13452.txt EscapeLDAPValue - catch trailing escape character (#13452) 2021-12-15 13:17:07 -08:00
13469.txt Update mssql's contained_db field to accept a boolean (#13469) 2021-12-20 10:04:43 -05:00
13476.txt Attempt to address a data race issue within identity store - take 2 (#13476) 2021-12-22 09:51:13 -05:00
13486.txt Fix properly initialize replicateStateStore from SetReadYourWrites() (#13486) 2021-12-21 16:14:39 -05:00
13487.txt [Vault-4628] OpenAPI endpoint not expanding root alternations (#13487) 2021-12-22 15:36:47 -08:00
13492.txt auth/oidc: update plugin to v0.11.4 (#13492) 2021-12-21 16:48:53 -08:00
13515.txt Add ability to optionally clone a Client's token (#13515) 2021-12-22 17:07:26 -05:00
13537.txt Enhance sys/raw to read and write values that cannot be encoded in json (#13537) 2022-01-20 07:52:53 -05:00
13540.txt Add support for PROXY protocol v2 in TCP listener (#13540) 2022-03-08 12:13:00 -05:00
13548.txt secrets/gcp: update plugin to v0.11.1 (#13548) 2022-01-03 11:18:48 -08:00
13573.txt Use MAP_POPULATE for our bbolt mmaps (#13573) 2022-01-11 08:16:53 -05:00
13585.txt UI/fix kmip role form (#13585) 2022-01-07 09:16:40 -06:00
13590.txt Search Select Input Fix (#13590) 2022-01-06 16:34:26 -07:00
13595.txt auth/kubernetes: support for dynamically reloading short-lived tokens (#13595) 2022-01-14 19:55:15 -08:00
13604.txt UI/Fixes secrets list breadcrumb (#13604) 2022-01-10 11:00:47 -08:00
13606.txt Parallel retry join (#13606) 2022-01-17 10:33:03 -05:00
13615.txt If we get a 405 doing an HTTP PATCH, assume the server is pre-1.9 and fall back to old readThenWrite approach (#13615) 2022-01-11 11:52:24 -05:00
13643.txt Distinguish LIST-only paths in OpenAPI (#13643) 2022-01-18 09:21:44 -08:00
13660.txt Add support for client certificates to -output-curl-string (#13660) 2022-01-20 10:25:26 -08:00
13661.txt Make auth/token/revoke-accessor idempotent (#13661) 2022-01-18 06:56:38 -05:00
13667.txt Vault-3991 Code Scanning Alerts Changes (#13667) 2022-01-14 15:35:27 -08:00
13669.txt auth/ldap: Add username to alias.metadata.name (#13669) 2022-01-20 12:30:26 -05:00
13675.txt Add telemetry to Vault agent (#13675) 2022-02-17 17:10:26 -08:00
13678.txt Support go-sockaddr templates in top-level cluster_addr config (#13678) 2022-01-19 10:56:04 -05:00
13682.txt Add the duration and start time to logged completed requests. (#13682) 2022-01-20 08:55:30 -05:00
13683.txt Accept both -f and --force in the web terminal (#13683) 2022-01-20 10:17:53 -07:00
13690.txt Add validation for nonce size when we aren't in convergent encryption mode within transit backend (#13690) 2022-01-19 13:02:49 +05:30
13691.txt Time-based transit key autorotation (#13691) 2022-01-20 09:10:15 -06:00
13703.txt Update to raft lib v1.3.3 (#13703) 2022-01-24 09:50:23 -05:00
13716.txt oidc: check for nil signing key on rotation (#13716) 2022-01-24 12:05:49 -06:00
13736.txt Support Y10K value in notAfter field when signing non-CA certificates (#13736) 2022-01-31 15:37:50 -06:00
13749.txt Raft/fix raft telemetry metric unit (#13749) 2022-01-24 10:51:35 -05:00
13759.txt PKI - Allow performance secondaries to generate and store certificates locally to them (#13759) 2022-01-24 10:03:04 -06:00
13766.txt Add sys/version-history endpoint and associated command (#13766) 2022-02-14 15:26:57 -05:00
13799.txt Remove fmt strings and replace with inline queries (#13799) 2022-01-27 15:20:13 -08:00
13841.txt [API] Add LDAP auth method (#13841) 2022-02-04 11:10:51 -08:00
13850.txt secret/consul: Add support for consul namespaces and admin partitions (#13850) 2022-02-09 15:44:00 -06:00
13871.txt identity/oidc: loopback redirect dynamic port (#13871) 2022-02-07 10:34:33 -08:00
13872.txt Fix kv secret access bug (#13872) 2022-02-03 01:46:03 +05:30
13889.txt Add duration/count metrics to PKI issue and revoke flows (#13889) 2022-02-08 10:37:40 -06:00
13893.txt add API docs for KVv2 subkeys endpoint (#13893) 2022-02-14 15:28:14 -05:00
13894.txt Switch from node-forge to PKI.js (#13894) 2022-02-04 12:52:28 -05:00
13908.txt Transform Advanced Templating (#13908) 2022-02-07 13:07:53 -07:00
13917.txt identity/oidc: Adds proof key for code exchange (PKCE) support (#13917) 2022-02-15 12:02:22 -08:00
13925.txt auth/kubernetes: Update plugin to v0.11.5 (#13925) 2022-02-10 12:23:19 -05:00
13927.txt Use application/pem-certificate-chain for PEMs (#13927) 2022-02-08 08:12:33 -05:00
13935.txt Add full CA Chain to /pki/cert/ca_chain response (#13935) 2022-02-07 14:37:01 -05:00
13950.txt UI: Add check for renewal time before triggering renew-self (#13950) 2022-02-08 11:43:42 -06:00
13958.txt Allow all other_sans in sign-intermediate and sign-verbatim (#13958) 2022-02-09 10:09:19 -05:00
13970.txt UI/transit auto rotate interval (#13970) 2022-02-09 10:56:49 -06:00
13973.txt secrets/azure: update to v0.11.3 (#13973) 2022-02-09 11:58:53 -05:00
13974.txt secrets/gcp: update to v0.11.2 (#13974) 2022-02-09 12:57:53 -05:00
13991.txt Allow specifying multiple allowed SSH key lengths (#13991) 2022-02-17 15:36:56 -05:00
14006.txt Switch to secure signing algorithm for SSH secrets engine (#14006) 2022-02-18 10:44:01 -05:00
14008.txt Allow generation of other types of SSH CA keys (#14008) 2022-02-15 14:14:05 -05:00
14013.txt identity/oidc: use inherited group membership for client assignments (#14013) 2022-02-11 11:40:44 -08:00
14014.txt secret/consul: Add Consul ACL roles support (#14014) 2022-02-16 19:31:08 -06:00
14025.txt update MFA changelog (#14326) 2022-03-01 15:13:39 -08:00
14033.txt update changelog to include db config connection return value change (#14256) 2022-02-24 14:03:11 -06:00
14049.txt MFA UI Changes (v3) (#14145) 2022-02-17 15:40:25 -07:00
14051.txt Allow auto-detection of AWS region when using the vault CLI (#14051) 2022-02-14 12:01:27 -08:00
14054.txt UI: Switch usage of localStorage to sessionStorage (#14054) 2022-02-17 10:04:53 -06:00
14067.txt Revert "MFA (#14049)" (#14135) 2022-02-17 13:17:59 -07:00
14074.txt Use FieldData.GetOkError() to access required Transit parameters. (#14593) 2022-03-18 16:10:38 -04:00
14095.txt auth/ldap: add resp warning if userfilter doesn't consider userattr (#14095) 2022-02-17 17:19:44 -08:00
14107.txt Revert "MFA (#14049)" (#14135) 2022-02-17 13:17:59 -07:00
14109.txt Server Side Consistency Docs (#14392) 2022-03-16 10:20:12 -07:00
14119.txt identity/oidc: Adds default provider, key, and allow_all assignment (#14119) 2022-02-22 08:33:19 -08:00
14130.txt secrets/azure: update plugin to v0.11.4 (#14130) 2022-02-17 12:09:36 -08:00
14131.txt interactive CLI for mfa login (#14131) 2022-02-24 15:16:15 -05:00
14138.txt auth/azure: update to v0.9.3 (#14138) 2022-02-18 09:42:48 -05:00
14144.txt upgrade vault-plugin-auth-kubernetes (#14144) 2022-02-22 11:25:44 -05:00
14171.txt secrets/openldap: fix panic from nil logger (#14171) 2022-02-18 19:40:30 -05:00
14178.txt Rebase #14178 / Add not_before_duration API parameter to Root/Intermediate CA generation (#15511) 2022-05-19 12:35:08 -04:00
14190.txt Update github.com/prometheus/client_golang (#14190) 2022-02-23 09:31:58 -05:00
14193.txt Remove support for etcd v2 storage backend. (#14193) 2022-02-22 16:48:04 -05:00
14195.txt Add checks for other error types within the PKI plugin (#14195) 2022-02-22 14:39:21 -05:00
14197.txt Ensure that fewer goroutines survive after a test completes (#14197) 2022-02-23 10:33:52 -05:00
14206.txt prevent int64 overflow for default_lease_ttl and max_lease_ttl (#14206) 2022-02-23 17:08:52 -05:00
14214.txt agent/azure: adds ability to use specific user-assigned managed identities for auto auth (#14214) 2022-02-23 11:43:36 -08:00
14217.txt Change OpenAPI code generator to extract request objects (#14217) 2022-03-11 19:00:26 -05:00
14222.txt Set header content type instead of overwriting all headers (#14222) 2022-02-23 17:09:57 -05:00
14223.txt Quit agent endpoint with config (#14223) 2022-02-25 10:29:05 +00:00
14224.txt UI/fix db role ttl display (#14224) 2022-02-23 10:00:20 -06:00
14231.txt Increase column width of vault_key on mysql (#14231) 2022-02-24 09:21:57 -05:00
14232.txt Update to Go 1.17.7 (#14232) 2022-02-23 15:08:08 -05:00
14233.txt UI: Fix incorrect validity modal on transit secrets engine (#14233) 2022-02-23 14:59:49 -06:00
14235.txt Fix broken interactions between glob_domains and wildcards (#14235) 2022-02-23 16:44:09 -05:00
14238.txt Add role parameter to restrict issuance of wildcard certificates (#14238) 2022-02-24 08:41:56 -05:00
14268.txt UI: add Database static role password rotation (#14268) 2022-02-25 12:16:54 -06:00
14269.txt [VAULT-5003] Use net/http client in Sys().RaftSnapshotRestore (#14269) 2022-03-14 10:13:33 -07:00
14292.txt Add warning when generate_lease=no_store=true when writing PKI role (#14292) 2022-02-28 13:55:12 -05:00
14301.txt Output full secret path in certain kv commands (#14301) 2022-03-08 13:17:27 -08:00
14324.txt auth/ldap: add `username_as_alias` config flag (#14324) 2022-03-15 10:21:40 -04:00
14328.txt treat logical.ErrRelativePath as 400 instead of 500 (#14328) 2022-03-30 09:08:02 -04:00
14329.txt Logout with wrapped token (#14329) 2022-03-02 09:45:53 -07:00
14385.txt Set service type to notify in systemd unit. (#14385) 2022-03-09 08:13:45 -05:00
14388.txt Add context-aware functions to vault/api (#14388) 2022-03-23 17:47:43 -04:00
14389.txt Added Enigma Vault secret plugin. Designed to be simple but complete, a good starting point for plugin developers (#14389) 2022-03-11 08:33:48 -05:00
14399.txt Fix debug bundle panic on Windows (#14399) 2022-06-09 15:57:45 -07:00
14400.txt UI/Hide empty masked PKI row values (#14400) 2022-03-11 13:55:01 -08:00
14422.txt UI/add managed ns redirect prefix (#14422) 2022-03-10 08:26:33 -06:00
14424.txt Agent error log level is mismatched (#14424) 2022-04-07 11:03:38 -07:00
14426.txt identity/oidc: prevent key rotation on performance secondary clusters (#14426) 2022-03-09 15:41:02 -08:00
14455.txt Update google-cloud-storage backend documentation (#14455) 2022-08-26 09:59:40 -05:00
14474.txt Add fields 'ttl' and 'num_uses' to SecretID generation. (#14474) 2022-09-02 09:29:59 -07:00
14487.txt only check Contains if IP address (#14487) 2022-03-15 09:55:50 -06:00
14489.txt UI/fix kv data cache (#14489) 2022-03-16 11:00:08 -05:00
14493.txt UI/d3 DOM cleanup hover issue (#14493) 2022-03-16 13:36:41 -05:00
14501.txt Add input validation to getRuleInfo to prevent panic (#14501) 2022-03-24 16:16:37 -04:00
14508.txt UI: Parse OpenAPI response correctly if schema includes $ref (#14508) 2022-03-16 09:24:07 -05:00
14522.txt Fix panic caused by parsing `json.Number` values for TypeCommaStringSlice fields (#14522) 2022-03-28 11:07:55 -04:00
14523.txt Fix CLI panic caused by single backslash values (#14523) 2022-03-24 16:40:32 -04:00
14543.txt identity/token: fix duplicate keys in well-known (#14543) 2022-03-16 18:48:10 -07:00
14545.txt OIDC Logout Bug (#14545) 2022-03-18 09:40:17 -06:00
14551.txt UI/Wrong sentinel error message for auth methods (#14551) 2022-03-18 16:47:42 -07:00
14622.txt Add a check for missing entity during local alias invalidation. (#14622) 2022-03-21 15:09:31 -04:00
14659.txt Remove Ivy Codemirror (#14659) 2022-03-29 10:25:16 -06:00
14670.txt Warn on upper case in policy name (#14670) 2022-03-24 13:29:11 -07:00
14704.txt Vault-4010 Unauthenticated panic when processing "help" requests (#14704) 2022-03-24 12:19:14 -07:00
14744.txt Ensure that URL encoded passwords are properly redacted. (#14744) 2022-03-29 10:33:55 -04:00
14746.txt add value length check to approle createHMAC (#14746) 2022-03-29 14:43:35 -04:00
14751.txt auth/cert: Add metadata to identity-alias (#14751) 2022-08-23 11:03:53 -07:00
14752.txt Vault-4279 reporting redundant/unused keys in config (#14752) 2022-04-01 10:34:27 -04:00
14753.txt Add ability to pass certificate PEM bytes to vault/api (#14753) 2022-04-06 11:21:46 -04:00
14755.txt Address incorrect table metric value for local mounts (#14755) 2022-03-30 13:06:49 -04:00
14763.txt Ember upgrade to 3.28.6 (#14763) 2022-04-12 13:59:34 -06:00
14775.txt Use WriteWithContext in auth helpers (#14775) 2022-04-06 11:20:34 -04:00
14791.txt Fixing excessive unix file permissions (#14791) 2022-04-01 12:57:38 -04:00
14794.txt UI/Only show form values if have read access (#14794) 2022-04-01 16:05:42 -05:00
14807.txt Mount flag syntax to mitigate confusion from KV-v2 path discrepancies (#14807) 2022-04-06 13:58:06 -07:00
14814.txt VAULT-4240 time.After() in a select statement can lead to memory leak (#14814) 2022-04-01 10:17:11 -04:00
14817.txt Vault 3992 ToB Config and Plugins Permissions (#14817) 2022-04-04 09:45:41 -07:00
14836.txt Respect increment value in grace period calculations (api/LifetimeWatcher) (#14836) 2022-04-06 13:04:45 -04:00
14846.txt Vault 3999 Change permissions for directory/archive created by debug command (#14846) 2022-04-04 09:44:03 -07:00
14864.txt VAULT-5422: Add rate limit for TOTP passcode attempts (#14864) 2022-04-14 13:48:24 -04:00
14869.txt deprecating Legacy MFA (#14869) 2022-04-19 21:19:34 -04:00
14875.txt Fix handling of default zero SignatureBits value with Any key type in PKI Secrets Engine (#14875) 2022-04-04 15:26:54 -04:00
14899.txt Fix changelog formatting for feature (#15386) 2022-05-12 08:19:52 -07:00
14900.txt [Vault-5248] MFA support for api login helpers (#14900) 2022-04-15 11:13:15 -07:00
14916.txt OIDC Login Bug (#14916) 2022-04-07 08:30:29 -06:00
14941.txt Bug Fix and Glimmerize secret-edit component (#14941) 2022-04-07 11:07:33 -06:00
14943.txt Fix handling of SignatureBits for ECDSA issuers (#14943) 2022-04-07 11:52:59 -04:00
14945.txt Vault Raw Read Support (CLI & Client) (#14945) 2022-10-28 09:45:32 -04:00
14946.txt feature: secrets/auth plugin multiplexing (#14946) 2022-08-29 21:42:26 -05:00
14954.txt aws auth displayName (#14954) 2022-04-08 14:37:49 -07:00
14957.txt Add build date (#14957) 2022-04-19 14:28:08 -04:00
14962.txt Warnings indicating ignored and replaced parameters (#14962) 2022-04-11 09:57:12 -04:00
14963.txt [Vault-5736] Add (*Client).WithNamespace() for temporary namespace handling (#14963) 2022-04-14 09:50:21 -07:00
14966.txt Fix edit capabilities call in auth method (#14966) 2022-04-11 10:48:35 -07:00
14968.txt Don't clone OutputCurlString value (#14968) 2022-04-08 09:58:50 -07:00
14973.txt Update gocql to resolve #12878 (#14973) 2022-04-18 11:12:32 -07:00
14975.txt Add various missing PKI related changelog entries (#15500) 2022-05-23 11:53:49 -04:00
14977.txt Ensure initialMmapSize is 0 on Windows (#14977) 2022-04-08 12:07:21 -07:00
14985.txt supporting google authenticator with Okta auth (#14985) 2022-04-14 08:37:04 -04:00
15004.txt Add various missing PKI related changelog entries (#15500) 2022-05-23 11:53:49 -04:00
15009.txt forwarding requests subjected to Login MFA to the active node (#15009) 2022-04-13 10:11:53 -04:00
15025.txt UI: Masked inputs always look the same when value is hidden (#15025) 2022-04-13 16:56:39 -05:00
15041.txt When running under systemd, send ready when server completed reloading config #7028 (#15041) 2022-05-03 08:34:11 -04:00
15042.txt Raft: use a larger initial heartbeat/election timeout (#15042) 2022-04-29 08:32:16 -04:00
15046.txt Custom tooltip for Generated Token Policies form field on auth methods (#15046) 2022-04-14 14:58:26 -06:00
15054.txt Add AWS_DYNAMODB_REGION Environment variable (#15054) 2022-04-28 12:29:51 -07:00
15055.txt Remove duplicate policies when creating/updating identity groups (#15055) 2022-05-16 17:20:48 -04:00
15058.txt UI: fix blank selection on search select field (#15058) 2022-04-15 12:47:55 -05:00
15067.txt When tainting a route during setup, pre-calculate the namespace specific path (#15067) 2022-04-26 09:13:45 -07:00
15072.txt fix TypeCommaIntSlice panic caused by json.Number input (#15072) 2022-04-18 16:43:16 -04:00
15074.txt remove storybook: (#15074) 2022-04-19 15:45:20 -06:00
15092.txt Upgrade hashicorp/consul-template dependency (#15092) 2022-04-19 20:51:11 +01:00
15100.txt Add various missing PKI related changelog entries (#15500) 2022-05-23 11:53:49 -04:00
15104.txt [VAULT-5887] TypeInt64 support added to OpenApi Spec generation (#15104) 2022-04-22 15:37:12 -07:00
15123.txt Clone identity objects to prevent races. (#15123) 2022-04-22 13:04:34 -04:00
15125.txt Update golang.org/x/crypto/ssh (#15125) 2022-04-22 12:58:23 -04:00
15152.txt Add various missing PKI related changelog entries (#15500) 2022-05-23 11:53:49 -04:00
15155.txt Add various missing PKI related changelog entries (#15500) 2022-05-23 11:53:49 -04:00
15156.txt fix raft tls key rotation panic when rotation time in past (#15156) 2022-04-25 21:48:34 -04:00
15163.txt [VAULT-5813] Remove duplicate sha_256 in SystemCatalogRequest OAS (#15163) 2022-04-25 13:12:08 -07:00
15166.txt VAULT-5827 Don't prepare SQL queries before executing them (#15166) 2022-04-26 12:47:06 -07:00
15167.txt Handle client count timezone (#15167) 2022-05-20 21:43:01 +02:00
15179.txt Add various missing PKI related changelog entries (#15500) 2022-05-23 11:53:49 -04:00
15188.txt [VAULT-14990] Support retrieving kv secret paths with trailing spaces (#15188) 2022-05-10 14:07:45 -07:00
15204.txt agent/auto-auth: Add `min_backoff` to set first backoff value (#15204) 2022-04-29 12:31:32 -04:00
15211.txt Add various missing PKI related changelog entries (#15500) 2022-05-23 11:53:49 -04:00
15213.txt Allow callers to choose the entropy source for the random endpoints. (#15213) 2022-05-02 14:42:07 -05:00
15224.txt Do sockaddr template parsing only when needed (#15224) 2022-04-29 09:57:17 -04:00
15248.txt Globally scoped MFA method Get/List endpoints (#15248) 2022-05-17 14:54:16 -04:00
15250.txt not_before_duration added to SSH (#15250) 2022-05-12 08:50:40 -04:00
15259.txt change ordering of activity log month data to sort by ascending order… (#15259) 2022-05-03 13:39:29 -07:00
15261.txt loading MFA configs upont restart (#15261) 2022-05-05 18:53:57 -04:00
15277.txt Add various missing PKI related changelog entries (#15500) 2022-05-23 11:53:49 -04:00
15293.txt Update deps for consul-template 0.29.0 (#15293) 2022-05-05 10:30:40 -07:00
15295.txt secrets/consul: Add support for generating tokens with service and node identities (#15295) 2022-05-09 20:07:35 -05:00
15305.txt KV helper methods for api package (#15305) 2022-05-25 11:17:13 -07:00
15316.txt Add DR Metric scraping capability to debug command (#15316) 2022-05-06 16:04:08 -04:00
15342.txt add mount accessor to audit request and responses (#15342) 2022-05-12 11:28:00 -06:00
15343.txt postgres: replace the package lib/pq with pgx (#15343) 2022-05-23 12:49:18 -07:00
15352.txt Query and Precompute Non-Contiguous Segments in the Activity Log (#15352) 2022-05-17 12:17:32 -07:00
15355.txt Updating Okta MFA to use official SDK (#15355) 2022-05-17 15:14:26 -04:00
15361.txt auth/okta: Add support for Okta number challenge (#15361) 2022-05-11 17:09:29 -07:00
15364.txt UI/ fix firefox not recognizing csv export (#15364) 2022-05-10 17:19:38 -07:00
15369.txt Disabling client side rate limiting in Okta login MFA client (#15369) 2022-05-12 15:55:33 -04:00
15376.txt secrets/database: adds ability to manage alternative credential types and configuration (#15376) 2022-05-17 09:21:26 -07:00
15377.txt Added support for VAULT_PROXY_ADDR + Updated docs (#15377) 2022-05-24 13:38:51 -04:00
15378.txt Fix OIDC callback query params (#15378) 2022-05-13 09:58:56 -07:00
15380.txt VAULT-5935 agent: redact renew-self if using auto auth (#15380) 2022-05-12 09:25:55 -07:00
15383.txt report listener and storage types as found keys (#15383) 2022-05-12 09:04:56 -07:00
15400.txt secrets/consul: Use consistent parameter names (#15400) 2022-05-19 14:43:54 -05:00
15405.txt Added optional -log-level flag to 'operator migrate' command (#15405) 2022-05-12 15:56:25 -04:00
15414.txt Transit byok import endpoints (#15414) 2022-05-16 11:50:38 -05:00
15417.txt Vault CLI: show detailed information with ListResponseWithInfo (#15417) 2022-05-18 13:00:50 -04:00
15420.txt append nil months to query get to cover all requested months (OSS) (#15420) 2022-05-16 13:01:28 -07:00
15428.txt VAULT-5885: Fix erroneous success message in case of two-phase MFA, and provide MFA information in table format (#15428) 2022-05-17 14:03:02 -04:00
15429.txt pki/sign-verbatim uses role not before duration (#15429) 2022-05-16 16:15:18 -04:00
15434.txt api: make ListPlugins parse only known plugin types (#15434) 2022-05-17 17:41:26 +01:00
15440.txt Add default timeout to legacy ssh.ClientConfig (#15440) 2022-05-16 12:36:47 -04:00
15452.txt Vault-6037 making filesystem permissions check opt-in (#15452) 2022-05-17 11:34:31 -07:00
15457.txt Add list of granting policies audit logs (#15457) 2022-05-16 16:23:08 -07:00
15464.txt UI/vault 6212/multiple issuer pki changes (#15464) 2022-05-18 11:31:17 -07:00
15469.txt possibly forward cached MFA auth response to leader (#15469) 2022-05-17 16:30:36 -04:00
15470.txt Always return PKI configs for CRLs, URLs (#15470) 2022-05-17 11:40:09 -04:00
15474.txt UI: Better default transit auto-rotation (#15474) 2022-05-17 16:06:57 -05:00
15478.txt Remove signature_bits on intermediate generate (#15478) 2022-05-18 09:36:39 -04:00
15482.txt prevent deleting MFA method through an invalid path (#15482) 2022-05-31 14:22:04 -04:00
15487.txt oss changes (#15487) 2022-05-18 09:16:13 -07:00
15493.txt Forward autopilot state reqs, avoid self-dialing (#15493) 2022-05-18 14:50:18 -04:00
15494.txt Warn on empty Subject field for issuers (#15494) 2022-05-18 10:15:37 -04:00
15509.txt Add warning on missing AIA info fields (#15509) 2022-05-19 11:12:10 -04:00
15510.txt Vault 5917 allow patch operations to pki roles issuers (#15510) 2022-05-20 13:34:55 -04:00
15513.txt Remove reference to stored license (#15513) 2022-05-20 09:33:50 -07:00
15519.txt VAULT-4306 Ensure /raft/bootstrap/challenge call ignores erroneous namespaces set (#15519) 2022-05-19 16:27:51 -04:00
15523.txt UI: keymgmt secret engine (#15523) 2022-05-20 10:41:24 -05:00
15524.txt Return the signed ca in the ca_chain response field within sign-intermediate api call. (#15524) 2022-05-20 11:06:44 -04:00
15525.txt Fix handling of username_as_alias during LDAP authentication (#15525) 2022-05-20 14:17:26 -07:00
15527.txt Add usage documentation for new Kubernetes Secrets Engine (#15527) 2022-05-20 13:37:15 -07:00
15536.txt api/monitor: Adding log format to monitor command and debug (#15536) 2022-05-24 13:10:53 -04:00
15543.txt Allow issuer/:issuer_ref/sign-verbatim/:role, add error on missing role (#15543) 2022-05-23 13:09:18 -04:00
15550.txt secrets/consul: Deprecate token_type and policy fields (#15550) 2022-05-20 15:48:02 -05:00
15551.txt Adding vault-plugin-secrets-kubernetes v0.1.0 (#15551) 2022-05-20 14:13:33 -07:00
15552.txt VAULT-6131 OpenAPI schema now includes /auth/token endpoints when explicit permission has been granted (#15552) 2022-05-31 11:25:27 -04:00
15559.txt Convert not_before_duration to seconds before returning it (#15559) 2022-05-23 08:06:37 -04:00
15560.txt UI/Fix form validation issues (#15560) 2022-05-25 11:22:36 -07:00
15561.txt SSH secrets engine - Enabled creation of key pairs (CA Mode) (#15561) 2022-06-10 09:48:19 -04:00
15573.txt Remove unsupported fields for DB roles show page (#15573) 2022-05-25 11:28:19 -04:00
15579.txt Fix plugin reload mounts (#15579) 2022-05-25 13:37:42 -05:00
15581.txt Add deprecation note about X.509/SHA-1 (#15581) 2022-05-25 10:11:17 -07:00
15583.txt use provided namespace for wrapping lookup cubbyhole request (#15583) 2022-05-26 15:17:29 -04:00
15584.txt Add change release note for Kubernetes auth (#15891) 2022-06-09 10:07:43 +01:00
15586.txt Add an API for exporting activity log data (#15586) 2022-05-24 17:00:46 -07:00
15592.txt auth/gcp: updates plugin to v0.13.0 (#15592) 2022-05-25 10:35:41 -07:00
15593.txt auth/jwt: updates plugin to v0.13.0 (#15593) 2022-05-25 11:04:32 -07:00
15614.txt fix: upgrade vault-plugin-database-elasticsearch to v0.11.0 (#15614) 2022-05-26 10:20:52 -05:00
15638.txt Only add distinct policies to identity group (#15638) 2022-05-26 13:52:19 +01:00
15655.txt secrets/kubernetes: update to v0.1.1 (#15655) 2022-05-26 15:44:03 -07:00
15681.txt Removed red spellcheck underline that appears for sensitive values (#15681) 2022-05-31 17:00:34 -04:00
15685.txt updates `leasId` to `leaseId` (#15685) 2022-06-13 13:17:07 -05:00
15693.txt Avoid deadlocking on stateLock in emitMetrics (#15693) 2022-05-31 12:15:39 -04:00
15719.txt Update AWS auth method certificates (#15719) 2022-06-01 10:26:17 -07:00
15735.txt VAULT-6371 Fix issue with lease quotas on read requests that generate leases (#15735) 2022-06-03 15:45:21 -04:00
15742.txt Add parsing for NSS-wrapped Ed25519 keys (#15742) 2022-06-06 18:09:21 -04:00
15751.txt Support for CPS URLs in Custom Policy Identifiers. (#15751) 2022-06-03 14:50:46 -04:00
15759.txt File Audit Mode 0000 bug (#15759) 2022-06-03 09:17:41 -07:00
15769.txt Revert UI: replace localStorage with sessionStorage (#15769) 2022-06-02 15:19:57 -05:00
15789.txt UI: calendar widget fix (#15789) 2022-06-03 14:22:50 -07:00
15792.txt bump vault-plugin-secrets-kv to v0.12.1 (#15792) 2022-06-03 16:01:35 -04:00
15809.txt Allow reading Nomad CA/Client cert configuration (#15809) 2022-06-10 10:09:54 -04:00
15824.txt UI: Fix metadata tab not showing given policy (#15824) 2022-06-07 10:56:44 -05:00
15835.txt Dynamic parameter for mountpaths in OpenApi Spec generation(#15835) 2022-06-30 07:43:04 -07:00
15852.txt Change tooltip for token_bound_certs and glimmerize string-list component (#15852) 2022-06-07 13:15:25 -06:00
15858.txt Add warning about EA in FIPS mode (#15858) 2022-06-08 08:57:48 -04:00
15866.txt pass context to postgres queries (#15866) 2022-06-08 17:54:19 -04:00
15869.txt secrets/aws: don't create leases for AWS STS secrets (#15869) 2022-10-28 16:28:25 -05:00
15879.txt Limit SSCT WAL Check on Perf Standbys to Raft Backends Only (#15879) 2022-06-08 13:58:22 -07:00
15898.txt Remove deprecated core-js version from production builds (#15898) 2022-06-09 09:12:59 -06:00
15900.txt Parse ha_storage in config (#15900) 2022-06-09 15:55:49 -07:00
15912.txt return bad request instead of server error for identity group cycle detection (#15912) 2022-06-10 10:15:31 -04:00
15933.txt Add changelog for #15933 (#16425) 2022-07-22 09:50:28 -07:00
15946.txt Fix keyring file missing after Vault restart (#15946) 2022-06-15 10:22:42 -07:00
15986.txt Fix changelog for 15986 (#16085) 2022-06-21 12:27:24 -04:00
15989.txt (OSS) Path Suffix Support for Rate Limit Quotas (#15989) 2022-06-16 13:23:02 -04:00
15996.txt Add explicit cn_validations field to PKI Roles (#15996) 2022-06-16 06:53:27 -07:00
15998.txt UI Support for Okta Number Challenge (#15998) 2022-08-10 15:46:04 -04:00
16000.txt Activity Log Filtering Limit Parameter (#16000) 2022-06-15 15:41:31 -07:00
16018.txt ssh: Fix template regex test for defaultExtensions to allow additional text (#16018) 2022-06-17 11:06:17 -04:00
16056.txt fix bug with allowed_users_template and add allowed_domains_template for SSH role (#16056) 2022-08-16 14:59:29 -05:00
16063.txt website: Update replication docs to mention Integrated Storage (#16063) 2022-06-21 10:55:15 -07:00
16087.txt Update consul-template to latest for pkiCert fix (#16087) 2022-06-27 08:39:36 -07:00
16088.txt Replicate member_entity_ids and policies in identity/group across nodes identically (#16088) 2022-06-28 19:54:24 -04:00
16094.txt Fix bug where id not existing in multiplexing map causes panic (#16094) 2022-06-22 14:29:25 -04:00
16111.txt Add endpoints to provide ability to modify logging verbosity (#16111) 2022-06-27 11:39:53 -04:00
16112.txt Return a 403 for a bad SSCT instead of 500 (#16112) 2022-06-23 13:01:20 -07:00
16115.txt VAULT-6613 Add role support for rate limit quotas (OSS Changes) (#16115) 2022-06-24 08:58:02 -04:00
16124.txt Add signature_bits to sign-intermediate, sign-verbatim (#16124) 2022-06-23 14:07:27 -04:00
16140.txt changelog: Add entry for AD secrets engine bug fix (#16480) 2022-07-27 15:51:53 -07:00
16146.txt ActivityLog Implement HyperLogLog Store Functionality During Precomputation (#16146) 2022-06-27 09:38:32 -07:00
16162.txt activity log refactoring port (#16162) 2022-06-27 13:33:45 -07:00
16170.txt UI OIDC auth type saved in localStorage not sessionStorage (#16170) 2022-06-28 11:04:24 -06:00
16181.txt identity/oidc: allow filtering the list providers response by an allowed_client_id (#16181) 2022-07-28 09:47:53 -07:00
16184.txt Port: Use Stored Hll to Compute New Clients For Current Month (#16184) 2022-06-29 10:51:23 -07:00
16213.txt Docs: API generate-recovery-token unhidden. (#16213) 2022-08-29 09:02:47 -04:00
16218.txt Clarification for local mounts in the context of DR (#16218) 2022-07-12 10:17:12 -07:00
16224.txt fix: PGP subkeys support (#16224) 2022-09-22 09:12:41 -04:00
16231.txt agent/template: fix exec parsing error for templates (#16231) 2022-07-06 21:21:35 +01:00
16246.txt pki: When a role sets key_type to any ignore key_bits value when signing a csr (#16246) 2022-07-08 10:56:15 -04:00
16249.txt PKI - Honor header If-Modified-Since if present (#16249) 2022-08-29 15:28:47 -04:00
16274.txt auth/oidc: fix changelog entry for SecureAuth groups parsing (#16388) 2022-07-21 08:24:11 -07:00
16324.txt Vault 6773/raft rejoin nonvoter (#16324) 2022-07-18 14:37:12 -04:00
16327.txt Increase the allowed concurrent gRPC streams (#16327) 2022-07-20 15:26:52 -04:00
16351.txt Allow identity templates in ssh backend `default_user` field (#16351) 2022-07-29 09:45:52 -04:00
16353.txt Remove gox in favor of go build. (#16353) 2022-07-20 10:44:41 -07:00
16379.txt updating changelog for vault-951 (#16558) 2022-08-03 10:39:21 -07:00
16386.txt VAULT-7046 Allow trailing globbing at the end of a path suffix quota (#16386) 2022-07-21 15:31:23 -04:00
16409.txt command/audit: improve audit enable type missing error message (#16409) 2022-07-21 16:43:50 -04:00
16421.txt command/server: add dev-tls flag (#16421) 2022-07-22 14:04:03 -04:00
16435.txt auth/gcp: add support for GCE regional instance groups (#16435) 2022-07-22 17:31:25 -05:00
16441.txt Added a small utility method to display warnings when parsing command arguments. (#16441) 2022-07-27 14:00:03 -04:00
16443.txt ignore leading slash in kv get command (#16443) 2022-07-28 14:11:58 -04:00
16455.txt Remove SHA1 for certs in prep for Go 1.18 (#16455) 2022-07-28 09:14:33 -07:00
16466.txt UI: fix jwt auth failure (#16466) 2022-07-27 15:22:38 -05:00
16479.txt agent: add disable_keep_alives configurable (#16479) 2022-07-28 12:59:49 -07:00
16487.txt Clone created entities that were inserted into memdb... (#16487) 2022-07-28 09:43:24 -04:00
16489.txt Lookup, wrap, rewrap and unwrap token rename with description (#16489) 2022-07-28 14:33:47 -04:00
16494.txt Allow old certs to be cross-signed (#16494) 2022-08-03 06:34:21 -07:00
16519.txt Add PSS support to PKI Secrets Engine (#16519) 2022-08-03 12:42:24 -04:00
16525.txt auth/jwt: updates dependency and adds changelogs (#16525) 2022-08-01 12:46:34 -07:00
16534.txt secrets/gcp: adds changelog entry for bug fixes in release branches (#16534) 2022-08-02 10:52:23 -07:00
16539.txt VAULT-6818 - Restrict ability to merge entities with mount-accessor-conflicting aliases unless one is explicitly chosen to be kept (#16539) 2022-08-10 09:10:02 -04:00
16549.txt Allow configuring the possible salt lengths for RSA PSS signatures (#16549) 2022-08-31 12:27:03 -04:00
16550.txt Vault 7338/fix retry join (#16550) 2022-08-03 20:44:57 -05:00
16553.txt Make key completion work for both kv-v1 and kv-v2 (#16553) 2022-09-13 12:11:00 -04:00
16563.txt Add per-issuer AIA URI information to PKI secrets engine (#16563) 2022-08-19 11:43:44 -04:00
16564.txt Add BYOC-based revocation to PKI secrets engine (#16564) 2022-08-15 08:50:57 -05:00
16566.txt Add proof possession revocation for PKI secrets engine (#16566) 2022-08-16 14:01:26 -04:00
16567.txt identity/oidc: adds detailed listing capability for clients and providers (#16567) 2022-08-04 10:10:28 -07:00
16594.txt auth/kerberos: add remove_instance_name config (#16594) 2022-08-04 16:38:12 -04:00
16598.txt identity/oidc: adds client_secret_post token endpoint authentication method (#16598) 2022-08-08 08:41:09 -07:00
16599.txt identity/oidc: change the state parameter to optional (#16599) 2022-08-05 11:37:24 -07:00
16600.txt identity/oidc: fixes validation of the request and request_uri parameters (#16600) 2022-08-05 11:55:15 -07:00
16601.txt identity/oidc: reorder authorization endpoint validation for invalid redirect uris (#16601) 2022-08-08 09:02:18 -07:00
16609.txt upgrade raft to 1.3.10 (#16609) 2022-08-05 10:27:37 -07:00
16621.txt Allow marking issuers as revoked (#16621) 2022-08-18 18:08:31 -04:00
16622.txt Evaluate ssh validprincipals user template before splitting (#16622) 2022-10-13 17:34:36 -05:00
16631.txt update changelog from feature to improvement (#16986) 2022-09-01 15:50:51 -05:00
16636.txt auth/kerberos: update plugin version to v0.7.2 (#16636) 2022-08-09 11:02:41 -05:00
16659.txt UI/ fix tooltip submitting form (#16659) 2022-08-09 20:51:29 -07:00
16668.txt Add support for a dedicated HMAC type in Transit. (#16668) 2022-09-06 10:17:58 -05:00
16673.txt secrets/auth: fix bug with aliased backends (#16673) 2022-08-10 20:02:05 -05:00
16676.txt Basics of Cert-Count Non-Locking Telemetry (#16676) 2022-09-20 10:32:20 -07:00
16686.txt secret/database: fix bug where too many wal deletes are deferred (#16686) 2022-08-11 16:22:53 -04:00
16688.txt Plugin versioning changelog entries (#17322) 2022-09-27 16:24:21 +01:00
16699.txt Add a sentinel error for missing KV secrets (#16699) 2022-08-12 19:29:42 -04:00
16700.txt Fix for duplicate SANs in signed certificates (#16700) 2022-10-07 12:19:08 -04:00
16702.txt Add _remaining tidy metrics. (#16702) 2022-08-23 12:17:17 -04:00
16714.txt Remove extra empty lines from vault.log - Debug command (#16714) 2022-08-15 14:16:57 -07:00
16721.txt Ignore EC PARAMETER blocks during issuer import (#16721) 2022-08-15 08:59:10 -07:00
16723.txt Update changelog for OCSP feature (#16969) 2022-08-31 16:55:22 -04:00
16739.txt Fix naming of permitted_dns_domains in webui (#16739) 2022-08-16 14:57:05 -05:00
16762.txt Enable periodic, automatic rebuilding of CRLs (#16762) 2022-08-23 13:27:15 -04:00
16773.txt Support for generating Delta CRLs (#16773) 2022-08-29 11:37:09 -04:00
16794.txt VAULT-7698 Fix ignored parameter warnings for endpoint arbitrary data options (#16794) 2022-08-23 08:51:23 -04:00
16813.txt Migrate existing PKI mounts that only contains a key (#16813) 2022-08-22 10:11:21 -07:00
16821.txt UI: Forward to `redirect_to` param to when auth'd (#16821) 2022-08-23 11:05:00 -05:00
16830.txt Fix LIST issuers endpoint (#16830) 2022-08-23 11:08:23 -04:00
16834.txt command/debug: fix bug where monitor was not honoring configured duration (#16834) 2022-08-23 17:09:30 -04:00
16846.txt Fix changelog type for registry deprecation status (#16889) 2022-08-25 14:35:52 -04:00
16849.txt Add deprecation status to auth/secrets list (#16849) 2022-08-31 16:11:14 -04:00
16856.txt Update mount table and CLI with plugin version for auth (#16856) 2022-08-31 19:23:05 +01:00
16865.txt Don't allow crl-signing issuer usage without CRLSign KeyUsage (#16865) 2022-08-24 07:45:54 -07:00
16871.txt Let PKI tidy associate revoked certs with their issuers (#16871) 2022-08-26 10:13:45 -07:00
16872.txt fix incorrect use of loop variable (#16872) 2022-10-04 09:23:37 -04:00
16874.txt Cleanup changes around issuer revocation (#16874) 2022-08-25 11:36:37 -04:00
16886.txt UI/OIDC auth bug for hcp namespace flag (#16886) 2022-08-26 10:04:01 -07:00
16890.txt auth/kerberos: add config to include ldap groups in group alias (#16890) 2022-08-25 13:51:54 -07:00
16900.txt Add ability to perform automatic tidy operations (#16900) 2022-08-30 15:45:54 -04:00
16911.txt VAULT-6433: Add namespace path to MFA read/list endpoints (#16911) 2022-08-29 09:11:25 -04:00
16930.txt UI: Use correct endpoint for force revoke prefix (#16930) 2022-08-30 09:33:01 -07:00
16935.txt Add remove_roots_from_chain to sign and issue pki apis (#16935) 2022-08-31 09:51:26 -04:00
16938.txt auth/token: Fix ignored parameter warnings for valid parameters on token create (#16938) 2022-09-01 08:32:40 -04:00
16950.txt VAULT-7707 Add docs around making mass amounts of lease count quotas via automation (#16950) 2022-08-31 11:50:01 -04:00
16956.txt Load SSCT Generation Counter Upon DR Promotion [OSS] (#16956) 2022-08-31 11:05:21 -07:00
16958.txt Add ability to cancel PKI tidy operations, pause between tidying certs (#16958) 2022-08-31 11:36:12 -07:00
16970.txt VAULT-6575 Vault agent respects retry config even with caching set (#16970) 2022-09-06 10:35:54 -04:00
16972.txt Multiplexing opt out flag (#16972) 2022-09-08 11:32:46 -04:00
16982.txt Plugin versioning changelog entries (#17322) 2022-09-27 16:24:21 +01:00
16983.txt LinkTo Transition Bug (#16983) 2022-09-01 16:15:54 -06:00
16992.txt identity/oidc: adds claims_supported to discovery document (#16992) 2022-09-02 09:19:25 -07:00
16995.txt Prepare multiplexing support for database plugins (#16995) 2022-09-06 14:00:37 -04:00
17005.txt Handle deprecated builtins (#17005) 2022-09-06 15:49:35 -04:00
17019.txt autopilot: assume nodes we haven't received heartbeats from are running the same version as we are (#17019) 2022-09-06 14:49:04 -04:00
17028.txt Make some activity log tests less flaky (#17028) 2022-09-07 09:06:15 -04:00
17038.txt Mark database-specific secrets engines Pending Removal (#17038) 2022-09-07 10:45:09 -04:00
17040.txt Store login MFA secret with tokenhelper (#17040) 2022-10-26 17:02:26 -04:00
17045.txt Update Vault Azure Secrets docs for permanent deletion feature (#17045) 2022-09-13 16:25:19 -07:00
17058.txt api: Add deprecation warnings to secrets/auth POST endpoints (#17058) 2022-09-08 09:15:10 -04:00
17070.txt Import Redis OSS database plugin into Vault (#17070) 2022-09-09 13:42:25 -05:00
17071.txt UI: OIDC Config for Vault as a provider (#17071) 2022-09-08 19:06:05 -06:00
17073.txt Add "plumbing" for surfacing warnings, and warning overwriting ttl (#17073) 2022-09-15 12:38:33 -07:00
17075.txt + added redis elasticache as a built-in plugin (#17075) 2022-09-09 16:16:30 -04:00
17077.txt Add deprecation status to plugin api and cli (#17077) 2022-09-09 16:03:07 -04:00
17079.txt Do not attempt to write a new TLS keyring at startup if raft is already setup (#17079) 2022-09-09 12:19:57 -04:00
17086.txt Ember Upgrade to 4.4 (#17086) 2022-10-18 09:46:02 -06:00
17088.txt Add plugin version to GRPC interface (#17088) 2022-09-15 16:37:59 -07:00
17091.txt agent/auto-auth: add exit_on_err configurable (#17091) 2022-09-15 11:00:31 -07:00
17104.txt Return errInvalidCredentials when wrong credentials is provided for existent users (#17104) 2022-09-27 16:49:14 -07:00
17116.txt Replace Non-Inclusive Terms in UI (#17116) 2022-09-13 10:42:34 -06:00
17118.txt Implement partial_failure_response_code_override for batch requests (#17118) 2022-09-13 12:51:09 -05:00
17124.txt UI: Fix KV engine deleting latest version instead of specified version depending on policy (#17124) 2022-09-14 00:11:08 +02:00
17136.txt Fetch CRLs from a user defined URL (#17136) 2022-09-16 16:44:30 -05:00
17138.txt Load existing CRLs on startup and after invalidate (#17138) 2022-09-14 15:30:44 -05:00
17139.txt Prevent Requests to resultant-acl Endpoint When Unauthenticated (#17139) 2022-09-15 12:45:33 -06:00
17152.txt Adds ldap secrets to plugin registry and updates to v0.9.0 (#17152) 2022-09-15 22:19:24 -07:00
17153.txt UI: Add 'disable' to CRL config (#17153) 2022-09-19 14:03:50 -07:00
17159.txt fix: upgrade vault-plugin-database-snowflake to v0.6.0 (#17159) 2022-09-15 16:01:56 -07:00
17160.txt update changelog with google dep updates (#17176) 2022-09-16 15:46:46 -07:00
17161.txt auth/kubernetes: upgrade to v0.14.0 (#17161) 2022-09-16 02:03:21 -04:00
17164.txt secrets/kubernetes: upgrade to v0.2.0 (#17164) 2022-09-16 08:31:53 -07:00
17167.txt Plugin versioning changelog entries (#17322) 2022-09-27 16:24:21 +01:00
17174.txt secrets/gcp: updates plugin to v0.14.0 (#17174) 2022-09-16 12:42:37 -07:00
17180.txt bump secrets/azure to v0.14.0 (#17180) 2022-09-19 10:02:57 -07:00
17186.txt Fix unsafe access to perf standby status from systemview (#17186) 2022-10-05 08:56:36 -04:00
17187.txt Break grabLockOrStop into two pieces to facilitate investigating deadlocks (#17187) 2022-09-20 11:03:16 -04:00
17194.txt Upgrade vault-plugin-auth-azure to v0.12.0 (#17194) 2022-09-19 19:22:09 +01:00
17196.txt Upgrade vault-plugin-auth-cf to v0.13.0 (#17196) 2022-09-19 19:24:24 +01:00
17199.txt Update changelog for gcpkms dep updates. (#17202) 2022-09-19 11:00:37 -07:00
17204.txt Handle when pluginCatalog.Get returns (nil,nil) during cred backend creation (#17204) 2022-09-20 08:57:08 -04:00
17212.txt fix: upgrade vault-plugin-auth-oci to v0.12.0 (#17212) 2022-09-19 13:34:44 -07:00
17251.txt Upgrade vault-plugin-auth-alicloud to v0.13.0 (#17251) 2022-09-21 21:05:18 +01:00
17265.txt VAULT-6938 Remove license from being cache exempt (#17265) 2022-09-26 10:26:07 -04:00
17281.txt VAULT-8630 Fix goroutine leak from RLQ initialize (#17281) 2022-09-22 15:59:53 -04:00
17289.txt Plugin versioning changelog entries (#17322) 2022-09-27 16:24:21 +01:00
17308.txt Write explicit -help output to stdout (#17308) 2022-09-26 12:15:48 -04:00
17328.txt PKI: Fix managed key signatures when using specified signature_bits (#17328) 2022-09-28 09:08:23 -04:00
17338.txt Vault 8305 Prevent Brute Forcing in Auth methods : Setting user lockout configuration (#17338) 2022-11-01 11:02:07 -07:00
17339.txt fix: upgrade vault-plugin-secrets-kv to v0.13.1 (#17339) 2022-09-28 18:36:10 +01:00
17340.txt Plugins: Fix file permissions check to always use the correct path (#17340) 2022-09-30 10:33:31 +01:00
17347.txt cli/api: Update plugin listing to always include version info in the response (#17347) 2022-09-29 18:22:33 +01:00
17352.txt Added flag and env var which will disable client redirection (#17352) 2022-09-30 09:29:37 +01:00
17376.txt Fix small TtlPIcker2 bug (#17376) 2022-09-30 18:28:27 -04:00
17385.txt PKI: Do not load revoked certificates if CRL has been disabled (#17385) 2022-10-03 10:04:32 -04:00
17388.txt PKI: Add support for signature_bits param to the intermediate/generate api (#17388) 2022-10-03 12:39:54 -04:00
17395.txt Fix for KV_V2 Custom Metadata Bug (#17395) 2022-10-05 16:43:54 -07:00
17406.txt VAULT-8631 Upgrade vault-plugin-secrets to v0.13.3, to enable synchronous KVV2 creation (#17406) 2022-10-04 13:54:38 -04:00
17407.txt Bug Fix for Kymgmt keyType on default (#17407) 2022-10-04 13:14:25 -06:00
17419.txt Update plugin consul template v0.29.5 (#17419) 2022-10-04 22:34:28 +01:00
17430.txt Plugins: Add version info to CLI and server log output (#17430) 2022-10-06 12:54:27 +01:00
17459.txt VAULT-8719 Support data array for alias clash error response so UI/machines can understand error (#17459) 2022-10-17 14:46:25 -04:00
17497.txt Fix tidy-status, tidy-cancel on PR Secondaries (#17497) 2022-10-12 09:15:06 -04:00
17499.txt update protoc version to 3.21.7 oss (#17499) 2022-10-26 16:49:44 -07:00
17514.txt vault operator init -output-curl-string bug (#17514) 2022-10-13 15:15:01 -07:00
17532.txt prevent memory leak when using control group factors in a policy (#17532) 2022-10-14 19:15:15 -04:00
17540.txt auth/azure: documents auth support for VMSS flexible orchestration (#17540) 2022-10-20 12:36:29 -07:00
17562.txt Tolerate NamespaceByID returning (nil,nil) when looking up an mfa enforcement's ns (#17562) 2022-10-17 09:18:02 -04:00
17577.txt CLI: Fix secrets list -detailed headings (#17577) 2022-10-18 14:46:11 +01:00
17593.txt database/snowflake: update plugin to v0.6.1 (#17593) 2022-10-18 15:49:37 -07:00
17612.txt Intercept key_id from generic configmap and turn it into a wrapperv2 option (#17612) 2022-10-19 15:42:56 -05:00
17636.txt Add support for PKCSv1_5_NoOID signatures (#17636) 2022-10-27 08:26:20 -04:00
17638.txt Add AD mode to Transit's AEAD ciphers (#17638) 2022-10-24 13:41:02 -04:00
17640.txt Add Paging Interface for LDAP Connection (#17640) 2022-10-26 14:05:53 -05:00
17650.txt Add PATCH support to Vault CLI (#17650) 2022-10-26 14:30:40 -04:00
17660.txt VAULT-8519 fix spurious "unknown or unsupported fields" warnings for JSON config (#17660) 2022-10-27 10:28:03 -04:00
17661.txt OIDC Alternate Path Bug (#17661) 2022-10-26 15:34:43 -06:00
17678.txt Proposal: Remove debug symbols from build (#17678) 2022-11-02 10:47:13 -07:00
17679.txt Fix kv -mount flag error when mount and secret path are the same (#17679) 2022-11-01 09:57:23 -04:00
17693.txt Add empty expiry crlConfig upgrade test (#17701) 2022-10-27 11:20:12 -04:00
17747.txt secrets/aws: update dependencies (#17747) 2022-11-01 16:01:20 -05:00
17752.txt Fix gen_openapi.sh script to load plugins (#17752) 2022-11-01 17:32:54 -04:00
17768.txt VAULT-8518 Increase HMAC limit to 4096, and limit approle names to the same limit (#17768) 2022-11-02 10:42:09 -04:00
17769.txt Raft Snapshot Download Bug (#17769) 2022-11-02 13:23:09 -06:00
17772.txt PKI - Fix order of chain building writes (#17772) 2022-11-03 11:50:03 -04:00
17774.txt Return revocation info within existing certs/<serial> api (#17774) 2022-11-02 13:06:04 -04:00
README.md Add more documentation on changelogs (#15701) 2022-06-06 10:04:48 -04:00
_ 1686.txt
_1622.txt
_1633.txt
_1637.txt
_1642.txt
_1656.txt
_1659.txt
_1663.txt
_1680.txt
_1691.txt
_1705.txt
_1712.txt
_1739.txt
_1757.txt
_1792.txt
_1819.txt oss part of control groups upgrade (#11772) 2021-06-07 09:15:35 -07:00
_2021Jan20.txt
_2021Jan26.txt
_2071.txt oss part of license diagnose test fix (#12234) 2021-08-02 10:50:49 -07:00
_10959.txt
_go-ver-1120.txt Update main to go 1.19.2 (#17437) 2022-10-07 14:24:14 -04:00
_go-ver-1130.txt Update main to go 1.19.2 (#17437) 2022-10-07 14:24:14 -04:00
changelog.tmpl
client-counts-1.11.txt add 1.11 changelog for client counts1 (#15497) 2022-05-18 11:03:09 -07:00
client-counts.txt UI/Client counts changelog 1.10 (#14166) 2022-02-22 12:08:11 -07:00
diagnose.txt Diagnose docs + changelog (#12159) 2021-07-26 08:45:12 -07:00
go-ver-1110.txt mv changelog/15043.txt -> changelog/go-ver-1110.txt (#15059) 2022-04-15 14:37:54 -04:00
mount-migration.txt Fixes from mount move testing (#14492) 2022-03-15 11:11:23 -07:00
note.tmpl
plugin-versioning.txt Plugin versioning changelog entries (#17322) 2022-09-27 16:24:21 +01:00

README.md

changelog

This folder holds changelog updates from commit 3bc7d15 onwards.

Release notes are text files with three lines:

  1. An opening code block with the release-note:<MODE> type annotation.

    For example:

    ```release-note:bug
    

    Valid modes are:

    • bug - Any sort of non-security defect fix.
    • change - A change in the product that may require action or review by the operator. Examples would be any kind of API change (as opposed to backwards compatible addition), a notable behavior change, or anything that might require attention before updating. Go version changes are also listed here since they can potentially have large, sometimes unknown impacts. (Go updates are a special case, and dep updates in general aren't a change). Discussion of any potential change items in the pull request to see what other communication might be warranted.
    • deprecation - Announcement of a planned future removal of a feature. Only use this if a deprecation notice also exists in the docs.
    • feature - Large topical additions for a major release. These are rarely in minor releases. Formatting for feature entries differs from normal changelog formatting - see the new features instructions.
    • improvement - Most updates to the product that arent bugs, but aren't big enough to be a feature, will be an improvement.
  2. A component (for example, secret/pki or sdk/framework or), a colon and a space, and then a one-line description of the change.

  3. An ending code block.

This should be in a file named after the pull request number (e.g., 12345.txt).

There are many examples in this folder; check one out if you're stuck!

See hashicorp/go-changelog for full documentation on the supported entries.

New and Major Features

For features we are introducing in a new major release, we prefer a single changelog entry representing that feature. This way, it is clear to readers what feature is being introduced. You do not need to reference a specific PR, and the formatting is slightly different - your changelog file should look like:

changelog/<pr num OR feature name>.txt:
```release-note:feature
**Feature Name**: Description of feature - for example "Custom password policies are now supported for all database engines."
```