1.14.11 Enterprise
March 28, 2024
SECURITY:
- auth/cert: validate OCSP response was signed by the expected issuer and serial number matched request [GH-26091]
CHANGES:
- core: Bump Go version to 1.21.8.
IMPROVEMENTS:
- auth/cert: Allow validation with OCSP responses with no NextUpdate time [GH-25912]
- openapi: Fix generated types for duration strings [GH-20841]
- raft/snapshotagent (enterprise): upgrade raft-snapshotagent to v0.0.0-20221104090112-13395acd02c5
BUG FIXES:
- auth/cert: Address an issue in which OCSP query responses were not cached [GH-25986]
- auth/cert: Allow cert auth login attempts if ocsp_fail_open is true and OCSP servers are unreachable [GH-25982]
- core/login: Fixed a potential deadlock when a login fails and user lockout is enabled. [GH-25697]
- openapi: Fixing response fields for rekey operations [GH-25509]
- ui: Fix kubernetes auth method roles tab [GH-25999]